11241100x8000000000000000750033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915f352375c091362021-12-20 15:52:18.174root 11241100x8000000000000000750034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e158602afdda98362021-12-20 15:52:18.174root 11241100x8000000000000000750035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f456eee4141a76f2021-12-20 15:52:18.174root 11241100x8000000000000000750036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62c1332c3a373cc2021-12-20 15:52:18.175root 11241100x8000000000000000750037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f413130d1d5e18a22021-12-20 15:52:18.175root 11241100x8000000000000000750038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d7711e6e8aade62021-12-20 15:52:18.175root 11241100x8000000000000000750039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad659fafe203b0bd2021-12-20 15:52:18.175root 11241100x8000000000000000750040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a96c0bee6bc9f312021-12-20 15:52:18.175root 11241100x8000000000000000750041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6b7f2808705c6f2021-12-20 15:52:18.674root 11241100x8000000000000000750042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a5fb769c7814252021-12-20 15:52:18.674root 11241100x8000000000000000750043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b4aae4121c9f462021-12-20 15:52:18.674root 11241100x8000000000000000750044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865df696b1eeab352021-12-20 15:52:18.675root 11241100x8000000000000000750045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2cbc1e2dd6d8b02021-12-20 15:52:18.675root 11241100x8000000000000000750046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91662f7ef054a962021-12-20 15:52:18.675root 11241100x8000000000000000750047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679fa24e711984872021-12-20 15:52:18.675root 11241100x8000000000000000750048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caaab0374ecc0d02021-12-20 15:52:18.675root 11241100x8000000000000000750049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871fdbc7f6e97a442021-12-20 15:52:19.174root 11241100x8000000000000000750050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43171ca19d2cc4d82021-12-20 15:52:19.174root 11241100x8000000000000000750051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f40ebf4d67dee52021-12-20 15:52:19.174root 11241100x8000000000000000750052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328e1c78998438462021-12-20 15:52:19.175root 11241100x8000000000000000750053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816e78069927d7962021-12-20 15:52:19.175root 11241100x8000000000000000750054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1441cb8f0bcebc2021-12-20 15:52:19.175root 11241100x8000000000000000750055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebb5456501efbb52021-12-20 15:52:19.175root 11241100x8000000000000000750056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73cdfff984c6a192021-12-20 15:52:19.175root 11241100x8000000000000000750057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448b624cd485327e2021-12-20 15:52:19.674root 11241100x8000000000000000750058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce76b09ef9001a132021-12-20 15:52:19.674root 11241100x8000000000000000750059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a18299b538dbbf2021-12-20 15:52:19.674root 11241100x8000000000000000750060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb19be483046c7b32021-12-20 15:52:19.674root 11241100x8000000000000000750061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0403a95c74a1218e2021-12-20 15:52:19.674root 11241100x8000000000000000750062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41800e6cff7aa0232021-12-20 15:52:19.674root 11241100x8000000000000000750063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a01a53331705f9e2021-12-20 15:52:19.674root 11241100x8000000000000000750064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a006a52e18d26c2021-12-20 15:52:19.674root 354300x8000000000000000750065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.020{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46006-false10.0.1.12-8089- 11241100x8000000000000000750066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2c0e390fdc46132021-12-20 15:52:20.020root 11241100x8000000000000000750067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67673cf5223ff4ea2021-12-20 15:52:20.020root 11241100x8000000000000000750068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e29ea8756a867542021-12-20 15:52:20.020root 11241100x8000000000000000750069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.021{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73b6d00518b011a2021-12-20 15:52:20.021root 11241100x8000000000000000750070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.021{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df57fa40536ffa72021-12-20 15:52:20.021root 11241100x8000000000000000750071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.021{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ce1a8c4eca8e252021-12-20 15:52:20.021root 11241100x8000000000000000750072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.021{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e3d2d39c77888e2021-12-20 15:52:20.021root 11241100x8000000000000000750073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.022{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff0f71246f51d162021-12-20 15:52:20.022root 11241100x8000000000000000750074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.022{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f420c5f67a5b6362021-12-20 15:52:20.022root 354300x8000000000000000750075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.251{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51306-false10.0.1.12-8000- 11241100x8000000000000000750076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599b12cbe9a6a3ea2021-12-20 15:52:20.424root 11241100x8000000000000000750077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cd1972ea4cd5a22021-12-20 15:52:20.424root 11241100x8000000000000000750078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a36429198602db2021-12-20 15:52:20.424root 11241100x8000000000000000750079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fa0c3d6d4d19b52021-12-20 15:52:20.424root 11241100x8000000000000000750080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ee2f25a8b5035b2021-12-20 15:52:20.424root 11241100x8000000000000000750081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a077ab26bbe994e82021-12-20 15:52:20.424root 11241100x8000000000000000750082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8d56f1761c85582021-12-20 15:52:20.425root 11241100x8000000000000000750083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00606a363480ce122021-12-20 15:52:20.425root 11241100x8000000000000000750084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ec70f2532e48362021-12-20 15:52:20.425root 11241100x8000000000000000750085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30beb18f934fffb2021-12-20 15:52:20.425root 11241100x8000000000000000750086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28b63faf083026c2021-12-20 15:52:20.924root 11241100x8000000000000000750087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c519c406f241b5932021-12-20 15:52:20.924root 11241100x8000000000000000750088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10862ff528303bad2021-12-20 15:52:20.924root 11241100x8000000000000000750089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c92e0837d591ff02021-12-20 15:52:20.924root 11241100x8000000000000000750090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74fc70a83c83f172021-12-20 15:52:20.924root 11241100x8000000000000000750091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb9a5a1d77e26ba2021-12-20 15:52:20.924root 11241100x8000000000000000750092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c080e07989f873e82021-12-20 15:52:20.925root 11241100x8000000000000000750093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baefbbd24b1b9f22021-12-20 15:52:20.925root 11241100x8000000000000000750094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecccb6dadccdcdfe2021-12-20 15:52:20.925root 11241100x8000000000000000750095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8537a0ccf2d6e9432021-12-20 15:52:20.925root 11241100x8000000000000000750096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d1479fdfb4316f2021-12-20 15:52:21.424root 11241100x8000000000000000750097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2630aefa38e592f2021-12-20 15:52:21.424root 11241100x8000000000000000750098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c985972fd998988b2021-12-20 15:52:21.424root 11241100x8000000000000000750099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa373490300fa7112021-12-20 15:52:21.424root 11241100x8000000000000000750100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd1b7249e8ef8932021-12-20 15:52:21.424root 11241100x8000000000000000750101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994e1d73f572280b2021-12-20 15:52:21.425root 11241100x8000000000000000750102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46bfec361eeaf402021-12-20 15:52:21.425root 11241100x8000000000000000750103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6851a3748e49662021-12-20 15:52:21.425root 11241100x8000000000000000750104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2314e643e1ef4dbd2021-12-20 15:52:21.425root 11241100x8000000000000000750105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb1a96ed997ea0e2021-12-20 15:52:21.425root 11241100x8000000000000000750106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54995b172da5eb6e2021-12-20 15:52:21.924root 11241100x8000000000000000750107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6ba6fa27d2602e2021-12-20 15:52:21.924root 11241100x8000000000000000750108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518803e4b07a8a352021-12-20 15:52:21.924root 11241100x8000000000000000750109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626fb9441d5a76da2021-12-20 15:52:21.924root 11241100x8000000000000000750110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799e72e2c6d263b2021-12-20 15:52:21.925root 11241100x8000000000000000750111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cf2dfde0ebbfb12021-12-20 15:52:21.925root 11241100x8000000000000000750112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529eaa699a6bb32c2021-12-20 15:52:21.925root 11241100x8000000000000000750113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3df814ae77b31cb2021-12-20 15:52:21.925root 11241100x8000000000000000750114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4de44a53cb90cb2021-12-20 15:52:21.925root 11241100x8000000000000000750115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38a6ae2fd8c418d2021-12-20 15:52:21.925root 11241100x8000000000000000750116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd90addb077e3ba22021-12-20 15:52:22.424root 11241100x8000000000000000750117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342e38309c7a31662021-12-20 15:52:22.424root 11241100x8000000000000000750118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a291e428e096f362021-12-20 15:52:22.424root 11241100x8000000000000000750119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f79ff487720855c2021-12-20 15:52:22.424root 11241100x8000000000000000750120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4499296200b435792021-12-20 15:52:22.424root 11241100x8000000000000000750121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ce28aec9b4191c2021-12-20 15:52:22.424root 11241100x8000000000000000750122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0128af9b4c3620b72021-12-20 15:52:22.424root 11241100x8000000000000000750123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f6dd2058299dd52021-12-20 15:52:22.424root 11241100x8000000000000000750124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f904428f1e660992021-12-20 15:52:22.425root 11241100x8000000000000000750125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e96d3aa57b57a42021-12-20 15:52:22.425root 11241100x8000000000000000750126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22933f81f20fc0b02021-12-20 15:52:22.924root 11241100x8000000000000000750127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748fc8ddedcc5ad72021-12-20 15:52:22.924root 11241100x8000000000000000750128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1783477004e3ed2021-12-20 15:52:22.924root 11241100x8000000000000000750129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247f9a860634e7662021-12-20 15:52:22.924root 11241100x8000000000000000750130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0f24c77cf58f062021-12-20 15:52:22.924root 11241100x8000000000000000750131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff9f58186c5cc652021-12-20 15:52:22.924root 11241100x8000000000000000750132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebaff1594789c2f2021-12-20 15:52:22.924root 11241100x8000000000000000750133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c14ff12943713522021-12-20 15:52:22.925root 11241100x8000000000000000750134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54a69438bbc0e9d2021-12-20 15:52:22.925root 11241100x8000000000000000750135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf4b45abe44d0872021-12-20 15:52:22.925root 11241100x8000000000000000750136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a50dd34f311bb32021-12-20 15:52:23.424root 11241100x8000000000000000750137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4c11f814bf57b62021-12-20 15:52:23.424root 11241100x8000000000000000750138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d0f575b23f93502021-12-20 15:52:23.424root 11241100x8000000000000000750139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e16a5386eeaa4072021-12-20 15:52:23.424root 11241100x8000000000000000750140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df7c8b8fcc253142021-12-20 15:52:23.424root 11241100x8000000000000000750141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf141132a909eb92021-12-20 15:52:23.424root 11241100x8000000000000000750142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e602b13ef0e6fbfc2021-12-20 15:52:23.424root 11241100x8000000000000000750143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6fbcf5a00ddc782021-12-20 15:52:23.424root 11241100x8000000000000000750144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44148dd6ed72e8d32021-12-20 15:52:23.425root 11241100x8000000000000000750145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d2d79372d4e7982021-12-20 15:52:23.425root 11241100x8000000000000000750146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16556525f71d73462021-12-20 15:52:23.924root 11241100x8000000000000000750147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404b422219b570642021-12-20 15:52:23.924root 11241100x8000000000000000750148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e665570d7e26d8c92021-12-20 15:52:23.924root 11241100x8000000000000000750149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaae8bdb1ad1c842021-12-20 15:52:23.924root 11241100x8000000000000000750150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06056d4237010562021-12-20 15:52:23.924root 11241100x8000000000000000750151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0af0d9d0f51a72021-12-20 15:52:23.924root 11241100x8000000000000000750152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1257717ed3ace2b32021-12-20 15:52:23.924root 11241100x8000000000000000750153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dd3a1c6e594a552021-12-20 15:52:23.924root 11241100x8000000000000000750154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85b12863d1c636d2021-12-20 15:52:23.925root 11241100x8000000000000000750155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5d76a36e2ead392021-12-20 15:52:23.925root 11241100x8000000000000000750156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0439c68eea9c380d2021-12-20 15:52:24.424root 11241100x8000000000000000750157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad4ba248257fc522021-12-20 15:52:24.424root 11241100x8000000000000000750158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea53a6449e71be2021-12-20 15:52:24.424root 11241100x8000000000000000750159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9e6ceefb1b99232021-12-20 15:52:24.424root 11241100x8000000000000000750160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1703e4cc33c453e82021-12-20 15:52:24.424root 11241100x8000000000000000750161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdc06ecc3bdad732021-12-20 15:52:24.424root 11241100x8000000000000000750162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471533f2a6ec8d542021-12-20 15:52:24.424root 11241100x8000000000000000750163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633da6be506c85a92021-12-20 15:52:24.425root 11241100x8000000000000000750164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce455a58b3abd67c2021-12-20 15:52:24.425root 11241100x8000000000000000750165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c54c1f5ce7f80a82021-12-20 15:52:24.425root 11241100x8000000000000000750166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c30428935a86cf2021-12-20 15:52:24.924root 11241100x8000000000000000750167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbce94e4c32b38a2021-12-20 15:52:24.924root 11241100x8000000000000000750168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef82a0ea9cdee33a2021-12-20 15:52:24.924root 11241100x8000000000000000750169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38889a70609fe5192021-12-20 15:52:24.924root 11241100x8000000000000000750170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7108c3ead7c122b02021-12-20 15:52:24.924root 11241100x8000000000000000750171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7bc25223a95d1e2021-12-20 15:52:24.924root 11241100x8000000000000000750172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6af0335fc833c02021-12-20 15:52:24.924root 11241100x8000000000000000750173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92de5e2af2cebdc62021-12-20 15:52:24.925root 11241100x8000000000000000750174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecd5931687a76752021-12-20 15:52:24.925root 11241100x8000000000000000750175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e8c43d49d81e322021-12-20 15:52:24.925root 11241100x8000000000000000750176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcf83103ca6354a2021-12-20 15:52:25.424root 11241100x8000000000000000750177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17e278ab2509fe02021-12-20 15:52:25.424root 11241100x8000000000000000750178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7441005c520df3682021-12-20 15:52:25.424root 11241100x8000000000000000750179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a53b791670e30b2021-12-20 15:52:25.424root 11241100x8000000000000000750180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d43ed6c81c5c08f2021-12-20 15:52:25.424root 11241100x8000000000000000750181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca994ae5ee63bcb92021-12-20 15:52:25.424root 11241100x8000000000000000750182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287f46bdbbb42ef42021-12-20 15:52:25.425root 11241100x8000000000000000750183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eb210e21b27d982021-12-20 15:52:25.425root 11241100x8000000000000000750184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5201c851f47c8ea02021-12-20 15:52:25.425root 11241100x8000000000000000750185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930b7947abd4b86b2021-12-20 15:52:25.425root 11241100x8000000000000000750186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82725a2324cac34d2021-12-20 15:52:25.924root 11241100x8000000000000000750187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b4cd9ede1a38222021-12-20 15:52:25.924root 11241100x8000000000000000750188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a856b09b6ad97d2021-12-20 15:52:25.924root 11241100x8000000000000000750189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940b94152f312b02021-12-20 15:52:25.924root 11241100x8000000000000000750190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f43a8b1088b071f2021-12-20 15:52:25.925root 11241100x8000000000000000750191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1f65c4b5e3097e2021-12-20 15:52:25.925root 11241100x8000000000000000750192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5793aad76da632732021-12-20 15:52:25.925root 11241100x8000000000000000750193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b522262bcd049ce2021-12-20 15:52:25.925root 11241100x8000000000000000750194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3adbae4d351ca202021-12-20 15:52:25.925root 11241100x8000000000000000750195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326f7f6bc60976cf2021-12-20 15:52:25.925root 354300x8000000000000000750196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.210{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51308-false10.0.1.12-8000- 11241100x8000000000000000750197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba447fa1b437a0fa2021-12-20 15:52:26.211root 11241100x8000000000000000750198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497891e809f0dae02021-12-20 15:52:26.211root 11241100x8000000000000000750199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42056d6f1a64d31b2021-12-20 15:52:26.211root 11241100x8000000000000000750200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f810dc7c4c713aaa2021-12-20 15:52:26.211root 11241100x8000000000000000750201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf79c82680e75312021-12-20 15:52:26.212root 11241100x8000000000000000750202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116c3ef3cdac57e92021-12-20 15:52:26.212root 11241100x8000000000000000750203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0347df4c9ddb862021-12-20 15:52:26.212root 11241100x8000000000000000750204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e303fa40ed4970892021-12-20 15:52:26.212root 11241100x8000000000000000750205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cec5f8af3f72b742021-12-20 15:52:26.212root 11241100x8000000000000000750206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e8aea293bb10b72021-12-20 15:52:26.212root 11241100x8000000000000000750207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ae0b7e1d9ef8de2021-12-20 15:52:26.212root 11241100x8000000000000000750208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d0e52344ee867d2021-12-20 15:52:26.674root 11241100x8000000000000000750209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e55a20cd0e799882021-12-20 15:52:26.674root 11241100x8000000000000000750210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a0dd3477d65d5e2021-12-20 15:52:26.674root 11241100x8000000000000000750211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8005730d37e93fe92021-12-20 15:52:26.675root 11241100x8000000000000000750212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4a0ccb21acc6642021-12-20 15:52:26.675root 11241100x8000000000000000750213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df5b88896d08b9b2021-12-20 15:52:26.675root 11241100x8000000000000000750214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a77ce9c06cd1cf2021-12-20 15:52:26.675root 11241100x8000000000000000750215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4e843d3f6cf82c2021-12-20 15:52:26.675root 11241100x8000000000000000750216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbd4b066cb5a69d2021-12-20 15:52:26.675root 11241100x8000000000000000750217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b405216a4423b2822021-12-20 15:52:26.675root 11241100x8000000000000000750218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a830717bfa528def2021-12-20 15:52:26.675root 11241100x8000000000000000750219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d7fdb3ed8d754c2021-12-20 15:52:27.174root 11241100x8000000000000000750220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693046ff7fd55bad2021-12-20 15:52:27.174root 11241100x8000000000000000750221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e32e0bd6d2865d72021-12-20 15:52:27.174root 11241100x8000000000000000750222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc07651821186a12021-12-20 15:52:27.174root 11241100x8000000000000000750223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2157b65f3715712021-12-20 15:52:27.174root 11241100x8000000000000000750224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb0fd8b577e128c2021-12-20 15:52:27.174root 11241100x8000000000000000750225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7919d36f954e8a2021-12-20 15:52:27.175root 11241100x8000000000000000750226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3a7558255cd7522021-12-20 15:52:27.175root 11241100x8000000000000000750227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a6d09d1898fd312021-12-20 15:52:27.175root 11241100x8000000000000000750228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e408aaef50ea482021-12-20 15:52:27.175root 11241100x8000000000000000750229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff194d89947a60d2021-12-20 15:52:27.175root 11241100x8000000000000000750230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ce4789c631dd0a2021-12-20 15:52:27.674root 11241100x8000000000000000750231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efa0ba54d7aa5942021-12-20 15:52:27.674root 11241100x8000000000000000750232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bee2acfac12c262021-12-20 15:52:27.674root 11241100x8000000000000000750233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a381af7efc4053012021-12-20 15:52:27.674root 11241100x8000000000000000750234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92c075bec54e5d32021-12-20 15:52:27.675root 11241100x8000000000000000750235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f27860762d69bf2021-12-20 15:52:27.675root 11241100x8000000000000000750236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb6d8c230a7285e2021-12-20 15:52:27.675root 11241100x8000000000000000750237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a177be432c8cb5e2021-12-20 15:52:27.675root 11241100x8000000000000000750238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586438abfc5147e12021-12-20 15:52:27.675root 11241100x8000000000000000750239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ff6c641b1ce9082021-12-20 15:52:27.675root 11241100x8000000000000000750240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9ff49d5a5b93842021-12-20 15:52:27.675root 11241100x8000000000000000750241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7e9ce906913c262021-12-20 15:52:28.174root 11241100x8000000000000000750242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cf32707cd7c8402021-12-20 15:52:28.174root 11241100x8000000000000000750243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0cc033225e34c92021-12-20 15:52:28.174root 11241100x8000000000000000750244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409900c7da7c310a2021-12-20 15:52:28.174root 11241100x8000000000000000750245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eb438979ecbfa62021-12-20 15:52:28.174root 11241100x8000000000000000750246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908fa07aa1db4f342021-12-20 15:52:28.174root 11241100x8000000000000000750247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fb19c9f1dea9ac2021-12-20 15:52:28.174root 11241100x8000000000000000750248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752698f45eaaa29f2021-12-20 15:52:28.174root 11241100x8000000000000000750249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6968e473bae7fb2021-12-20 15:52:28.175root 11241100x8000000000000000750250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37734eca7e35c6382021-12-20 15:52:28.175root 11241100x8000000000000000750251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95c0d4edf8c69762021-12-20 15:52:28.175root 11241100x8000000000000000750252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b8aa914bf000762021-12-20 15:52:28.674root 11241100x8000000000000000750253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f9574abb6b67f12021-12-20 15:52:28.674root 11241100x8000000000000000750254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868be03aeeb2a0452021-12-20 15:52:28.674root 11241100x8000000000000000750255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d8eaa36d360c082021-12-20 15:52:28.675root 11241100x8000000000000000750256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabb3648f5e36ff52021-12-20 15:52:28.675root 11241100x8000000000000000750257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccf53c30b5acdac2021-12-20 15:52:28.675root 11241100x8000000000000000750258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6816b406dcbb5b2021-12-20 15:52:28.675root 11241100x8000000000000000750259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9101f85a793b2a6b2021-12-20 15:52:28.676root 11241100x8000000000000000750260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d13d95b120faa842021-12-20 15:52:28.676root 11241100x8000000000000000750261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400be2a67b6b6ab32021-12-20 15:52:28.676root 11241100x8000000000000000750262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782b89edfbdd7e562021-12-20 15:52:28.676root 11241100x8000000000000000750263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2091632d67bf0ff42021-12-20 15:52:29.174root 11241100x8000000000000000750264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90028d67a48c71d22021-12-20 15:52:29.174root 11241100x8000000000000000750265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df04e5879270f2e2021-12-20 15:52:29.174root 11241100x8000000000000000750266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f392e8c59b45dd92021-12-20 15:52:29.175root 11241100x8000000000000000750267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694609b1e15131cb2021-12-20 15:52:29.175root 11241100x8000000000000000750268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91803ed955006dd82021-12-20 15:52:29.175root 11241100x8000000000000000750269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca12ac4a0678ac0c2021-12-20 15:52:29.175root 11241100x8000000000000000750270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115e30d4c0d3ad0a2021-12-20 15:52:29.175root 11241100x8000000000000000750271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630fe6e5b386be452021-12-20 15:52:29.175root 11241100x8000000000000000750272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040ac09803df66ad2021-12-20 15:52:29.175root 11241100x8000000000000000750273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98db8f5d6fd01fb2021-12-20 15:52:29.175root 11241100x8000000000000000750274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4aec33735a84da2021-12-20 15:52:29.674root 11241100x8000000000000000750275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b23a7089ba8cef2021-12-20 15:52:29.674root 11241100x8000000000000000750276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e249e18a5a1b7d2021-12-20 15:52:29.674root 11241100x8000000000000000750277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0b29adf27f79702021-12-20 15:52:29.674root 11241100x8000000000000000750278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ffb885cf445e952021-12-20 15:52:29.674root 11241100x8000000000000000750279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f23d994b13136422021-12-20 15:52:29.675root 11241100x8000000000000000750280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec78a6aa79e73c632021-12-20 15:52:29.675root 11241100x8000000000000000750281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8304e0eed820e3b2021-12-20 15:52:29.675root 11241100x8000000000000000750282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa245b931fe10692021-12-20 15:52:29.675root 11241100x8000000000000000750283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4162423bf78e102021-12-20 15:52:29.675root 11241100x8000000000000000750284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9175bb9611449f7f2021-12-20 15:52:29.675root 11241100x8000000000000000750285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c26903e0d40c792021-12-20 15:52:30.174root 11241100x8000000000000000750286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b44a98fca132462021-12-20 15:52:30.174root 11241100x8000000000000000750287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f4c635376b0c4a2021-12-20 15:52:30.174root 11241100x8000000000000000750288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb565aab82a26ad22021-12-20 15:52:30.174root 11241100x8000000000000000750289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ed42c11a157b0d2021-12-20 15:52:30.174root 11241100x8000000000000000750290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4880bab6a3daeb982021-12-20 15:52:30.175root 11241100x8000000000000000750291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b4870edec16e492021-12-20 15:52:30.175root 11241100x8000000000000000750292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c912277882f443852021-12-20 15:52:30.175root 11241100x8000000000000000750293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc5870c5b61336c2021-12-20 15:52:30.175root 11241100x8000000000000000750294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb8d062298d98d72021-12-20 15:52:30.175root 11241100x8000000000000000750295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272deff373dea56b2021-12-20 15:52:30.175root 11241100x8000000000000000750296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3793c01f3798b12021-12-20 15:52:30.674root 11241100x8000000000000000750297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc726984d332a1d52021-12-20 15:52:30.674root 11241100x8000000000000000750298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd48bd7a0774f752021-12-20 15:52:30.674root 11241100x8000000000000000750299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef06424705372d82021-12-20 15:52:30.674root 11241100x8000000000000000750300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71933d94cb271b02021-12-20 15:52:30.674root 11241100x8000000000000000750301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaa08747822c7ae2021-12-20 15:52:30.675root 11241100x8000000000000000750302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aff9a870a1e1e962021-12-20 15:52:30.675root 11241100x8000000000000000750303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8aa7949c6779002021-12-20 15:52:30.675root 11241100x8000000000000000750304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e32fd7abc0eb452021-12-20 15:52:30.675root 11241100x8000000000000000750305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd2fb4a0d5593732021-12-20 15:52:30.675root 11241100x8000000000000000750306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71bb512b8877d642021-12-20 15:52:30.675root 11241100x8000000000000000750307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920a595b900d04622021-12-20 15:52:31.174root 11241100x8000000000000000750308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce40381e528d2e532021-12-20 15:52:31.174root 11241100x8000000000000000750309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0a875dec5e3e952021-12-20 15:52:31.174root 11241100x8000000000000000750310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93968d15d5608932021-12-20 15:52:31.174root 11241100x8000000000000000750311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e123371f84f32e932021-12-20 15:52:31.174root 11241100x8000000000000000750312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f368172adeb455152021-12-20 15:52:31.175root 11241100x8000000000000000750313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2ca544ea163adc2021-12-20 15:52:31.175root 11241100x8000000000000000750314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbc694d4a5b10f32021-12-20 15:52:31.175root 11241100x8000000000000000750315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f764bc64663e602021-12-20 15:52:31.175root 11241100x8000000000000000750316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cb33982ac9d9042021-12-20 15:52:31.175root 11241100x8000000000000000750317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04cd56dd9a572312021-12-20 15:52:31.175root 11241100x8000000000000000750318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eec461bd73cc1bd2021-12-20 15:52:31.674root 11241100x8000000000000000750319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298606c354cbc93f2021-12-20 15:52:31.674root 11241100x8000000000000000750320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400c9fa13f1dda9e2021-12-20 15:52:31.675root 11241100x8000000000000000750321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fc4c3f5d3c29a22021-12-20 15:52:31.675root 11241100x8000000000000000750322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e774e39b65293abb2021-12-20 15:52:31.675root 11241100x8000000000000000750323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb37bffe0d261382021-12-20 15:52:31.676root 11241100x8000000000000000750324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bbd4c0c6e457612021-12-20 15:52:31.676root 11241100x8000000000000000750325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0b6c3c89ec4462021-12-20 15:52:31.676root 11241100x8000000000000000750326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7cd969a494e2ee2021-12-20 15:52:31.676root 11241100x8000000000000000750327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d250230db61010c2021-12-20 15:52:31.676root 11241100x8000000000000000750328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a422f0f2f4b0df2021-12-20 15:52:31.676root 11241100x8000000000000000750329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af494927dd6391a2021-12-20 15:52:32.174root 11241100x8000000000000000750330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b4d42a30a099f62021-12-20 15:52:32.174root 11241100x8000000000000000750331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e3451195d821ce2021-12-20 15:52:32.174root 11241100x8000000000000000750332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da95d2aeeb989252021-12-20 15:52:32.174root 11241100x8000000000000000750333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bff6a7686bcfb02021-12-20 15:52:32.174root 11241100x8000000000000000750334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9799716caf182232021-12-20 15:52:32.175root 11241100x8000000000000000750335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fa0bd32afe3d9e2021-12-20 15:52:32.175root 11241100x8000000000000000750336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2b804c2a7ac4a2021-12-20 15:52:32.175root 11241100x8000000000000000750337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f034113988285c742021-12-20 15:52:32.175root 11241100x8000000000000000750338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa34a46a0847a4f2021-12-20 15:52:32.175root 11241100x8000000000000000750339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f054729e5d8390f62021-12-20 15:52:32.175root 354300x8000000000000000750340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.196{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51310-false10.0.1.12-8000- 11241100x8000000000000000750341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5db102a4a088f32021-12-20 15:52:32.674root 11241100x8000000000000000750342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6e7de1aa160f3a2021-12-20 15:52:32.675root 11241100x8000000000000000750343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81383f1f118fb8d2021-12-20 15:52:32.675root 11241100x8000000000000000750344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fd0a00df11c01f2021-12-20 15:52:32.675root 11241100x8000000000000000750345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576213bdae1d02342021-12-20 15:52:32.675root 11241100x8000000000000000750346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e75f66cbc684ba2021-12-20 15:52:32.675root 11241100x8000000000000000750347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a524fbec67effdf2021-12-20 15:52:32.675root 11241100x8000000000000000750348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d95919ca6fea7b72021-12-20 15:52:32.675root 11241100x8000000000000000750349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c63427d4c0f6a862021-12-20 15:52:32.675root 11241100x8000000000000000750350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b822ae707ad6c12021-12-20 15:52:32.675root 11241100x8000000000000000750351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d281b526bd411432021-12-20 15:52:32.675root 11241100x8000000000000000750352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b44e7d3030803c2021-12-20 15:52:32.676root 11241100x8000000000000000750353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aeb4cc9635a0622021-12-20 15:52:33.174root 11241100x8000000000000000750354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ad42e7e6275a202021-12-20 15:52:33.174root 11241100x8000000000000000750355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b4417d8956c4452021-12-20 15:52:33.174root 11241100x8000000000000000750356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178cc1b4a8c1ff5e2021-12-20 15:52:33.174root 11241100x8000000000000000750357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd978b2c7579cc32021-12-20 15:52:33.174root 11241100x8000000000000000750358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a352d2523456cf82021-12-20 15:52:33.174root 11241100x8000000000000000750359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a302d8a9488f61cf2021-12-20 15:52:33.175root 11241100x8000000000000000750360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed449e091b84c9822021-12-20 15:52:33.175root 11241100x8000000000000000750361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb43b5a0e9288e22021-12-20 15:52:33.175root 11241100x8000000000000000750362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc354137b50fa9192021-12-20 15:52:33.175root 11241100x8000000000000000750363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e538fdf4656421ce2021-12-20 15:52:33.175root 11241100x8000000000000000750364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2b46a5766645ce2021-12-20 15:52:33.175root 11241100x8000000000000000750365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad5904dc21dfd152021-12-20 15:52:33.674root 11241100x8000000000000000750366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a174e9302fb6632021-12-20 15:52:33.674root 11241100x8000000000000000750367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71760b49afae057e2021-12-20 15:52:33.674root 11241100x8000000000000000750368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfada534414618c92021-12-20 15:52:33.674root 11241100x8000000000000000750369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bca30fd00d3e6d62021-12-20 15:52:33.674root 11241100x8000000000000000750370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32d939896506f102021-12-20 15:52:33.674root 11241100x8000000000000000750371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d5c39f73c1a8642021-12-20 15:52:33.675root 11241100x8000000000000000750372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ab4ab766fd74b32021-12-20 15:52:33.675root 11241100x8000000000000000750373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6485aafae54089162021-12-20 15:52:33.675root 11241100x8000000000000000750374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3150be2d89adf22021-12-20 15:52:33.675root 11241100x8000000000000000750375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b185f60830b92e852021-12-20 15:52:33.675root 11241100x8000000000000000750376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17dcbecfe3febef2021-12-20 15:52:33.675root 11241100x8000000000000000750377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6250e270490df7e92021-12-20 15:52:34.174root 11241100x8000000000000000750378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a2f73a25057cc42021-12-20 15:52:34.174root 11241100x8000000000000000750379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ecb394e1c7c4ab2021-12-20 15:52:34.174root 11241100x8000000000000000750380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484d0ade15900cc92021-12-20 15:52:34.174root 11241100x8000000000000000750381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c65be30d0fc70c22021-12-20 15:52:34.174root 11241100x8000000000000000750382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30daebc910102e5d2021-12-20 15:52:34.174root 11241100x8000000000000000750383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b273204f164922652021-12-20 15:52:34.174root 11241100x8000000000000000750384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59535de8d35254df2021-12-20 15:52:34.175root 11241100x8000000000000000750385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca958665247503d2021-12-20 15:52:34.175root 11241100x8000000000000000750386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03872569cd1889b82021-12-20 15:52:34.175root 11241100x8000000000000000750387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0824d41471d963822021-12-20 15:52:34.175root 11241100x8000000000000000750388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8a4fcc0c9f83092021-12-20 15:52:34.175root 11241100x8000000000000000750389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3f18424da9a7ea2021-12-20 15:52:34.674root 11241100x8000000000000000750390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcf442575c69ab42021-12-20 15:52:34.674root 11241100x8000000000000000750391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b068cda05c7b45272021-12-20 15:52:34.674root 11241100x8000000000000000750392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4df853d0237ec32021-12-20 15:52:34.674root 11241100x8000000000000000750393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f345bfea5d589d42021-12-20 15:52:34.674root 11241100x8000000000000000750394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0ec258eb03d7332021-12-20 15:52:34.675root 11241100x8000000000000000750395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47298fba9dd10d642021-12-20 15:52:34.675root 11241100x8000000000000000750396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f638afa89e66c57f2021-12-20 15:52:34.675root 11241100x8000000000000000750397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd4ebc99b67eeb92021-12-20 15:52:34.675root 11241100x8000000000000000750398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229f67947cedd0ba2021-12-20 15:52:34.675root 11241100x8000000000000000750399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8a3fe5af54d7de2021-12-20 15:52:34.675root 11241100x8000000000000000750400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1010378d203629e02021-12-20 15:52:34.675root 11241100x8000000000000000750401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b076c39b8334e7dd2021-12-20 15:52:35.174root 11241100x8000000000000000750402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6847fcc280ce2b842021-12-20 15:52:35.174root 11241100x8000000000000000750403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e039c3ab55a6caeb2021-12-20 15:52:35.174root 11241100x8000000000000000750404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044520e170e6957c2021-12-20 15:52:35.174root 11241100x8000000000000000750405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa4909218c4a4f12021-12-20 15:52:35.175root 11241100x8000000000000000750406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482029ff93f255322021-12-20 15:52:35.175root 11241100x8000000000000000750407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d06bdff5d379b92021-12-20 15:52:35.175root 11241100x8000000000000000750408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71af83b730b9be442021-12-20 15:52:35.175root 11241100x8000000000000000750409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51980928302c83cd2021-12-20 15:52:35.175root 11241100x8000000000000000750410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1116c970f242046e2021-12-20 15:52:35.175root 11241100x8000000000000000750411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee8227f805993d32021-12-20 15:52:35.175root 11241100x8000000000000000750412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52869133a8abfda52021-12-20 15:52:35.175root 11241100x8000000000000000750413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f497b489bffa8e8e2021-12-20 15:52:35.674root 11241100x8000000000000000750414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653dc86dc2ec32642021-12-20 15:52:35.674root 11241100x8000000000000000750415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1742ad7804b346e62021-12-20 15:52:35.674root 11241100x8000000000000000750416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25e787e2e2986002021-12-20 15:52:35.674root 11241100x8000000000000000750417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc76e7d6d10c73d2021-12-20 15:52:35.674root 11241100x8000000000000000750418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de12cca84e012a652021-12-20 15:52:35.674root 11241100x8000000000000000750419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282c3ec22239d13c2021-12-20 15:52:35.675root 11241100x8000000000000000750420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c4ac5c6cd184e02021-12-20 15:52:35.675root 11241100x8000000000000000750421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442f87f81126a8232021-12-20 15:52:35.675root 11241100x8000000000000000750422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a117adc83096bc2021-12-20 15:52:35.675root 11241100x8000000000000000750423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737d6913c8b652bb2021-12-20 15:52:35.675root 11241100x8000000000000000750424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9916acfdfc0894682021-12-20 15:52:35.675root 11241100x8000000000000000750425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:52:36.069root 11241100x8000000000000000750426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ed233900d7296b2021-12-20 15:52:36.071root 11241100x8000000000000000750427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85467aff009a14662021-12-20 15:52:36.071root 11241100x8000000000000000750428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc2995315d0de122021-12-20 15:52:36.071root 11241100x8000000000000000750429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9213364fd01048692021-12-20 15:52:36.071root 11241100x8000000000000000750430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ea7b83f9da9fe62021-12-20 15:52:36.071root 11241100x8000000000000000750431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bf6da4b1fb872e2021-12-20 15:52:36.071root 11241100x8000000000000000750432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce69e939ca13c582021-12-20 15:52:36.071root 11241100x8000000000000000750433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa87a518af2728b32021-12-20 15:52:36.072root 11241100x8000000000000000750434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0217c4a51a73d62021-12-20 15:52:36.072root 11241100x8000000000000000750435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179c0a609eafefe32021-12-20 15:52:36.072root 11241100x8000000000000000750436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4182a5f9f00ab52021-12-20 15:52:36.072root 11241100x8000000000000000750437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9306519fb907e922021-12-20 15:52:36.073root 11241100x8000000000000000750438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d968646c5ed96022021-12-20 15:52:36.424root 11241100x8000000000000000750439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9084a6ea01d670062021-12-20 15:52:36.424root 11241100x8000000000000000750440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b84cc5972fc4b92021-12-20 15:52:36.424root 11241100x8000000000000000750441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff5ed605203cc102021-12-20 15:52:36.424root 11241100x8000000000000000750442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26729b86d1b8af932021-12-20 15:52:36.424root 11241100x8000000000000000750443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2650068aa459b9a02021-12-20 15:52:36.424root 11241100x8000000000000000750444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832574c6f65ee69d2021-12-20 15:52:36.424root 11241100x8000000000000000750445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f144c25bd333b92021-12-20 15:52:36.425root 11241100x8000000000000000750446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733ac1c4fdb79c642021-12-20 15:52:36.425root 11241100x8000000000000000750447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811e5b543b1eb0022021-12-20 15:52:36.425root 11241100x8000000000000000750448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770a72f97cdf36d82021-12-20 15:52:36.425root 11241100x8000000000000000750449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5207deb977ea0632021-12-20 15:52:36.425root 11241100x8000000000000000750450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b25d3f88f77caeb2021-12-20 15:52:36.425root 11241100x8000000000000000750451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711bb499ed10e90d2021-12-20 15:52:36.924root 11241100x8000000000000000750452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e097e1ea1492a12021-12-20 15:52:36.924root 11241100x8000000000000000750453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3bed137f35efad2021-12-20 15:52:36.924root 11241100x8000000000000000750454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5b5c706246c53d2021-12-20 15:52:36.924root 11241100x8000000000000000750455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7194fd9f4a0fb14c2021-12-20 15:52:36.924root 11241100x8000000000000000750456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b533f6cea8a8152d2021-12-20 15:52:36.925root 11241100x8000000000000000750457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97a3a9b49a917cc2021-12-20 15:52:36.925root 11241100x8000000000000000750458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9937baa3ac446a812021-12-20 15:52:36.925root 11241100x8000000000000000750459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2abd29947668152021-12-20 15:52:36.925root 11241100x8000000000000000750460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25216f7dbdedb2e12021-12-20 15:52:36.925root 11241100x8000000000000000750461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721b99253fe6e4e42021-12-20 15:52:36.925root 11241100x8000000000000000750462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3000969e4d3f6f52021-12-20 15:52:36.925root 11241100x8000000000000000750463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc6fbc23d02d09b2021-12-20 15:52:36.925root 11241100x8000000000000000750464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c74a199c80e7f2021-12-20 15:52:37.424root 11241100x8000000000000000750465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09048a68bf0c0e292021-12-20 15:52:37.424root 11241100x8000000000000000750466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbef3227aea7abe2021-12-20 15:52:37.424root 11241100x8000000000000000750467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f488023ffd6f9d2021-12-20 15:52:37.424root 11241100x8000000000000000750468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8660672ba7126e872021-12-20 15:52:37.425root 11241100x8000000000000000750469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ed4fafa4030c812021-12-20 15:52:37.425root 11241100x8000000000000000750470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a153d30e29b0b62021-12-20 15:52:37.426root 11241100x8000000000000000750471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0704fc81d27a9dc82021-12-20 15:52:37.426root 11241100x8000000000000000750472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395791eb73db14522021-12-20 15:52:37.426root 11241100x8000000000000000750473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7107cef9d14a11e2021-12-20 15:52:37.426root 11241100x8000000000000000750474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030b7bc03e16bb062021-12-20 15:52:37.426root 11241100x8000000000000000750475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3631152d95235202021-12-20 15:52:37.426root 11241100x8000000000000000750476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacdf07b1bf2cfc12021-12-20 15:52:37.426root 11241100x8000000000000000750477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd80f71443dc91ee2021-12-20 15:52:37.924root 11241100x8000000000000000750478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d776d4cb468a52021-12-20 15:52:37.924root 11241100x8000000000000000750479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17515d281d5db98b2021-12-20 15:52:37.924root 11241100x8000000000000000750480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf9df43e31046d2021-12-20 15:52:37.924root 11241100x8000000000000000750481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5867ca0fb1bf6a602021-12-20 15:52:37.924root 11241100x8000000000000000750482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db47ac0783fa56522021-12-20 15:52:37.924root 11241100x8000000000000000750483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354176bb04b4a5742021-12-20 15:52:37.924root 11241100x8000000000000000750484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8ede52077392ed2021-12-20 15:52:37.925root 11241100x8000000000000000750485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9c149d36daa61b2021-12-20 15:52:37.925root 11241100x8000000000000000750486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929cecd8dfff95912021-12-20 15:52:37.925root 11241100x8000000000000000750487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b359ee3970f53c42021-12-20 15:52:37.925root 11241100x8000000000000000750488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5fb2a91722778d2021-12-20 15:52:37.925root 11241100x8000000000000000750489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71c96c1f4e3499a2021-12-20 15:52:37.925root 354300x8000000000000000750490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.177{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51312-false10.0.1.12-8000- 11241100x8000000000000000750491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169c2ec76241179a2021-12-20 15:52:38.177root 11241100x8000000000000000750492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfe43c1c91f096e2021-12-20 15:52:38.178root 11241100x8000000000000000750493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c939046e16cc4642021-12-20 15:52:38.178root 11241100x8000000000000000750494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f43f1ad2915662d2021-12-20 15:52:38.178root 11241100x8000000000000000750495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a937f6d9fea97a7b2021-12-20 15:52:38.178root 11241100x8000000000000000750496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba33b3df2cdab232021-12-20 15:52:38.178root 11241100x8000000000000000750497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc470428651930ba2021-12-20 15:52:38.178root 11241100x8000000000000000750498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a308053e78ed92362021-12-20 15:52:38.179root 11241100x8000000000000000750499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bea1422e257d7912021-12-20 15:52:38.179root 11241100x8000000000000000750500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb687e367f1e2402021-12-20 15:52:38.179root 11241100x8000000000000000750501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c617e35268f65b52021-12-20 15:52:38.179root 11241100x8000000000000000750502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd1a4858a234ee22021-12-20 15:52:38.179root 11241100x8000000000000000750503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1469d5780b4d53882021-12-20 15:52:38.179root 11241100x8000000000000000750504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c228ac00ccd00f2021-12-20 15:52:38.179root 11241100x8000000000000000750505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cfb5766209936f2021-12-20 15:52:38.179root 11241100x8000000000000000750506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8bce46c9a4c5d72021-12-20 15:52:38.180root 11241100x8000000000000000750507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881d73e165733d4a2021-12-20 15:52:38.180root 11241100x8000000000000000750508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690277b41a7fd1f42021-12-20 15:52:38.674root 11241100x8000000000000000750509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e337bdd1b251cb2021-12-20 15:52:38.674root 11241100x8000000000000000750510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b314e6a53221bc2021-12-20 15:52:38.675root 11241100x8000000000000000750511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57a66a76319be1a2021-12-20 15:52:38.675root 11241100x8000000000000000750512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fda52d65d8002ea2021-12-20 15:52:38.675root 11241100x8000000000000000750513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2375671fc37bdb2021-12-20 15:52:38.675root 11241100x8000000000000000750514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82084c68172b7d8d2021-12-20 15:52:38.675root 11241100x8000000000000000750515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3909720dea035bbf2021-12-20 15:52:38.675root 11241100x8000000000000000750516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed42409ea332b5a72021-12-20 15:52:38.675root 11241100x8000000000000000750517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12010c80bf7468002021-12-20 15:52:38.675root 11241100x8000000000000000750518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197ec97d50a088142021-12-20 15:52:38.675root 11241100x8000000000000000750519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd658a8b6f430c602021-12-20 15:52:38.675root 11241100x8000000000000000750520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ff98cf901d2a2f2021-12-20 15:52:38.675root 11241100x8000000000000000750521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17824bec164a69b92021-12-20 15:52:38.675root 23542300x8000000000000000750522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.071{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000750523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a023d09cd5a3aa82021-12-20 15:52:39.072root 11241100x8000000000000000750524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2e1003cd2a7ae82021-12-20 15:52:39.072root 11241100x8000000000000000750525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f81e65d54f3274b2021-12-20 15:52:39.073root 11241100x8000000000000000750526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cc1207e17bc4b92021-12-20 15:52:39.073root 11241100x8000000000000000750527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffa550feb3ee0162021-12-20 15:52:39.073root 11241100x8000000000000000750528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f7d421b93240002021-12-20 15:52:39.073root 11241100x8000000000000000750529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0583a01e6d9bd72021-12-20 15:52:39.073root 11241100x8000000000000000750530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb0c2eb9bd2f2dd2021-12-20 15:52:39.074root 11241100x8000000000000000750531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7878d3a1ced6bd052021-12-20 15:52:39.074root 11241100x8000000000000000750532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c8921e6ada59ef2021-12-20 15:52:39.074root 11241100x8000000000000000750533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e132236b865bda2021-12-20 15:52:39.074root 11241100x8000000000000000750534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bb3a55b718a70a2021-12-20 15:52:39.074root 11241100x8000000000000000750535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9f252a13a85a482021-12-20 15:52:39.074root 11241100x8000000000000000750536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4409f75daf592e862021-12-20 15:52:39.074root 11241100x8000000000000000750537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37a34e400ce95612021-12-20 15:52:39.075root 11241100x8000000000000000750538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9203304dafe78ec42021-12-20 15:52:39.075root 11241100x8000000000000000750539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b26fdc5f622630a2021-12-20 15:52:39.424root 11241100x8000000000000000750540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1055863ef2e4b4eb2021-12-20 15:52:39.424root 11241100x8000000000000000750541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df19eac26c4bca32021-12-20 15:52:39.424root 11241100x8000000000000000750542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd71c0bef1116a392021-12-20 15:52:39.424root 11241100x8000000000000000750543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974e7dad08dbe4a72021-12-20 15:52:39.424root 11241100x8000000000000000750544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7e5591de03bd0f2021-12-20 15:52:39.424root 11241100x8000000000000000750545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e87b19adf5f97b22021-12-20 15:52:39.425root 11241100x8000000000000000750546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6526c929d3a4cad22021-12-20 15:52:39.425root 11241100x8000000000000000750547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a5fea704ec39982021-12-20 15:52:39.425root 11241100x8000000000000000750548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286df88c679232242021-12-20 15:52:39.425root 11241100x8000000000000000750549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0bdd58684212d12021-12-20 15:52:39.425root 11241100x8000000000000000750550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea9c9f311f6e6932021-12-20 15:52:39.425root 11241100x8000000000000000750551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9bb25ad848e17b2021-12-20 15:52:39.425root 11241100x8000000000000000750552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9273aedb16cfda22021-12-20 15:52:39.425root 11241100x8000000000000000750553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6335ab70eabb4f2021-12-20 15:52:39.425root 11241100x8000000000000000750554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc22fe3978bdb7f2021-12-20 15:52:39.924root 11241100x8000000000000000750555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4b1acacfa450a82021-12-20 15:52:39.924root 11241100x8000000000000000750556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfd05e84a5ff7da2021-12-20 15:52:39.924root 11241100x8000000000000000750557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28364548078d863c2021-12-20 15:52:39.924root 11241100x8000000000000000750558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93ca54cdd4739f82021-12-20 15:52:39.925root 11241100x8000000000000000750559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931be50d88e3bff82021-12-20 15:52:39.925root 11241100x8000000000000000750560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28fc60e65e5097c2021-12-20 15:52:39.925root 11241100x8000000000000000750561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581708e35c88815c2021-12-20 15:52:39.925root 11241100x8000000000000000750562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26da41a755b93b32021-12-20 15:52:39.925root 11241100x8000000000000000750563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0818343ffc93d6082021-12-20 15:52:39.925root 11241100x8000000000000000750564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465c763ee2cc41152021-12-20 15:52:39.925root 11241100x8000000000000000750565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58ad04630ff1e372021-12-20 15:52:39.925root 11241100x8000000000000000750566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba63f10dad4139462021-12-20 15:52:39.925root 11241100x8000000000000000750567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488592cc270892b82021-12-20 15:52:39.925root 11241100x8000000000000000750568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84782738377f2722021-12-20 15:52:39.926root 11241100x8000000000000000750569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6920eedad708e2be2021-12-20 15:52:40.424root 11241100x8000000000000000750570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ac51efb84edb372021-12-20 15:52:40.424root 11241100x8000000000000000750571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45b5e76ae79a3622021-12-20 15:52:40.424root 11241100x8000000000000000750572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506b005ff12fb0e02021-12-20 15:52:40.424root 11241100x8000000000000000750573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4138aee475dedf2021-12-20 15:52:40.424root 11241100x8000000000000000750574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d299d494d0f1da402021-12-20 15:52:40.424root 11241100x8000000000000000750575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0eefaa2c0fb23822021-12-20 15:52:40.424root 11241100x8000000000000000750576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab8d2d43464e6b82021-12-20 15:52:40.424root 11241100x8000000000000000750577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c7463cf9b5660f2021-12-20 15:52:40.424root 11241100x8000000000000000750578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5424221ccc39ce2021-12-20 15:52:40.425root 11241100x8000000000000000750579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0c9a3ec4b245ad2021-12-20 15:52:40.425root 11241100x8000000000000000750580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0413e1164e4fca92021-12-20 15:52:40.425root 11241100x8000000000000000750581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9b66bf28657e182021-12-20 15:52:40.425root 11241100x8000000000000000750582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c420c827cfa2bed2021-12-20 15:52:40.425root 11241100x8000000000000000750583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba7be74bcd369cf2021-12-20 15:52:40.425root 11241100x8000000000000000750584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcda9525b3c088ca2021-12-20 15:52:40.924root 11241100x8000000000000000750585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c58c7d5e33ca7542021-12-20 15:52:40.924root 11241100x8000000000000000750586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7a11bae59893452021-12-20 15:52:40.924root 11241100x8000000000000000750587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8b3ee30cccb8ee2021-12-20 15:52:40.925root 11241100x8000000000000000750588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483e47f6130f943e2021-12-20 15:52:40.925root 11241100x8000000000000000750589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42352c74fa4ec5af2021-12-20 15:52:40.925root 11241100x8000000000000000750590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73488728f7c25a522021-12-20 15:52:40.925root 11241100x8000000000000000750591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1e23c05ab2662c2021-12-20 15:52:40.925root 11241100x8000000000000000750592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed4d754942866552021-12-20 15:52:40.925root 11241100x8000000000000000750593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb7322d695544e2021-12-20 15:52:40.925root 11241100x8000000000000000750594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4d85e08f56f4c72021-12-20 15:52:40.925root 11241100x8000000000000000750595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089f5bf84b67811a2021-12-20 15:52:40.925root 11241100x8000000000000000750596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b425837686f0582021-12-20 15:52:40.925root 11241100x8000000000000000750597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353b9ebeb0386d002021-12-20 15:52:40.925root 11241100x8000000000000000750598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7eb03ca9dcae962021-12-20 15:52:40.925root 11241100x8000000000000000750599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e470066569a1a91c2021-12-20 15:52:41.424root 11241100x8000000000000000750600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9563a48737feb5952021-12-20 15:52:41.424root 11241100x8000000000000000750601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137b64066e320482021-12-20 15:52:41.424root 11241100x8000000000000000750602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742039b9945262d32021-12-20 15:52:41.424root 11241100x8000000000000000750603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3759a05188b337a82021-12-20 15:52:41.424root 11241100x8000000000000000750604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afdf3d658db4ef32021-12-20 15:52:41.425root 11241100x8000000000000000750605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033d18fee5668a802021-12-20 15:52:41.425root 11241100x8000000000000000750606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfb4bc75cfe1a7f2021-12-20 15:52:41.425root 11241100x8000000000000000750607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0f623c3acadcb32021-12-20 15:52:41.425root 11241100x8000000000000000750608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b68aab93a0f8432021-12-20 15:52:41.425root 11241100x8000000000000000750609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba0ea73e4ec846e2021-12-20 15:52:41.425root 11241100x8000000000000000750610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0797bcff623a91492021-12-20 15:52:41.425root 11241100x8000000000000000750611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4898b3eb2b12662021-12-20 15:52:41.425root 11241100x8000000000000000750612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146ec63c526b24ab2021-12-20 15:52:41.425root 11241100x8000000000000000750613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64b96ad9e580d192021-12-20 15:52:41.425root 11241100x8000000000000000750614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce4f77cadf7dca52021-12-20 15:52:41.924root 11241100x8000000000000000750615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d16f7ef12a84812021-12-20 15:52:41.924root 11241100x8000000000000000750616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ad9bade4f64d2a2021-12-20 15:52:41.924root 11241100x8000000000000000750617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0aa1ff43486c1232021-12-20 15:52:41.924root 11241100x8000000000000000750618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe704f2d93588faf2021-12-20 15:52:41.925root 11241100x8000000000000000750619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9630162e84896fb22021-12-20 15:52:41.925root 11241100x8000000000000000750620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdf02206fcbc35f2021-12-20 15:52:41.925root 11241100x8000000000000000750621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a267d1bdeded1c272021-12-20 15:52:41.925root 11241100x8000000000000000750622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd959e78f8d90b82021-12-20 15:52:41.925root 11241100x8000000000000000750623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196f5ea3ea452a4e2021-12-20 15:52:41.925root 11241100x8000000000000000750624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0833a2a767225a542021-12-20 15:52:41.925root 11241100x8000000000000000750625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458bcd030d7cfa232021-12-20 15:52:41.925root 11241100x8000000000000000750626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192fd920d0bdfa122021-12-20 15:52:41.925root 11241100x8000000000000000750627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bc3ecb369621822021-12-20 15:52:41.925root 11241100x8000000000000000750628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa8cd58f893f9632021-12-20 15:52:41.925root 11241100x8000000000000000750629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406e33d4473002f32021-12-20 15:52:42.424root 11241100x8000000000000000750630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1b7c5d5755959d2021-12-20 15:52:42.424root 11241100x8000000000000000750631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f58f87513d3f072021-12-20 15:52:42.424root 11241100x8000000000000000750632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3241535f273c49d32021-12-20 15:52:42.424root 11241100x8000000000000000750633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d673dd3db969653c2021-12-20 15:52:42.425root 11241100x8000000000000000750634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a621c5b627ed33662021-12-20 15:52:42.425root 11241100x8000000000000000750635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb920bf58af43d8a2021-12-20 15:52:42.425root 11241100x8000000000000000750636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a467aff1604c98812021-12-20 15:52:42.425root 11241100x8000000000000000750637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de8e0a4b581a132021-12-20 15:52:42.425root 11241100x8000000000000000750638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4906cb667ada14bc2021-12-20 15:52:42.425root 11241100x8000000000000000750639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e0100fb7e2ba382021-12-20 15:52:42.425root 11241100x8000000000000000750640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e8d7d5dd8e9a622021-12-20 15:52:42.425root 11241100x8000000000000000750641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4d7dd5da6e8ed82021-12-20 15:52:42.425root 11241100x8000000000000000750642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f4f6945b3d55b62021-12-20 15:52:42.425root 11241100x8000000000000000750643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0f43411061482c2021-12-20 15:52:42.425root 11241100x8000000000000000750644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d19936499323ca12021-12-20 15:52:42.925root 11241100x8000000000000000750645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1790f1d69ff4109c2021-12-20 15:52:42.925root 11241100x8000000000000000750646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1f2cd172a2d3df2021-12-20 15:52:42.925root 11241100x8000000000000000750647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09650500620725ae2021-12-20 15:52:42.925root 11241100x8000000000000000750648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317f43ecbaf0adec2021-12-20 15:52:42.925root 11241100x8000000000000000750649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd654d99fcd608fe2021-12-20 15:52:42.925root 11241100x8000000000000000750650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cb5f0ca93a13852021-12-20 15:52:42.925root 11241100x8000000000000000750651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31309de8a34937fe2021-12-20 15:52:42.925root 11241100x8000000000000000750652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6e8b776dab58182021-12-20 15:52:42.925root 11241100x8000000000000000750653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3074473740f89ae42021-12-20 15:52:42.926root 11241100x8000000000000000750654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4fe36f1dd914d22021-12-20 15:52:42.926root 11241100x8000000000000000750655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f405bfcc4c417032021-12-20 15:52:42.926root 11241100x8000000000000000750656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51027d87bf1735022021-12-20 15:52:42.926root 11241100x8000000000000000750657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704ff9f829efd4ce2021-12-20 15:52:42.926root 11241100x8000000000000000750658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2c8d8e30c8721e2021-12-20 15:52:42.927root 11241100x8000000000000000750659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2597e1789f32c02021-12-20 15:52:43.424root 11241100x8000000000000000750660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512557afc00bb00b2021-12-20 15:52:43.424root 11241100x8000000000000000750661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4683a3588c58fa262021-12-20 15:52:43.424root 11241100x8000000000000000750662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f28d52157312562021-12-20 15:52:43.424root 11241100x8000000000000000750663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8782de6b562352f92021-12-20 15:52:43.424root 11241100x8000000000000000750664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e8661d713df40d2021-12-20 15:52:43.424root 11241100x8000000000000000750665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469732e24d4d141d2021-12-20 15:52:43.424root 11241100x8000000000000000750666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae927901c403e50c2021-12-20 15:52:43.424root 11241100x8000000000000000750667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5f22b6d9646a152021-12-20 15:52:43.425root 11241100x8000000000000000750668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acd91fd4afed2662021-12-20 15:52:43.425root 11241100x8000000000000000750669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c383f6ae5268e88a2021-12-20 15:52:43.425root 11241100x8000000000000000750670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbaf4cece388e8b2021-12-20 15:52:43.425root 11241100x8000000000000000750671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70da06bb8f6aca1f2021-12-20 15:52:43.425root 11241100x8000000000000000750672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d9ac9abe2f5c522021-12-20 15:52:43.425root 11241100x8000000000000000750673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73cfbf4100ac5b92021-12-20 15:52:43.425root 11241100x8000000000000000750674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b20a7c309958f312021-12-20 15:52:43.924root 11241100x8000000000000000750675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db7fb0a7e123aaf2021-12-20 15:52:43.924root 11241100x8000000000000000750676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba70f606d1d3637e2021-12-20 15:52:43.924root 11241100x8000000000000000750677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8afd7818a3bf20a2021-12-20 15:52:43.924root 11241100x8000000000000000750678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abf295ff8aff6b62021-12-20 15:52:43.925root 11241100x8000000000000000750679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3765884a7b80222021-12-20 15:52:43.925root 11241100x8000000000000000750680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0a07b42babf6982021-12-20 15:52:43.925root 11241100x8000000000000000750681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f6eebae1cce47a2021-12-20 15:52:43.925root 11241100x8000000000000000750682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f99f5da6c1e05e92021-12-20 15:52:43.925root 11241100x8000000000000000750683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677ac1f3aff5129d2021-12-20 15:52:43.925root 11241100x8000000000000000750684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c706554b88db880e2021-12-20 15:52:43.925root 11241100x8000000000000000750685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b1de14a80c1c402021-12-20 15:52:43.925root 11241100x8000000000000000750686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ee861cca8c003f2021-12-20 15:52:43.925root 11241100x8000000000000000750687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6063d6b3a8cb232021-12-20 15:52:43.925root 11241100x8000000000000000750688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac24c7abd4843abd2021-12-20 15:52:43.926root 354300x8000000000000000750689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.162{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51314-false10.0.1.12-8000- 11241100x8000000000000000750690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0abf4d4cf529b0d2021-12-20 15:52:44.424root 11241100x8000000000000000750691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2681ddfcd7d0b62021-12-20 15:52:44.424root 11241100x8000000000000000750692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6cbb76ca849bac2021-12-20 15:52:44.424root 11241100x8000000000000000750693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc41a35b63a94652021-12-20 15:52:44.425root 11241100x8000000000000000750694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17397a941bfeba12021-12-20 15:52:44.425root 11241100x8000000000000000750695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293d0741235a882e2021-12-20 15:52:44.425root 11241100x8000000000000000750696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a646a917f28a6df2021-12-20 15:52:44.425root 11241100x8000000000000000750697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bdae7b45ed07ec2021-12-20 15:52:44.425root 11241100x8000000000000000750698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c91016d14d275402021-12-20 15:52:44.425root 11241100x8000000000000000750699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a756cee374fdf1b2021-12-20 15:52:44.425root 11241100x8000000000000000750700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f774536ab38955622021-12-20 15:52:44.425root 11241100x8000000000000000750701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042f04102788c3272021-12-20 15:52:44.425root 11241100x8000000000000000750702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3ed6d3e6d546ec2021-12-20 15:52:44.425root 11241100x8000000000000000750703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8dddd7dd20fa802021-12-20 15:52:44.425root 11241100x8000000000000000750704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592bdbb61477dfb12021-12-20 15:52:44.425root 11241100x8000000000000000750705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5206f8f6db9b82c82021-12-20 15:52:44.425root 11241100x8000000000000000750706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12a3ec6e32cd8ed2021-12-20 15:52:44.924root 11241100x8000000000000000750707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb415fb5167bcaf2021-12-20 15:52:44.924root 11241100x8000000000000000750708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46f2c412c3f214d2021-12-20 15:52:44.924root 11241100x8000000000000000750709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4585a17f7c78c72021-12-20 15:52:44.924root 11241100x8000000000000000750710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5313efca4e619da02021-12-20 15:52:44.925root 11241100x8000000000000000750711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423cfb3a548d77a32021-12-20 15:52:44.925root 11241100x8000000000000000750712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf0a6736e587bf12021-12-20 15:52:44.925root 11241100x8000000000000000750713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f00cdf4551cc352021-12-20 15:52:44.925root 11241100x8000000000000000750714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08aab7152bece072021-12-20 15:52:44.925root 11241100x8000000000000000750715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729392efd5e60f0b2021-12-20 15:52:44.925root 11241100x8000000000000000750716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff17df61a7d4c0332021-12-20 15:52:44.925root 11241100x8000000000000000750717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4d8d44c57467a62021-12-20 15:52:44.925root 11241100x8000000000000000750718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12be15a2ac7ac7052021-12-20 15:52:44.925root 11241100x8000000000000000750719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d2524c464de7032021-12-20 15:52:44.925root 11241100x8000000000000000750720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47e972fcdc3338a2021-12-20 15:52:44.925root 11241100x8000000000000000750721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3a29be40b37d992021-12-20 15:52:44.925root 11241100x8000000000000000750722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd04e9b16a4a1e62021-12-20 15:52:45.424root 11241100x8000000000000000750723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4e6e5d42ae21fc2021-12-20 15:52:45.424root 11241100x8000000000000000750724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e902470e47b7f22021-12-20 15:52:45.424root 11241100x8000000000000000750725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e29836188c4b7b72021-12-20 15:52:45.425root 11241100x8000000000000000750726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2572d3ded7ca8d72021-12-20 15:52:45.425root 11241100x8000000000000000750727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a2d1f3dd2579132021-12-20 15:52:45.425root 11241100x8000000000000000750728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6c14eb4093e6fc2021-12-20 15:52:45.425root 11241100x8000000000000000750729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0684b1469c4a3fb2021-12-20 15:52:45.425root 11241100x8000000000000000750730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34ed6d5658db8152021-12-20 15:52:45.425root 11241100x8000000000000000750731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bc871a3690fb842021-12-20 15:52:45.425root 11241100x8000000000000000750732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da35d23adfc478242021-12-20 15:52:45.425root 11241100x8000000000000000750733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857dfe06574c0ace2021-12-20 15:52:45.425root 11241100x8000000000000000750734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4850395dd4d868862021-12-20 15:52:45.425root 11241100x8000000000000000750735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf8a0e2e2912ac2021-12-20 15:52:45.425root 11241100x8000000000000000750736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401f137f0163efa32021-12-20 15:52:45.425root 11241100x8000000000000000750737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c960dd5362e6852021-12-20 15:52:45.425root 11241100x8000000000000000750738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c579dccc65cbf1252021-12-20 15:52:45.924root 11241100x8000000000000000750739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97acb218d271d602021-12-20 15:52:45.924root 11241100x8000000000000000750740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cf57bddc0e10532021-12-20 15:52:45.924root 11241100x8000000000000000750741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e36df5ef814d5742021-12-20 15:52:45.924root 11241100x8000000000000000750742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69899e54364373e02021-12-20 15:52:45.925root 11241100x8000000000000000750743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579f0fa1ff2f1ee22021-12-20 15:52:45.925root 11241100x8000000000000000750744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67212e9a4b3b4f92021-12-20 15:52:45.925root 11241100x8000000000000000750745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eb0543e39535db2021-12-20 15:52:45.925root 11241100x8000000000000000750746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c824b2cc30652d2021-12-20 15:52:45.925root 11241100x8000000000000000750747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bfd249966486d32021-12-20 15:52:45.925root 11241100x8000000000000000750748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234cbbe61d5d46262021-12-20 15:52:45.925root 11241100x8000000000000000750749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d693618c6eb99a722021-12-20 15:52:45.925root 11241100x8000000000000000750750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dd742f71a2617a2021-12-20 15:52:45.925root 11241100x8000000000000000750751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1745ca04d6a6342021-12-20 15:52:45.925root 11241100x8000000000000000750752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5c781dd82862b12021-12-20 15:52:45.925root 11241100x8000000000000000750753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f581f7a18342f652021-12-20 15:52:45.926root 11241100x8000000000000000750754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664530a1dd15a8042021-12-20 15:52:46.424root 11241100x8000000000000000750755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d451465d7750e8b2021-12-20 15:52:46.424root 11241100x8000000000000000750756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ebc99d6f04c2052021-12-20 15:52:46.424root 11241100x8000000000000000750757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7282ae152b3f20e32021-12-20 15:52:46.424root 11241100x8000000000000000750758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43989f05e24e98c32021-12-20 15:52:46.425root 11241100x8000000000000000750759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1010cb12b6ad932021-12-20 15:52:46.425root 11241100x8000000000000000750760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e124c8e6b0b4182021-12-20 15:52:46.425root 11241100x8000000000000000750761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3a0c2d21c767602021-12-20 15:52:46.425root 11241100x8000000000000000750762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18eefe67bee15972021-12-20 15:52:46.425root 11241100x8000000000000000750763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2599134141909c42021-12-20 15:52:46.425root 11241100x8000000000000000750764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a1b141b57919ae2021-12-20 15:52:46.425root 11241100x8000000000000000750765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f026ad8d1285f4102021-12-20 15:52:46.425root 11241100x8000000000000000750766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ad77387ee54a242021-12-20 15:52:46.425root 11241100x8000000000000000750767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645ac9c3d9d1767f2021-12-20 15:52:46.425root 11241100x8000000000000000750768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be62b7bb15dc38af2021-12-20 15:52:46.425root 11241100x8000000000000000750769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d299b969e24cbf2021-12-20 15:52:46.425root 11241100x8000000000000000750770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82acceed6ba615612021-12-20 15:52:46.924root 11241100x8000000000000000750771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e43e80c674075822021-12-20 15:52:46.924root 11241100x8000000000000000750772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf783e38638eced02021-12-20 15:52:46.924root 11241100x8000000000000000750773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5effa3dbe75e0a042021-12-20 15:52:46.925root 11241100x8000000000000000750774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db342c3a62383e82021-12-20 15:52:46.925root 11241100x8000000000000000750775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5703c4a9d816d22021-12-20 15:52:46.925root 11241100x8000000000000000750776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8102a9724f617e92021-12-20 15:52:46.925root 11241100x8000000000000000750777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf47d1321690c5182021-12-20 15:52:46.925root 11241100x8000000000000000750778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cf4b65953e1d072021-12-20 15:52:46.925root 11241100x8000000000000000750779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f342e9f76ad138c92021-12-20 15:52:46.925root 11241100x8000000000000000750780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c7d4c3b5c4b1152021-12-20 15:52:46.925root 11241100x8000000000000000750781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2699fe9c47e0fbcf2021-12-20 15:52:46.925root 11241100x8000000000000000750782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9804fad32dc3bf5d2021-12-20 15:52:46.925root 11241100x8000000000000000750783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c13a01ed57d08e2021-12-20 15:52:46.925root 11241100x8000000000000000750784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df51e47607d7f70b2021-12-20 15:52:46.925root 11241100x8000000000000000750785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6019652b42fb892021-12-20 15:52:46.925root 11241100x8000000000000000750786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6884166b05bb40da2021-12-20 15:52:47.424root 11241100x8000000000000000750787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7177e7dc395a3c232021-12-20 15:52:47.424root 11241100x8000000000000000750788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd67b7e8e67e0952021-12-20 15:52:47.424root 11241100x8000000000000000750789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79c33c9b32586372021-12-20 15:52:47.425root 11241100x8000000000000000750790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9438b47ccc3432cd2021-12-20 15:52:47.425root 11241100x8000000000000000750791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdaecdbb21974c12021-12-20 15:52:47.425root 11241100x8000000000000000750792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b4e9db6aa4c5012021-12-20 15:52:47.425root 11241100x8000000000000000750793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c75ef95b58f7f462021-12-20 15:52:47.425root 11241100x8000000000000000750794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6f79b4abdbc27d2021-12-20 15:52:47.425root 11241100x8000000000000000750795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d488cfa6845642c2021-12-20 15:52:47.425root 11241100x8000000000000000750796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ec66533c0ac97f2021-12-20 15:52:47.426root 11241100x8000000000000000750797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325c2ef6a3c61a072021-12-20 15:52:47.426root 11241100x8000000000000000750798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75bf37270f9659b2021-12-20 15:52:47.426root 11241100x8000000000000000750799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739aa41123b8f82a2021-12-20 15:52:47.426root 11241100x8000000000000000750800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf424151b313dda92021-12-20 15:52:47.426root 11241100x8000000000000000750801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ee4fc3e37275d2021-12-20 15:52:47.426root 11241100x8000000000000000750802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8abdb29eece8e82021-12-20 15:52:47.924root 11241100x8000000000000000750803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28ab7dc997110342021-12-20 15:52:47.924root 11241100x8000000000000000750804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d652faef2dcae42021-12-20 15:52:47.924root 11241100x8000000000000000750805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3e63753ec27c2b2021-12-20 15:52:47.924root 11241100x8000000000000000750806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debad9fac17919c82021-12-20 15:52:47.925root 11241100x8000000000000000750807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492eed5f088999fb2021-12-20 15:52:47.925root 11241100x8000000000000000750808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdeeca1fca1737a62021-12-20 15:52:47.925root 11241100x8000000000000000750809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f7069eacf5a9b32021-12-20 15:52:47.925root 11241100x8000000000000000750810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1213e13dd466d82021-12-20 15:52:47.925root 11241100x8000000000000000750811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d77be2318d6a12021-12-20 15:52:47.925root 11241100x8000000000000000750812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673f498ad0c2d1b12021-12-20 15:52:47.925root 11241100x8000000000000000750813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd30e8fa73d03282021-12-20 15:52:47.925root 11241100x8000000000000000750814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d77e54710e069d2021-12-20 15:52:47.925root 11241100x8000000000000000750815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99b2e2c1c3ae35a2021-12-20 15:52:47.925root 11241100x8000000000000000750816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4cff0d8582e9722021-12-20 15:52:47.925root 11241100x8000000000000000750817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5576372da48810fd2021-12-20 15:52:47.925root 11241100x8000000000000000750818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0350fdb09985bbe22021-12-20 15:52:48.424root 11241100x8000000000000000750819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8766bcdbd65609d42021-12-20 15:52:48.424root 11241100x8000000000000000750820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d273866a86d7822021-12-20 15:52:48.424root 11241100x8000000000000000750821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f104b3451c1988d42021-12-20 15:52:48.424root 11241100x8000000000000000750822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151f6806a0d072352021-12-20 15:52:48.424root 11241100x8000000000000000750823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e96213f37cad202021-12-20 15:52:48.424root 11241100x8000000000000000750824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa864c20ee6a20d2021-12-20 15:52:48.425root 11241100x8000000000000000750825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c479ded69c81322021-12-20 15:52:48.425root 11241100x8000000000000000750826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a3662d38924d3c2021-12-20 15:52:48.425root 11241100x8000000000000000750827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440702ebbd16a3402021-12-20 15:52:48.425root 11241100x8000000000000000750828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296e3db6e773fae82021-12-20 15:52:48.425root 11241100x8000000000000000750829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29a049306ebbd232021-12-20 15:52:48.425root 11241100x8000000000000000750830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e385695e36d5af2021-12-20 15:52:48.425root 11241100x8000000000000000750831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c5dafa6fa612a32021-12-20 15:52:48.425root 11241100x8000000000000000750832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd41b8fd8fb7ea82021-12-20 15:52:48.425root 11241100x8000000000000000750833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb634b0c4f20f9982021-12-20 15:52:48.425root 11241100x8000000000000000750834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352280e73f4068322021-12-20 15:52:48.924root 11241100x8000000000000000750835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131fe4947d66f9bf2021-12-20 15:52:48.924root 11241100x8000000000000000750836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047edaf3e99885a42021-12-20 15:52:48.924root 11241100x8000000000000000750837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e229fea5064c0732021-12-20 15:52:48.924root 11241100x8000000000000000750838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4014b64f031d06e22021-12-20 15:52:48.924root 11241100x8000000000000000750839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6daf6d703ab8142021-12-20 15:52:48.925root 11241100x8000000000000000750840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2bbb5054819ccc2021-12-20 15:52:48.925root 11241100x8000000000000000750841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2112774f86b11162021-12-20 15:52:48.925root 11241100x8000000000000000750842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd8ad212ca2075b2021-12-20 15:52:48.925root 11241100x8000000000000000750843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e35a5d4cb03a80d2021-12-20 15:52:48.925root 11241100x8000000000000000750844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed908a17f58f5692021-12-20 15:52:48.925root 11241100x8000000000000000750845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc6d73024ac913d2021-12-20 15:52:48.925root 11241100x8000000000000000750846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947e7ec4130813cd2021-12-20 15:52:48.925root 11241100x8000000000000000750847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d85a7203317f322021-12-20 15:52:48.925root 11241100x8000000000000000750848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942774f69a1bd1902021-12-20 15:52:48.925root 11241100x8000000000000000750849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991373e9db329d092021-12-20 15:52:48.926root 11241100x8000000000000000750850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c523a338539d3b2021-12-20 15:52:49.424root 11241100x8000000000000000750851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dad0362e36f7cc02021-12-20 15:52:49.424root 11241100x8000000000000000750852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a360c49ecb8f06622021-12-20 15:52:49.424root 11241100x8000000000000000750853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de8b1dc35de215d2021-12-20 15:52:49.425root 11241100x8000000000000000750854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4db2c71dd904ea2021-12-20 15:52:49.425root 11241100x8000000000000000750855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c986093f1f4ceb132021-12-20 15:52:49.425root 11241100x8000000000000000750856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eceacbe8dd138b2021-12-20 15:52:49.425root 11241100x8000000000000000750857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbcdf8dabd209862021-12-20 15:52:49.425root 11241100x8000000000000000750858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159a96c0fe9bcabf2021-12-20 15:52:49.425root 11241100x8000000000000000750859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744a7accf545f46b2021-12-20 15:52:49.425root 11241100x8000000000000000750860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5544106b45bba9b92021-12-20 15:52:49.425root 11241100x8000000000000000750861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f175de1aa9ac737b2021-12-20 15:52:49.426root 11241100x8000000000000000750862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56211225963bc18b2021-12-20 15:52:49.426root 11241100x8000000000000000750863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bfccb9887cf2632021-12-20 15:52:49.426root 11241100x8000000000000000750864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58aed591d301be32021-12-20 15:52:49.426root 11241100x8000000000000000750865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7965045b3dce532021-12-20 15:52:49.426root 11241100x8000000000000000750866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292e9e6575ba1bcb2021-12-20 15:52:49.924root 11241100x8000000000000000750867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99b1d926433a0582021-12-20 15:52:49.924root 11241100x8000000000000000750868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427b84737a1843db2021-12-20 15:52:49.924root 11241100x8000000000000000750869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f89583ecdf3b86c2021-12-20 15:52:49.924root 11241100x8000000000000000750870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d592d00996e3502021-12-20 15:52:49.925root 11241100x8000000000000000750871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f222b1e15a7646c2021-12-20 15:52:49.925root 11241100x8000000000000000750872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc04a7df0d0068c2021-12-20 15:52:49.925root 11241100x8000000000000000750873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db74bfc5678df4302021-12-20 15:52:49.925root 11241100x8000000000000000750874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db84413200030a9a2021-12-20 15:52:49.925root 11241100x8000000000000000750875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257435396b9c3aff2021-12-20 15:52:49.925root 11241100x8000000000000000750876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0bb441045c34642021-12-20 15:52:49.925root 11241100x8000000000000000750877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9498fdb97f5fde2021-12-20 15:52:49.925root 11241100x8000000000000000750878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdae30a7c2d78732021-12-20 15:52:49.926root 11241100x8000000000000000750879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e85c761f794f8e2021-12-20 15:52:49.926root 11241100x8000000000000000750880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e7fd4feaabf5312021-12-20 15:52:49.926root 11241100x8000000000000000750881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd0ad41f2b8d13e2021-12-20 15:52:49.926root 354300x8000000000000000750882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.124{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51316-false10.0.1.12-8000- 11241100x8000000000000000750883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5072ea14bfe9382021-12-20 15:52:50.424root 11241100x8000000000000000750884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d60b22eb6d509f22021-12-20 15:52:50.424root 11241100x8000000000000000750885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07eaaba8a041bbfe2021-12-20 15:52:50.424root 11241100x8000000000000000750886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef50c6d8d36ce7c2021-12-20 15:52:50.424root 11241100x8000000000000000750887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f166451c9f63f4ca2021-12-20 15:52:50.424root 11241100x8000000000000000750888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e33dffe8b2fe8f2021-12-20 15:52:50.424root 11241100x8000000000000000750889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070086a46bd276a12021-12-20 15:52:50.424root 11241100x8000000000000000750890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32654141911370c72021-12-20 15:52:50.425root 11241100x8000000000000000750891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df81b5697baa2e052021-12-20 15:52:50.425root 11241100x8000000000000000750892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc69a72ceef3f372021-12-20 15:52:50.425root 11241100x8000000000000000750893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdec74f70bc63a2c2021-12-20 15:52:50.425root 11241100x8000000000000000750894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eecff55c8435482021-12-20 15:52:50.425root 11241100x8000000000000000750895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3d22d01e3992b92021-12-20 15:52:50.425root 11241100x8000000000000000750896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0284234e3d91edc2021-12-20 15:52:50.425root 11241100x8000000000000000750897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f020bd10dbee9582021-12-20 15:52:50.425root 11241100x8000000000000000750898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3447fb5896bc0d0c2021-12-20 15:52:50.425root 11241100x8000000000000000750899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a8b1c8adb81f672021-12-20 15:52:50.425root 11241100x8000000000000000750900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cb4130df9a9d522021-12-20 15:52:50.924root 11241100x8000000000000000750901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7717dd737da59a642021-12-20 15:52:50.924root 11241100x8000000000000000750902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd86776e04728802021-12-20 15:52:50.924root 11241100x8000000000000000750903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87e84d700abfa422021-12-20 15:52:50.924root 11241100x8000000000000000750904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b84e68102f2bee2021-12-20 15:52:50.925root 11241100x8000000000000000750905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0de03491a9cfb52021-12-20 15:52:50.925root 11241100x8000000000000000750906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8b57e075e0c26f2021-12-20 15:52:50.925root 11241100x8000000000000000750907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498210b22d1009a12021-12-20 15:52:50.925root 11241100x8000000000000000750908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b43e9a39e73e2cc2021-12-20 15:52:50.925root 11241100x8000000000000000750909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7ea22f648667d82021-12-20 15:52:50.925root 11241100x8000000000000000750910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8385e9d58cfdc302021-12-20 15:52:50.926root 11241100x8000000000000000750911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95d7884ab7250fc2021-12-20 15:52:50.926root 11241100x8000000000000000750912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3086e415d7da46e22021-12-20 15:52:50.926root 11241100x8000000000000000750913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138011a688983fff2021-12-20 15:52:50.926root 11241100x8000000000000000750914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542241ae57008ca22021-12-20 15:52:50.926root 11241100x8000000000000000750915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b1f5754e655ad82021-12-20 15:52:50.926root 11241100x8000000000000000750916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a024fe86fd1865b2021-12-20 15:52:50.927root 11241100x8000000000000000750917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b404ada36221afa02021-12-20 15:52:51.424root 11241100x8000000000000000750918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e866014ff67e01c2021-12-20 15:52:51.424root 11241100x8000000000000000750919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f939f6acd1af252021-12-20 15:52:51.424root 11241100x8000000000000000750920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cc89dbbf1a23352021-12-20 15:52:51.424root 11241100x8000000000000000750921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dab4b9b71c80192021-12-20 15:52:51.425root 11241100x8000000000000000750922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf358a2b36ef28b42021-12-20 15:52:51.425root 11241100x8000000000000000750923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5e78a80f0f23812021-12-20 15:52:51.425root 11241100x8000000000000000750924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35e01a73c28cc9a2021-12-20 15:52:51.425root 11241100x8000000000000000750925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1be9e95918a32f2021-12-20 15:52:51.425root 11241100x8000000000000000750926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1200241e5091edd2021-12-20 15:52:51.425root 11241100x8000000000000000750927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cee23e14a95ad212021-12-20 15:52:51.425root 11241100x8000000000000000750928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc7dda3287d1a932021-12-20 15:52:51.425root 11241100x8000000000000000750929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b2472b5b4492f12021-12-20 15:52:51.425root 11241100x8000000000000000750930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45072fb6e42fa802021-12-20 15:52:51.425root 11241100x8000000000000000750931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03584e33f3bf92ac2021-12-20 15:52:51.425root 11241100x8000000000000000750932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c06417810915692021-12-20 15:52:51.425root 11241100x8000000000000000750933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75f6d33b411d1612021-12-20 15:52:51.425root 11241100x8000000000000000750934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee82bec2a1ebbb9f2021-12-20 15:52:51.924root 11241100x8000000000000000750935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6238aa28bcc9d3f52021-12-20 15:52:51.924root 11241100x8000000000000000750936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9deaac456857a0a42021-12-20 15:52:51.924root 11241100x8000000000000000750937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e75b48e41fe0eb2021-12-20 15:52:51.924root 11241100x8000000000000000750938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e9410a9f109582021-12-20 15:52:51.924root 11241100x8000000000000000750939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7652c6c831a315b82021-12-20 15:52:51.924root 11241100x8000000000000000750940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a31a26b0453f5542021-12-20 15:52:51.924root 11241100x8000000000000000750941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8b31e8750b0edd2021-12-20 15:52:51.925root 11241100x8000000000000000750942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06cb88f0f82655e2021-12-20 15:52:51.925root 11241100x8000000000000000750943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13dc3c9829c99862021-12-20 15:52:51.925root 11241100x8000000000000000750944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1fe743898a504a2021-12-20 15:52:51.925root 11241100x8000000000000000750945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738504a868f7917f2021-12-20 15:52:51.925root 11241100x8000000000000000750946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0986a0ec413555962021-12-20 15:52:51.925root 11241100x8000000000000000750947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974aaf72ef28f0fa2021-12-20 15:52:51.925root 11241100x8000000000000000750948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a55c1d572cd01252021-12-20 15:52:51.925root 11241100x8000000000000000750949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8c247d9bf80a9a2021-12-20 15:52:51.925root 11241100x8000000000000000750950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f492b46324c08ff52021-12-20 15:52:51.925root 11241100x8000000000000000750951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a39a6b829c671d2021-12-20 15:52:51.925root 11241100x8000000000000000750952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d02b00c26dcd7e2021-12-20 15:52:52.424root 11241100x8000000000000000750953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6153259ad3a51f722021-12-20 15:52:52.424root 11241100x8000000000000000750954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa1d1fbdcdf3d7e2021-12-20 15:52:52.424root 11241100x8000000000000000750955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d12a3a1249ec022021-12-20 15:52:52.424root 11241100x8000000000000000750956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65091b2094c2add42021-12-20 15:52:52.424root 11241100x8000000000000000750957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a281fcae1108432021-12-20 15:52:52.424root 11241100x8000000000000000750958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6381921d7aa816292021-12-20 15:52:52.424root 11241100x8000000000000000750959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b91250cdb757112021-12-20 15:52:52.424root 11241100x8000000000000000750960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5be8ff34bed43f62021-12-20 15:52:52.424root 11241100x8000000000000000750961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3cbeba7d173e1a2021-12-20 15:52:52.425root 11241100x8000000000000000750962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd3ed291f0110c62021-12-20 15:52:52.425root 11241100x8000000000000000750963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725591317f022a022021-12-20 15:52:52.425root 11241100x8000000000000000750964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb8c98d0dc8975e2021-12-20 15:52:52.425root 11241100x8000000000000000750965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f24f5960b7021cc2021-12-20 15:52:52.425root 11241100x8000000000000000750966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac73ebaf357e60a2021-12-20 15:52:52.425root 11241100x8000000000000000750967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7c42fc3a7fd85f2021-12-20 15:52:52.425root 11241100x8000000000000000750968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb0ac8041e79e062021-12-20 15:52:52.425root 11241100x8000000000000000750969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f06a69ddcdab9b2021-12-20 15:52:52.425root 11241100x8000000000000000750970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a530d9ce53aa3b4a2021-12-20 15:52:52.924root 11241100x8000000000000000750971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40d54d446fa1d802021-12-20 15:52:52.924root 11241100x8000000000000000750972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf3627127a23bce2021-12-20 15:52:52.925root 11241100x8000000000000000750973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8926e5a479f6dc0d2021-12-20 15:52:52.925root 11241100x8000000000000000750974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e08b1e81e4a5b132021-12-20 15:52:52.925root 11241100x8000000000000000750975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05905b065d448a92021-12-20 15:52:52.925root 11241100x8000000000000000750976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24080c6146819a92021-12-20 15:52:52.925root 11241100x8000000000000000750977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba720e3cf453d342021-12-20 15:52:52.925root 11241100x8000000000000000750978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d8730355fd44a02021-12-20 15:52:52.925root 11241100x8000000000000000750979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2bb316eb0ce4012021-12-20 15:52:52.925root 11241100x8000000000000000750980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afadd47a5fba3b82021-12-20 15:52:52.925root 11241100x8000000000000000750981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6463b2a5707c2f2021-12-20 15:52:52.925root 11241100x8000000000000000750982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e835af98ecfe6e72021-12-20 15:52:52.925root 11241100x8000000000000000750983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db30952471ae77942021-12-20 15:52:52.925root 11241100x8000000000000000750984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524203749e5313272021-12-20 15:52:52.925root 11241100x8000000000000000750985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba23d2a5375e0f32021-12-20 15:52:52.925root 11241100x8000000000000000750986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05469274783edc5e2021-12-20 15:52:52.925root 11241100x8000000000000000750987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea933ec8d6038922021-12-20 15:52:53.424root 11241100x8000000000000000750988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c656c6024e385bf2021-12-20 15:52:53.424root 11241100x8000000000000000750989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87172352d62c6e7d2021-12-20 15:52:53.424root 11241100x8000000000000000750990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3475aca08a201c622021-12-20 15:52:53.424root 11241100x8000000000000000750991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e066ae7ed580d32021-12-20 15:52:53.425root 11241100x8000000000000000750992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7019ad08836f992021-12-20 15:52:53.425root 11241100x8000000000000000750993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889846eef31abf262021-12-20 15:52:53.425root 11241100x8000000000000000750994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32bf5685575232b2021-12-20 15:52:53.425root 11241100x8000000000000000750995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398420a34949bb9a2021-12-20 15:52:53.425root 11241100x8000000000000000750996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bde8158aa2fc022021-12-20 15:52:53.425root 11241100x8000000000000000750997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451d614c4e9b7f5d2021-12-20 15:52:53.425root 11241100x8000000000000000750998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb7c26d3694de452021-12-20 15:52:53.425root 11241100x8000000000000000750999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b82caf4e7b27d92021-12-20 15:52:53.425root 11241100x8000000000000000751000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff2bd62c44ae0be2021-12-20 15:52:53.426root 11241100x8000000000000000751001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305eab9e2ed972ad2021-12-20 15:52:53.426root 11241100x8000000000000000751002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce6a29f3c7e35862021-12-20 15:52:53.426root 11241100x8000000000000000751003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5a710dd59670462021-12-20 15:52:53.426root 11241100x8000000000000000751004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c3382a3dcc85772021-12-20 15:52:53.924root 11241100x8000000000000000751005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3b89c964b69aae2021-12-20 15:52:53.924root 11241100x8000000000000000751006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f047cdc5d9978d2021-12-20 15:52:53.924root 11241100x8000000000000000751007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff7df3b3a2d24452021-12-20 15:52:53.924root 11241100x8000000000000000751008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2285e4c882a494b42021-12-20 15:52:53.924root 11241100x8000000000000000751009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105b92ac5fc0f452021-12-20 15:52:53.924root 11241100x8000000000000000751010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be99ecde5e562ddd2021-12-20 15:52:53.925root 11241100x8000000000000000751011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99d7db0a0f59ba62021-12-20 15:52:53.925root 11241100x8000000000000000751012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aea484b8378c0882021-12-20 15:52:53.925root 11241100x8000000000000000751013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b858bfe6ca55d92021-12-20 15:52:53.925root 11241100x8000000000000000751014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09bc906bbb50e3b2021-12-20 15:52:53.925root 11241100x8000000000000000751015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393bfd2f1c16ee132021-12-20 15:52:53.925root 11241100x8000000000000000751016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e626c50e0fefed162021-12-20 15:52:53.925root 11241100x8000000000000000751017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac513ce567e370e2021-12-20 15:52:53.925root 11241100x8000000000000000751018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cc8b3a7f71e4bf2021-12-20 15:52:53.925root 11241100x8000000000000000751019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25130efdadc914fb2021-12-20 15:52:53.926root 11241100x8000000000000000751020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1745506451241e2021-12-20 15:52:53.926root 11241100x8000000000000000751021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f529a8f9c0a9732021-12-20 15:52:54.424root 11241100x8000000000000000751022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006d8a3f347321702021-12-20 15:52:54.424root 11241100x8000000000000000751023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c8e2ec6fd26b2c2021-12-20 15:52:54.424root 11241100x8000000000000000751024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb112688d035b62021-12-20 15:52:54.424root 11241100x8000000000000000751025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a01eafe6abd3d5b2021-12-20 15:52:54.425root 11241100x8000000000000000751026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888ebf79c0b820c2021-12-20 15:52:54.425root 11241100x8000000000000000751027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fe50dea8af6d012021-12-20 15:52:54.425root 11241100x8000000000000000751028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2284444069cd11a2021-12-20 15:52:54.425root 11241100x8000000000000000751029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f3c7f47f4228c2021-12-20 15:52:54.425root 11241100x8000000000000000751030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d407438b87a450102021-12-20 15:52:54.425root 11241100x8000000000000000751031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c151e0318bc1fe62021-12-20 15:52:54.425root 11241100x8000000000000000751032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23713d6756d3b8cb2021-12-20 15:52:54.425root 11241100x8000000000000000751033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557f609041d789762021-12-20 15:52:54.425root 11241100x8000000000000000751034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30744f3471b49c762021-12-20 15:52:54.425root 11241100x8000000000000000751035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ca50c2ca7ee7a42021-12-20 15:52:54.425root 11241100x8000000000000000751036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518009b8a6c254552021-12-20 15:52:54.425root 11241100x8000000000000000751037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efcc8982a4ff5dc2021-12-20 15:52:54.425root 11241100x8000000000000000751038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9915357cc0cea1c12021-12-20 15:52:54.924root 11241100x8000000000000000751039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34448c7c0b1209a2021-12-20 15:52:54.924root 11241100x8000000000000000751040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91a15a30502a3802021-12-20 15:52:54.924root 11241100x8000000000000000751041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c297866ec6f65fa82021-12-20 15:52:54.924root 11241100x8000000000000000751042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ddf3a41a6bdb3d2021-12-20 15:52:54.924root 11241100x8000000000000000751043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5757fbacc88950712021-12-20 15:52:54.924root 11241100x8000000000000000751044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2dac90fc447d0b2021-12-20 15:52:54.924root 11241100x8000000000000000751045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce8fbd8a9f819522021-12-20 15:52:54.924root 11241100x8000000000000000751046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d759abc76d228ee2021-12-20 15:52:54.925root 11241100x8000000000000000751047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a35c2749b99a0e2021-12-20 15:52:54.925root 11241100x8000000000000000751048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a99b8f55c8bebd2021-12-20 15:52:54.925root 11241100x8000000000000000751049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c5ddc47d80231b2021-12-20 15:52:54.925root 11241100x8000000000000000751050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c0d4f4d9f433e92021-12-20 15:52:54.925root 11241100x8000000000000000751051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b10fe9e6ac51cd2021-12-20 15:52:54.925root 11241100x8000000000000000751052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aab59107d5805822021-12-20 15:52:54.925root 11241100x8000000000000000751053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c8ab40356c81b72021-12-20 15:52:54.925root 11241100x8000000000000000751054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b11a3a3dd68f8f2021-12-20 15:52:54.925root 354300x8000000000000000751055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.126{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51318-false10.0.1.12-8000- 11241100x8000000000000000751056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675f4d41d3a8e6692021-12-20 15:52:55.424root 11241100x8000000000000000751057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef581f8e79142c902021-12-20 15:52:55.425root 11241100x8000000000000000751058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d41fc38e7ec5422021-12-20 15:52:55.425root 11241100x8000000000000000751059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9a71793c7e81f02021-12-20 15:52:55.425root 11241100x8000000000000000751060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d578565890b6f42021-12-20 15:52:55.425root 11241100x8000000000000000751061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016361823b46d52e2021-12-20 15:52:55.425root 11241100x8000000000000000751062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d2afe3e1ffc7942021-12-20 15:52:55.425root 11241100x8000000000000000751063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46351ca5fdd3dcf2021-12-20 15:52:55.426root 11241100x8000000000000000751064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29ac73a2aa20e652021-12-20 15:52:55.426root 11241100x8000000000000000751065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69b9e3e8bcb79db2021-12-20 15:52:55.426root 11241100x8000000000000000751066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b2923f8ef8a2ed2021-12-20 15:52:55.426root 11241100x8000000000000000751067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b803a3625d169102021-12-20 15:52:55.426root 11241100x8000000000000000751068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2f60c3093c2bb92021-12-20 15:52:55.426root 11241100x8000000000000000751069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823e818dbe3e5f342021-12-20 15:52:55.426root 11241100x8000000000000000751070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7ca7dc644e08f42021-12-20 15:52:55.426root 11241100x8000000000000000751071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fc1e96218028572021-12-20 15:52:55.426root 11241100x8000000000000000751072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d88f8771152e5292021-12-20 15:52:55.426root 11241100x8000000000000000751073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63aa2ed02631e7f82021-12-20 15:52:55.426root 11241100x8000000000000000751074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbf421e69f038de2021-12-20 15:52:55.924root 11241100x8000000000000000751075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6343f9e737baa8492021-12-20 15:52:55.924root 11241100x8000000000000000751076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015e4ca126890ee02021-12-20 15:52:55.924root 11241100x8000000000000000751077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b619c13a9012f1f72021-12-20 15:52:55.924root 11241100x8000000000000000751078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bfa8c53284683c2021-12-20 15:52:55.924root 11241100x8000000000000000751079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdec99f06c724772021-12-20 15:52:55.925root 11241100x8000000000000000751080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bab9954032878b2021-12-20 15:52:55.925root 11241100x8000000000000000751081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b25ac78b198582e2021-12-20 15:52:55.925root 11241100x8000000000000000751082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5758f02940a16fee2021-12-20 15:52:55.925root 11241100x8000000000000000751083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1d6c9dcb2761672021-12-20 15:52:55.925root 11241100x8000000000000000751084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a5dc640a330bb92021-12-20 15:52:55.925root 11241100x8000000000000000751085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c96b64141ca91a12021-12-20 15:52:55.925root 11241100x8000000000000000751086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7235445b130d57922021-12-20 15:52:55.925root 11241100x8000000000000000751087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b8cce2dafbf0a52021-12-20 15:52:55.925root 11241100x8000000000000000751088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fb1ace6d45be702021-12-20 15:52:55.925root 11241100x8000000000000000751089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2ab844bb18d6fe2021-12-20 15:52:55.926root 11241100x8000000000000000751090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fb9ca4264700182021-12-20 15:52:55.926root 11241100x8000000000000000751091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d28c7d554787ec2021-12-20 15:52:55.926root 11241100x8000000000000000751092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b32ff6264656982021-12-20 15:52:55.926root 11241100x8000000000000000751093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66a0998b28a09342021-12-20 15:52:56.424root 11241100x8000000000000000751094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b518d87f52826072021-12-20 15:52:56.424root 11241100x8000000000000000751095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2814e44fcd4c13c2021-12-20 15:52:56.424root 11241100x8000000000000000751096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4891d846a7373962021-12-20 15:52:56.424root 11241100x8000000000000000751097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa925480fbac38a52021-12-20 15:52:56.424root 11241100x8000000000000000751098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793021399282197e2021-12-20 15:52:56.424root 11241100x8000000000000000751099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce8fd435c776d6c2021-12-20 15:52:56.424root 11241100x8000000000000000751100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eaac097e6bee232021-12-20 15:52:56.424root 11241100x8000000000000000751101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c824861413a66592021-12-20 15:52:56.425root 11241100x8000000000000000751102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c460c1342ef05952021-12-20 15:52:56.425root 11241100x8000000000000000751103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4dd3e2bae4ae352021-12-20 15:52:56.425root 11241100x8000000000000000751104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bab2734c436add42021-12-20 15:52:56.425root 11241100x8000000000000000751105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17f13eed35613832021-12-20 15:52:56.425root 11241100x8000000000000000751106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca874e86123213a2021-12-20 15:52:56.425root 11241100x8000000000000000751107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df43cff9fb76efe72021-12-20 15:52:56.425root 11241100x8000000000000000751108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8191a7f680d0166f2021-12-20 15:52:56.425root 11241100x8000000000000000751109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb05504cfa0b9332021-12-20 15:52:56.425root 11241100x8000000000000000751110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f653d691e4a91f2021-12-20 15:52:56.425root 11241100x8000000000000000751111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360c202414a796882021-12-20 15:52:56.425root 11241100x8000000000000000751112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3b4c7681f7da8e2021-12-20 15:52:56.426root 11241100x8000000000000000751113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780607a4e18b0ecd2021-12-20 15:52:56.426root 11241100x8000000000000000751114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0f3ae1646227ef2021-12-20 15:52:56.924root 11241100x8000000000000000751115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8f9a00674895282021-12-20 15:52:56.924root 11241100x8000000000000000751116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109bf17bab043dad2021-12-20 15:52:56.924root 11241100x8000000000000000751117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d5260879fae9782021-12-20 15:52:56.924root 11241100x8000000000000000751118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144ba75a4af6c7472021-12-20 15:52:56.924root 11241100x8000000000000000751119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a75b04ebc9a0ec2021-12-20 15:52:56.925root 11241100x8000000000000000751120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c97e21e5dce0df2021-12-20 15:52:56.925root 11241100x8000000000000000751121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53488319ea465b32021-12-20 15:52:56.925root 11241100x8000000000000000751122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3bfec679f3bfa92021-12-20 15:52:56.925root 11241100x8000000000000000751123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618ab16dc1ae557d2021-12-20 15:52:56.925root 11241100x8000000000000000751124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a5eaa29d34fc8d2021-12-20 15:52:56.925root 11241100x8000000000000000751125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50973c376e334d0b2021-12-20 15:52:56.925root 11241100x8000000000000000751126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b456c61d68c82c2021-12-20 15:52:56.925root 11241100x8000000000000000751127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c28df8f18702d372021-12-20 15:52:56.925root 11241100x8000000000000000751128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034defeb2cc967e42021-12-20 15:52:56.925root 11241100x8000000000000000751129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549ab53ae328ba0e2021-12-20 15:52:56.926root 11241100x8000000000000000751130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a41de540da5c1bb2021-12-20 15:52:56.926root 11241100x8000000000000000751131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934880318286ad9d2021-12-20 15:52:56.926root 11241100x8000000000000000751132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8d9d7cbc2063f82021-12-20 15:52:57.424root 11241100x8000000000000000751133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fbab826ce58a162021-12-20 15:52:57.424root 11241100x8000000000000000751134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bb6441a1bd98772021-12-20 15:52:57.424root 11241100x8000000000000000751135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ab4de64f7f59f72021-12-20 15:52:57.424root 11241100x8000000000000000751136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf2719529838f9f2021-12-20 15:52:57.424root 11241100x8000000000000000751137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c096d46f9c29e382021-12-20 15:52:57.425root 11241100x8000000000000000751138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475719037682194a2021-12-20 15:52:57.425root 11241100x8000000000000000751139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a767ded32249fb2021-12-20 15:52:57.425root 11241100x8000000000000000751140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2ee695576d39022021-12-20 15:52:57.425root 11241100x8000000000000000751141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf3a91194a4f00e2021-12-20 15:52:57.425root 11241100x8000000000000000751142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afda4611bc2e55b32021-12-20 15:52:57.425root 11241100x8000000000000000751143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a11d203c9a882072021-12-20 15:52:57.425root 11241100x8000000000000000751144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec3c67efbfb34542021-12-20 15:52:57.425root 11241100x8000000000000000751145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8b9758d378945b2021-12-20 15:52:57.425root 11241100x8000000000000000751146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7405655bc9c15022021-12-20 15:52:57.425root 11241100x8000000000000000751147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d97ef58ced481a2021-12-20 15:52:57.426root 11241100x8000000000000000751148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9955ae2d3a852e2021-12-20 15:52:57.426root 11241100x8000000000000000751149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53da43a2e5e0e062021-12-20 15:52:57.426root 11241100x8000000000000000751150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbd10c6ce19b0472021-12-20 15:52:57.426root 11241100x8000000000000000751151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a497c24a9b93cfe92021-12-20 15:52:57.426root 11241100x8000000000000000751152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb454f5e1041e22021-12-20 15:52:57.924root 11241100x8000000000000000751153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a395187ff78a724f2021-12-20 15:52:57.924root 11241100x8000000000000000751154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77ebf4d0b35a0512021-12-20 15:52:57.924root 11241100x8000000000000000751155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7f5746fdcbc9802021-12-20 15:52:57.924root 11241100x8000000000000000751156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b78b5dd0a0ef4232021-12-20 15:52:57.924root 11241100x8000000000000000751157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1242a1192014232021-12-20 15:52:57.925root 11241100x8000000000000000751158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48e0106251407d12021-12-20 15:52:57.925root 11241100x8000000000000000751159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953f84a68a03cbb52021-12-20 15:52:57.925root 11241100x8000000000000000751160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377bbf64888ed4e82021-12-20 15:52:57.925root 11241100x8000000000000000751161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394fcb5f169980602021-12-20 15:52:57.925root 11241100x8000000000000000751162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6516f76dc30dbf112021-12-20 15:52:57.925root 11241100x8000000000000000751163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e40e6ca1f33a52a2021-12-20 15:52:57.925root 11241100x8000000000000000751164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f88dc84170b5022021-12-20 15:52:57.925root 11241100x8000000000000000751165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598a9a12213628a72021-12-20 15:52:57.925root 11241100x8000000000000000751166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4367014546ff4972021-12-20 15:52:57.925root 11241100x8000000000000000751167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df37f788b8df0de2021-12-20 15:52:57.926root 11241100x8000000000000000751168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8a5519f17713232021-12-20 15:52:57.926root 11241100x8000000000000000751169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3fbd28814436f12021-12-20 15:52:57.926root 11241100x8000000000000000751170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d84c7391d5a2382021-12-20 15:52:58.424root 11241100x8000000000000000751171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a8fbd27fd094152021-12-20 15:52:58.424root 11241100x8000000000000000751172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68ac476af13c8802021-12-20 15:52:58.424root 11241100x8000000000000000751173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e284847a800f15b2021-12-20 15:52:58.424root 11241100x8000000000000000751174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f48bac2eb8cdb2021-12-20 15:52:58.425root 11241100x8000000000000000751175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f563f48cdca2be72021-12-20 15:52:58.425root 11241100x8000000000000000751176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d506bcc870c265392021-12-20 15:52:58.425root 11241100x8000000000000000751177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c5c219d67725992021-12-20 15:52:58.425root 11241100x8000000000000000751178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbb77f336464a6b2021-12-20 15:52:58.425root 11241100x8000000000000000751179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73860a3968ed00732021-12-20 15:52:58.425root 11241100x8000000000000000751180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8229276e1709afba2021-12-20 15:52:58.425root 11241100x8000000000000000751181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8256ea92780d0a2021-12-20 15:52:58.425root 11241100x8000000000000000751182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a113257573a387a2021-12-20 15:52:58.425root 11241100x8000000000000000751183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b8cfd6c456669a2021-12-20 15:52:58.425root 11241100x8000000000000000751184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e679a00d1261a92f2021-12-20 15:52:58.425root 11241100x8000000000000000751185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894a482b2354e7782021-12-20 15:52:58.426root 11241100x8000000000000000751186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009c3e966bdc50502021-12-20 15:52:58.426root 11241100x8000000000000000751187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483d0c82483367752021-12-20 15:52:58.426root 11241100x8000000000000000751188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f1e43f981a6ea82021-12-20 15:52:58.924root 11241100x8000000000000000751189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8e18ce9ed5fa272021-12-20 15:52:58.924root 11241100x8000000000000000751190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bbddce7516ec832021-12-20 15:52:58.924root 11241100x8000000000000000751191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab9cadda44d81cb2021-12-20 15:52:58.924root 11241100x8000000000000000751192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2284770cbb024e02021-12-20 15:52:58.924root 11241100x8000000000000000751193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dec0e42abb29e4c2021-12-20 15:52:58.924root 11241100x8000000000000000751194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f646b28145b29d62021-12-20 15:52:58.924root 11241100x8000000000000000751195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea433fdcbf7173f2021-12-20 15:52:58.925root 11241100x8000000000000000751196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2119fd3b2659faad2021-12-20 15:52:58.925root 11241100x8000000000000000751197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803436d16c6cf8e62021-12-20 15:52:58.925root 11241100x8000000000000000751198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87432c0261f1d1482021-12-20 15:52:58.925root 11241100x8000000000000000751199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cbc57e88b68c932021-12-20 15:52:58.925root 11241100x8000000000000000751200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5f99149de067aa2021-12-20 15:52:58.926root 11241100x8000000000000000751201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd7b6ef557fb3642021-12-20 15:52:58.926root 11241100x8000000000000000751202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0b0b38352c8dab2021-12-20 15:52:58.926root 11241100x8000000000000000751203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059bd283dcedae5e2021-12-20 15:52:58.926root 11241100x8000000000000000751204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254bdd8e4bce5e692021-12-20 15:52:58.926root 11241100x8000000000000000751205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b242e5ea42de2d412021-12-20 15:52:58.926root 11241100x8000000000000000751206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a27cfc534c6b462021-12-20 15:52:58.926root 11241100x8000000000000000751207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736d359036d2aee32021-12-20 15:52:58.926root 11241100x8000000000000000751208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c438ea6582e064d02021-12-20 15:52:58.927root 11241100x8000000000000000751209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7862d2d1157f1e112021-12-20 15:52:58.927root 11241100x8000000000000000751210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad4b4e3ba5a99a02021-12-20 15:52:58.927root 11241100x8000000000000000751211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e01161f4054ba52021-12-20 15:52:58.927root 11241100x8000000000000000751212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc96660c0c95a1c2021-12-20 15:52:58.927root 11241100x8000000000000000751213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47e5e12d779b06b2021-12-20 15:52:58.927root 11241100x8000000000000000751214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f40b75288bd41022021-12-20 15:52:58.927root 11241100x8000000000000000751215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0412121cc3fdd262021-12-20 15:52:58.927root 11241100x8000000000000000751216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069a4b05072146722021-12-20 15:52:58.927root 11241100x8000000000000000751217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b9d778fbc0d39d2021-12-20 15:52:58.927root 11241100x8000000000000000751218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3a9380252889d52021-12-20 15:52:58.928root 11241100x8000000000000000751219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84354126d6cbfeb62021-12-20 15:52:58.928root 11241100x8000000000000000751220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ecc5cd577645fc2021-12-20 15:52:58.928root 11241100x8000000000000000751221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b0704a35e9f72b2021-12-20 15:52:58.931root 11241100x8000000000000000751222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cc0eaf61b42d282021-12-20 15:52:58.931root 11241100x8000000000000000751223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0ea16fb51153922021-12-20 15:52:58.931root 11241100x8000000000000000751224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f8c7a98483267c2021-12-20 15:52:58.931root 11241100x8000000000000000751225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c81bb007be7d952021-12-20 15:52:58.931root 11241100x8000000000000000751226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c95b3a4fa3521c32021-12-20 15:52:58.932root 11241100x8000000000000000751227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e3c491099fbb542021-12-20 15:52:58.932root 11241100x8000000000000000751228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7f420d9e0aec182021-12-20 15:52:58.932root 11241100x8000000000000000751229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c03a034a2885542021-12-20 15:52:58.932root 11241100x8000000000000000751230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a29a2f32c5ccc92021-12-20 15:52:58.932root 11241100x8000000000000000751231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f97aecf5dbf75b2021-12-20 15:52:58.932root 11241100x8000000000000000751232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2635fd838f3013e2021-12-20 15:52:58.932root 11241100x8000000000000000751233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37221c53a741a1e2021-12-20 15:52:59.424root 11241100x8000000000000000751234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c3a7716537cf2c2021-12-20 15:52:59.424root 11241100x8000000000000000751235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb21c009ce7932d2021-12-20 15:52:59.424root 11241100x8000000000000000751236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a152b4189133d2021-12-20 15:52:59.424root 11241100x8000000000000000751237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce07450d86954bd22021-12-20 15:52:59.425root 11241100x8000000000000000751238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e794be0ab472bf22021-12-20 15:52:59.425root 11241100x8000000000000000751239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49e24a4e9fd65de2021-12-20 15:52:59.425root 11241100x8000000000000000751240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160a40b03bae4d9f2021-12-20 15:52:59.425root 11241100x8000000000000000751241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d266c91f46631fa12021-12-20 15:52:59.425root 11241100x8000000000000000751242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f742851c1522412021-12-20 15:52:59.425root 11241100x8000000000000000751243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a57be99df9b2db42021-12-20 15:52:59.425root 11241100x8000000000000000751244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd13834a0e2e0bc22021-12-20 15:52:59.425root 11241100x8000000000000000751245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70210a51c75ecf2d2021-12-20 15:52:59.425root 11241100x8000000000000000751246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860c24e77fcb3c672021-12-20 15:52:59.425root 11241100x8000000000000000751247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4151216af9c37b392021-12-20 15:52:59.425root 11241100x8000000000000000751248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec28e5552e561d042021-12-20 15:52:59.425root 11241100x8000000000000000751249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833aa22abee2140d2021-12-20 15:52:59.425root 11241100x8000000000000000751250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffac13875f1d4e62021-12-20 15:52:59.425root 11241100x8000000000000000751251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bc9b2059fb034a2021-12-20 15:52:59.924root 11241100x8000000000000000751252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3877d6db8c82adc2021-12-20 15:52:59.924root 11241100x8000000000000000751253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e6a916207156052021-12-20 15:52:59.924root 11241100x8000000000000000751254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a29fb792f8b6fe42021-12-20 15:52:59.924root 11241100x8000000000000000751255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc4a76f45bbe3b72021-12-20 15:52:59.924root 11241100x8000000000000000751256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0696d809f928d7f82021-12-20 15:52:59.925root 11241100x8000000000000000751257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885f978755f713db2021-12-20 15:52:59.925root 11241100x8000000000000000751258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07915b17021ab71d2021-12-20 15:52:59.925root 11241100x8000000000000000751259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a270c0c8f1e252021-12-20 15:52:59.925root 11241100x8000000000000000751260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3ad0d3c2fa9ce42021-12-20 15:52:59.925root 11241100x8000000000000000751261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cc71d4dd2099dd2021-12-20 15:52:59.925root 11241100x8000000000000000751262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f49ae08337d7a1a2021-12-20 15:52:59.925root 11241100x8000000000000000751263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2588c508fc50ffb92021-12-20 15:52:59.925root 11241100x8000000000000000751264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe57de02a29e8aef2021-12-20 15:52:59.925root 11241100x8000000000000000751265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a687c30915cde242021-12-20 15:52:59.925root 11241100x8000000000000000751266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652202e2e007aabd2021-12-20 15:52:59.926root 11241100x8000000000000000751267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b78c534be4db2e2021-12-20 15:52:59.926root 11241100x8000000000000000751268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:52:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5bf3b642236c242021-12-20 15:52:59.926root 11241100x8000000000000000751269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aefe8fa33716e52021-12-20 15:53:00.424root 11241100x8000000000000000751270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b4ff9b70997ed02021-12-20 15:53:00.424root 11241100x8000000000000000751271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4e3c7c9c9b43462021-12-20 15:53:00.424root 11241100x8000000000000000751272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2af18c250a8a0e2021-12-20 15:53:00.424root 11241100x8000000000000000751273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642d5e8898d9154f2021-12-20 15:53:00.424root 11241100x8000000000000000751274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198cac27206dd2d82021-12-20 15:53:00.425root 11241100x8000000000000000751275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e3da60ae00b4992021-12-20 15:53:00.425root 11241100x8000000000000000751276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19cf83109a829df2021-12-20 15:53:00.425root 11241100x8000000000000000751277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b249c5b22b2e6752021-12-20 15:53:00.425root 11241100x8000000000000000751278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5623438c4ed48ea42021-12-20 15:53:00.425root 11241100x8000000000000000751279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cfda68fdf1c08c2021-12-20 15:53:00.425root 11241100x8000000000000000751280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dce5521370889f2021-12-20 15:53:00.425root 11241100x8000000000000000751281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88019221f231c7552021-12-20 15:53:00.425root 11241100x8000000000000000751282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2442970fa73ed32021-12-20 15:53:00.426root 11241100x8000000000000000751283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d86a6fd5bf52bad2021-12-20 15:53:00.426root 11241100x8000000000000000751284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0727047fe98db46d2021-12-20 15:53:00.426root 11241100x8000000000000000751285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6855bdf8e998d9c22021-12-20 15:53:00.426root 11241100x8000000000000000751286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6738d547fea694a72021-12-20 15:53:00.426root 11241100x8000000000000000751287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea854d133689bf982021-12-20 15:53:00.924root 11241100x8000000000000000751288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729c9dd3593037792021-12-20 15:53:00.924root 11241100x8000000000000000751289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ecf083ad6ca7b62021-12-20 15:53:00.924root 11241100x8000000000000000751290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f1918fb09b4d072021-12-20 15:53:00.924root 11241100x8000000000000000751291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e23c6249e9be1ec2021-12-20 15:53:00.925root 11241100x8000000000000000751292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79daaea373bab7142021-12-20 15:53:00.925root 11241100x8000000000000000751293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ddfe2cdcbce58b2021-12-20 15:53:00.925root 11241100x8000000000000000751294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55411a477c6c14602021-12-20 15:53:00.925root 11241100x8000000000000000751295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1c9fb9936026d62021-12-20 15:53:00.925root 11241100x8000000000000000751296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc05a9f17fc56ba2021-12-20 15:53:00.925root 11241100x8000000000000000751297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ebd0c5e0bed44e2021-12-20 15:53:00.925root 11241100x8000000000000000751298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fce75ec79af8392021-12-20 15:53:00.925root 11241100x8000000000000000751299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32429e0324aca6502021-12-20 15:53:00.925root 11241100x8000000000000000751300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5428c1114301ac2021-12-20 15:53:00.925root 11241100x8000000000000000751301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa04f06339cedb032021-12-20 15:53:00.925root 11241100x8000000000000000751302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c28f1bb0f8e862021-12-20 15:53:00.925root 11241100x8000000000000000751303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45ffd1860e523332021-12-20 15:53:00.925root 11241100x8000000000000000751304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362f7c9e0779e3982021-12-20 15:53:00.925root 354300x8000000000000000751305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.082{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51320-false10.0.1.12-8000- 11241100x8000000000000000751306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c30e091b00f115a2021-12-20 15:53:01.424root 11241100x8000000000000000751307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca1259c01e337ba2021-12-20 15:53:01.424root 11241100x8000000000000000751308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd00ac259438c332021-12-20 15:53:01.424root 11241100x8000000000000000751309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94017e3d475fa96d2021-12-20 15:53:01.424root 11241100x8000000000000000751310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51960201003238a2021-12-20 15:53:01.424root 11241100x8000000000000000751311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a195cb49d849fe902021-12-20 15:53:01.424root 11241100x8000000000000000751312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eb8178d21a2f8a2021-12-20 15:53:01.425root 11241100x8000000000000000751313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580c1074f75270c02021-12-20 15:53:01.425root 11241100x8000000000000000751314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d657f53c7834ce992021-12-20 15:53:01.425root 11241100x8000000000000000751315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2321dd8b94ca0b652021-12-20 15:53:01.425root 11241100x8000000000000000751316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c6f2666a0e17692021-12-20 15:53:01.425root 11241100x8000000000000000751317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aa5b279b842b5e2021-12-20 15:53:01.425root 11241100x8000000000000000751318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c71caffc6f00a6a2021-12-20 15:53:01.425root 11241100x8000000000000000751319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80fbd0fe5a27bdd2021-12-20 15:53:01.425root 11241100x8000000000000000751320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a2cdf21b7263c32021-12-20 15:53:01.426root 11241100x8000000000000000751321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fcd8e7e2016df62021-12-20 15:53:01.426root 11241100x8000000000000000751322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d3b60c47e9ff902021-12-20 15:53:01.426root 11241100x8000000000000000751323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d832b4db6cf295d2021-12-20 15:53:01.426root 11241100x8000000000000000751324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b9cc8daf731f9b2021-12-20 15:53:01.426root 11241100x8000000000000000751325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81061508c41f409e2021-12-20 15:53:01.924root 11241100x8000000000000000751326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0cb468329488632021-12-20 15:53:01.924root 11241100x8000000000000000751327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807739928c031c992021-12-20 15:53:01.924root 11241100x8000000000000000751328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aca756a94a0e452021-12-20 15:53:01.924root 11241100x8000000000000000751329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c42ab7e4dca5c822021-12-20 15:53:01.924root 11241100x8000000000000000751330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f49ec7eb913e242021-12-20 15:53:01.924root 11241100x8000000000000000751331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b76b20279d82c802021-12-20 15:53:01.924root 11241100x8000000000000000751332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae4957517f5c2692021-12-20 15:53:01.924root 11241100x8000000000000000751333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90689c9477d2b6472021-12-20 15:53:01.925root 11241100x8000000000000000751334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1b2b1724b8da1f2021-12-20 15:53:01.925root 11241100x8000000000000000751335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c709f307d7dc56842021-12-20 15:53:01.925root 11241100x8000000000000000751336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c8bd387bba7f942021-12-20 15:53:01.925root 11241100x8000000000000000751337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2298955501d06a72021-12-20 15:53:01.925root 11241100x8000000000000000751338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f93168af431ef6d2021-12-20 15:53:01.925root 11241100x8000000000000000751339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a745e26e413c5e2021-12-20 15:53:01.925root 11241100x8000000000000000751340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d046fe6ef760f2021-12-20 15:53:01.925root 11241100x8000000000000000751341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab61a6aab4f46d062021-12-20 15:53:01.925root 11241100x8000000000000000751342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1335c064f4a8e92021-12-20 15:53:01.925root 11241100x8000000000000000751343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56de5bf65ba863572021-12-20 15:53:01.926root 11241100x8000000000000000751344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c77529cef634ce2021-12-20 15:53:01.926root 11241100x8000000000000000751345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1693ca1f3dd89c1f2021-12-20 15:53:02.424root 11241100x8000000000000000751346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee416b9d4653c942021-12-20 15:53:02.424root 11241100x8000000000000000751347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b29bd8a017fdd92021-12-20 15:53:02.424root 11241100x8000000000000000751348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce844672dd81d672021-12-20 15:53:02.424root 11241100x8000000000000000751349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55131906d1ba55d62021-12-20 15:53:02.425root 11241100x8000000000000000751350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef49c930cb937672021-12-20 15:53:02.425root 11241100x8000000000000000751351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885fcd059bc133912021-12-20 15:53:02.425root 11241100x8000000000000000751352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2305d63a5f5c2c2021-12-20 15:53:02.425root 11241100x8000000000000000751353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14c0b82a0a41962021-12-20 15:53:02.425root 11241100x8000000000000000751354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5459ca13b4c5b412021-12-20 15:53:02.425root 11241100x8000000000000000751355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3016a209ea9eb962021-12-20 15:53:02.425root 11241100x8000000000000000751356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cec216519a85742021-12-20 15:53:02.425root 11241100x8000000000000000751357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb664866d79bd3b32021-12-20 15:53:02.425root 11241100x8000000000000000751358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fc36cf78f05f592021-12-20 15:53:02.425root 11241100x8000000000000000751359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c2fbaf29767a712021-12-20 15:53:02.425root 11241100x8000000000000000751360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd265dfc7c19a262021-12-20 15:53:02.425root 11241100x8000000000000000751361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cc6278716662d12021-12-20 15:53:02.425root 11241100x8000000000000000751362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0aed579deb73ad2021-12-20 15:53:02.425root 11241100x8000000000000000751363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03c49d037796a872021-12-20 15:53:02.425root 11241100x8000000000000000751364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3994d1894cf4d5a22021-12-20 15:53:02.924root 11241100x8000000000000000751365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb791406adf48822021-12-20 15:53:02.924root 11241100x8000000000000000751366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a852f611db2aaa52021-12-20 15:53:02.924root 11241100x8000000000000000751367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e06b1844f4acc62021-12-20 15:53:02.925root 11241100x8000000000000000751368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270548e59dc76ca42021-12-20 15:53:02.925root 11241100x8000000000000000751369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad06479a58493eca2021-12-20 15:53:02.925root 11241100x8000000000000000751370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c4f1d646a720242021-12-20 15:53:02.925root 11241100x8000000000000000751371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8319c3f8df92862021-12-20 15:53:02.925root 11241100x8000000000000000751372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef28b7f69e3f86b32021-12-20 15:53:02.925root 11241100x8000000000000000751373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e941c073c5b2fc352021-12-20 15:53:02.925root 11241100x8000000000000000751374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb5a95a65e4e6db2021-12-20 15:53:02.925root 11241100x8000000000000000751375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7647326b406465fd2021-12-20 15:53:02.925root 11241100x8000000000000000751376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649917e9d1ad8cd22021-12-20 15:53:02.925root 11241100x8000000000000000751377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210eea97e0365b3a2021-12-20 15:53:02.925root 11241100x8000000000000000751378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75806e43c35e3f312021-12-20 15:53:02.925root 11241100x8000000000000000751379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115d2446bee344912021-12-20 15:53:02.925root 11241100x8000000000000000751380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e96d1c029ad1792021-12-20 15:53:02.925root 11241100x8000000000000000751381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4616cd05527a59022021-12-20 15:53:02.925root 11241100x8000000000000000751382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198c901ed7abd8442021-12-20 15:53:02.926root 11241100x8000000000000000751383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032a61bb55a8a50c2021-12-20 15:53:03.424root 11241100x8000000000000000751384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20214dc991a3eff2021-12-20 15:53:03.424root 11241100x8000000000000000751385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fdfaa2a33d67a32021-12-20 15:53:03.424root 11241100x8000000000000000751386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851558d75664053a2021-12-20 15:53:03.424root 11241100x8000000000000000751387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65bfe416131c8a22021-12-20 15:53:03.425root 11241100x8000000000000000751388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d193c8035c6d012c2021-12-20 15:53:03.425root 11241100x8000000000000000751389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3db50e164a51e242021-12-20 15:53:03.425root 11241100x8000000000000000751390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baca40432455717c2021-12-20 15:53:03.425root 11241100x8000000000000000751391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1c56ed789afc552021-12-20 15:53:03.425root 11241100x8000000000000000751392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8851bbebe00ea7ff2021-12-20 15:53:03.425root 11241100x8000000000000000751393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a886db110135cbe22021-12-20 15:53:03.425root 11241100x8000000000000000751394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a067ceb5b1ca5e32021-12-20 15:53:03.425root 11241100x8000000000000000751395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4771a015761ba42021-12-20 15:53:03.425root 11241100x8000000000000000751396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e665387e68d4c46d2021-12-20 15:53:03.425root 11241100x8000000000000000751397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9525efc27d1a98de2021-12-20 15:53:03.425root 11241100x8000000000000000751398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8465666343855a52021-12-20 15:53:03.425root 11241100x8000000000000000751399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478fca2bf478f05d2021-12-20 15:53:03.425root 11241100x8000000000000000751400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c7d2213dcd25b02021-12-20 15:53:03.425root 11241100x8000000000000000751401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae440c90fe46d32021-12-20 15:53:03.425root 11241100x8000000000000000751402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a6b565b5f3a95c2021-12-20 15:53:03.924root 11241100x8000000000000000751403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbdf832286191132021-12-20 15:53:03.924root 11241100x8000000000000000751404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282bf1d6321b37e52021-12-20 15:53:03.924root 11241100x8000000000000000751405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e99599c3b866392021-12-20 15:53:03.924root 11241100x8000000000000000751406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cbc92589c6e95f2021-12-20 15:53:03.925root 11241100x8000000000000000751407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5198832faa5f45d32021-12-20 15:53:03.925root 11241100x8000000000000000751408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af0cde0957d90ce2021-12-20 15:53:03.925root 11241100x8000000000000000751409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b134f23be6b2b82021-12-20 15:53:03.925root 11241100x8000000000000000751410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7460d92db11f9e342021-12-20 15:53:03.925root 11241100x8000000000000000751411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909ed1943cd8d38e2021-12-20 15:53:03.925root 11241100x8000000000000000751412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27bc7ae89bdf4772021-12-20 15:53:03.925root 11241100x8000000000000000751413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af587086afad240e2021-12-20 15:53:03.925root 11241100x8000000000000000751414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eee5037dc97dbd2021-12-20 15:53:03.925root 11241100x8000000000000000751415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c9862eaa4e26802021-12-20 15:53:03.925root 11241100x8000000000000000751416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696309cdc1a84a892021-12-20 15:53:03.925root 11241100x8000000000000000751417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45843bfceb12c5162021-12-20 15:53:03.925root 11241100x8000000000000000751418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6346cc8767e47c9d2021-12-20 15:53:03.925root 11241100x8000000000000000751419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c127234e8461f1b2021-12-20 15:53:03.925root 11241100x8000000000000000751420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d11ab951f439fe2021-12-20 15:53:03.925root 11241100x8000000000000000751421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f302b7b315205922021-12-20 15:53:04.424root 11241100x8000000000000000751422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2cbc4ca3cde07e2021-12-20 15:53:04.424root 11241100x8000000000000000751423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e35edc0ebd5a1f22021-12-20 15:53:04.424root 11241100x8000000000000000751424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d117cbfd8600c35d2021-12-20 15:53:04.424root 11241100x8000000000000000751425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bb592d362989632021-12-20 15:53:04.425root 11241100x8000000000000000751426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c9fa1ef70070432021-12-20 15:53:04.425root 11241100x8000000000000000751427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c041635cdb67422021-12-20 15:53:04.425root 11241100x8000000000000000751428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bc9eceb69058782021-12-20 15:53:04.425root 11241100x8000000000000000751429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fe8ebb8a37b2512021-12-20 15:53:04.425root 11241100x8000000000000000751430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e0db09cafef22f2021-12-20 15:53:04.425root 11241100x8000000000000000751431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eca136c40eec1692021-12-20 15:53:04.425root 11241100x8000000000000000751432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be1956e04bf64772021-12-20 15:53:04.425root 11241100x8000000000000000751433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026f093b9aafb7a02021-12-20 15:53:04.425root 11241100x8000000000000000751434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a405a8598e5587f32021-12-20 15:53:04.426root 11241100x8000000000000000751435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646a3ca42791ef5e2021-12-20 15:53:04.426root 11241100x8000000000000000751436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d1d20492f5dac82021-12-20 15:53:04.426root 11241100x8000000000000000751437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2937bee20962ee2021-12-20 15:53:04.426root 11241100x8000000000000000751438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884b3d9075e641752021-12-20 15:53:04.426root 11241100x8000000000000000751439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d3c0a1a27ce18e2021-12-20 15:53:04.426root 11241100x8000000000000000751440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e7f68da76989942021-12-20 15:53:04.924root 11241100x8000000000000000751441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953180f273e041f02021-12-20 15:53:04.924root 11241100x8000000000000000751442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd420630b07feae2021-12-20 15:53:04.924root 11241100x8000000000000000751443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe408e5f8b6554132021-12-20 15:53:04.924root 11241100x8000000000000000751444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83b8f55085806772021-12-20 15:53:04.924root 11241100x8000000000000000751445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d72d17b41f1ad52021-12-20 15:53:04.925root 11241100x8000000000000000751446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2512d8e261b76fde2021-12-20 15:53:04.925root 11241100x8000000000000000751447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9727988a020959922021-12-20 15:53:04.925root 11241100x8000000000000000751448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a71f1cc801c2352021-12-20 15:53:04.925root 11241100x8000000000000000751449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05ca1824f1814c32021-12-20 15:53:04.925root 11241100x8000000000000000751450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54c95859b3558eb2021-12-20 15:53:04.925root 11241100x8000000000000000751451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e60ff38d87a1732021-12-20 15:53:04.925root 11241100x8000000000000000751452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0d8cf15d7e15292021-12-20 15:53:04.925root 11241100x8000000000000000751453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d19070e042a05a82021-12-20 15:53:04.925root 11241100x8000000000000000751454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4699a7ad7a4065b12021-12-20 15:53:04.926root 11241100x8000000000000000751455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cf60100df215792021-12-20 15:53:04.926root 11241100x8000000000000000751456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a930d78b7bd49d12021-12-20 15:53:04.926root 11241100x8000000000000000751457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01361ca5e3fd64342021-12-20 15:53:04.926root 11241100x8000000000000000751458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05b514c7b14408f2021-12-20 15:53:04.926root 11241100x8000000000000000751459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd7ea549a2cd3242021-12-20 15:53:05.424root 11241100x8000000000000000751460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c1b08fc175e10f2021-12-20 15:53:05.424root 11241100x8000000000000000751461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed99baf5e878b5f32021-12-20 15:53:05.424root 11241100x8000000000000000751462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3923817ce36094f02021-12-20 15:53:05.424root 11241100x8000000000000000751463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74bcca6bee4a8f32021-12-20 15:53:05.425root 11241100x8000000000000000751464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faafc5efc08ed492021-12-20 15:53:05.425root 11241100x8000000000000000751465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc66fbdb27b51f92021-12-20 15:53:05.425root 11241100x8000000000000000751466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1adb743f1657bc22021-12-20 15:53:05.425root 11241100x8000000000000000751467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4595bccf29b951312021-12-20 15:53:05.425root 11241100x8000000000000000751468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164d60188ce885f82021-12-20 15:53:05.425root 11241100x8000000000000000751469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17365c1aae3c1a22021-12-20 15:53:05.425root 11241100x8000000000000000751470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ab2c4ca3ea20e72021-12-20 15:53:05.426root 11241100x8000000000000000751471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6063ff560edbd02021-12-20 15:53:05.426root 11241100x8000000000000000751472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb400f6e74cacd202021-12-20 15:53:05.426root 11241100x8000000000000000751473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17aa9717c82c00a82021-12-20 15:53:05.426root 11241100x8000000000000000751474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beff11d8bd36f56a2021-12-20 15:53:05.426root 11241100x8000000000000000751475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f94a5d9eb0bfe92021-12-20 15:53:05.426root 11241100x8000000000000000751476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35ba32dda43b94a2021-12-20 15:53:05.426root 11241100x8000000000000000751477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06373b2f307b7a3d2021-12-20 15:53:05.426root 11241100x8000000000000000751478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca953c89105d2322021-12-20 15:53:05.924root 11241100x8000000000000000751479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a82ab143c4e29892021-12-20 15:53:05.924root 11241100x8000000000000000751480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da6c1735b7f4ea22021-12-20 15:53:05.924root 11241100x8000000000000000751481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c18c179924829d02021-12-20 15:53:05.924root 11241100x8000000000000000751482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4363ab3d0b2d4f4f2021-12-20 15:53:05.925root 11241100x8000000000000000751483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98162d2e45991a172021-12-20 15:53:05.925root 11241100x8000000000000000751484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d53dcd4709717e22021-12-20 15:53:05.925root 11241100x8000000000000000751485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d65052221f941532021-12-20 15:53:05.925root 11241100x8000000000000000751486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0850acd99f02cfe52021-12-20 15:53:05.925root 11241100x8000000000000000751487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00402a455e7a64442021-12-20 15:53:05.925root 11241100x8000000000000000751488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d4e0d03e1de14c2021-12-20 15:53:05.925root 11241100x8000000000000000751489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04dec7924bc904b2021-12-20 15:53:05.925root 11241100x8000000000000000751490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e581ff69fef60c522021-12-20 15:53:05.925root 11241100x8000000000000000751491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f237a9498f5e6a992021-12-20 15:53:05.925root 11241100x8000000000000000751492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856392c24852be432021-12-20 15:53:05.925root 11241100x8000000000000000751493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b6254b634901da2021-12-20 15:53:05.925root 11241100x8000000000000000751494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2061bc53b51438602021-12-20 15:53:05.925root 11241100x8000000000000000751495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33da20e17098bedc2021-12-20 15:53:05.925root 11241100x8000000000000000751496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a97304dcb40a5a2021-12-20 15:53:05.926root 11241100x8000000000000000751497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.070{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:53:06.070root 354300x8000000000000000751498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.103{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51322-false10.0.1.12-8000- 11241100x8000000000000000751499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90243c31418a51d72021-12-20 15:53:06.424root 11241100x8000000000000000751500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afd309b96128d662021-12-20 15:53:06.424root 11241100x8000000000000000751501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f81450f667e1a9c2021-12-20 15:53:06.424root 11241100x8000000000000000751502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b506c6bd13f9a42021-12-20 15:53:06.424root 11241100x8000000000000000751503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c658eb099863e62021-12-20 15:53:06.425root 11241100x8000000000000000751504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fcaa527ad9ea492021-12-20 15:53:06.425root 11241100x8000000000000000751505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bb7188726c10252021-12-20 15:53:06.425root 11241100x8000000000000000751506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6166414df1937032021-12-20 15:53:06.425root 11241100x8000000000000000751507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bb8273f3397d7f2021-12-20 15:53:06.425root 11241100x8000000000000000751508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4629b8e0535fc992021-12-20 15:53:06.425root 11241100x8000000000000000751509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d58ef05adc021e82021-12-20 15:53:06.425root 11241100x8000000000000000751510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de56f91ae76feff2021-12-20 15:53:06.425root 11241100x8000000000000000751511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc2b5762971666f2021-12-20 15:53:06.425root 11241100x8000000000000000751512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8cc692d647d2262021-12-20 15:53:06.425root 11241100x8000000000000000751513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2794cfa6712a742021-12-20 15:53:06.425root 11241100x8000000000000000751514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4965ac63178a272021-12-20 15:53:06.426root 11241100x8000000000000000751515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dbd426551c795a2021-12-20 15:53:06.426root 11241100x8000000000000000751516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e969222950ebec272021-12-20 15:53:06.426root 11241100x8000000000000000751517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06995c092d12d20d2021-12-20 15:53:06.426root 11241100x8000000000000000751518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7b812d7313a7632021-12-20 15:53:06.426root 11241100x8000000000000000751519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8b0e211ecf67ab2021-12-20 15:53:06.426root 11241100x8000000000000000751520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05a67dc935604832021-12-20 15:53:06.924root 11241100x8000000000000000751521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624d637272c8b4432021-12-20 15:53:06.924root 11241100x8000000000000000751522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2181d09a7a053e12021-12-20 15:53:06.924root 11241100x8000000000000000751523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0e3f6378788d632021-12-20 15:53:06.924root 11241100x8000000000000000751524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffce2cc363d7f0d2021-12-20 15:53:06.924root 11241100x8000000000000000751525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a01b5de333a6a22021-12-20 15:53:06.924root 11241100x8000000000000000751526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb6c9f8a16bd3372021-12-20 15:53:06.924root 11241100x8000000000000000751527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba04251e5cdd4dfb2021-12-20 15:53:06.925root 11241100x8000000000000000751528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2c4666409685352021-12-20 15:53:06.925root 11241100x8000000000000000751529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9fb879ee483ddf2021-12-20 15:53:06.925root 11241100x8000000000000000751530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f21a11a461cfd82021-12-20 15:53:06.925root 11241100x8000000000000000751531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5483c6a4c06fc1c82021-12-20 15:53:06.925root 11241100x8000000000000000751532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e913b8f8cc1207c2021-12-20 15:53:06.925root 11241100x8000000000000000751533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be81a68102922862021-12-20 15:53:06.925root 11241100x8000000000000000751534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a8f5af1cd34f782021-12-20 15:53:06.925root 11241100x8000000000000000751535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b707bb33a0b0f28d2021-12-20 15:53:06.926root 11241100x8000000000000000751536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a135b285bfc6d942021-12-20 15:53:06.926root 11241100x8000000000000000751537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c867f14381ea8152021-12-20 15:53:06.926root 11241100x8000000000000000751538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f251ae336451a7e32021-12-20 15:53:06.926root 11241100x8000000000000000751539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4927399c3dc721252021-12-20 15:53:06.926root 11241100x8000000000000000751540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f1e0ab21022862021-12-20 15:53:06.926root 11241100x8000000000000000751541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3195c9b78b523a2021-12-20 15:53:06.926root 11241100x8000000000000000751542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c80a8820ea670492021-12-20 15:53:07.424root 11241100x8000000000000000751543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113736c41f1bce302021-12-20 15:53:07.426root 11241100x8000000000000000751544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2b9a5428ed96382021-12-20 15:53:07.426root 11241100x8000000000000000751545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d637fdc4724421f02021-12-20 15:53:07.426root 11241100x8000000000000000751546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51229bcbf048f1692021-12-20 15:53:07.426root 11241100x8000000000000000751547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbf91ac813922fe2021-12-20 15:53:07.426root 11241100x8000000000000000751548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fd99f3c587e5e82021-12-20 15:53:07.426root 11241100x8000000000000000751549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4655e4b739f4aa052021-12-20 15:53:07.426root 11241100x8000000000000000751550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a9c156ad6465662021-12-20 15:53:07.426root 11241100x8000000000000000751551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec96ac247eb9bfcd2021-12-20 15:53:07.426root 11241100x8000000000000000751552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e03d050dcf5f252021-12-20 15:53:07.426root 11241100x8000000000000000751553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a229567913aa4c2021-12-20 15:53:07.426root 11241100x8000000000000000751554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afaedafb7f8d73d2021-12-20 15:53:07.427root 11241100x8000000000000000751555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f32030d73643f352021-12-20 15:53:07.427root 11241100x8000000000000000751556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5c24c2b67de42e2021-12-20 15:53:07.427root 11241100x8000000000000000751557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99679df3d0231c2f2021-12-20 15:53:07.427root 11241100x8000000000000000751558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dfee1f6c055e962021-12-20 15:53:07.427root 11241100x8000000000000000751559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103c808bc42ecfdd2021-12-20 15:53:07.427root 11241100x8000000000000000751560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6725a3dd7594a432021-12-20 15:53:07.427root 11241100x8000000000000000751561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dd2b8cbd647a2b2021-12-20 15:53:07.427root 11241100x8000000000000000751562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4196f5a3089d4f12021-12-20 15:53:07.428root 11241100x8000000000000000751563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6f95896e34c4b62021-12-20 15:53:07.924root 11241100x8000000000000000751564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a4113268e48a912021-12-20 15:53:07.924root 11241100x8000000000000000751565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526bace8356448152021-12-20 15:53:07.924root 11241100x8000000000000000751566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4eeff2f1e575532021-12-20 15:53:07.924root 11241100x8000000000000000751567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f34cc59632ff8612021-12-20 15:53:07.925root 11241100x8000000000000000751568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4d9ad98a1dffc42021-12-20 15:53:07.925root 11241100x8000000000000000751569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6029a96d66b11052021-12-20 15:53:07.925root 11241100x8000000000000000751570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48faaf25390697dc2021-12-20 15:53:07.925root 11241100x8000000000000000751571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf128c2e4333cadb2021-12-20 15:53:07.925root 11241100x8000000000000000751572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b7c87e28d7ca6f2021-12-20 15:53:07.925root 11241100x8000000000000000751573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c030932d4e9437b12021-12-20 15:53:07.926root 11241100x8000000000000000751574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944ab05185ef3e832021-12-20 15:53:07.926root 11241100x8000000000000000751575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03df8f7cfcac08b2021-12-20 15:53:07.926root 11241100x8000000000000000751576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31cee4bbd0abb2c2021-12-20 15:53:07.926root 11241100x8000000000000000751577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6002ded52c95eb5e2021-12-20 15:53:07.926root 11241100x8000000000000000751578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0f567df62b04132021-12-20 15:53:07.926root 11241100x8000000000000000751579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f1a544466642fc2021-12-20 15:53:07.926root 11241100x8000000000000000751580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bccc755690b2192021-12-20 15:53:07.926root 11241100x8000000000000000751581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f896903c07fefc2021-12-20 15:53:07.926root 11241100x8000000000000000751582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009e93301416f4de2021-12-20 15:53:07.926root 11241100x8000000000000000751583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bad316b6e50aeb2021-12-20 15:53:07.927root 11241100x8000000000000000751584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bba6659738569b42021-12-20 15:53:08.424root 11241100x8000000000000000751585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ea38e67ec35bb82021-12-20 15:53:08.424root 11241100x8000000000000000751586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d54e565939e0bb42021-12-20 15:53:08.424root 11241100x8000000000000000751587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1536bb315a59c7492021-12-20 15:53:08.424root 11241100x8000000000000000751588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ed4a8c4d9d41362021-12-20 15:53:08.425root 11241100x8000000000000000751589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458465fb9fb2409f2021-12-20 15:53:08.425root 11241100x8000000000000000751590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b220a181c33333462021-12-20 15:53:08.425root 11241100x8000000000000000751591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf6aa30455a11f92021-12-20 15:53:08.425root 11241100x8000000000000000751592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f63f4ae8abde3892021-12-20 15:53:08.425root 11241100x8000000000000000751593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6319a314487e952021-12-20 15:53:08.425root 11241100x8000000000000000751594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fe2a917677f02d2021-12-20 15:53:08.425root 11241100x8000000000000000751595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb0a3d802d5ef472021-12-20 15:53:08.425root 11241100x8000000000000000751596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff000ea01e75f8f92021-12-20 15:53:08.425root 11241100x8000000000000000751597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611ffb18c9a97e662021-12-20 15:53:08.425root 11241100x8000000000000000751598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6bb4242be3d0742021-12-20 15:53:08.426root 11241100x8000000000000000751599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c924206dea722652021-12-20 15:53:08.426root 11241100x8000000000000000751600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c662948004b1d15d2021-12-20 15:53:08.426root 11241100x8000000000000000751601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8770bd9f4bcd86282021-12-20 15:53:08.426root 11241100x8000000000000000751602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dc96b6e13570bd2021-12-20 15:53:08.426root 11241100x8000000000000000751603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1b06b4e2ae62392021-12-20 15:53:08.426root 11241100x8000000000000000751604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216f3c837d5aea262021-12-20 15:53:08.426root 11241100x8000000000000000751605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2209533a419e79062021-12-20 15:53:08.925root 11241100x8000000000000000751606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d2b68e288494de2021-12-20 15:53:08.925root 11241100x8000000000000000751607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a2875ad04b60092021-12-20 15:53:08.925root 11241100x8000000000000000751608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dfabe93beb4e9c2021-12-20 15:53:08.925root 11241100x8000000000000000751609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b8851e2437b6032021-12-20 15:53:08.925root 11241100x8000000000000000751610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c4a6cf7062af9a2021-12-20 15:53:08.925root 11241100x8000000000000000751611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe50ac4bdcdfb7142021-12-20 15:53:08.925root 11241100x8000000000000000751612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47d1f895f0439812021-12-20 15:53:08.925root 11241100x8000000000000000751613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1e964ffa9ac7392021-12-20 15:53:08.926root 11241100x8000000000000000751614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1002bc457e372542021-12-20 15:53:08.926root 11241100x8000000000000000751615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727cb7c83a4e3d542021-12-20 15:53:08.926root 11241100x8000000000000000751616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36141472d8dc5ca92021-12-20 15:53:08.926root 11241100x8000000000000000751617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c261c0de62fac002021-12-20 15:53:08.926root 11241100x8000000000000000751618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be84f18d160137ad2021-12-20 15:53:08.926root 11241100x8000000000000000751619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85393bc8bebc731b2021-12-20 15:53:08.926root 11241100x8000000000000000751620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28af07f403f54112021-12-20 15:53:08.926root 11241100x8000000000000000751621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eff59c9b8fbd79d2021-12-20 15:53:08.926root 11241100x8000000000000000751622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75416e9256be613e2021-12-20 15:53:08.926root 11241100x8000000000000000751623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c90e517883dc6c2021-12-20 15:53:08.926root 11241100x8000000000000000751624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbca15ca1f52e3a2021-12-20 15:53:08.926root 11241100x8000000000000000751625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cbcbe806c016a32021-12-20 15:53:08.927root 23542300x8000000000000000751626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.074{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000751627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d298f459a3a7ce2021-12-20 15:53:09.424root 11241100x8000000000000000751628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfaffe19ac10e372021-12-20 15:53:09.425root 11241100x8000000000000000751629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3487ef20ab63232021-12-20 15:53:09.425root 11241100x8000000000000000751630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcf18e2210efd0a2021-12-20 15:53:09.425root 11241100x8000000000000000751631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56f0db2e3c1d7842021-12-20 15:53:09.425root 11241100x8000000000000000751632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35f584b9e6c287a2021-12-20 15:53:09.426root 11241100x8000000000000000751633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4337cede498b932021-12-20 15:53:09.426root 11241100x8000000000000000751634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a658a7c95f5a312021-12-20 15:53:09.426root 11241100x8000000000000000751635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c5199281463b432021-12-20 15:53:09.427root 11241100x8000000000000000751636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912f12eed0805d502021-12-20 15:53:09.427root 11241100x8000000000000000751637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2d66fc4d56c3752021-12-20 15:53:09.427root 11241100x8000000000000000751638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6633b8bf2f9cd99a2021-12-20 15:53:09.427root 11241100x8000000000000000751639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af62b1732985eed22021-12-20 15:53:09.428root 11241100x8000000000000000751640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b4db5252e7f1812021-12-20 15:53:09.428root 11241100x8000000000000000751641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1f40127ea6ae972021-12-20 15:53:09.428root 11241100x8000000000000000751642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9f9359056f55222021-12-20 15:53:09.429root 11241100x8000000000000000751643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0add56d3b5ec93872021-12-20 15:53:09.429root 11241100x8000000000000000751644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fcea4a4e1856e02021-12-20 15:53:09.429root 11241100x8000000000000000751645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fcd318b4021f892021-12-20 15:53:09.429root 11241100x8000000000000000751646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8480214a65abfed2021-12-20 15:53:09.430root 11241100x8000000000000000751647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5b69a1e55d39f72021-12-20 15:53:09.430root 11241100x8000000000000000751648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5db949a9016dc452021-12-20 15:53:09.430root 11241100x8000000000000000751649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebb34df158f3e262021-12-20 15:53:09.924root 11241100x8000000000000000751650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05e0bde4b8e59b92021-12-20 15:53:09.924root 11241100x8000000000000000751651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9429d40078a3bb252021-12-20 15:53:09.925root 11241100x8000000000000000751652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46496d0a58f85b8d2021-12-20 15:53:09.925root 11241100x8000000000000000751653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49339b18759d360c2021-12-20 15:53:09.925root 11241100x8000000000000000751654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18e296c34008df02021-12-20 15:53:09.926root 11241100x8000000000000000751655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a9c2c304ed3e072021-12-20 15:53:09.926root 11241100x8000000000000000751656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9169ce1166f2baec2021-12-20 15:53:09.926root 11241100x8000000000000000751657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f68e9c3b16f4e502021-12-20 15:53:09.927root 11241100x8000000000000000751658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778331377de8face2021-12-20 15:53:09.927root 11241100x8000000000000000751659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e8d28e5623e4ed2021-12-20 15:53:09.927root 11241100x8000000000000000751660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8987cbe6eccdb9ca2021-12-20 15:53:09.927root 11241100x8000000000000000751661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f48a07bfe39fc9a2021-12-20 15:53:09.927root 11241100x8000000000000000751662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240ce3c7593be88b2021-12-20 15:53:09.928root 11241100x8000000000000000751663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4132475586e3f82021-12-20 15:53:09.928root 11241100x8000000000000000751664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfde5891ffed07e82021-12-20 15:53:09.928root 11241100x8000000000000000751665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727c55569fcf55672021-12-20 15:53:09.928root 11241100x8000000000000000751666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae7a6c4e392608c2021-12-20 15:53:09.928root 11241100x8000000000000000751667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d944d9599a8497db2021-12-20 15:53:09.928root 11241100x8000000000000000751668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a904b5610df9411b2021-12-20 15:53:09.928root 11241100x8000000000000000751669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6b193963ff35892021-12-20 15:53:09.928root 11241100x8000000000000000751670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5d987817595efb2021-12-20 15:53:09.928root 11241100x8000000000000000751671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8a2cb0696ef6662021-12-20 15:53:09.928root 11241100x8000000000000000751672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43295e2dc1e085d2021-12-20 15:53:10.424root 11241100x8000000000000000751673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f126f0b1d2c6372021-12-20 15:53:10.424root 11241100x8000000000000000751674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f17d2d96b8daf7d2021-12-20 15:53:10.424root 11241100x8000000000000000751675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c52b54dc54d662021-12-20 15:53:10.424root 11241100x8000000000000000751676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2a7978e59389362021-12-20 15:53:10.424root 11241100x8000000000000000751677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2279c32277f1b72021-12-20 15:53:10.424root 11241100x8000000000000000751678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095acb711001eeae2021-12-20 15:53:10.424root 11241100x8000000000000000751679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74610bd7667256502021-12-20 15:53:10.425root 11241100x8000000000000000751680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e446ba5fce05122021-12-20 15:53:10.425root 11241100x8000000000000000751681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eb9243fd3820a32021-12-20 15:53:10.425root 11241100x8000000000000000751682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6e81cfc52895172021-12-20 15:53:10.425root 11241100x8000000000000000751683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d4ae3bdfb633622021-12-20 15:53:10.425root 11241100x8000000000000000751684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c435b6f3c594d30c2021-12-20 15:53:10.426root 11241100x8000000000000000751685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599655780480cfad2021-12-20 15:53:10.426root 11241100x8000000000000000751686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b37334a11a99de2021-12-20 15:53:10.426root 11241100x8000000000000000751687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642e9626c5ea9d292021-12-20 15:53:10.427root 11241100x8000000000000000751688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d95a95f7e81ccd2021-12-20 15:53:10.427root 11241100x8000000000000000751689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16f85bedbe91e8c2021-12-20 15:53:10.427root 11241100x8000000000000000751690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb345731c7f8507e2021-12-20 15:53:10.428root 11241100x8000000000000000751691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87733d7543d83412021-12-20 15:53:10.428root 11241100x8000000000000000751692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c81e04b94aef682021-12-20 15:53:10.428root 11241100x8000000000000000751693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530cab9329cb3ba32021-12-20 15:53:10.428root 11241100x8000000000000000751694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93551dbe54f824772021-12-20 15:53:10.924root 11241100x8000000000000000751695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46da947d042eb2c2021-12-20 15:53:10.925root 11241100x8000000000000000751696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9736d1f0ca9727d02021-12-20 15:53:10.925root 11241100x8000000000000000751697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba5cc3d9302bacc2021-12-20 15:53:10.925root 11241100x8000000000000000751698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2e1341b08d18ad2021-12-20 15:53:10.925root 11241100x8000000000000000751699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce98bab9a7dcbb72021-12-20 15:53:10.925root 11241100x8000000000000000751700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772d6a99fe3fdcb82021-12-20 15:53:10.925root 11241100x8000000000000000751701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ef12452ad261742021-12-20 15:53:10.926root 11241100x8000000000000000751702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb23eb8f3c1f0a22021-12-20 15:53:10.926root 11241100x8000000000000000751703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822a07224b3ac44d2021-12-20 15:53:10.926root 11241100x8000000000000000751704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68285af0c26419642021-12-20 15:53:10.926root 11241100x8000000000000000751705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45a202e531030ef2021-12-20 15:53:10.926root 11241100x8000000000000000751706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c71c09b5fa20e8d2021-12-20 15:53:10.926root 11241100x8000000000000000751707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762a42b51ffe14282021-12-20 15:53:10.926root 11241100x8000000000000000751708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310cdbedb0223bc62021-12-20 15:53:10.927root 11241100x8000000000000000751709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5324e5c03353333f2021-12-20 15:53:10.927root 11241100x8000000000000000751710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128fbccc8909d4be2021-12-20 15:53:10.927root 11241100x8000000000000000751711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494d30c27deb5f842021-12-20 15:53:10.927root 11241100x8000000000000000751712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b8d01f77e5734f2021-12-20 15:53:10.927root 11241100x8000000000000000751713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e6ccc0ac35eb5b2021-12-20 15:53:10.927root 11241100x8000000000000000751714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb7d1850d8b2f0d2021-12-20 15:53:10.927root 11241100x8000000000000000751715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85ef03598a78c0a2021-12-20 15:53:10.927root 154100x8000000000000000751716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.231{ec2c97d1-a6e7-61c0-6864-cc08a4550000}10199/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000751717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.232{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c3cce3227631672021-12-20 15:53:11.232root 11241100x8000000000000000751718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.233{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bebf2c479aca3e62021-12-20 15:53:11.233root 11241100x8000000000000000751719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.233{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f777e61cb1a97a2021-12-20 15:53:11.233root 11241100x8000000000000000751720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.233{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c078ca56627742832021-12-20 15:53:11.233root 11241100x8000000000000000751721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.234{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d5cf83b7540b42021-12-20 15:53:11.234root 11241100x8000000000000000751722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.234{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc4e7c371d569782021-12-20 15:53:11.234root 11241100x8000000000000000751723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.234{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b99701f86c4bfa2021-12-20 15:53:11.234root 11241100x8000000000000000751724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d523507133c889592021-12-20 15:53:11.235root 11241100x8000000000000000751725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548db04bcda42f012021-12-20 15:53:11.235root 11241100x8000000000000000751726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ba40da54bd56ab2021-12-20 15:53:11.235root 11241100x8000000000000000751727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da62092c830aa922021-12-20 15:53:11.235root 11241100x8000000000000000751728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c735d5883c0954372021-12-20 15:53:11.236root 11241100x8000000000000000751729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf8aac9971462312021-12-20 15:53:11.236root 11241100x8000000000000000751730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a647286a5c25db942021-12-20 15:53:11.236root 11241100x8000000000000000751731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b94bb4677308ec2021-12-20 15:53:11.236root 11241100x8000000000000000751732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210a652eda7dfcf32021-12-20 15:53:11.237root 11241100x8000000000000000751733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e47357644e26d192021-12-20 15:53:11.237root 11241100x8000000000000000751734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2241d3430b5c2e912021-12-20 15:53:11.237root 11241100x8000000000000000751735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63bc128c942f68c2021-12-20 15:53:11.237root 11241100x8000000000000000751736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0480186b16c208c2021-12-20 15:53:11.237root 11241100x8000000000000000751737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff419a5cbea11f142021-12-20 15:53:11.237root 11241100x8000000000000000751738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e6b109090179ad2021-12-20 15:53:11.237root 11241100x8000000000000000751739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f926d0c973cd9812021-12-20 15:53:11.237root 11241100x8000000000000000751740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69591a86fefaeee2021-12-20 15:53:11.237root 11241100x8000000000000000751741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681cbe1dbda635d02021-12-20 15:53:11.237root 11241100x8000000000000000751742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067f83631817b4f72021-12-20 15:53:11.237root 11241100x8000000000000000751743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd960de790ad14d52021-12-20 15:53:11.237root 11241100x8000000000000000751744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1348517765466f2021-12-20 15:53:11.237root 534500x8000000000000000751745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.243{ec2c97d1-a6e7-61c0-6864-cc08a4550000}10199/bin/psroot 11241100x8000000000000000751746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8f92863105bcb32021-12-20 15:53:11.675root 11241100x8000000000000000751747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544c0aa1aeec55102021-12-20 15:53:11.675root 11241100x8000000000000000751748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906d90fbb544e36a2021-12-20 15:53:11.675root 11241100x8000000000000000751749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48cb08723d1b3862021-12-20 15:53:11.675root 11241100x8000000000000000751750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c2cedebee6a1db2021-12-20 15:53:11.675root 11241100x8000000000000000751751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a62396763217372021-12-20 15:53:11.675root 11241100x8000000000000000751752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3996641d092ed5a82021-12-20 15:53:11.675root 11241100x8000000000000000751753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4aa6b24b5e0e2bd2021-12-20 15:53:11.675root 11241100x8000000000000000751754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f55c9b93be558592021-12-20 15:53:11.675root 11241100x8000000000000000751755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc298a501bc10cec2021-12-20 15:53:11.675root 11241100x8000000000000000751756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59a072f8e687a0b2021-12-20 15:53:11.675root 11241100x8000000000000000751757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbb8504e89e40132021-12-20 15:53:11.676root 11241100x8000000000000000751758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cf5b9a1dc097862021-12-20 15:53:11.676root 11241100x8000000000000000751759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc327d0da523d3ec2021-12-20 15:53:11.676root 11241100x8000000000000000751760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd49f7f71386a172021-12-20 15:53:11.676root 11241100x8000000000000000751761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8f4c89d1b076132021-12-20 15:53:11.676root 11241100x8000000000000000751762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b21dfd8af3997542021-12-20 15:53:11.676root 11241100x8000000000000000751763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6f85b1236487282021-12-20 15:53:11.676root 11241100x8000000000000000751764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200cbcb2706800972021-12-20 15:53:11.676root 11241100x8000000000000000751765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae41e75864df8de62021-12-20 15:53:11.676root 11241100x8000000000000000751766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623524a71214021b2021-12-20 15:53:11.677root 11241100x8000000000000000751767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072aedc85d16b09d2021-12-20 15:53:11.677root 11241100x8000000000000000751768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc60c518e045d62021-12-20 15:53:11.677root 11241100x8000000000000000751769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c6f521d4b56bae2021-12-20 15:53:11.677root 354300x8000000000000000751770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.098{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51324-false10.0.1.12-8000- 11241100x8000000000000000751771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.100{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c460ecbed773de2021-12-20 15:53:12.100root 11241100x8000000000000000751772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.100{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4c2a4a2cb35b1e2021-12-20 15:53:12.100root 11241100x8000000000000000751773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.100{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857de8714258c80d2021-12-20 15:53:12.100root 11241100x8000000000000000751774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.100{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140ae53314c113dd2021-12-20 15:53:12.100root 11241100x8000000000000000751775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5fd7f4db5ff19a2021-12-20 15:53:12.101root 11241100x8000000000000000751776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35228f6232203032021-12-20 15:53:12.101root 11241100x8000000000000000751777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3226140f991e9d22021-12-20 15:53:12.101root 11241100x8000000000000000751778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d609bf34750871b2021-12-20 15:53:12.101root 11241100x8000000000000000751779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3308b0b0bbe341c92021-12-20 15:53:12.101root 11241100x8000000000000000751780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc98ff3599ff4872021-12-20 15:53:12.101root 11241100x8000000000000000751781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ac18fa6e9124a42021-12-20 15:53:12.101root 11241100x8000000000000000751782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560cd5045d0f951d2021-12-20 15:53:12.101root 11241100x8000000000000000751783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820d4dd589667a192021-12-20 15:53:12.101root 11241100x8000000000000000751784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.101{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f7ba7a8bb5d8d82021-12-20 15:53:12.101root 11241100x8000000000000000751785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.102{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc7e3be45d7ce9f2021-12-20 15:53:12.102root 11241100x8000000000000000751786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.102{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d333242221467ff22021-12-20 15:53:12.102root 11241100x8000000000000000751787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.102{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19d2bea2fc572b22021-12-20 15:53:12.102root 11241100x8000000000000000751788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.102{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bff7c5293bfa042021-12-20 15:53:12.102root 11241100x8000000000000000751789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.102{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a5fd54e48fd8b22021-12-20 15:53:12.102root 11241100x8000000000000000751790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb67aed371e903ab2021-12-20 15:53:12.103root 11241100x8000000000000000751791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20af37a983b65bd82021-12-20 15:53:12.103root 11241100x8000000000000000751792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8460f2e54ec6ba2021-12-20 15:53:12.103root 11241100x8000000000000000751793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3252799b8e2d574f2021-12-20 15:53:12.103root 11241100x8000000000000000751794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234067c1669fb2fb2021-12-20 15:53:12.103root 11241100x8000000000000000751795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.103{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14043f6cc5d8a182021-12-20 15:53:12.103root 11241100x8000000000000000751796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b31f0321d6c7d82021-12-20 15:53:12.424root 11241100x8000000000000000751797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035612c10422df012021-12-20 15:53:12.424root 11241100x8000000000000000751798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8866230c542eb052021-12-20 15:53:12.424root 11241100x8000000000000000751799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9462d8f63aa647bf2021-12-20 15:53:12.425root 11241100x8000000000000000751800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc65b4b432530ef2021-12-20 15:53:12.425root 11241100x8000000000000000751801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd8ae69c73427932021-12-20 15:53:12.425root 11241100x8000000000000000751802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a487ce7e51a5f84b2021-12-20 15:53:12.425root 11241100x8000000000000000751803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ba996e1020af352021-12-20 15:53:12.425root 11241100x8000000000000000751804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65074b861fddafd2021-12-20 15:53:12.425root 11241100x8000000000000000751805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7c29c359aabac82021-12-20 15:53:12.425root 11241100x8000000000000000751806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca05dab42f3ff72021-12-20 15:53:12.425root 11241100x8000000000000000751807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6e313f94017bda2021-12-20 15:53:12.425root 11241100x8000000000000000751808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd70c3390ec23342021-12-20 15:53:12.425root 11241100x8000000000000000751809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13f5ae5d79a35af2021-12-20 15:53:12.425root 11241100x8000000000000000751810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d651abd832a262d52021-12-20 15:53:12.425root 11241100x8000000000000000751811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e6bd56314600012021-12-20 15:53:12.425root 11241100x8000000000000000751812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6fcea8e7fb042f2021-12-20 15:53:12.426root 11241100x8000000000000000751813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72db51132dfd27a2021-12-20 15:53:12.426root 11241100x8000000000000000751814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f01cd2af4a35ff2021-12-20 15:53:12.426root 11241100x8000000000000000751815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ae1ce78c4cbd422021-12-20 15:53:12.426root 11241100x8000000000000000751816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d148e74f59d0e82021-12-20 15:53:12.426root 11241100x8000000000000000751817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4425f6d8eba6e0142021-12-20 15:53:12.426root 11241100x8000000000000000751818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c7f429872b6beb2021-12-20 15:53:12.426root 11241100x8000000000000000751819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f7215fc17dabc22021-12-20 15:53:12.426root 11241100x8000000000000000751820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f14d311cb3d6922021-12-20 15:53:12.426root 11241100x8000000000000000751821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d41ab9e31d2d4cf2021-12-20 15:53:12.924root 11241100x8000000000000000751822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49e877e330e6a242021-12-20 15:53:12.924root 11241100x8000000000000000751823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b084c2678c16ce2021-12-20 15:53:12.924root 11241100x8000000000000000751824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3cd29ab2da0ef72021-12-20 15:53:12.924root 11241100x8000000000000000751825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f549c6a26dbb18922021-12-20 15:53:12.925root 11241100x8000000000000000751826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3870e2294c0cd412021-12-20 15:53:12.925root 11241100x8000000000000000751827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1581c493b507557b2021-12-20 15:53:12.925root 11241100x8000000000000000751828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db9dff8e59421012021-12-20 15:53:12.925root 11241100x8000000000000000751829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c643bbb9a4cb1ab32021-12-20 15:53:12.925root 11241100x8000000000000000751830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b44d6bc1bfd2322021-12-20 15:53:12.925root 11241100x8000000000000000751831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a2e275962a99c12021-12-20 15:53:12.925root 11241100x8000000000000000751832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f2b0b98e0547d72021-12-20 15:53:12.925root 11241100x8000000000000000751833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f283a06dafbffb702021-12-20 15:53:12.925root 11241100x8000000000000000751834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e634d98ba43fa1082021-12-20 15:53:12.925root 11241100x8000000000000000751835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49a42a0c252a2c92021-12-20 15:53:12.926root 11241100x8000000000000000751836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dfaa458dabbc9c2021-12-20 15:53:12.926root 11241100x8000000000000000751837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfddac6910da0a472021-12-20 15:53:12.926root 11241100x8000000000000000751838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e833443803d16e02021-12-20 15:53:12.926root 11241100x8000000000000000751839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25261ac85bbbc8442021-12-20 15:53:12.926root 11241100x8000000000000000751840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a63523473a58a912021-12-20 15:53:12.926root 11241100x8000000000000000751841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8d1985ebb4e89e2021-12-20 15:53:12.926root 11241100x8000000000000000751842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377b2dcaa437f2e32021-12-20 15:53:12.926root 11241100x8000000000000000751843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b931298161c67f52021-12-20 15:53:12.926root 11241100x8000000000000000751844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6724e30e7c99422021-12-20 15:53:12.927root 11241100x8000000000000000751845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d7ef84dc30fe572021-12-20 15:53:12.927root 11241100x8000000000000000751846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc5a4a3cf2d6fe92021-12-20 15:53:13.424root 11241100x8000000000000000751847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1c7f9dfbc601242021-12-20 15:53:13.424root 11241100x8000000000000000751848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2b674652c44f152021-12-20 15:53:13.424root 11241100x8000000000000000751849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494054df1eecfb2c2021-12-20 15:53:13.424root 11241100x8000000000000000751850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e82abb6b3b5690e2021-12-20 15:53:13.425root 11241100x8000000000000000751851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70175a6da70b697f2021-12-20 15:53:13.425root 11241100x8000000000000000751852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc91f763f54d7f02021-12-20 15:53:13.425root 11241100x8000000000000000751853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3009be63a68bfdf2021-12-20 15:53:13.425root 11241100x8000000000000000751854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6a86b85518e97f2021-12-20 15:53:13.425root 11241100x8000000000000000751855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1474f768540fa7e2021-12-20 15:53:13.425root 11241100x8000000000000000751856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffdafc281e52cd62021-12-20 15:53:13.425root 11241100x8000000000000000751857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20ff5743554041d2021-12-20 15:53:13.425root 11241100x8000000000000000751858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0209b091e39562a12021-12-20 15:53:13.425root 11241100x8000000000000000751859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b866ee79081b682021-12-20 15:53:13.425root 11241100x8000000000000000751860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c9e1a2fe6b2e6b2021-12-20 15:53:13.425root 11241100x8000000000000000751861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5023fcb9ac61e542021-12-20 15:53:13.425root 11241100x8000000000000000751862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674874fe43d402e62021-12-20 15:53:13.425root 11241100x8000000000000000751863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058024f9b0ddcd0b2021-12-20 15:53:13.426root 11241100x8000000000000000751864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645d9746e8d658212021-12-20 15:53:13.426root 11241100x8000000000000000751865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484553d69450a3b42021-12-20 15:53:13.426root 11241100x8000000000000000751866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41d7610739060192021-12-20 15:53:13.426root 11241100x8000000000000000751867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd919e9bdeed1f542021-12-20 15:53:13.426root 11241100x8000000000000000751868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082e1ff4ff7f50e12021-12-20 15:53:13.426root 11241100x8000000000000000751869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b70d0cc07b95f82021-12-20 15:53:13.426root 11241100x8000000000000000751870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8e99cc0142402f2021-12-20 15:53:13.426root 11241100x8000000000000000751871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c12d608395ae8852021-12-20 15:53:13.924root 11241100x8000000000000000751872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdf5fbe140a78412021-12-20 15:53:13.924root 11241100x8000000000000000751873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22949f731b01988a2021-12-20 15:53:13.924root 11241100x8000000000000000751874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99de3c97bb5eed92021-12-20 15:53:13.924root 11241100x8000000000000000751875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c92374fb69361772021-12-20 15:53:13.924root 11241100x8000000000000000751876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9239a5ee346f9a2021-12-20 15:53:13.924root 11241100x8000000000000000751877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ec6b4f54eb41832021-12-20 15:53:13.924root 11241100x8000000000000000751878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee52a688e8342fe2021-12-20 15:53:13.924root 11241100x8000000000000000751879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11fbc243c977cde2021-12-20 15:53:13.924root 11241100x8000000000000000751880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a27b1b58e327f982021-12-20 15:53:13.924root 11241100x8000000000000000751881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157c3b53a631fd682021-12-20 15:53:13.924root 11241100x8000000000000000751882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552401cd414e64ac2021-12-20 15:53:13.924root 11241100x8000000000000000751883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce25b94382643562021-12-20 15:53:13.925root 11241100x8000000000000000751884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988abc7e042af0982021-12-20 15:53:13.925root 11241100x8000000000000000751885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fddc8aafb3b17302021-12-20 15:53:13.925root 11241100x8000000000000000751886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7d4509049cf3182021-12-20 15:53:13.925root 11241100x8000000000000000751887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba754b352473e4d2021-12-20 15:53:13.925root 11241100x8000000000000000751888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9920e3ae80ff8a52021-12-20 15:53:13.925root 11241100x8000000000000000751889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4917af10171b8c2021-12-20 15:53:13.925root 11241100x8000000000000000751890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee8ed949a5cda632021-12-20 15:53:13.925root 11241100x8000000000000000751891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5372dac5e11c6e532021-12-20 15:53:13.926root 11241100x8000000000000000751892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f69be8ec6d4c01d2021-12-20 15:53:13.926root 11241100x8000000000000000751893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a97c4f905a0e812021-12-20 15:53:13.926root 11241100x8000000000000000751894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1092d4b4df58e0422021-12-20 15:53:13.926root 11241100x8000000000000000751895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c565ef3ed37ebdba2021-12-20 15:53:13.926root 11241100x8000000000000000751896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d4b3588e6963922021-12-20 15:53:13.926root 11241100x8000000000000000751897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceedbdfd303daf92021-12-20 15:53:13.926root 11241100x8000000000000000751898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042f7458e4ba91622021-12-20 15:53:14.424root 11241100x8000000000000000751899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a132c882d02e832021-12-20 15:53:14.424root 11241100x8000000000000000751900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e59643e7a5a0be2021-12-20 15:53:14.424root 11241100x8000000000000000751901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a91663178f3c312021-12-20 15:53:14.424root 11241100x8000000000000000751902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5072deb4cd4079d2021-12-20 15:53:14.425root 11241100x8000000000000000751903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0fc28970e099652021-12-20 15:53:14.425root 11241100x8000000000000000751904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3ae3fefb098f482021-12-20 15:53:14.425root 11241100x8000000000000000751905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4068e0bba9d0aba92021-12-20 15:53:14.425root 11241100x8000000000000000751906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8afb2301e06a622021-12-20 15:53:14.425root 11241100x8000000000000000751907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384f14d2c2b0d7322021-12-20 15:53:14.425root 11241100x8000000000000000751908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4f2c60fc3c9b102021-12-20 15:53:14.425root 11241100x8000000000000000751909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6d4b7f7fe9194b2021-12-20 15:53:14.425root 11241100x8000000000000000751910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78949ca2095c4ab12021-12-20 15:53:14.426root 11241100x8000000000000000751911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ebd789abbeebe52021-12-20 15:53:14.426root 11241100x8000000000000000751912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e5bc25251fc6552021-12-20 15:53:14.426root 11241100x8000000000000000751913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174f503622e135b32021-12-20 15:53:14.426root 11241100x8000000000000000751914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccc0da65552a7d22021-12-20 15:53:14.426root 11241100x8000000000000000751915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f2cffc13aa2d0b2021-12-20 15:53:14.426root 11241100x8000000000000000751916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1299d184b9bb28d42021-12-20 15:53:14.426root 11241100x8000000000000000751917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf138961e3ad31c82021-12-20 15:53:14.427root 11241100x8000000000000000751918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2634eccbc458788b2021-12-20 15:53:14.427root 11241100x8000000000000000751919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849d0a69d3c8e1402021-12-20 15:53:14.427root 11241100x8000000000000000751920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c83d2cc508982d2021-12-20 15:53:14.427root 11241100x8000000000000000751921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953f9f135389c1c52021-12-20 15:53:14.427root 11241100x8000000000000000751922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236e3a2a1ac90ab92021-12-20 15:53:14.427root 11241100x8000000000000000751923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9e432b416aacbb2021-12-20 15:53:14.924root 11241100x8000000000000000751924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c2d7cce7082a142021-12-20 15:53:14.924root 11241100x8000000000000000751925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfb77efed7be91f2021-12-20 15:53:14.924root 11241100x8000000000000000751926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2b3b61f53ecd832021-12-20 15:53:14.924root 11241100x8000000000000000751927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf1535302d1e5052021-12-20 15:53:14.925root 11241100x8000000000000000751928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5685552ff259752021-12-20 15:53:14.925root 11241100x8000000000000000751929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c6a5d8405f68422021-12-20 15:53:14.925root 11241100x8000000000000000751930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947c03bfb26d0b632021-12-20 15:53:14.925root 11241100x8000000000000000751931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb251bb882f5b8d2021-12-20 15:53:14.925root 11241100x8000000000000000751932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8006bff6909e6482021-12-20 15:53:14.925root 11241100x8000000000000000751933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267a08708150eb0b2021-12-20 15:53:14.925root 11241100x8000000000000000751934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1622dce5b61b872021-12-20 15:53:14.925root 11241100x8000000000000000751935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a88b48a4a4822172021-12-20 15:53:14.925root 11241100x8000000000000000751936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120d5f351641b1002021-12-20 15:53:14.925root 11241100x8000000000000000751937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1d774e57c8c2dc2021-12-20 15:53:14.925root 11241100x8000000000000000751938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d2b87419029afd2021-12-20 15:53:14.926root 11241100x8000000000000000751939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5af929445be9152021-12-20 15:53:14.926root 11241100x8000000000000000751940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3277bafb077cda62021-12-20 15:53:14.926root 11241100x8000000000000000751941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03fe1b6828874f22021-12-20 15:53:14.926root 11241100x8000000000000000751942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e9f538de8abf462021-12-20 15:53:14.926root 11241100x8000000000000000751943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e20c5c2727ddb062021-12-20 15:53:14.926root 11241100x8000000000000000751944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0862ab6b4ffe691b2021-12-20 15:53:14.926root 11241100x8000000000000000751945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a186847f67cdbcc2021-12-20 15:53:14.926root 11241100x8000000000000000751946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f5cd301807a0e32021-12-20 15:53:14.926root 11241100x8000000000000000751947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fea84942b3a60c72021-12-20 15:53:14.926root 11241100x8000000000000000751948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebfab5e67d361d02021-12-20 15:53:15.424root 11241100x8000000000000000751949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04997ee367ef4eb22021-12-20 15:53:15.424root 11241100x8000000000000000751950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a176d7d6086f812021-12-20 15:53:15.424root 11241100x8000000000000000751951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fc6e1feeadfafd2021-12-20 15:53:15.424root 11241100x8000000000000000751952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b04b041017d272d2021-12-20 15:53:15.424root 11241100x8000000000000000751953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06746b3b32f66e4a2021-12-20 15:53:15.425root 11241100x8000000000000000751954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eba0f6ca77f76ad2021-12-20 15:53:15.425root 11241100x8000000000000000751955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c948968b8a3bd5102021-12-20 15:53:15.425root 11241100x8000000000000000751956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142db7afb1b5d4b72021-12-20 15:53:15.425root 11241100x8000000000000000751957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19148006d8e80b5e2021-12-20 15:53:15.425root 11241100x8000000000000000751958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f9d61252187b192021-12-20 15:53:15.425root 11241100x8000000000000000751959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd08cf5f149ca012021-12-20 15:53:15.425root 11241100x8000000000000000751960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ac56a03b5027492021-12-20 15:53:15.426root 11241100x8000000000000000751961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3097185f780cf3af2021-12-20 15:53:15.426root 11241100x8000000000000000751962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47214b9868c4a1b42021-12-20 15:53:15.426root 11241100x8000000000000000751963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c5921c923195c92021-12-20 15:53:15.426root 11241100x8000000000000000751964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdc0ff78a94980d2021-12-20 15:53:15.426root 11241100x8000000000000000751965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649b296a2e5767662021-12-20 15:53:15.426root 11241100x8000000000000000751966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d61413e026b00ca2021-12-20 15:53:15.426root 11241100x8000000000000000751967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358b7e275ce02fb22021-12-20 15:53:15.426root 11241100x8000000000000000751968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5bd8dc2b4f04782021-12-20 15:53:15.426root 11241100x8000000000000000751969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037311827051cc642021-12-20 15:53:15.426root 11241100x8000000000000000751970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a939e13119da792021-12-20 15:53:15.426root 11241100x8000000000000000751971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2390b8d6d5bc5dc32021-12-20 15:53:15.426root 11241100x8000000000000000751972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705485e4191ad3fc2021-12-20 15:53:15.427root 11241100x8000000000000000751973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7f563f883427ea2021-12-20 15:53:15.428root 11241100x8000000000000000751974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3de9a5a1222bed2021-12-20 15:53:15.428root 11241100x8000000000000000751975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1afa21ef8f90b22021-12-20 15:53:15.428root 11241100x8000000000000000751976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b04e4801ce31b12021-12-20 15:53:15.428root 11241100x8000000000000000751977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c00bd6378471c042021-12-20 15:53:15.428root 11241100x8000000000000000751978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d0ee157a09869f2021-12-20 15:53:15.428root 11241100x8000000000000000751979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8faf6de568b8b62021-12-20 15:53:15.428root 11241100x8000000000000000751980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3a70663fcc9a512021-12-20 15:53:15.429root 11241100x8000000000000000751981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4801dea263f4c82021-12-20 15:53:15.429root 11241100x8000000000000000751982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08235939ce03122e2021-12-20 15:53:15.429root 11241100x8000000000000000751983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6868b0e7cad4644f2021-12-20 15:53:15.429root 11241100x8000000000000000751984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c83f060bf8c5822021-12-20 15:53:15.429root 11241100x8000000000000000751985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171dbb4ed4aa88df2021-12-20 15:53:15.429root 11241100x8000000000000000751986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1272bc886c5a7212021-12-20 15:53:15.429root 11241100x8000000000000000751987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c79f3e0b18dc9ad2021-12-20 15:53:15.429root 11241100x8000000000000000751988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f421259a54ebe672021-12-20 15:53:15.429root 11241100x8000000000000000751989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc78db0950ab9cbe2021-12-20 15:53:15.429root 11241100x8000000000000000751990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fee700e51afbe6f2021-12-20 15:53:15.430root 11241100x8000000000000000751991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80996faa41ccf5a2021-12-20 15:53:15.430root 11241100x8000000000000000751992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431161512284ba002021-12-20 15:53:15.430root 11241100x8000000000000000751993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357349d7ec0cc8fa2021-12-20 15:53:15.430root 11241100x8000000000000000751994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ea96eee33ca232021-12-20 15:53:15.430root 11241100x8000000000000000751995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32a2defdfd05c222021-12-20 15:53:15.430root 11241100x8000000000000000751996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbce963c25ef9a302021-12-20 15:53:15.430root 11241100x8000000000000000751997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dac8efae33a59612021-12-20 15:53:15.430root 11241100x8000000000000000751998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bdde9732c0c6bf2021-12-20 15:53:15.924root 11241100x8000000000000000751999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cc5480a712f9522021-12-20 15:53:15.924root 11241100x8000000000000000752000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11922c8f61d360ac2021-12-20 15:53:15.924root 11241100x8000000000000000752001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b516aa1d774e89602021-12-20 15:53:15.925root 11241100x8000000000000000752002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5279075c357257b22021-12-20 15:53:15.925root 11241100x8000000000000000752003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2208a9205695e912021-12-20 15:53:15.925root 11241100x8000000000000000752004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b253ce0a556615a2021-12-20 15:53:15.925root 11241100x8000000000000000752005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e2436101dcd3d32021-12-20 15:53:15.925root 11241100x8000000000000000752006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225e9bd7c2ad6ed72021-12-20 15:53:15.925root 11241100x8000000000000000752007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c6908a35f3e10a2021-12-20 15:53:15.925root 11241100x8000000000000000752008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e1c9ca953572442021-12-20 15:53:15.925root 11241100x8000000000000000752009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca0ae7c1f520b702021-12-20 15:53:15.925root 11241100x8000000000000000752010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d15df2e51ad3332021-12-20 15:53:15.925root 11241100x8000000000000000752011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a21dfa4b9435882021-12-20 15:53:15.926root 11241100x8000000000000000752012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8479f93b4eacd2862021-12-20 15:53:15.926root 11241100x8000000000000000752013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e452d9b64fc24b2021-12-20 15:53:15.926root 11241100x8000000000000000752014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ea75d42b95ca802021-12-20 15:53:15.926root 11241100x8000000000000000752015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d947aaad7ff27ab2021-12-20 15:53:15.926root 11241100x8000000000000000752016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c778336a7e454332021-12-20 15:53:15.926root 11241100x8000000000000000752017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a7fcc5843129d72021-12-20 15:53:15.927root 11241100x8000000000000000752018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9becefb92914e18f2021-12-20 15:53:15.927root 11241100x8000000000000000752019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a34f2c774d71fbd2021-12-20 15:53:15.927root 11241100x8000000000000000752020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a553d839f698d3462021-12-20 15:53:15.927root 11241100x8000000000000000752021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dd34e8cc4bb2332021-12-20 15:53:15.929root 11241100x8000000000000000752022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:15.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcbc8fa0804206a2021-12-20 15:53:15.929root 11241100x8000000000000000752023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf093fbe7a5b42552021-12-20 15:53:16.424root 11241100x8000000000000000752024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63f5263776b08062021-12-20 15:53:16.425root 11241100x8000000000000000752025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c4dab570384c6d2021-12-20 15:53:16.425root 11241100x8000000000000000752026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27243291288186a02021-12-20 15:53:16.425root 11241100x8000000000000000752027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151c3e5d1038f1832021-12-20 15:53:16.426root 11241100x8000000000000000752028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deec0c7c5e6919792021-12-20 15:53:16.426root 11241100x8000000000000000752029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36924093edd9d8462021-12-20 15:53:16.426root 11241100x8000000000000000752030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a925fda5e7ae9d912021-12-20 15:53:16.426root 11241100x8000000000000000752031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d576d2c6fc665562021-12-20 15:53:16.426root 11241100x8000000000000000752032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59eb19d613f3ad62021-12-20 15:53:16.427root 11241100x8000000000000000752033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5c99f5a9e444bb2021-12-20 15:53:16.427root 11241100x8000000000000000752034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa34969667ce5362021-12-20 15:53:16.427root 11241100x8000000000000000752035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9010b1c3fb40b92021-12-20 15:53:16.427root 11241100x8000000000000000752036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30192dd58f6fce12021-12-20 15:53:16.427root 11241100x8000000000000000752037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76479af8d8eb41ed2021-12-20 15:53:16.427root 11241100x8000000000000000752038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a394a1822925c0472021-12-20 15:53:16.427root 11241100x8000000000000000752039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e989c67041ed6302021-12-20 15:53:16.428root 11241100x8000000000000000752040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848a7e14f234e2842021-12-20 15:53:16.428root 11241100x8000000000000000752041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab4ee5e4a8e32412021-12-20 15:53:16.428root 11241100x8000000000000000752042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708760ccead449a22021-12-20 15:53:16.428root 11241100x8000000000000000752043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975cf3708e15df702021-12-20 15:53:16.429root 11241100x8000000000000000752044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b86dedb0d71cef2021-12-20 15:53:16.429root 11241100x8000000000000000752045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56e02b6ef3706232021-12-20 15:53:16.429root 11241100x8000000000000000752046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f28da72d79bf33a2021-12-20 15:53:16.429root 11241100x8000000000000000752047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8141b008e372502021-12-20 15:53:16.429root 11241100x8000000000000000752048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69007fe4b466cab2021-12-20 15:53:16.924root 11241100x8000000000000000752049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3621af3df1c86b502021-12-20 15:53:16.924root 11241100x8000000000000000752050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f18fea6162f0ce2021-12-20 15:53:16.924root 11241100x8000000000000000752051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee1059c0b0c8e602021-12-20 15:53:16.925root 11241100x8000000000000000752052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a166124ea556705a2021-12-20 15:53:16.925root 11241100x8000000000000000752053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20714bde8474ece42021-12-20 15:53:16.925root 11241100x8000000000000000752054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8d9ae7121d5e7c2021-12-20 15:53:16.925root 11241100x8000000000000000752055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bca945dc1a76b462021-12-20 15:53:16.925root 11241100x8000000000000000752056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8823039cb578b8462021-12-20 15:53:16.925root 11241100x8000000000000000752057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752b387ab8a3de4c2021-12-20 15:53:16.926root 11241100x8000000000000000752058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f6ae29efaa40772021-12-20 15:53:16.926root 11241100x8000000000000000752059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab8c074e41f21282021-12-20 15:53:16.926root 11241100x8000000000000000752060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510ce3f1041d5c192021-12-20 15:53:16.927root 11241100x8000000000000000752061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97201384dc89bb4b2021-12-20 15:53:16.927root 11241100x8000000000000000752062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cddc9e8fe68e6a2021-12-20 15:53:16.927root 11241100x8000000000000000752063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0548d7da7719d4e02021-12-20 15:53:16.928root 11241100x8000000000000000752064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e851b4b0a7f61d1f2021-12-20 15:53:16.928root 11241100x8000000000000000752065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3373728a3e06002021-12-20 15:53:16.928root 11241100x8000000000000000752066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9e4d20afa45e1a2021-12-20 15:53:16.928root 11241100x8000000000000000752067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ca60f63d52d5fa2021-12-20 15:53:16.928root 11241100x8000000000000000752068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8361dc44c6273c432021-12-20 15:53:16.928root 11241100x8000000000000000752069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387ef2cb4e63be3a2021-12-20 15:53:16.928root 11241100x8000000000000000752070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4b4284155df9552021-12-20 15:53:16.928root 11241100x8000000000000000752071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323d67e2b9518e372021-12-20 15:53:16.929root 11241100x8000000000000000752072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:16.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19bfac0d54f07402021-12-20 15:53:16.929root 11241100x8000000000000000752073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58bd72d31ed104b2021-12-20 15:53:17.424root 11241100x8000000000000000752074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1a647a48a5a98b2021-12-20 15:53:17.424root 11241100x8000000000000000752075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ade14a9833c2eec2021-12-20 15:53:17.424root 11241100x8000000000000000752076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c64beb144cd3e682021-12-20 15:53:17.424root 11241100x8000000000000000752077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6a8eb0b29d09c12021-12-20 15:53:17.424root 11241100x8000000000000000752078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec719340d20343d22021-12-20 15:53:17.425root 11241100x8000000000000000752079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c037818b8e452fe2021-12-20 15:53:17.425root 11241100x8000000000000000752080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fab16ec7c709f92021-12-20 15:53:17.425root 11241100x8000000000000000752081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c47de001fa0b1862021-12-20 15:53:17.425root 11241100x8000000000000000752082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fc495aac3270702021-12-20 15:53:17.425root 11241100x8000000000000000752083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc7b7f0769abbb32021-12-20 15:53:17.425root 11241100x8000000000000000752084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98ac7c8e66dd8ed2021-12-20 15:53:17.425root 11241100x8000000000000000752085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda89ee59dd234862021-12-20 15:53:17.425root 11241100x8000000000000000752086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147450fb87f1bee22021-12-20 15:53:17.426root 11241100x8000000000000000752087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bb88ac2d5450bd2021-12-20 15:53:17.426root 11241100x8000000000000000752088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e0e8e1a042b4c62021-12-20 15:53:17.426root 11241100x8000000000000000752089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3426e7287921792021-12-20 15:53:17.426root 11241100x8000000000000000752090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4423d10093f3da2021-12-20 15:53:17.426root 11241100x8000000000000000752091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07772fb70ca379102021-12-20 15:53:17.428root 11241100x8000000000000000752092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55af705ef3c397362021-12-20 15:53:17.428root 11241100x8000000000000000752093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c430937822a0432021-12-20 15:53:17.429root 11241100x8000000000000000752094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13e79ba92431f322021-12-20 15:53:17.429root 11241100x8000000000000000752095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a36354a4105b782021-12-20 15:53:17.429root 11241100x8000000000000000752096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8119d4dff6918132021-12-20 15:53:17.432root 11241100x8000000000000000752097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fa576d3d42025c2021-12-20 15:53:17.432root 11241100x8000000000000000752098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc3a1a003e73c4e2021-12-20 15:53:17.433root 11241100x8000000000000000752099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdc0ce2c1a519b12021-12-20 15:53:17.433root 11241100x8000000000000000752100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb6a56709017c372021-12-20 15:53:17.433root 11241100x8000000000000000752101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e474733c7240a52021-12-20 15:53:17.433root 11241100x8000000000000000752102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea71a749f90066092021-12-20 15:53:17.433root 11241100x8000000000000000752103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9304447aaf8d8e302021-12-20 15:53:17.433root 11241100x8000000000000000752104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba30e8f0c736b7632021-12-20 15:53:17.433root 11241100x8000000000000000752105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c15c6b7278cb7f2021-12-20 15:53:17.433root 11241100x8000000000000000752106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739af2ec81ad62022021-12-20 15:53:17.433root 11241100x8000000000000000752107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0441ed976a0e88b62021-12-20 15:53:17.434root 11241100x8000000000000000752108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccc1df481bd247c2021-12-20 15:53:17.434root 11241100x8000000000000000752109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f16ec9e064a9b4f2021-12-20 15:53:17.434root 11241100x8000000000000000752110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db86e35868dce5b2021-12-20 15:53:17.434root 11241100x8000000000000000752111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b015fcdcde5dca602021-12-20 15:53:17.434root 11241100x8000000000000000752112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39c7400ecabd7412021-12-20 15:53:17.434root 11241100x8000000000000000752113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef7b0d03bbc27ce2021-12-20 15:53:17.434root 11241100x8000000000000000752114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75aeccfd749ea1122021-12-20 15:53:17.434root 11241100x8000000000000000752115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ca9a01a36dd0942021-12-20 15:53:17.434root 11241100x8000000000000000752116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7354aecd517d60692021-12-20 15:53:17.434root 11241100x8000000000000000752117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5e1ab592020e0f2021-12-20 15:53:17.924root 11241100x8000000000000000752118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e082b9f20c4ec742021-12-20 15:53:17.924root 11241100x8000000000000000752119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334a7d71f2bbfb8b2021-12-20 15:53:17.924root 11241100x8000000000000000752120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42634e6626ecc3052021-12-20 15:53:17.924root 11241100x8000000000000000752121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c2014602f7e2e52021-12-20 15:53:17.925root 11241100x8000000000000000752122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b4f8f28bcd2c622021-12-20 15:53:17.925root 11241100x8000000000000000752123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f5831fd9a364d12021-12-20 15:53:17.925root 11241100x8000000000000000752124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34462957b8722dd2021-12-20 15:53:17.925root 11241100x8000000000000000752125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9651fe29056a28b2021-12-20 15:53:17.925root 11241100x8000000000000000752126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637ea86322cdd2c42021-12-20 15:53:17.925root 11241100x8000000000000000752127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ec0d0ac91bdbbc2021-12-20 15:53:17.925root 11241100x8000000000000000752128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88c507e6357fb112021-12-20 15:53:17.925root 11241100x8000000000000000752129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be7ea5c8865cfdb2021-12-20 15:53:17.925root 11241100x8000000000000000752130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290634d1a62568a92021-12-20 15:53:17.926root 11241100x8000000000000000752131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894e3815d55714252021-12-20 15:53:17.926root 11241100x8000000000000000752132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bc77a1eda309f52021-12-20 15:53:17.926root 11241100x8000000000000000752133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9e015200ec65412021-12-20 15:53:17.926root 11241100x8000000000000000752134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2d07802edf35382021-12-20 15:53:17.926root 11241100x8000000000000000752135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105355476429f0cf2021-12-20 15:53:17.926root 11241100x8000000000000000752136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d73dcb21d271712021-12-20 15:53:17.926root 11241100x8000000000000000752137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d23b49531930f962021-12-20 15:53:17.926root 11241100x8000000000000000752138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3813080eb4422d42021-12-20 15:53:17.927root 11241100x8000000000000000752139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79699cc6a75809332021-12-20 15:53:17.927root 11241100x8000000000000000752140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d117792c8c9cd1b62021-12-20 15:53:17.927root 11241100x8000000000000000752141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f7c64bba80118c2021-12-20 15:53:17.927root 11241100x8000000000000000752142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eab735a3f2f9912021-12-20 15:53:17.927root 354300x8000000000000000752143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.098{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51326-false10.0.1.12-8000- 11241100x8000000000000000752144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e4f4c7d14b01682021-12-20 15:53:18.424root 11241100x8000000000000000752145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbd77419e4d12fc2021-12-20 15:53:18.424root 11241100x8000000000000000752146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11be61e98ce54aa02021-12-20 15:53:18.424root 11241100x8000000000000000752147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4416124425dd79d12021-12-20 15:53:18.425root 11241100x8000000000000000752148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc63d08e5caebe752021-12-20 15:53:18.425root 11241100x8000000000000000752149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ab1513c1b493692021-12-20 15:53:18.425root 11241100x8000000000000000752150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3d09c4d7c7a15d2021-12-20 15:53:18.425root 11241100x8000000000000000752151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ef4ae3e2030db82021-12-20 15:53:18.425root 11241100x8000000000000000752152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebd16dc544e77ec2021-12-20 15:53:18.426root 11241100x8000000000000000752153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f1fbc85b8e37b92021-12-20 15:53:18.426root 11241100x8000000000000000752154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcdb1ad37a2ebd92021-12-20 15:53:18.426root 11241100x8000000000000000752155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50991dc615453c952021-12-20 15:53:18.426root 11241100x8000000000000000752156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225a376fab0218d72021-12-20 15:53:18.427root 11241100x8000000000000000752157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c167dd11db5bcb2021-12-20 15:53:18.427root 11241100x8000000000000000752158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5314b602a0d11c922021-12-20 15:53:18.427root 11241100x8000000000000000752159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b8d629e1a3a6db2021-12-20 15:53:18.427root 11241100x8000000000000000752160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed484ed4e93579072021-12-20 15:53:18.427root 11241100x8000000000000000752161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9afbd376deacd0e2021-12-20 15:53:18.427root 11241100x8000000000000000752162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6768960d750c1a2021-12-20 15:53:18.427root 11241100x8000000000000000752163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e244d440f1757672021-12-20 15:53:18.427root 11241100x8000000000000000752164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c742a8fb2965562021-12-20 15:53:18.427root 11241100x8000000000000000752165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe13caaecb58812021-12-20 15:53:18.427root 11241100x8000000000000000752166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33183375b2f5ff772021-12-20 15:53:18.427root 11241100x8000000000000000752167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d56bcd569ac8012021-12-20 15:53:18.427root 11241100x8000000000000000752168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b281a320f256d12021-12-20 15:53:18.427root 11241100x8000000000000000752169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a161924ed9c8a382021-12-20 15:53:18.428root 11241100x8000000000000000752170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ec3179f374d2fe2021-12-20 15:53:18.428root 11241100x8000000000000000752171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7165a17f2c2c132021-12-20 15:53:18.428root 11241100x8000000000000000752172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3f090bf9d21efb2021-12-20 15:53:18.428root 11241100x8000000000000000752173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5115c4f963114f892021-12-20 15:53:18.428root 11241100x8000000000000000752174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08119d8607b11c902021-12-20 15:53:18.428root 11241100x8000000000000000752175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030416e8678645942021-12-20 15:53:18.428root 11241100x8000000000000000752176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2fddfe97ded7842021-12-20 15:53:18.924root 11241100x8000000000000000752177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aa42f815d9f20e2021-12-20 15:53:18.925root 11241100x8000000000000000752178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32652d397008ca612021-12-20 15:53:18.925root 11241100x8000000000000000752179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ea6a3f9e0b519b2021-12-20 15:53:18.925root 11241100x8000000000000000752180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b730b1abd6d0b2632021-12-20 15:53:18.925root 11241100x8000000000000000752181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9f452721aa15982021-12-20 15:53:18.925root 11241100x8000000000000000752182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be538d98fc73ddd82021-12-20 15:53:18.925root 11241100x8000000000000000752183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa5ecd7d166b3ce2021-12-20 15:53:18.925root 11241100x8000000000000000752184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dd3d437d5f2b092021-12-20 15:53:18.925root 11241100x8000000000000000752185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e022585d04fc00a22021-12-20 15:53:18.925root 11241100x8000000000000000752186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d949049866e6dcad2021-12-20 15:53:18.926root 11241100x8000000000000000752187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c641c6d6934896012021-12-20 15:53:18.926root 11241100x8000000000000000752188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5db293b7e336262021-12-20 15:53:18.926root 11241100x8000000000000000752189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f102ffae5150dc52021-12-20 15:53:18.926root 11241100x8000000000000000752190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a700365f479cb22021-12-20 15:53:18.926root 11241100x8000000000000000752191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af1cd42f4d936c32021-12-20 15:53:18.926root 11241100x8000000000000000752192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb55328d061d06b2021-12-20 15:53:18.926root 11241100x8000000000000000752193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e411a339430461a52021-12-20 15:53:18.926root 11241100x8000000000000000752194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66db8eb2f6dee1112021-12-20 15:53:18.926root 11241100x8000000000000000752195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f0a2da712d745f2021-12-20 15:53:18.926root 11241100x8000000000000000752196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48df2d2da8ea4fd2021-12-20 15:53:18.926root 11241100x8000000000000000752197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebe93fe8628f4362021-12-20 15:53:18.927root 11241100x8000000000000000752198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0227273a9d57199e2021-12-20 15:53:18.927root 11241100x8000000000000000752199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a52e2681e2da76e2021-12-20 15:53:18.927root 11241100x8000000000000000752200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a5d1921ba09fd62021-12-20 15:53:18.927root 11241100x8000000000000000752201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:18.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef2bc9f5c03bdec2021-12-20 15:53:18.927root 11241100x8000000000000000752202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70da7c90e7bf5c3a2021-12-20 15:53:19.424root 11241100x8000000000000000752203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a10549e367b0d92021-12-20 15:53:19.425root 11241100x8000000000000000752204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef2b18d691b87222021-12-20 15:53:19.425root 11241100x8000000000000000752205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b986d162a7fd672021-12-20 15:53:19.425root 11241100x8000000000000000752206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d0730757db6bd52021-12-20 15:53:19.425root 11241100x8000000000000000752207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb618014521947a2021-12-20 15:53:19.425root 11241100x8000000000000000752208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8775997cf4ff472021-12-20 15:53:19.426root 11241100x8000000000000000752209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0983cc45e25560642021-12-20 15:53:19.426root 11241100x8000000000000000752210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862292cc1b56caec2021-12-20 15:53:19.426root 11241100x8000000000000000752211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79073a04ee3571f92021-12-20 15:53:19.427root 11241100x8000000000000000752212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450c9dacf7df5da82021-12-20 15:53:19.427root 11241100x8000000000000000752213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071ad0e94dd38932021-12-20 15:53:19.427root 11241100x8000000000000000752214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf2185c703d748e2021-12-20 15:53:19.427root 11241100x8000000000000000752215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6249524282bfbc4a2021-12-20 15:53:19.427root 11241100x8000000000000000752216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa7fe8f45231fd92021-12-20 15:53:19.428root 11241100x8000000000000000752217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270f0f60787089e52021-12-20 15:53:19.428root 11241100x8000000000000000752218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93885c7ac63e27a92021-12-20 15:53:19.428root 11241100x8000000000000000752219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3691c9944bf100642021-12-20 15:53:19.428root 11241100x8000000000000000752220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0394f4387959d8502021-12-20 15:53:19.429root 11241100x8000000000000000752221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831cd910bad8b02f2021-12-20 15:53:19.429root 11241100x8000000000000000752222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d014cabd7f9997b2021-12-20 15:53:19.429root 11241100x8000000000000000752223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225f062b7c25d0b72021-12-20 15:53:19.429root 11241100x8000000000000000752224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3533303305da4f302021-12-20 15:53:19.429root 11241100x8000000000000000752225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b697d7796d95752021-12-20 15:53:19.430root 11241100x8000000000000000752226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3155f33c36347e52021-12-20 15:53:19.430root 11241100x8000000000000000752227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492d64629ef18af32021-12-20 15:53:19.430root 11241100x8000000000000000752228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b537b0325bf92a2021-12-20 15:53:19.924root 11241100x8000000000000000752229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98961e8bb66e8e02021-12-20 15:53:19.925root 11241100x8000000000000000752230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d0865679a4e6902021-12-20 15:53:19.925root 11241100x8000000000000000752231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dead09c2bd4a372021-12-20 15:53:19.925root 11241100x8000000000000000752232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6d09e6928602b52021-12-20 15:53:19.925root 11241100x8000000000000000752233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18800e45d794d1992021-12-20 15:53:19.925root 11241100x8000000000000000752234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cf6f9f3a88fce02021-12-20 15:53:19.926root 11241100x8000000000000000752235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9dc9f9fe9b90fb2021-12-20 15:53:19.926root 11241100x8000000000000000752236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd2f7e3b60e5eb2021-12-20 15:53:19.926root 11241100x8000000000000000752237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68b0584827b1c152021-12-20 15:53:19.926root 11241100x8000000000000000752238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2485c0976a900eae2021-12-20 15:53:19.927root 11241100x8000000000000000752239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099629636d2f4dbc2021-12-20 15:53:19.927root 11241100x8000000000000000752240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c296b80e4246412f2021-12-20 15:53:19.927root 11241100x8000000000000000752241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7342995fe2762d722021-12-20 15:53:19.927root 11241100x8000000000000000752242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9067fcafa4b0b9fc2021-12-20 15:53:19.928root 11241100x8000000000000000752243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bce009a04c8bc842021-12-20 15:53:19.928root 11241100x8000000000000000752244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e00d14e24c20b6c2021-12-20 15:53:19.928root 11241100x8000000000000000752245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680a2c9c75a463522021-12-20 15:53:19.928root 11241100x8000000000000000752246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccba05620688d0882021-12-20 15:53:19.929root 11241100x8000000000000000752247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abcab02926a33092021-12-20 15:53:19.929root 11241100x8000000000000000752248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb62ccf82cdcbd02021-12-20 15:53:19.929root 11241100x8000000000000000752249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329201c1ffc9ea9c2021-12-20 15:53:19.929root 11241100x8000000000000000752250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb82726a06ec66022021-12-20 15:53:19.930root 11241100x8000000000000000752251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32584f4719002f42021-12-20 15:53:19.930root 11241100x8000000000000000752252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9a3267789783f72021-12-20 15:53:19.930root 11241100x8000000000000000752253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:19.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa692454f990f7732021-12-20 15:53:19.930root 354300x8000000000000000752254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.028{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46030-false10.0.1.12-8089- 11241100x8000000000000000752255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0135524edf23d44f2021-12-20 15:53:20.424root 11241100x8000000000000000752256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97350ac5f50db1e2021-12-20 15:53:20.424root 11241100x8000000000000000752257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac54ee28588e30f92021-12-20 15:53:20.424root 11241100x8000000000000000752258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6869de2b1947a52021-12-20 15:53:20.424root 11241100x8000000000000000752259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeb446451506f4b2021-12-20 15:53:20.425root 11241100x8000000000000000752260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf92e39d07956952021-12-20 15:53:20.425root 11241100x8000000000000000752261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa36e5443f5039a2021-12-20 15:53:20.425root 11241100x8000000000000000752262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250e779b28d054112021-12-20 15:53:20.425root 11241100x8000000000000000752263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6152b452d26d0c802021-12-20 15:53:20.425root 11241100x8000000000000000752264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9f6de3373c9eca2021-12-20 15:53:20.425root 11241100x8000000000000000752265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366cbdadf57896682021-12-20 15:53:20.425root 11241100x8000000000000000752266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe21d400f64a2462021-12-20 15:53:20.425root 11241100x8000000000000000752267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e55d6d026fff812021-12-20 15:53:20.426root 11241100x8000000000000000752268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59320be57583281a2021-12-20 15:53:20.426root 11241100x8000000000000000752269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856ef53d00af85952021-12-20 15:53:20.426root 11241100x8000000000000000752270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c581b901adde0c2021-12-20 15:53:20.426root 11241100x8000000000000000752271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1d28f60186e8402021-12-20 15:53:20.426root 11241100x8000000000000000752272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7343df1e3ccb1a2021-12-20 15:53:20.426root 11241100x8000000000000000752273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160136d34282d1d62021-12-20 15:53:20.426root 11241100x8000000000000000752274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb62c515dbe9b682021-12-20 15:53:20.426root 11241100x8000000000000000752275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07ba3549f000bd52021-12-20 15:53:20.426root 11241100x8000000000000000752276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed05c8d3ed984b72021-12-20 15:53:20.427root 11241100x8000000000000000752277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088155a97321d59c2021-12-20 15:53:20.427root 11241100x8000000000000000752278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b674e29a6318512a2021-12-20 15:53:20.427root 11241100x8000000000000000752279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3566e9fe0d8aa11e2021-12-20 15:53:20.427root 11241100x8000000000000000752280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141300ebde8a59b32021-12-20 15:53:20.428root 11241100x8000000000000000752281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38609432d49c8b2021-12-20 15:53:20.428root 11241100x8000000000000000752282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85c3f6905388e2b2021-12-20 15:53:20.924root 11241100x8000000000000000752283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79f6f5a15be79b32021-12-20 15:53:20.924root 11241100x8000000000000000752284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3813667d8e843a412021-12-20 15:53:20.925root 11241100x8000000000000000752285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df45a514755781d32021-12-20 15:53:20.925root 11241100x8000000000000000752286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d015de754bfcbfba2021-12-20 15:53:20.925root 11241100x8000000000000000752287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58e5f23968247922021-12-20 15:53:20.925root 11241100x8000000000000000752288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c83b614d0f0e7d2021-12-20 15:53:20.926root 11241100x8000000000000000752289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56ab313c5c1e32d2021-12-20 15:53:20.926root 11241100x8000000000000000752290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552a70cb4391315c2021-12-20 15:53:20.926root 11241100x8000000000000000752291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdc67f67b924eea2021-12-20 15:53:20.926root 11241100x8000000000000000752292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1950573961584de12021-12-20 15:53:20.926root 11241100x8000000000000000752293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0021ea7d9e1bea82021-12-20 15:53:20.927root 11241100x8000000000000000752294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e766a101601a48252021-12-20 15:53:20.927root 11241100x8000000000000000752295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a952c63b603b44702021-12-20 15:53:20.927root 11241100x8000000000000000752296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010392db0383cf312021-12-20 15:53:20.927root 11241100x8000000000000000752297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54fbfcefc2ddf582021-12-20 15:53:20.928root 11241100x8000000000000000752298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0e241cb6792b002021-12-20 15:53:20.928root 11241100x8000000000000000752299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badebb306aeccb642021-12-20 15:53:20.928root 11241100x8000000000000000752300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f152a5f94a8f8d502021-12-20 15:53:20.928root 11241100x8000000000000000752301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1848fceea76b313b2021-12-20 15:53:20.929root 11241100x8000000000000000752302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63761623e3af1332021-12-20 15:53:20.929root 11241100x8000000000000000752303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6491ba6edec1f62021-12-20 15:53:20.929root 11241100x8000000000000000752304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2650b22f6cd08002021-12-20 15:53:20.929root 11241100x8000000000000000752305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e8378d5a3ab3252021-12-20 15:53:20.929root 11241100x8000000000000000752306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b8c4f4b1b8780d2021-12-20 15:53:20.929root 11241100x8000000000000000752307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea5e4ba7854b4e92021-12-20 15:53:20.929root 11241100x8000000000000000752308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d8441b5811eb322021-12-20 15:53:20.929root 11241100x8000000000000000752309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2df81fd87f4cd62021-12-20 15:53:21.424root 11241100x8000000000000000752310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865776931e2e850c2021-12-20 15:53:21.425root 11241100x8000000000000000752311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e79b83c27184822021-12-20 15:53:21.425root 11241100x8000000000000000752312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8334fbe948cc302021-12-20 15:53:21.425root 11241100x8000000000000000752313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd40c61015ebeff32021-12-20 15:53:21.425root 11241100x8000000000000000752314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852521eb826169b92021-12-20 15:53:21.425root 11241100x8000000000000000752315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f810a74b81d439d2021-12-20 15:53:21.426root 11241100x8000000000000000752316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d705d368a77a5d1f2021-12-20 15:53:21.426root 11241100x8000000000000000752317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9901129365e6d08a2021-12-20 15:53:21.426root 11241100x8000000000000000752318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c374c7fb469f1fe2021-12-20 15:53:21.426root 11241100x8000000000000000752319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed5cdc0cb89babc2021-12-20 15:53:21.427root 11241100x8000000000000000752320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12edfdf801ea0e512021-12-20 15:53:21.427root 11241100x8000000000000000752321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68aa247170bdbf782021-12-20 15:53:21.427root 11241100x8000000000000000752322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ddc6dda4fd8fde2021-12-20 15:53:21.427root 11241100x8000000000000000752323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7048b497019645942021-12-20 15:53:21.428root 11241100x8000000000000000752324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84465bbf1e015a882021-12-20 15:53:21.428root 11241100x8000000000000000752325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c51ff816760d012021-12-20 15:53:21.428root 11241100x8000000000000000752326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa57217160ed5282021-12-20 15:53:21.428root 11241100x8000000000000000752327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f6444c9041985e2021-12-20 15:53:21.429root 11241100x8000000000000000752328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aea9138656436cd2021-12-20 15:53:21.429root 11241100x8000000000000000752329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcc4d5007b1060d2021-12-20 15:53:21.429root 11241100x8000000000000000752330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68e3cdcfefb2d4f2021-12-20 15:53:21.429root 11241100x8000000000000000752331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b4d283009fa81d2021-12-20 15:53:21.429root 11241100x8000000000000000752332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7138af3fea83a62021-12-20 15:53:21.429root 11241100x8000000000000000752333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dbe58d31d4bcf32021-12-20 15:53:21.429root 11241100x8000000000000000752334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ccdff283ccc5882021-12-20 15:53:21.429root 11241100x8000000000000000752335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b7aee1ec4615612021-12-20 15:53:21.429root 11241100x8000000000000000752336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6708703af60ce002021-12-20 15:53:21.924root 11241100x8000000000000000752337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d602e8351199ef2021-12-20 15:53:21.925root 11241100x8000000000000000752338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58d89b0d3835ed42021-12-20 15:53:21.925root 11241100x8000000000000000752339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac5fa16f72358062021-12-20 15:53:21.925root 11241100x8000000000000000752340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8072526bc345ed1b2021-12-20 15:53:21.925root 11241100x8000000000000000752341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162535eeed62b0082021-12-20 15:53:21.925root 11241100x8000000000000000752342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cac88f30aa840042021-12-20 15:53:21.926root 11241100x8000000000000000752343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf3ed3f3cc9b47a2021-12-20 15:53:21.926root 11241100x8000000000000000752344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27abad26cb36125f2021-12-20 15:53:21.926root 11241100x8000000000000000752345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee0274e27efdf092021-12-20 15:53:21.926root 11241100x8000000000000000752346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51024d9e86451e0d2021-12-20 15:53:21.927root 11241100x8000000000000000752347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d162e0f1b47af72021-12-20 15:53:21.927root 11241100x8000000000000000752348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b894d1c085aa3992021-12-20 15:53:21.927root 11241100x8000000000000000752349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1270be8cc06362021-12-20 15:53:21.927root 11241100x8000000000000000752350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9b986a7c27fdc22021-12-20 15:53:21.927root 11241100x8000000000000000752351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a39c5768ed8ff6d2021-12-20 15:53:21.927root 11241100x8000000000000000752352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685a0fca451c1cae2021-12-20 15:53:21.927root 11241100x8000000000000000752353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecd43515194756e2021-12-20 15:53:21.927root 11241100x8000000000000000752354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2c3900c23c43cf2021-12-20 15:53:21.928root 11241100x8000000000000000752355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0042f5d515a751f32021-12-20 15:53:21.928root 11241100x8000000000000000752356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a43ed868858a4802021-12-20 15:53:21.929root 11241100x8000000000000000752357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfbdfc3be3239262021-12-20 15:53:21.930root 11241100x8000000000000000752358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ece33d1c8b85792021-12-20 15:53:21.930root 11241100x8000000000000000752359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a8469d0753e2f32021-12-20 15:53:21.930root 11241100x8000000000000000752360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63298cc6af0848912021-12-20 15:53:21.930root 11241100x8000000000000000752361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06b7a4ce1153c1a2021-12-20 15:53:21.931root 11241100x8000000000000000752362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:21.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fef529f9606bea2021-12-20 15:53:21.931root 11241100x8000000000000000752363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046c5a09c937ebd92021-12-20 15:53:22.424root 11241100x8000000000000000752364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb30fba58e9bdbb02021-12-20 15:53:22.425root 11241100x8000000000000000752365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd6b515bd2883fc2021-12-20 15:53:22.425root 11241100x8000000000000000752366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a46914ec572fd5e2021-12-20 15:53:22.425root 11241100x8000000000000000752367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0b2cf48a4c05822021-12-20 15:53:22.425root 11241100x8000000000000000752368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3faa5a541dd4dc2021-12-20 15:53:22.425root 11241100x8000000000000000752369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d28dbd2ec897832021-12-20 15:53:22.426root 11241100x8000000000000000752370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313ace8a65d99d2c2021-12-20 15:53:22.426root 11241100x8000000000000000752371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ac0939625819fa2021-12-20 15:53:22.426root 11241100x8000000000000000752372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b47d5a9dc384372021-12-20 15:53:22.426root 11241100x8000000000000000752373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61ef67594b268092021-12-20 15:53:22.427root 11241100x8000000000000000752374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf58a88312b6e542021-12-20 15:53:22.427root 11241100x8000000000000000752375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f392d8854d761fc42021-12-20 15:53:22.427root 11241100x8000000000000000752376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e062f90c6fc99a292021-12-20 15:53:22.427root 11241100x8000000000000000752377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8511694dfbc3ae192021-12-20 15:53:22.427root 11241100x8000000000000000752378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdd7bc44d5da8622021-12-20 15:53:22.428root 11241100x8000000000000000752379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c965a251c9dfe92021-12-20 15:53:22.428root 11241100x8000000000000000752380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39194404d0dc3d3d2021-12-20 15:53:22.428root 11241100x8000000000000000752381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697a933f6455c91f2021-12-20 15:53:22.428root 11241100x8000000000000000752382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b7781b9996257c2021-12-20 15:53:22.428root 11241100x8000000000000000752383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c7a03268ec8e712021-12-20 15:53:22.428root 11241100x8000000000000000752384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e87eaf3fe36d082021-12-20 15:53:22.428root 11241100x8000000000000000752385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a87aaa77995e3af2021-12-20 15:53:22.428root 11241100x8000000000000000752386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd2669eec9a322e2021-12-20 15:53:22.428root 11241100x8000000000000000752387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160a7cd3ec6b34222021-12-20 15:53:22.428root 11241100x8000000000000000752388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9735eb73c1d082021-12-20 15:53:22.429root 11241100x8000000000000000752389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b27807938fb81942021-12-20 15:53:22.429root 11241100x8000000000000000752390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49891c48effe8caf2021-12-20 15:53:22.924root 11241100x8000000000000000752391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f5c2767ef741b62021-12-20 15:53:22.924root 11241100x8000000000000000752392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c947da6e8bcb1ec02021-12-20 15:53:22.924root 11241100x8000000000000000752393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4006976ea77d8992021-12-20 15:53:22.924root 11241100x8000000000000000752394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a7015c01c21cc82021-12-20 15:53:22.925root 11241100x8000000000000000752395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be3d1bdb7db234b2021-12-20 15:53:22.925root 11241100x8000000000000000752396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aed7d53d3505c022021-12-20 15:53:22.925root 11241100x8000000000000000752397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b061e2fe6348502021-12-20 15:53:22.925root 11241100x8000000000000000752398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456ff68e06e2dfc42021-12-20 15:53:22.925root 11241100x8000000000000000752399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaafe997f6ccd1a2021-12-20 15:53:22.925root 11241100x8000000000000000752400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35580538e74dd762021-12-20 15:53:22.925root 11241100x8000000000000000752401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdd178f1a4376052021-12-20 15:53:22.925root 11241100x8000000000000000752402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2009a71996604d2021-12-20 15:53:22.925root 11241100x8000000000000000752403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1653232f59bd9c92021-12-20 15:53:22.925root 11241100x8000000000000000752404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53b1eb3842f35902021-12-20 15:53:22.926root 11241100x8000000000000000752405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3438399b2ff127422021-12-20 15:53:22.926root 11241100x8000000000000000752406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a980a64239641ab92021-12-20 15:53:22.926root 11241100x8000000000000000752407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a3941e34fee5872021-12-20 15:53:22.926root 11241100x8000000000000000752408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2827699f51198f2021-12-20 15:53:22.926root 11241100x8000000000000000752409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43852df6f60f9c182021-12-20 15:53:22.926root 11241100x8000000000000000752410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748c6a0f70b889a92021-12-20 15:53:22.926root 11241100x8000000000000000752411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e447bf075eb1bd12021-12-20 15:53:22.926root 11241100x8000000000000000752412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374c871bdf59d6972021-12-20 15:53:22.927root 11241100x8000000000000000752413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9876e6ba5e8c852021-12-20 15:53:22.927root 11241100x8000000000000000752414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c2006b594a155e2021-12-20 15:53:22.927root 11241100x8000000000000000752415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80135d2aa78295f62021-12-20 15:53:22.927root 11241100x8000000000000000752416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe96e259ead5e262021-12-20 15:53:22.927root 354300x8000000000000000752417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.172{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51330-false10.0.1.12-8000- 11241100x8000000000000000752418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9e70753c0cd1962021-12-20 15:53:23.424root 11241100x8000000000000000752419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6bfd2bbc137f3f2021-12-20 15:53:23.424root 11241100x8000000000000000752420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf683c99adfec9b22021-12-20 15:53:23.424root 11241100x8000000000000000752421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb9a3636a5ab81e2021-12-20 15:53:23.424root 11241100x8000000000000000752422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58adbe9aee7c19482021-12-20 15:53:23.425root 11241100x8000000000000000752423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722434674a3324012021-12-20 15:53:23.425root 11241100x8000000000000000752424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da61a535fcb3d412021-12-20 15:53:23.425root 11241100x8000000000000000752425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdde99799e3a1502021-12-20 15:53:23.425root 11241100x8000000000000000752426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2526b27fd5def34d2021-12-20 15:53:23.425root 11241100x8000000000000000752427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206a301009b9051a2021-12-20 15:53:23.425root 11241100x8000000000000000752428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc83ba15e5ddad92021-12-20 15:53:23.425root 11241100x8000000000000000752429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a3321c4093ed412021-12-20 15:53:23.425root 11241100x8000000000000000752430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bf0eaed519592b2021-12-20 15:53:23.425root 11241100x8000000000000000752431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105ba6a8400064c52021-12-20 15:53:23.425root 11241100x8000000000000000752432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959b5227273248052021-12-20 15:53:23.425root 11241100x8000000000000000752433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831cf200f9f9d3892021-12-20 15:53:23.426root 11241100x8000000000000000752434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d800ff707f3db62021-12-20 15:53:23.426root 11241100x8000000000000000752435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1861288272a882952021-12-20 15:53:23.426root 11241100x8000000000000000752436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0e8892e78cc0af2021-12-20 15:53:23.426root 11241100x8000000000000000752437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bdb6c8c2cfa03e2021-12-20 15:53:23.427root 11241100x8000000000000000752438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ef31686c0d89542021-12-20 15:53:23.427root 11241100x8000000000000000752439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bbfdb47258e9e52021-12-20 15:53:23.427root 11241100x8000000000000000752440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1f738cc5cadf5c2021-12-20 15:53:23.427root 11241100x8000000000000000752441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc4b63efca8ec8b2021-12-20 15:53:23.428root 11241100x8000000000000000752442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b65c83c3e0847c2021-12-20 15:53:23.428root 11241100x8000000000000000752443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99d98063c718f302021-12-20 15:53:23.428root 11241100x8000000000000000752444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883e176b738754b22021-12-20 15:53:23.428root 11241100x8000000000000000752445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b32211a6c20b152021-12-20 15:53:23.428root 11241100x8000000000000000752446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcf9665f7fcf8b52021-12-20 15:53:23.429root 11241100x8000000000000000752447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877dcb1a7eba3ca02021-12-20 15:53:23.429root 11241100x8000000000000000752448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae91c7634d9ed372021-12-20 15:53:23.429root 11241100x8000000000000000752449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94fbbb9d03986782021-12-20 15:53:23.429root 11241100x8000000000000000752450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54431efb046a43492021-12-20 15:53:23.429root 11241100x8000000000000000752451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088aa0f25e5ab0652021-12-20 15:53:23.429root 11241100x8000000000000000752452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c473de90d121f642021-12-20 15:53:23.430root 11241100x8000000000000000752453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcbfd64b6f5d1e42021-12-20 15:53:23.430root 11241100x8000000000000000752454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c7b59df487c1a32021-12-20 15:53:23.924root 11241100x8000000000000000752455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ed3ecff0a1b64d2021-12-20 15:53:23.925root 11241100x8000000000000000752456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82bbb6f8523c8522021-12-20 15:53:23.925root 11241100x8000000000000000752457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc56ecc2bc0b97c52021-12-20 15:53:23.925root 11241100x8000000000000000752458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3eaee2a7a12ac642021-12-20 15:53:23.925root 11241100x8000000000000000752459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f86a474b18244df2021-12-20 15:53:23.925root 11241100x8000000000000000752460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a125fb9fffe550e82021-12-20 15:53:23.926root 11241100x8000000000000000752461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa435db49553d5d82021-12-20 15:53:23.926root 11241100x8000000000000000752462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b633fad296b15cd2021-12-20 15:53:23.926root 11241100x8000000000000000752463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2eb8a64c7ffcd32021-12-20 15:53:23.926root 11241100x8000000000000000752464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4ce4126cf11d7e2021-12-20 15:53:23.927root 11241100x8000000000000000752465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efef32a51db47edb2021-12-20 15:53:23.927root 11241100x8000000000000000752466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7065a5424d1313b82021-12-20 15:53:23.927root 11241100x8000000000000000752467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90782739ea180b6b2021-12-20 15:53:23.928root 11241100x8000000000000000752468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e586e8154802a452021-12-20 15:53:23.928root 11241100x8000000000000000752469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4914729e5f2c62482021-12-20 15:53:23.928root 11241100x8000000000000000752470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf18d83ab6619102021-12-20 15:53:23.928root 11241100x8000000000000000752471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fc1bf62efa68232021-12-20 15:53:23.928root 11241100x8000000000000000752472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57da0bcc5317fbb92021-12-20 15:53:23.928root 11241100x8000000000000000752473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095a49ee31d466812021-12-20 15:53:23.928root 11241100x8000000000000000752474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ce65912c9a7e572021-12-20 15:53:23.929root 11241100x8000000000000000752475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf28dfd8361c8362021-12-20 15:53:23.929root 11241100x8000000000000000752476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bc05bacf1cceba2021-12-20 15:53:23.929root 11241100x8000000000000000752477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf374739f9211772021-12-20 15:53:23.929root 11241100x8000000000000000752478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c771a9669f5ae02021-12-20 15:53:23.929root 11241100x8000000000000000752479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c18e83be4b7b74f2021-12-20 15:53:23.929root 11241100x8000000000000000752480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95289f0cd7d298c52021-12-20 15:53:23.929root 11241100x8000000000000000752481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74407c0e7ff8a0102021-12-20 15:53:23.929root 11241100x8000000000000000752482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a95f6999f0cf262021-12-20 15:53:24.424root 11241100x8000000000000000752483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a59d3e0b67da1962021-12-20 15:53:24.424root 11241100x8000000000000000752484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fa98ec3aec38682021-12-20 15:53:24.424root 11241100x8000000000000000752485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72128297fdad5442021-12-20 15:53:24.424root 11241100x8000000000000000752486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf7c360042f14ba2021-12-20 15:53:24.425root 11241100x8000000000000000752487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521410edc617e8282021-12-20 15:53:24.425root 11241100x8000000000000000752488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ea4384b118ab032021-12-20 15:53:24.425root 11241100x8000000000000000752489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a0e7b177e1727f2021-12-20 15:53:24.425root 11241100x8000000000000000752490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6251ab231a83dabb2021-12-20 15:53:24.425root 11241100x8000000000000000752491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b7b7163a2245252021-12-20 15:53:24.425root 11241100x8000000000000000752492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24ee5592e8e96f42021-12-20 15:53:24.425root 11241100x8000000000000000752493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa701439305463d2021-12-20 15:53:24.425root 11241100x8000000000000000752494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b6837a8cfd6f4c2021-12-20 15:53:24.425root 11241100x8000000000000000752495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6e954a4df587b52021-12-20 15:53:24.425root 11241100x8000000000000000752496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20937ffa8f3daca2021-12-20 15:53:24.426root 11241100x8000000000000000752497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54931e474a7cee72021-12-20 15:53:24.426root 11241100x8000000000000000752498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c563a17213a9a8f02021-12-20 15:53:24.426root 11241100x8000000000000000752499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941d30c26adf28542021-12-20 15:53:24.426root 11241100x8000000000000000752500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396f8569241a7c702021-12-20 15:53:24.426root 11241100x8000000000000000752501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d33bba239cbdb332021-12-20 15:53:24.426root 11241100x8000000000000000752502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78596b5fc5244462021-12-20 15:53:24.426root 11241100x8000000000000000752503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207405b0fc9aa5bd2021-12-20 15:53:24.426root 11241100x8000000000000000752504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02050bcf10770dbc2021-12-20 15:53:24.426root 11241100x8000000000000000752505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3e27b13518e1662021-12-20 15:53:24.426root 11241100x8000000000000000752506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cff6c9c03df84b12021-12-20 15:53:24.426root 11241100x8000000000000000752507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000ca27f30562c4e2021-12-20 15:53:24.427root 11241100x8000000000000000752508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97be6e467ae39de2021-12-20 15:53:24.427root 11241100x8000000000000000752509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff49c9470e15c062021-12-20 15:53:24.427root 11241100x8000000000000000752510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36672667f77e60332021-12-20 15:53:24.924root 11241100x8000000000000000752511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de13bc7fbc138a2d2021-12-20 15:53:24.924root 11241100x8000000000000000752512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcda3abaf653b4e2021-12-20 15:53:24.924root 11241100x8000000000000000752513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258e71cba56c328f2021-12-20 15:53:24.924root 11241100x8000000000000000752514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af0df5f6660d01f2021-12-20 15:53:24.925root 11241100x8000000000000000752515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c2e4526b066a502021-12-20 15:53:24.925root 11241100x8000000000000000752516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184c6633e7afa3512021-12-20 15:53:24.925root 11241100x8000000000000000752517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be83e3531a4fe012021-12-20 15:53:24.925root 11241100x8000000000000000752518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf31a2d6a07f481c2021-12-20 15:53:24.925root 11241100x8000000000000000752519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa481c8e7e341412021-12-20 15:53:24.925root 11241100x8000000000000000752520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a698880e3ba19bc72021-12-20 15:53:24.925root 11241100x8000000000000000752521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82856a38f2c5df0a2021-12-20 15:53:24.925root 11241100x8000000000000000752522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5ef24fc6bd726e2021-12-20 15:53:24.926root 11241100x8000000000000000752523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856171385d34ac352021-12-20 15:53:24.926root 11241100x8000000000000000752524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e4a8d0075d7dbf2021-12-20 15:53:24.926root 11241100x8000000000000000752525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3f47e0aa1d52812021-12-20 15:53:24.926root 11241100x8000000000000000752526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4957ae6e8fd5c92021-12-20 15:53:24.926root 11241100x8000000000000000752527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383dfac5eb4b8de42021-12-20 15:53:24.926root 11241100x8000000000000000752528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36a2c1a13cac2492021-12-20 15:53:24.926root 11241100x8000000000000000752529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11844135c4bcf072021-12-20 15:53:24.926root 11241100x8000000000000000752530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4b1c9ec3c92e3a2021-12-20 15:53:24.926root 11241100x8000000000000000752531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1beb2937d66ea3a2021-12-20 15:53:24.926root 11241100x8000000000000000752532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7809adf409c9c12021-12-20 15:53:24.927root 11241100x8000000000000000752533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565612d0c19efe992021-12-20 15:53:24.927root 11241100x8000000000000000752534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d60419e1f928742021-12-20 15:53:24.927root 11241100x8000000000000000752535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca433b0a412e951c2021-12-20 15:53:24.927root 11241100x8000000000000000752536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68604ddf4571df2c2021-12-20 15:53:24.927root 11241100x8000000000000000752537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a8484fc0f5aaf62021-12-20 15:53:24.927root 11241100x8000000000000000752538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5824ffa9e4f2e5b32021-12-20 15:53:24.927root 11241100x8000000000000000752539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4e978bacb792652021-12-20 15:53:25.424root 11241100x8000000000000000752540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffa1b4510daac822021-12-20 15:53:25.424root 11241100x8000000000000000752541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85159200167802e52021-12-20 15:53:25.424root 11241100x8000000000000000752542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3227aca99053c102021-12-20 15:53:25.424root 11241100x8000000000000000752543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7c2a71f760ac7c2021-12-20 15:53:25.425root 11241100x8000000000000000752544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6a2cd3aa16bba32021-12-20 15:53:25.425root 11241100x8000000000000000752545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e71756958746e22021-12-20 15:53:25.425root 11241100x8000000000000000752546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad23bb4f45e54882021-12-20 15:53:25.425root 11241100x8000000000000000752547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3737f797666f022021-12-20 15:53:25.425root 11241100x8000000000000000752548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a3a284f33370602021-12-20 15:53:25.425root 11241100x8000000000000000752549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67692f21b258d9d2021-12-20 15:53:25.425root 11241100x8000000000000000752550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c632fab7f718f82021-12-20 15:53:25.425root 11241100x8000000000000000752551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b896d77a5c7f492021-12-20 15:53:25.425root 11241100x8000000000000000752552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c00179ca2dfd492021-12-20 15:53:25.425root 11241100x8000000000000000752553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc02434ee8468e62021-12-20 15:53:25.425root 11241100x8000000000000000752554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a89324238194ed2021-12-20 15:53:25.426root 11241100x8000000000000000752555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e829d30fdf65da3c2021-12-20 15:53:25.426root 11241100x8000000000000000752556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caa2e58dc695a882021-12-20 15:53:25.426root 11241100x8000000000000000752557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25af0930808559d12021-12-20 15:53:25.426root 11241100x8000000000000000752558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721eba2eed1d59f2021-12-20 15:53:25.426root 11241100x8000000000000000752559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a8ec29b9f428502021-12-20 15:53:25.426root 11241100x8000000000000000752560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470578aa2b5a475e2021-12-20 15:53:25.427root 11241100x8000000000000000752561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a17644171ad28d2021-12-20 15:53:25.427root 11241100x8000000000000000752562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf9fb165d7ee39b2021-12-20 15:53:25.427root 11241100x8000000000000000752563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5eab4b4058cd55b2021-12-20 15:53:25.427root 11241100x8000000000000000752564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d90274f314fe8d2021-12-20 15:53:25.427root 11241100x8000000000000000752565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14100566535067ed2021-12-20 15:53:25.428root 11241100x8000000000000000752566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b203f04ba813d82021-12-20 15:53:25.428root 11241100x8000000000000000752567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14dc12f871eb1bf2021-12-20 15:53:25.924root 11241100x8000000000000000752568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a45c26e0dd3edd2021-12-20 15:53:25.925root 11241100x8000000000000000752569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6167d7162a75a8062021-12-20 15:53:25.925root 11241100x8000000000000000752570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613dca5222bd99682021-12-20 15:53:25.925root 11241100x8000000000000000752571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bd2f1eb0a4fb1e2021-12-20 15:53:25.925root 11241100x8000000000000000752572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead6ba87024f047d2021-12-20 15:53:25.926root 11241100x8000000000000000752573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69788e643f29f4ab2021-12-20 15:53:25.926root 11241100x8000000000000000752574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb437b4bfc803ae2021-12-20 15:53:25.926root 11241100x8000000000000000752575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fa934dd1fc6dff2021-12-20 15:53:25.926root 11241100x8000000000000000752576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc96f58fa2615b12021-12-20 15:53:25.926root 11241100x8000000000000000752577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3603db61f350c2d62021-12-20 15:53:25.927root 11241100x8000000000000000752578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd3d428d40e1d8e2021-12-20 15:53:25.927root 11241100x8000000000000000752579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a34ae2711a050d22021-12-20 15:53:25.927root 11241100x8000000000000000752580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35faf3fa7acc2e192021-12-20 15:53:25.928root 11241100x8000000000000000752581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c9aceb71c3372c2021-12-20 15:53:25.928root 11241100x8000000000000000752582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703fc5fb386d5e362021-12-20 15:53:25.928root 11241100x8000000000000000752583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f06e42073cb54f2021-12-20 15:53:25.928root 11241100x8000000000000000752584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4e0ae3aa6f8ef02021-12-20 15:53:25.928root 11241100x8000000000000000752585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34647edaf964b072021-12-20 15:53:25.928root 11241100x8000000000000000752586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32abd7aad7cf9fa2021-12-20 15:53:25.929root 11241100x8000000000000000752587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0553396af57b98372021-12-20 15:53:25.929root 11241100x8000000000000000752588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f49fa2b8272777d2021-12-20 15:53:25.929root 11241100x8000000000000000752589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9921b005412ccb2021-12-20 15:53:25.929root 11241100x8000000000000000752590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366b70c34fb6e5be2021-12-20 15:53:25.929root 11241100x8000000000000000752591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca6262eceea7bcc2021-12-20 15:53:25.929root 11241100x8000000000000000752592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f44556c8d57c17f2021-12-20 15:53:25.930root 11241100x8000000000000000752593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa535c890eda2b5a2021-12-20 15:53:25.930root 11241100x8000000000000000752594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d59784c33bc5f302021-12-20 15:53:25.930root 11241100x8000000000000000752595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fb46fef2db5f132021-12-20 15:53:26.424root 11241100x8000000000000000752596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143f7a098146392b2021-12-20 15:53:26.424root 11241100x8000000000000000752597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0e8be2da95f0102021-12-20 15:53:26.424root 11241100x8000000000000000752598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f060a61aa5d1d15e2021-12-20 15:53:26.425root 11241100x8000000000000000752599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1601ce2a426fbbc82021-12-20 15:53:26.425root 11241100x8000000000000000752600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3005be1ca9e9eb462021-12-20 15:53:26.425root 11241100x8000000000000000752601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da9d2661c3a9ff72021-12-20 15:53:26.425root 11241100x8000000000000000752602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c3683128a706b82021-12-20 15:53:26.425root 11241100x8000000000000000752603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ee7d23443a13f12021-12-20 15:53:26.425root 11241100x8000000000000000752604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88fdb29848133e02021-12-20 15:53:26.425root 11241100x8000000000000000752605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eef015fcf638f262021-12-20 15:53:26.425root 11241100x8000000000000000752606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e31a73b41d179512021-12-20 15:53:26.425root 11241100x8000000000000000752607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f320049d952316122021-12-20 15:53:26.426root 11241100x8000000000000000752608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738b813b690560302021-12-20 15:53:26.426root 11241100x8000000000000000752609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6243becabe18b8a2021-12-20 15:53:26.426root 11241100x8000000000000000752610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04d63afeff884322021-12-20 15:53:26.426root 11241100x8000000000000000752611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c76e3256c4e37d62021-12-20 15:53:26.426root 11241100x8000000000000000752612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908690696ed522d62021-12-20 15:53:26.426root 11241100x8000000000000000752613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5270b77d55172b2021-12-20 15:53:26.426root 11241100x8000000000000000752614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07228c5f22af74ec2021-12-20 15:53:26.426root 11241100x8000000000000000752615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a46cd34709ee4472021-12-20 15:53:26.426root 11241100x8000000000000000752616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28232d0294d99d0f2021-12-20 15:53:26.426root 11241100x8000000000000000752617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4b4afe2e78d3242021-12-20 15:53:26.427root 11241100x8000000000000000752618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ce5d5a881a24e2021-12-20 15:53:26.427root 11241100x8000000000000000752619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff5bd6e3383aab62021-12-20 15:53:26.427root 11241100x8000000000000000752620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bad8b2693882052021-12-20 15:53:26.427root 11241100x8000000000000000752621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbd221a9ae4d24d2021-12-20 15:53:26.430root 11241100x8000000000000000752622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97403fd0cf25e3972021-12-20 15:53:26.430root 11241100x8000000000000000752623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d21265563ac11d2021-12-20 15:53:26.924root 11241100x8000000000000000752624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c2f9203c4811a72021-12-20 15:53:26.924root 11241100x8000000000000000752625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7242bff6f6a45342021-12-20 15:53:26.924root 11241100x8000000000000000752626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844caef5d35eab962021-12-20 15:53:26.925root 11241100x8000000000000000752627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed53099fcdafca22021-12-20 15:53:26.925root 11241100x8000000000000000752628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5103503842fe6d2021-12-20 15:53:26.925root 11241100x8000000000000000752629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e981a703b071342021-12-20 15:53:26.925root 11241100x8000000000000000752630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec746a6df70513032021-12-20 15:53:26.925root 11241100x8000000000000000752631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50439887c490eeb2021-12-20 15:53:26.925root 11241100x8000000000000000752632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bf23fca43b7a902021-12-20 15:53:26.925root 11241100x8000000000000000752633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebb3f5d833d3c002021-12-20 15:53:26.925root 11241100x8000000000000000752634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ea60d813636f5c2021-12-20 15:53:26.925root 11241100x8000000000000000752635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8366724a1c3c9f9f2021-12-20 15:53:26.925root 11241100x8000000000000000752636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57c048127b64b1c2021-12-20 15:53:26.925root 11241100x8000000000000000752637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd89bebe6778b0a2021-12-20 15:53:26.926root 11241100x8000000000000000752638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb908c27bce0afb2021-12-20 15:53:26.926root 11241100x8000000000000000752639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adf073ef006b1972021-12-20 15:53:26.926root 11241100x8000000000000000752640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc2e21e45f029e82021-12-20 15:53:26.926root 11241100x8000000000000000752641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c421f4b012cb2b2f2021-12-20 15:53:26.926root 11241100x8000000000000000752642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04df18a4ed1bf4f2021-12-20 15:53:26.926root 11241100x8000000000000000752643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f898ba18b099be72021-12-20 15:53:26.926root 11241100x8000000000000000752644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293d3ea59fef7a5a2021-12-20 15:53:26.926root 11241100x8000000000000000752645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1537d2faea33c852021-12-20 15:53:26.926root 11241100x8000000000000000752646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09bc8a4cb91425f2021-12-20 15:53:26.926root 11241100x8000000000000000752647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5882e4289edebd1b2021-12-20 15:53:26.927root 11241100x8000000000000000752648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180573b7e72e9b442021-12-20 15:53:26.927root 11241100x8000000000000000752649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f949088af19c2a2021-12-20 15:53:26.927root 11241100x8000000000000000752650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2bdfebe7d258872021-12-20 15:53:26.927root 11241100x8000000000000000752651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7200d2bac20f5b2021-12-20 15:53:26.927root 11241100x8000000000000000752652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb95c2ab648ba50a2021-12-20 15:53:26.927root 11241100x8000000000000000752653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250044d713aec2432021-12-20 15:53:27.424root 11241100x8000000000000000752654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3033deb88b06a3b2021-12-20 15:53:27.424root 11241100x8000000000000000752655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96adb70180757da2021-12-20 15:53:27.424root 11241100x8000000000000000752656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3085a144b3bb8092021-12-20 15:53:27.424root 11241100x8000000000000000752657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b3ce9586d4db752021-12-20 15:53:27.425root 11241100x8000000000000000752658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c9dd2d2fe8e4982021-12-20 15:53:27.425root 11241100x8000000000000000752659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40050eb6a1d91d9f2021-12-20 15:53:27.425root 11241100x8000000000000000752660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06ebc0938861fc52021-12-20 15:53:27.425root 11241100x8000000000000000752661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338779019f1158542021-12-20 15:53:27.425root 11241100x8000000000000000752662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0942e323ee4e5a2021-12-20 15:53:27.425root 11241100x8000000000000000752663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2222c454547bae562021-12-20 15:53:27.425root 11241100x8000000000000000752664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b732d480bf416b8c2021-12-20 15:53:27.425root 11241100x8000000000000000752665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017322d8cc1f01d02021-12-20 15:53:27.425root 11241100x8000000000000000752666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113ac8453f811f9f2021-12-20 15:53:27.425root 11241100x8000000000000000752667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0545a61828fa8ec42021-12-20 15:53:27.425root 11241100x8000000000000000752668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464e3d26bd1f0f862021-12-20 15:53:27.425root 11241100x8000000000000000752669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b6af4581aad3012021-12-20 15:53:27.426root 11241100x8000000000000000752670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c869df5d6f9bf7e2021-12-20 15:53:27.426root 11241100x8000000000000000752671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31f4856923b354b2021-12-20 15:53:27.426root 11241100x8000000000000000752672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6989dbf41e22df82021-12-20 15:53:27.426root 11241100x8000000000000000752673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0258552f849ec6df2021-12-20 15:53:27.426root 11241100x8000000000000000752674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e952595431d648c2021-12-20 15:53:27.426root 11241100x8000000000000000752675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58379ac44d7b16b72021-12-20 15:53:27.426root 11241100x8000000000000000752676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb16f9b58885abc2021-12-20 15:53:27.426root 11241100x8000000000000000752677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d338e1c8dcbed1b2021-12-20 15:53:27.426root 11241100x8000000000000000752678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29c3b4831f503442021-12-20 15:53:27.426root 11241100x8000000000000000752679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da1ba0e92fea0f22021-12-20 15:53:27.426root 11241100x8000000000000000752680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c1d2fc48fc77242021-12-20 15:53:27.427root 11241100x8000000000000000752681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4545913182f1b7022021-12-20 15:53:27.427root 11241100x8000000000000000752682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f891feccd61bdd2021-12-20 15:53:27.924root 11241100x8000000000000000752683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dabe3f48355f572021-12-20 15:53:27.924root 11241100x8000000000000000752684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fe3faa69a5f2222021-12-20 15:53:27.924root 11241100x8000000000000000752685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6613aa2f1f7810b2021-12-20 15:53:27.924root 11241100x8000000000000000752686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6307312cfe4f42b12021-12-20 15:53:27.925root 11241100x8000000000000000752687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce3af256bf2786d2021-12-20 15:53:27.925root 11241100x8000000000000000752688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b592ecb0b1c87d92021-12-20 15:53:27.925root 11241100x8000000000000000752689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4992e6122e4c36b02021-12-20 15:53:27.925root 11241100x8000000000000000752690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75071cb6f7ede0882021-12-20 15:53:27.925root 11241100x8000000000000000752691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba22f664ed7176f2021-12-20 15:53:27.925root 11241100x8000000000000000752692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc68bbe83a8fafb2021-12-20 15:53:27.925root 11241100x8000000000000000752693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074526d64c899ff42021-12-20 15:53:27.925root 11241100x8000000000000000752694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262e9d318e2bc4d12021-12-20 15:53:27.925root 11241100x8000000000000000752695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222a29004480373d2021-12-20 15:53:27.925root 11241100x8000000000000000752696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66043b0a3375d4b2021-12-20 15:53:27.925root 11241100x8000000000000000752697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f3fad3809ebee92021-12-20 15:53:27.926root 11241100x8000000000000000752698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed82d7f1f3e22f0b2021-12-20 15:53:27.926root 11241100x8000000000000000752699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033a9bb28d2225732021-12-20 15:53:27.926root 11241100x8000000000000000752700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b67375e532a0fe2021-12-20 15:53:27.926root 11241100x8000000000000000752701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13db164a0b4bfb422021-12-20 15:53:27.926root 11241100x8000000000000000752702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a8c24ba6f963582021-12-20 15:53:27.927root 11241100x8000000000000000752703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bed45bfe77974a2021-12-20 15:53:27.927root 11241100x8000000000000000752704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e9a8a4ae41e9c92021-12-20 15:53:27.927root 11241100x8000000000000000752705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9285399337c02ea82021-12-20 15:53:27.927root 11241100x8000000000000000752706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7dfaba4888b2b52021-12-20 15:53:27.928root 11241100x8000000000000000752707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18caa27e0f8284a82021-12-20 15:53:27.928root 11241100x8000000000000000752708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565ffb23d1eb0f812021-12-20 15:53:27.928root 11241100x8000000000000000752709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4e9f464dae79842021-12-20 15:53:27.928root 354300x8000000000000000752710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.182{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51332-false10.0.1.12-8000- 11241100x8000000000000000752711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f999838ab0f082b82021-12-20 15:53:28.183root 11241100x8000000000000000752712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa7cae41642e7282021-12-20 15:53:28.183root 11241100x8000000000000000752713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab1d927cef3f64b2021-12-20 15:53:28.183root 11241100x8000000000000000752714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2458af5140e1782021-12-20 15:53:28.183root 11241100x8000000000000000752715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e30083bd594f8a02021-12-20 15:53:28.183root 11241100x8000000000000000752716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a072d5f6588cd52021-12-20 15:53:28.183root 11241100x8000000000000000752717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a1c9d2ebec84bf2021-12-20 15:53:28.183root 11241100x8000000000000000752718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859e2c317c4e52e32021-12-20 15:53:28.183root 11241100x8000000000000000752719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eec8671b67fb9e62021-12-20 15:53:28.184root 11241100x8000000000000000752720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56626eee0cd0de502021-12-20 15:53:28.184root 11241100x8000000000000000752721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5401e61c83ed8402021-12-20 15:53:28.184root 11241100x8000000000000000752722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0164a89737b2882021-12-20 15:53:28.184root 11241100x8000000000000000752723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83c06079de2b68f2021-12-20 15:53:28.186root 11241100x8000000000000000752724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019601f1e1a31db62021-12-20 15:53:28.186root 11241100x8000000000000000752725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71909f2cdf0b7f22021-12-20 15:53:28.186root 11241100x8000000000000000752726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c41879ac654c0482021-12-20 15:53:28.186root 11241100x8000000000000000752727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218e178c33da41fd2021-12-20 15:53:28.186root 11241100x8000000000000000752728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab205cffca4a9422021-12-20 15:53:28.186root 11241100x8000000000000000752729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28146a20bbc920982021-12-20 15:53:28.186root 11241100x8000000000000000752730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd8cfbd3f5dcf5d2021-12-20 15:53:28.186root 11241100x8000000000000000752731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9826601f6b0d8d442021-12-20 15:53:28.186root 11241100x8000000000000000752732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f22fb57d045b9e62021-12-20 15:53:28.186root 11241100x8000000000000000752733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c1feb821db59a32021-12-20 15:53:28.186root 11241100x8000000000000000752734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a442edcdce845b2021-12-20 15:53:28.186root 11241100x8000000000000000752735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b4a9d8f98ebd0c2021-12-20 15:53:28.187root 11241100x8000000000000000752736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cc6607dff208a22021-12-20 15:53:28.187root 11241100x8000000000000000752737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd0a93a2fb636cd2021-12-20 15:53:28.188root 11241100x8000000000000000752738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30da345442a29b52021-12-20 15:53:28.188root 11241100x8000000000000000752739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96a0e8f7a8b6fbb2021-12-20 15:53:28.188root 11241100x8000000000000000752740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac37f00de7605362021-12-20 15:53:28.188root 11241100x8000000000000000752741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750c104e41b17a1e2021-12-20 15:53:28.675root 11241100x8000000000000000752742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f837e4ee6d79ca502021-12-20 15:53:28.675root 11241100x8000000000000000752743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dd96a3c5be779d2021-12-20 15:53:28.675root 11241100x8000000000000000752744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1b381c7e93624f2021-12-20 15:53:28.675root 11241100x8000000000000000752745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2270a5684d5c6ba2021-12-20 15:53:28.675root 11241100x8000000000000000752746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f4d164c880684f2021-12-20 15:53:28.675root 11241100x8000000000000000752747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9912d91715a63f7b2021-12-20 15:53:28.675root 11241100x8000000000000000752748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0db58f8f49d57c2021-12-20 15:53:28.675root 11241100x8000000000000000752749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd54b7960798a0ba2021-12-20 15:53:28.675root 11241100x8000000000000000752750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859629e2a09b5e022021-12-20 15:53:28.676root 11241100x8000000000000000752751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd0f67768066c2a2021-12-20 15:53:28.676root 11241100x8000000000000000752752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975787537a01a6342021-12-20 15:53:28.676root 11241100x8000000000000000752753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593ba2cb5d7a486e2021-12-20 15:53:28.676root 11241100x8000000000000000752754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571290584cb0cb702021-12-20 15:53:28.676root 11241100x8000000000000000752755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0036ae6bff72032021-12-20 15:53:28.676root 11241100x8000000000000000752756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499d046c389f3022021-12-20 15:53:28.676root 11241100x8000000000000000752757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6d1d5aee82f0142021-12-20 15:53:28.676root 11241100x8000000000000000752758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1312b11fbbda46062021-12-20 15:53:28.676root 11241100x8000000000000000752759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6f279cd57470ed2021-12-20 15:53:28.676root 11241100x8000000000000000752760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee39279ce25f7952021-12-20 15:53:28.676root 11241100x8000000000000000752761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb357affe00d11592021-12-20 15:53:28.676root 11241100x8000000000000000752762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d969e1e3ac109232021-12-20 15:53:28.676root 11241100x8000000000000000752763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5125fdb262f5226a2021-12-20 15:53:28.676root 11241100x8000000000000000752764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706a330b39534aa02021-12-20 15:53:28.676root 11241100x8000000000000000752765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a660946bd38f5252021-12-20 15:53:28.676root 11241100x8000000000000000752766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de05de47b08336f52021-12-20 15:53:28.677root 11241100x8000000000000000752767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a257eaa48ec5b4bd2021-12-20 15:53:28.677root 11241100x8000000000000000752768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f82417b32bcc5fe2021-12-20 15:53:28.677root 11241100x8000000000000000752769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb24bf96b6818a52021-12-20 15:53:28.677root 11241100x8000000000000000752770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2073660089c490f2021-12-20 15:53:29.175root 11241100x8000000000000000752771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7806e5a530b576c92021-12-20 15:53:29.175root 11241100x8000000000000000752772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800cdce2f286ad1b2021-12-20 15:53:29.175root 11241100x8000000000000000752773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6aff639b4abc112021-12-20 15:53:29.176root 11241100x8000000000000000752774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9e592d5da5095b2021-12-20 15:53:29.176root 11241100x8000000000000000752775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bade9e06dec424122021-12-20 15:53:29.176root 11241100x8000000000000000752776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b151a4c811137c82021-12-20 15:53:29.176root 11241100x8000000000000000752777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f8ab65371b974f2021-12-20 15:53:29.176root 11241100x8000000000000000752778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67fa988528133b72021-12-20 15:53:29.176root 11241100x8000000000000000752779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778149f9ead75e912021-12-20 15:53:29.176root 11241100x8000000000000000752780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec860189e22854e2021-12-20 15:53:29.176root 11241100x8000000000000000752781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5ab5021f72b4be2021-12-20 15:53:29.176root 11241100x8000000000000000752782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b91ee9a7a9b11dd2021-12-20 15:53:29.176root 11241100x8000000000000000752783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfe4d997e371df92021-12-20 15:53:29.176root 11241100x8000000000000000752784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b4d2b269655cb32021-12-20 15:53:29.176root 11241100x8000000000000000752785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f88a6254c3d5222021-12-20 15:53:29.176root 11241100x8000000000000000752786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b5aef4ffe53bc52021-12-20 15:53:29.176root 11241100x8000000000000000752787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f6e22235006a662021-12-20 15:53:29.177root 11241100x8000000000000000752788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68749dd1c599ab02021-12-20 15:53:29.178root 11241100x8000000000000000752789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3808af83a13f08482021-12-20 15:53:29.178root 11241100x8000000000000000752790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689860c77dc22c1f2021-12-20 15:53:29.178root 11241100x8000000000000000752791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b59fdc2fb3b1f62021-12-20 15:53:29.178root 11241100x8000000000000000752792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0abb6a08b0d8ac2021-12-20 15:53:29.178root 11241100x8000000000000000752793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591acd93ec246a972021-12-20 15:53:29.178root 11241100x8000000000000000752794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff70eb3fd4ec8ed2021-12-20 15:53:29.178root 11241100x8000000000000000752795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9c92bb9af00de42021-12-20 15:53:29.178root 11241100x8000000000000000752796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499faf171cd456b2021-12-20 15:53:29.178root 11241100x8000000000000000752797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c71b225dffd7262021-12-20 15:53:29.178root 11241100x8000000000000000752798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d909a196ea1bf31b2021-12-20 15:53:29.178root 11241100x8000000000000000752799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.312{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/.#stateD2aW2s2021-12-20 15:53:29.312systemd-network 534500x8000000000000000752800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.312{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkdsystemd-network 11241100x8000000000000000752801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.312{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/links/.#2jlUN7c2021-12-20 15:53:29.312systemd-network 11241100x8000000000000000752802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.312{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/leases/.#2X0aGcX2021-12-20 15:53:29.312systemd-network 11241100x8000000000000000752803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/.#stateX8oChH2021-12-20 15:53:29.313systemd-network 11241100x8000000000000000752804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/links/.#2t7szmr2021-12-20 15:53:29.313systemd-network 11241100x8000000000000000752805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67b0-61c0-90b5-5a4155560000}664/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/leases/.#2XJZwrb2021-12-20 15:53:29.313systemd-network 354300x8000000000000000752806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67ae-61c0-7096-73f97d550000}538/lib/systemd/systemd-timesyncdsystemd-timesyncudptruefalse10.0.1.25-53064-false169.254.169.123-123- 11241100x8000000000000000752807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#resolv.confmJSoOJ2021-12-20 15:53:29.313systemd-resolve 11241100x8000000000000000752808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.313{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#stub-resolv.confY1CpTt2021-12-20 15:53:29.313systemd-resolve 11241100x8000000000000000752809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.314{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#resolv.confyCYzYd2021-12-20 15:53:29.314systemd-resolve 11241100x8000000000000000752810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.314{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#stub-resolv.confuIDK3X2021-12-20 15:53:29.314systemd-resolve 11241100x8000000000000000752811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1919bfcdee28fc2021-12-20 15:53:29.676root 11241100x8000000000000000752812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f24807baa959552021-12-20 15:53:29.676root 11241100x8000000000000000752813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9586ed41bd64052021-12-20 15:53:29.676root 11241100x8000000000000000752814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acf678684b7da182021-12-20 15:53:29.676root 11241100x8000000000000000752815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6116b31bfcf277b2021-12-20 15:53:29.676root 11241100x8000000000000000752816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589cfcdcb5683ea92021-12-20 15:53:29.676root 11241100x8000000000000000752817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b94593a280607c2021-12-20 15:53:29.676root 11241100x8000000000000000752818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb59341664faba322021-12-20 15:53:29.676root 11241100x8000000000000000752819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cd30aa6cdcd7012021-12-20 15:53:29.676root 11241100x8000000000000000752820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f708ebba08533d712021-12-20 15:53:29.676root 11241100x8000000000000000752821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfeb2c917d52c672021-12-20 15:53:29.676root 11241100x8000000000000000752822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27403862dd3f39372021-12-20 15:53:29.676root 11241100x8000000000000000752823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198c69b61694440d2021-12-20 15:53:29.677root 11241100x8000000000000000752824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0c3611cd97b28f2021-12-20 15:53:29.677root 11241100x8000000000000000752825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58a1c9a97b458d72021-12-20 15:53:29.677root 11241100x8000000000000000752826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabfa563214d02e22021-12-20 15:53:29.677root 11241100x8000000000000000752827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a854c3b956690632021-12-20 15:53:29.677root 11241100x8000000000000000752828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a9b9ce712eb0732021-12-20 15:53:29.677root 11241100x8000000000000000752829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cc2b9a63298e3c2021-12-20 15:53:29.677root 11241100x8000000000000000752830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3add83e3357d3e2021-12-20 15:53:29.677root 11241100x8000000000000000752831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff6696a829e529b2021-12-20 15:53:29.677root 11241100x8000000000000000752832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c64ece06ff34832021-12-20 15:53:29.677root 11241100x8000000000000000752833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550682b35ae5b4032021-12-20 15:53:29.677root 11241100x8000000000000000752834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f968a8c481224862021-12-20 15:53:29.677root 11241100x8000000000000000752835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdbac86f0dad1622021-12-20 15:53:29.677root 11241100x8000000000000000752836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb6c8bf83db6a8e2021-12-20 15:53:29.677root 11241100x8000000000000000752837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e463afdc95e0a22021-12-20 15:53:29.678root 11241100x8000000000000000752838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3939208b9391f87c2021-12-20 15:53:29.678root 11241100x8000000000000000752839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def80024600ec3e82021-12-20 15:53:29.678root 11241100x8000000000000000752840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56895414ce0fb2d2021-12-20 15:53:29.678root 11241100x8000000000000000752841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af2930ac3672b1d2021-12-20 15:53:29.678root 11241100x8000000000000000752842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee9adafe17122ae2021-12-20 15:53:29.678root 11241100x8000000000000000752843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd654f106887fd112021-12-20 15:53:29.678root 11241100x8000000000000000752844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05385c43507e44182021-12-20 15:53:29.678root 11241100x8000000000000000752845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e732da393a72afb2021-12-20 15:53:29.678root 11241100x8000000000000000752846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a202a82b902c2792021-12-20 15:53:29.679root 11241100x8000000000000000752847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dcc77d30fefcd32021-12-20 15:53:29.679root 11241100x8000000000000000752848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74228aab4cf6769a2021-12-20 15:53:29.679root 11241100x8000000000000000752849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952d9d13f0fa59de2021-12-20 15:53:29.679root 11241100x8000000000000000752850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1837d314ec57512021-12-20 15:53:29.679root 11241100x8000000000000000752851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee650f5c5cd449e2021-12-20 15:53:29.679root 11241100x8000000000000000752852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e66ce168c8cf912021-12-20 15:53:30.175root 11241100x8000000000000000752853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c178cfab3f089f2021-12-20 15:53:30.176root 11241100x8000000000000000752854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4551a837df07782021-12-20 15:53:30.176root 11241100x8000000000000000752855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe0e3f8f2fad9892021-12-20 15:53:30.176root 11241100x8000000000000000752856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c1d6d6476465d2021-12-20 15:53:30.176root 11241100x8000000000000000752857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39074e913b7e583c2021-12-20 15:53:30.176root 11241100x8000000000000000752858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e84b2785f132aa2021-12-20 15:53:30.176root 11241100x8000000000000000752859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67425de757c2bb5b2021-12-20 15:53:30.176root 11241100x8000000000000000752860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3c07885fab69d2021-12-20 15:53:30.176root 11241100x8000000000000000752861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1c62fd65f327ca2021-12-20 15:53:30.176root 11241100x8000000000000000752862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f47f231fdc6bc6e2021-12-20 15:53:30.176root 11241100x8000000000000000752863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c994cc13b9b918ff2021-12-20 15:53:30.176root 11241100x8000000000000000752864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b8fa2a4603ba762021-12-20 15:53:30.176root 11241100x8000000000000000752865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50ea7667b3795252021-12-20 15:53:30.176root 11241100x8000000000000000752866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2817b18d3809bc2021-12-20 15:53:30.176root 11241100x8000000000000000752867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0a8c18bbd924162021-12-20 15:53:30.176root 11241100x8000000000000000752868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186f6a3fa70399832021-12-20 15:53:30.177root 11241100x8000000000000000752869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cad7734ba721f012021-12-20 15:53:30.177root 11241100x8000000000000000752870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6822f008968e8a8c2021-12-20 15:53:30.177root 11241100x8000000000000000752871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfea85131bb817e2021-12-20 15:53:30.177root 11241100x8000000000000000752872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7570c87d84c802b2021-12-20 15:53:30.177root 11241100x8000000000000000752873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb29e907c131d6b2021-12-20 15:53:30.177root 11241100x8000000000000000752874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca608d2b7e7a0c12021-12-20 15:53:30.177root 11241100x8000000000000000752875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e215563b836bf0e2021-12-20 15:53:30.177root 11241100x8000000000000000752876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7d5f220d0b02632021-12-20 15:53:30.177root 11241100x8000000000000000752877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce646d2e10e9b3d2021-12-20 15:53:30.178root 11241100x8000000000000000752878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af6bbf5c5f5a1252021-12-20 15:53:30.178root 11241100x8000000000000000752879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8edbc6ab83886e42021-12-20 15:53:30.178root 11241100x8000000000000000752880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e24bf823aea8d92021-12-20 15:53:30.178root 11241100x8000000000000000752881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669a385545aa60802021-12-20 15:53:30.178root 11241100x8000000000000000752882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f53a0a42b07a172021-12-20 15:53:30.178root 11241100x8000000000000000752883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd1ba5860a5e14a2021-12-20 15:53:30.178root 11241100x8000000000000000752884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4cde073a3526112021-12-20 15:53:30.178root 11241100x8000000000000000752885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12987ac5ae46990c2021-12-20 15:53:30.178root 11241100x8000000000000000752886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1364b551c0c36512021-12-20 15:53:30.178root 11241100x8000000000000000752887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a745afb8102524762021-12-20 15:53:30.178root 11241100x8000000000000000752888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f249622e96e54ae2021-12-20 15:53:30.178root 11241100x8000000000000000752889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bf97fe6a530ec32021-12-20 15:53:30.178root 11241100x8000000000000000752890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa610763a4e343b92021-12-20 15:53:30.178root 11241100x8000000000000000752891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca97fa26422b6462021-12-20 15:53:30.178root 11241100x8000000000000000752892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7027d51f4fd3d32021-12-20 15:53:30.179root 11241100x8000000000000000752893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bca988af6bb55792021-12-20 15:53:30.675root 11241100x8000000000000000752894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e0f13519b1aa5d2021-12-20 15:53:30.676root 11241100x8000000000000000752895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1867dbf15755cdb2021-12-20 15:53:30.676root 11241100x8000000000000000752896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87624ee3275ed8e2021-12-20 15:53:30.676root 11241100x8000000000000000752897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb98055b366a42f92021-12-20 15:53:30.676root 11241100x8000000000000000752898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3311e85899ce28d2021-12-20 15:53:30.676root 11241100x8000000000000000752899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c4855cca03ef242021-12-20 15:53:30.676root 11241100x8000000000000000752900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c200e1bdfc5e552021-12-20 15:53:30.676root 11241100x8000000000000000752901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45da90d65825d2222021-12-20 15:53:30.676root 11241100x8000000000000000752902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0940183e25ffbc82021-12-20 15:53:30.676root 11241100x8000000000000000752903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87390a41da25b38e2021-12-20 15:53:30.676root 11241100x8000000000000000752904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8af1c60859222842021-12-20 15:53:30.676root 11241100x8000000000000000752905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a9c30190cfc9962021-12-20 15:53:30.677root 11241100x8000000000000000752906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa29fcd4a949bd82021-12-20 15:53:30.677root 11241100x8000000000000000752907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d60200608aeabe92021-12-20 15:53:30.677root 11241100x8000000000000000752908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bd6e7a86912d3c2021-12-20 15:53:30.677root 11241100x8000000000000000752909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a724214d63ae7b2021-12-20 15:53:30.677root 11241100x8000000000000000752910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dba7c5e5ce05db2021-12-20 15:53:30.677root 11241100x8000000000000000752911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfed3a37393d0a92021-12-20 15:53:30.677root 11241100x8000000000000000752912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c1a90178abaf612021-12-20 15:53:30.677root 11241100x8000000000000000752913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1c17c5369cb9a42021-12-20 15:53:30.677root 11241100x8000000000000000752914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb69159cdb0e1c7b2021-12-20 15:53:30.677root 11241100x8000000000000000752915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44d1d4bc690898a2021-12-20 15:53:30.677root 11241100x8000000000000000752916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee9f77fbb60475e2021-12-20 15:53:30.678root 11241100x8000000000000000752917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af3a10a50099c362021-12-20 15:53:30.678root 11241100x8000000000000000752918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfccd25bfafb04b62021-12-20 15:53:30.678root 11241100x8000000000000000752919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9666abf26868982e2021-12-20 15:53:30.678root 11241100x8000000000000000752920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9caedf0bafd25d2021-12-20 15:53:30.678root 11241100x8000000000000000752921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cf9cb5f49c36172021-12-20 15:53:30.678root 11241100x8000000000000000752922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21da806bdd3500602021-12-20 15:53:30.678root 11241100x8000000000000000752923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d35fb27bf2102d32021-12-20 15:53:30.678root 11241100x8000000000000000752924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7598289b5fea8ea32021-12-20 15:53:30.678root 11241100x8000000000000000752925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f607c57c78bd4fe52021-12-20 15:53:30.678root 11241100x8000000000000000752926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ede0fd140ac8c62021-12-20 15:53:30.678root 11241100x8000000000000000752927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee4c722aad2555c2021-12-20 15:53:30.678root 11241100x8000000000000000752928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a063ce9f4358363b2021-12-20 15:53:30.679root 11241100x8000000000000000752929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b2fd17344ce7e82021-12-20 15:53:30.679root 11241100x8000000000000000752930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5261b7b015d8fa12021-12-20 15:53:30.679root 11241100x8000000000000000752931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43524ad79eea3aa2021-12-20 15:53:30.679root 11241100x8000000000000000752932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2f257fffcd07db2021-12-20 15:53:30.679root 11241100x8000000000000000752933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908b5ddef0b700812021-12-20 15:53:30.679root 11241100x8000000000000000752934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c92a7c155538b12021-12-20 15:53:31.175root 11241100x8000000000000000752935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c47be7de9517642021-12-20 15:53:31.175root 11241100x8000000000000000752936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d72682791aa6d12021-12-20 15:53:31.176root 11241100x8000000000000000752937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d54a0be294a2bef2021-12-20 15:53:31.176root 11241100x8000000000000000752938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f245e13bdfc2422021-12-20 15:53:31.176root 11241100x8000000000000000752939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf21ad3593bec1ba2021-12-20 15:53:31.176root 11241100x8000000000000000752940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16e63108fbc45fe2021-12-20 15:53:31.176root 11241100x8000000000000000752941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0098cf8d6da395eb2021-12-20 15:53:31.176root 11241100x8000000000000000752942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bafde0aeb078bc2021-12-20 15:53:31.176root 11241100x8000000000000000752943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb426ad720ea12c2021-12-20 15:53:31.176root 11241100x8000000000000000752944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ce732f51cb20782021-12-20 15:53:31.176root 11241100x8000000000000000752945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8e65e29c11ac2d2021-12-20 15:53:31.176root 11241100x8000000000000000752946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cac9772c4a2a3f72021-12-20 15:53:31.176root 11241100x8000000000000000752947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04611827db968c242021-12-20 15:53:31.176root 11241100x8000000000000000752948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c200cbf95ff1168c2021-12-20 15:53:31.176root 11241100x8000000000000000752949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6f9353d0267882021-12-20 15:53:31.176root 11241100x8000000000000000752950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5b6ac2df6016972021-12-20 15:53:31.176root 11241100x8000000000000000752951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8471089ea22566842021-12-20 15:53:31.176root 11241100x8000000000000000752952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbf4781375c6a2e2021-12-20 15:53:31.177root 11241100x8000000000000000752953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8c010fc986971b2021-12-20 15:53:31.177root 11241100x8000000000000000752954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319830e194ca62942021-12-20 15:53:31.177root 11241100x8000000000000000752955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645c3808d06121562021-12-20 15:53:31.177root 11241100x8000000000000000752956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef8a497710d418a2021-12-20 15:53:31.177root 11241100x8000000000000000752957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b74961634478d3c2021-12-20 15:53:31.177root 11241100x8000000000000000752958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d055a81149f1fc72021-12-20 15:53:31.177root 11241100x8000000000000000752959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f30158a896021f12021-12-20 15:53:31.177root 11241100x8000000000000000752960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1ac93785e60cc12021-12-20 15:53:31.177root 11241100x8000000000000000752961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb41b9f6d51990452021-12-20 15:53:31.177root 11241100x8000000000000000752962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15cbf0550b20af62021-12-20 15:53:31.177root 11241100x8000000000000000752963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46803f8d4f2451202021-12-20 15:53:31.177root 11241100x8000000000000000752964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0514935d78db4b82021-12-20 15:53:31.177root 11241100x8000000000000000752965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b4f43f50db46fc2021-12-20 15:53:31.177root 11241100x8000000000000000752966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf0a73f7554119f2021-12-20 15:53:31.177root 11241100x8000000000000000752967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea964346b544c592021-12-20 15:53:31.177root 11241100x8000000000000000752968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d6d6b16e0b54bc2021-12-20 15:53:31.178root 11241100x8000000000000000752969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21f2da7533a09362021-12-20 15:53:31.178root 11241100x8000000000000000752970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eb367534d1f8e92021-12-20 15:53:31.178root 11241100x8000000000000000752971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c09e090accba612021-12-20 15:53:31.178root 11241100x8000000000000000752972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcdcd93767853202021-12-20 15:53:31.178root 11241100x8000000000000000752973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cee3ef2a37b4ef2021-12-20 15:53:31.178root 11241100x8000000000000000752974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d5efbad8b107772021-12-20 15:53:31.178root 11241100x8000000000000000752975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1f995c09427e562021-12-20 15:53:31.674root 11241100x8000000000000000752976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c50113f96d01a392021-12-20 15:53:31.674root 11241100x8000000000000000752977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd3c7632ce13cb62021-12-20 15:53:31.674root 11241100x8000000000000000752978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8237c3aad19a982021-12-20 15:53:31.674root 11241100x8000000000000000752979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a9fc463739c1ec2021-12-20 15:53:31.674root 11241100x8000000000000000752980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b28cb3539248dc52021-12-20 15:53:31.674root 11241100x8000000000000000752981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651aeebe6812c2f62021-12-20 15:53:31.674root 11241100x8000000000000000752982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f8b027e6275c862021-12-20 15:53:31.674root 11241100x8000000000000000752983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325055d54d0a55ad2021-12-20 15:53:31.674root 11241100x8000000000000000752984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf27b649b28431b2021-12-20 15:53:31.675root 11241100x8000000000000000752985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510b612ad80584ef2021-12-20 15:53:31.675root 11241100x8000000000000000752986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4692fb30cdcc3532021-12-20 15:53:31.675root 11241100x8000000000000000752987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d21d7edda610022021-12-20 15:53:31.675root 11241100x8000000000000000752988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6845a21b524d482021-12-20 15:53:31.675root 11241100x8000000000000000752989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36011646e33f4732021-12-20 15:53:31.675root 11241100x8000000000000000752990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa028bad0a3d1522021-12-20 15:53:31.675root 11241100x8000000000000000752991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32eebd260813ee6e2021-12-20 15:53:31.675root 11241100x8000000000000000752992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d62b96155ba8c512021-12-20 15:53:31.675root 11241100x8000000000000000752993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c37103bccfa5902021-12-20 15:53:31.675root 11241100x8000000000000000752994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3726007bb2037c222021-12-20 15:53:31.676root 11241100x8000000000000000752995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c90eeddeb062f312021-12-20 15:53:31.676root 11241100x8000000000000000752996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9109874d4a78ad252021-12-20 15:53:31.676root 11241100x8000000000000000752997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb5ddf2d5712f002021-12-20 15:53:31.676root 11241100x8000000000000000752998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e92e2f321204352021-12-20 15:53:31.676root 11241100x8000000000000000752999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f37c917a5bfb9ea2021-12-20 15:53:31.676root 11241100x8000000000000000753000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c95d9ed25ce2032021-12-20 15:53:31.676root 11241100x8000000000000000753001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef62cb88e8385102021-12-20 15:53:31.676root 11241100x8000000000000000753002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704b66248d15e0bc2021-12-20 15:53:31.676root 11241100x8000000000000000753003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7966028b431f2c2021-12-20 15:53:31.677root 11241100x8000000000000000753004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae4a4f272a174ae2021-12-20 15:53:31.677root 11241100x8000000000000000753005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf47deaf7c0f92762021-12-20 15:53:31.677root 11241100x8000000000000000753006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5bc51ca6f700e72021-12-20 15:53:31.677root 11241100x8000000000000000753007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af9653bb5e580072021-12-20 15:53:31.677root 11241100x8000000000000000753008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3618ab5d3e21152021-12-20 15:53:31.678root 11241100x8000000000000000753009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce83cbe97d40c002021-12-20 15:53:31.678root 11241100x8000000000000000753010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2854507dc2bb5b72021-12-20 15:53:31.678root 11241100x8000000000000000753011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa155d3a17b8ba892021-12-20 15:53:31.678root 11241100x8000000000000000753012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829d419f0d84ce502021-12-20 15:53:31.678root 11241100x8000000000000000753013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef85b177baa509882021-12-20 15:53:31.678root 11241100x8000000000000000753014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a72352bcfb945d02021-12-20 15:53:31.678root 11241100x8000000000000000753015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6de53fbe5870af2021-12-20 15:53:31.678root 11241100x8000000000000000753016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d90ea2b1f307032021-12-20 15:53:31.678root 11241100x8000000000000000753017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b85c33c78b04802021-12-20 15:53:31.678root 11241100x8000000000000000753018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ab35958cc128e82021-12-20 15:53:31.679root 11241100x8000000000000000753019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3eba224ca4ab7002021-12-20 15:53:31.679root 11241100x8000000000000000753020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f3ab5c06935a302021-12-20 15:53:31.679root 11241100x8000000000000000753021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997e9852810265362021-12-20 15:53:31.679root 11241100x8000000000000000753022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a6e8d4789888342021-12-20 15:53:31.679root 11241100x8000000000000000753023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f63838e500a60222021-12-20 15:53:31.679root 11241100x8000000000000000753024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d70fc232caa41142021-12-20 15:53:31.679root 11241100x8000000000000000753025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5604644eb14dd8e2021-12-20 15:53:31.679root 11241100x8000000000000000753026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14406d94dc9920b22021-12-20 15:53:31.679root 11241100x8000000000000000753027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1ea3f8237858c82021-12-20 15:53:31.679root 11241100x8000000000000000753028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29817d7bfdc818492021-12-20 15:53:31.679root 11241100x8000000000000000753029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a933ebe799574ba72021-12-20 15:53:31.679root 11241100x8000000000000000753030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a39ff6eeba17ca2021-12-20 15:53:31.679root 11241100x8000000000000000753031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fde281f8a265a782021-12-20 15:53:31.680root 11241100x8000000000000000753032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a182c72bffa99e52021-12-20 15:53:31.680root 11241100x8000000000000000753033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3d67a8a8e63dcf2021-12-20 15:53:31.680root 11241100x8000000000000000753034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:31.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bbb480eea5eb902021-12-20 15:53:31.680root 11241100x8000000000000000753035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509a21cd7c484acd2021-12-20 15:53:32.174root 11241100x8000000000000000753036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82fe043d5167fe32021-12-20 15:53:32.174root 11241100x8000000000000000753037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9551db77af7ceb72021-12-20 15:53:32.174root 11241100x8000000000000000753038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e9609b86286b212021-12-20 15:53:32.174root 11241100x8000000000000000753039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d72625afbfb25b2021-12-20 15:53:32.174root 11241100x8000000000000000753040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af14eab19473db9c2021-12-20 15:53:32.174root 11241100x8000000000000000753041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f31a6b56054d432021-12-20 15:53:32.174root 11241100x8000000000000000753042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e669aeed8a4b3d962021-12-20 15:53:32.174root 11241100x8000000000000000753043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b648b47b2c7302f2021-12-20 15:53:32.174root 11241100x8000000000000000753044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32de5439181808b32021-12-20 15:53:32.174root 11241100x8000000000000000753045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc93875995a977d2021-12-20 15:53:32.174root 11241100x8000000000000000753046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bece8b9d2eb7a592021-12-20 15:53:32.175root 11241100x8000000000000000753047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffed88d3521202e2021-12-20 15:53:32.175root 11241100x8000000000000000753048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6b911607e347b32021-12-20 15:53:32.175root 11241100x8000000000000000753049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1253ee8af715b7702021-12-20 15:53:32.175root 11241100x8000000000000000753050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ff884596beaeb32021-12-20 15:53:32.175root 11241100x8000000000000000753051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0cf866f2486b932021-12-20 15:53:32.175root 11241100x8000000000000000753052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf81c350ca31b462021-12-20 15:53:32.175root 11241100x8000000000000000753053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a5a98be5b195912021-12-20 15:53:32.175root 11241100x8000000000000000753054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250fc99f65c84c3f2021-12-20 15:53:32.175root 11241100x8000000000000000753055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d6802c4e485e6d2021-12-20 15:53:32.175root 11241100x8000000000000000753056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b298a171c118ef2021-12-20 15:53:32.175root 11241100x8000000000000000753057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1166136806258b692021-12-20 15:53:32.175root 11241100x8000000000000000753058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21633f45396fa12d2021-12-20 15:53:32.175root 11241100x8000000000000000753059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95a48894045475c2021-12-20 15:53:32.175root 11241100x8000000000000000753060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16378a4392727d12021-12-20 15:53:32.175root 11241100x8000000000000000753061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e201a5571c2167e2021-12-20 15:53:32.175root 11241100x8000000000000000753062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e56569d460eb3b2021-12-20 15:53:32.175root 11241100x8000000000000000753063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113faa0d8aa27d602021-12-20 15:53:32.176root 11241100x8000000000000000753064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1420e623797025c82021-12-20 15:53:32.176root 11241100x8000000000000000753065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560a8f8f831998962021-12-20 15:53:32.176root 11241100x8000000000000000753066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87fc324b7f66eb02021-12-20 15:53:32.176root 11241100x8000000000000000753067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14563eb3650a67ec2021-12-20 15:53:32.176root 11241100x8000000000000000753068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c350fcb6ac852f322021-12-20 15:53:32.176root 11241100x8000000000000000753069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b208ab0a453040892021-12-20 15:53:32.176root 11241100x8000000000000000753070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7b6c9615735dbd2021-12-20 15:53:32.176root 11241100x8000000000000000753071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1a2a4e9b16f4e62021-12-20 15:53:32.176root 11241100x8000000000000000753072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776e7764146f016f2021-12-20 15:53:32.176root 11241100x8000000000000000753073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfddb518f14d62482021-12-20 15:53:32.176root 11241100x8000000000000000753074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48330c26e2e8268f2021-12-20 15:53:32.176root 11241100x8000000000000000753075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8733c747e819b5792021-12-20 15:53:32.176root 11241100x8000000000000000753076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690ce5cf008ae5fe2021-12-20 15:53:32.176root 11241100x8000000000000000753077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6948631a140466832021-12-20 15:53:32.177root 11241100x8000000000000000753078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f30a439c17f1112021-12-20 15:53:32.177root 11241100x8000000000000000753079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ab37afcce504622021-12-20 15:53:32.177root 11241100x8000000000000000753080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d44c760f51333d2021-12-20 15:53:32.177root 11241100x8000000000000000753081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ddf4c6746d4f432021-12-20 15:53:32.177root 11241100x8000000000000000753082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a283adc28ab7452021-12-20 15:53:32.177root 11241100x8000000000000000753083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a0ce487dded2922021-12-20 15:53:32.177root 11241100x8000000000000000753084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811521edb0e6e4702021-12-20 15:53:32.177root 11241100x8000000000000000753085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969239fb941451ae2021-12-20 15:53:32.675root 11241100x8000000000000000753086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a100e8c629d43fb92021-12-20 15:53:32.675root 11241100x8000000000000000753087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62121d7039fe5692021-12-20 15:53:32.675root 11241100x8000000000000000753088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3942c7f973c425aa2021-12-20 15:53:32.675root 11241100x8000000000000000753089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824157844557904a2021-12-20 15:53:32.675root 11241100x8000000000000000753090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fe9112e5a9c37e2021-12-20 15:53:32.675root 11241100x8000000000000000753091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa828f6f8a426faa2021-12-20 15:53:32.675root 11241100x8000000000000000753092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0747d8c0169e422c2021-12-20 15:53:32.675root 11241100x8000000000000000753093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13268d282ba02c8e2021-12-20 15:53:32.675root 11241100x8000000000000000753094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440148faf0fa76af2021-12-20 15:53:32.675root 11241100x8000000000000000753095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaf97b936e8028e2021-12-20 15:53:32.676root 11241100x8000000000000000753096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e24adefa80f15a2021-12-20 15:53:32.676root 11241100x8000000000000000753097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7452723957574b8a2021-12-20 15:53:32.676root 11241100x8000000000000000753098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036be75fa39efbea2021-12-20 15:53:32.676root 11241100x8000000000000000753099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fea7d80719bd7b2021-12-20 15:53:32.676root 11241100x8000000000000000753100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c52f871f11cba32021-12-20 15:53:32.676root 11241100x8000000000000000753101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821f791682d550c62021-12-20 15:53:32.676root 11241100x8000000000000000753102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bfcc9ca452025b2021-12-20 15:53:32.676root 11241100x8000000000000000753103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f5582c95d5ae9d2021-12-20 15:53:32.676root 11241100x8000000000000000753104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78700e92f47e4fc2021-12-20 15:53:32.677root 11241100x8000000000000000753105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4b06f2827084d82021-12-20 15:53:32.677root 11241100x8000000000000000753106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800ff79c14664f3c2021-12-20 15:53:32.677root 11241100x8000000000000000753107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96068b1480fca9572021-12-20 15:53:32.677root 11241100x8000000000000000753108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b05997cdcebbec2021-12-20 15:53:32.677root 11241100x8000000000000000753109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b978fcd13c95afe2021-12-20 15:53:32.677root 11241100x8000000000000000753110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee9a9ec4ceebea32021-12-20 15:53:32.677root 11241100x8000000000000000753111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd88d1f540f8c622021-12-20 15:53:32.677root 11241100x8000000000000000753112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aaed727e90e2f652021-12-20 15:53:32.677root 11241100x8000000000000000753113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d57f769e67274f2021-12-20 15:53:32.677root 11241100x8000000000000000753114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae597948c7db4f6c2021-12-20 15:53:32.677root 11241100x8000000000000000753115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adae89ef2d490d662021-12-20 15:53:32.677root 11241100x8000000000000000753116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8871a8b9f2422a972021-12-20 15:53:32.678root 11241100x8000000000000000753117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafdd55da904c1092021-12-20 15:53:32.678root 11241100x8000000000000000753118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6cca2bf9038dec2021-12-20 15:53:32.678root 11241100x8000000000000000753119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b76e0b25d0416382021-12-20 15:53:32.678root 11241100x8000000000000000753120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b183a147bfafac92021-12-20 15:53:32.678root 11241100x8000000000000000753121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befa15fbfc5c11f42021-12-20 15:53:32.678root 11241100x8000000000000000753122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48966255f77be702021-12-20 15:53:32.678root 11241100x8000000000000000753123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f545e3af0ab40d352021-12-20 15:53:32.678root 11241100x8000000000000000753124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8b72f58d77701f2021-12-20 15:53:32.678root 11241100x8000000000000000753125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a779d0b6c55c13fd2021-12-20 15:53:32.678root 11241100x8000000000000000753126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d075043c00ea132021-12-20 15:53:32.678root 11241100x8000000000000000753127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336ce3542bd373ef2021-12-20 15:53:32.678root 11241100x8000000000000000753128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0909fb834f75ad042021-12-20 15:53:32.678root 11241100x8000000000000000753129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7630c9b77df33892021-12-20 15:53:32.679root 11241100x8000000000000000753130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f553e94f84745b02021-12-20 15:53:32.679root 11241100x8000000000000000753131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2768a9b709f168822021-12-20 15:53:32.679root 11241100x8000000000000000753132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6adde290e813a52021-12-20 15:53:32.679root 11241100x8000000000000000753133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c120cdf35028ce2021-12-20 15:53:33.174root 11241100x8000000000000000753134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e602ec9c4a0b6d2021-12-20 15:53:33.174root 11241100x8000000000000000753135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7868fb92ce5632432021-12-20 15:53:33.174root 11241100x8000000000000000753136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2f06a3378d3cf12021-12-20 15:53:33.175root 11241100x8000000000000000753137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f66c04cb0b37eda2021-12-20 15:53:33.175root 11241100x8000000000000000753138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661b01541f6438bd2021-12-20 15:53:33.175root 11241100x8000000000000000753139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed47059f9f907812021-12-20 15:53:33.175root 11241100x8000000000000000753140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350f35a466776f632021-12-20 15:53:33.175root 11241100x8000000000000000753141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2f92d4dff1c2af2021-12-20 15:53:33.175root 11241100x8000000000000000753142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bfaaa2b3f974032021-12-20 15:53:33.175root 11241100x8000000000000000753143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef9038b325dbfbb2021-12-20 15:53:33.175root 11241100x8000000000000000753144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99ecbd859b51ee12021-12-20 15:53:33.175root 11241100x8000000000000000753145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ec78ab70ceb4962021-12-20 15:53:33.176root 11241100x8000000000000000753146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52c5f2a57ffbad12021-12-20 15:53:33.176root 11241100x8000000000000000753147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ac7e6fb86d02ab2021-12-20 15:53:33.176root 11241100x8000000000000000753148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed302060c38b94a2021-12-20 15:53:33.176root 11241100x8000000000000000753149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48a0f4cd8a1adb52021-12-20 15:53:33.176root 11241100x8000000000000000753150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c0b79eaed6c4e82021-12-20 15:53:33.176root 11241100x8000000000000000753151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b287b2c712d8d92021-12-20 15:53:33.176root 11241100x8000000000000000753152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46319b8c94cdf21d2021-12-20 15:53:33.176root 11241100x8000000000000000753153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b38b3f3d24ac3e2021-12-20 15:53:33.176root 11241100x8000000000000000753154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a8223fb36d49382021-12-20 15:53:33.176root 11241100x8000000000000000753155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49a57630da602af2021-12-20 15:53:33.177root 11241100x8000000000000000753156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7879277616384d2021-12-20 15:53:33.177root 11241100x8000000000000000753157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c35e6ea6e2f1f742021-12-20 15:53:33.177root 11241100x8000000000000000753158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a3d564f0e743f42021-12-20 15:53:33.177root 11241100x8000000000000000753159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d6f459721799a12021-12-20 15:53:33.177root 11241100x8000000000000000753160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662e2442f29371d02021-12-20 15:53:33.177root 11241100x8000000000000000753161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0962522b25f105a2021-12-20 15:53:33.177root 11241100x8000000000000000753162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad49d0b5360e44d32021-12-20 15:53:33.178root 11241100x8000000000000000753163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5a34448b62f5f22021-12-20 15:53:33.178root 11241100x8000000000000000753164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc27503b1a9abe02021-12-20 15:53:33.178root 11241100x8000000000000000753165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9509ec1f7e671982021-12-20 15:53:33.178root 11241100x8000000000000000753166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad1bcffd71196da2021-12-20 15:53:33.178root 11241100x8000000000000000753167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fd173c37d9f2012021-12-20 15:53:33.178root 11241100x8000000000000000753168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab65358d86756e62021-12-20 15:53:33.178root 11241100x8000000000000000753169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ece71b0645fa8c2021-12-20 15:53:33.178root 11241100x8000000000000000753170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d62e691379ecfe2021-12-20 15:53:33.178root 11241100x8000000000000000753171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1bd32f933db8032021-12-20 15:53:33.178root 11241100x8000000000000000753172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8c81cdabc42b582021-12-20 15:53:33.179root 11241100x8000000000000000753173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0805281c2427a72021-12-20 15:53:33.179root 11241100x8000000000000000753174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4500eabcec15903d2021-12-20 15:53:33.179root 11241100x8000000000000000753175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94a7b28acf663742021-12-20 15:53:33.179root 11241100x8000000000000000753176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8899eca62f02102c2021-12-20 15:53:33.179root 11241100x8000000000000000753177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaafb3773b0359e2021-12-20 15:53:33.179root 11241100x8000000000000000753178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcfcd53e0c7fa932021-12-20 15:53:33.179root 11241100x8000000000000000753179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b786da2a7898492021-12-20 15:53:33.179root 11241100x8000000000000000753180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57da2876c4d9ddf72021-12-20 15:53:33.179root 11241100x8000000000000000753181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926d045b4f3263e62021-12-20 15:53:33.179root 11241100x8000000000000000753182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73c2684487851082021-12-20 15:53:33.180root 11241100x8000000000000000753183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2e69c24116d7a32021-12-20 15:53:33.180root 11241100x8000000000000000753184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d94937718481172021-12-20 15:53:33.180root 11241100x8000000000000000753185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b92f15f4bae8b32021-12-20 15:53:33.674root 11241100x8000000000000000753186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bbab7e91b276132021-12-20 15:53:33.674root 11241100x8000000000000000753187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bce72d8318d91772021-12-20 15:53:33.674root 11241100x8000000000000000753188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081e952445fc357f2021-12-20 15:53:33.674root 11241100x8000000000000000753189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7698c91639b1a1b2021-12-20 15:53:33.674root 11241100x8000000000000000753190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2202354cd5e7d882021-12-20 15:53:33.674root 11241100x8000000000000000753191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad2136d109620202021-12-20 15:53:33.674root 11241100x8000000000000000753192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7580689c904b1c2021-12-20 15:53:33.674root 11241100x8000000000000000753193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ca6898b9b8a2e92021-12-20 15:53:33.675root 11241100x8000000000000000753194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8608e365f2aae4802021-12-20 15:53:33.675root 11241100x8000000000000000753195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d789ebec78605482021-12-20 15:53:33.675root 11241100x8000000000000000753196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a61b71f4275ce812021-12-20 15:53:33.675root 11241100x8000000000000000753197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9388e6689502cdb42021-12-20 15:53:33.675root 11241100x8000000000000000753198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f4588b2facd7d12021-12-20 15:53:33.675root 11241100x8000000000000000753199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6b48f8fd3588b52021-12-20 15:53:33.675root 11241100x8000000000000000753200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e711449eaa469a122021-12-20 15:53:33.675root 11241100x8000000000000000753201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbe0d9fb27cdf6b2021-12-20 15:53:33.675root 11241100x8000000000000000753202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a19e2e745648112021-12-20 15:53:33.675root 11241100x8000000000000000753203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaf3e1ffa9875782021-12-20 15:53:33.676root 11241100x8000000000000000753204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2776f0a31b08bdd72021-12-20 15:53:33.676root 11241100x8000000000000000753205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cca5561ec544db22021-12-20 15:53:33.676root 11241100x8000000000000000753206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5238521dd00d7fe22021-12-20 15:53:33.676root 11241100x8000000000000000753207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770bc2001d124fa02021-12-20 15:53:33.676root 11241100x8000000000000000753208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f7df99d2a22faf2021-12-20 15:53:33.676root 11241100x8000000000000000753209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f773196d0619e6f82021-12-20 15:53:33.676root 11241100x8000000000000000753210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4521c0da4ceaac2021-12-20 15:53:33.676root 11241100x8000000000000000753211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f4369682263cef2021-12-20 15:53:33.676root 11241100x8000000000000000753212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1636266995912da62021-12-20 15:53:33.677root 11241100x8000000000000000753213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592728db44c38c52021-12-20 15:53:33.677root 11241100x8000000000000000753214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe757651bbf69f62021-12-20 15:53:33.677root 11241100x8000000000000000753215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbe0aa0500c08e02021-12-20 15:53:33.678root 11241100x8000000000000000753216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0812a9eea6cfc4622021-12-20 15:53:33.678root 11241100x8000000000000000753217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd855ab71e5c5e332021-12-20 15:53:33.679root 11241100x8000000000000000753218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fec8f750482ae1a2021-12-20 15:53:33.679root 11241100x8000000000000000753219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51afa24d0e3a2952021-12-20 15:53:33.679root 11241100x8000000000000000753220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2855fa2a4b8df52021-12-20 15:53:33.679root 11241100x8000000000000000753221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f230406238c4792021-12-20 15:53:33.679root 11241100x8000000000000000753222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8914b94f0a2a5b002021-12-20 15:53:33.679root 11241100x8000000000000000753223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42c73b053aa70e42021-12-20 15:53:33.680root 11241100x8000000000000000753224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b12e38dd1ba21e12021-12-20 15:53:33.681root 11241100x8000000000000000753225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481ef13a283718ee2021-12-20 15:53:33.681root 11241100x8000000000000000753226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23ccfe329a9ad242021-12-20 15:53:33.682root 11241100x8000000000000000753227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4804b875400c29282021-12-20 15:53:33.682root 11241100x8000000000000000753228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b318d0292adb7d2021-12-20 15:53:33.682root 11241100x8000000000000000753229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f997aa202e233ced2021-12-20 15:53:33.682root 11241100x8000000000000000753230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15c1e8f1a11d5992021-12-20 15:53:33.682root 11241100x8000000000000000753231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e6c130d1ea46782021-12-20 15:53:33.684root 11241100x8000000000000000753232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d39ed24bf0bbc8b2021-12-20 15:53:33.684root 11241100x8000000000000000753233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4fa14099de133f2021-12-20 15:53:33.684root 11241100x8000000000000000753234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51da4b848a6a16c2021-12-20 15:53:33.684root 11241100x8000000000000000753235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6bf89528baaf1b2021-12-20 15:53:33.684root 11241100x8000000000000000753236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d513bd8652b526552021-12-20 15:53:33.685root 11241100x8000000000000000753237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90aabb18316d2c62021-12-20 15:53:33.686root 11241100x8000000000000000753238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f594d5650aacce8d2021-12-20 15:53:33.686root 11241100x8000000000000000753239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6db9b0f1f96c93e2021-12-20 15:53:33.686root 11241100x8000000000000000753240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca3d4bde759b73c2021-12-20 15:53:33.686root 11241100x8000000000000000753241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34e21c250ddc9842021-12-20 15:53:33.686root 11241100x8000000000000000753242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7238a280b2a2bbf82021-12-20 15:53:33.686root 11241100x8000000000000000753243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fc299d1f0b87132021-12-20 15:53:33.686root 11241100x8000000000000000753244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31bafbe85f635362021-12-20 15:53:33.686root 11241100x8000000000000000753245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afd05a30275aaa32021-12-20 15:53:33.686root 11241100x8000000000000000753246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90f001c988c4cd52021-12-20 15:53:33.686root 11241100x8000000000000000753247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a414471ab2b4c6462021-12-20 15:53:33.686root 11241100x8000000000000000753248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b911832de8b70b2021-12-20 15:53:33.686root 11241100x8000000000000000753249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.688{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1491e2584db00012021-12-20 15:53:33.688root 11241100x8000000000000000753250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.688{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fcf188b7206bbc2021-12-20 15:53:33.688root 11241100x8000000000000000753251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.688{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4747bb59bf976c5e2021-12-20 15:53:33.688root 11241100x8000000000000000753252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d7308f4b7559792021-12-20 15:53:33.689root 11241100x8000000000000000753253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61beead9c413f5bc2021-12-20 15:53:33.689root 11241100x8000000000000000753254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604e02ded23a68fa2021-12-20 15:53:33.689root 11241100x8000000000000000753255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e959b17102cb2b992021-12-20 15:53:33.689root 11241100x8000000000000000753256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d290f51871900a622021-12-20 15:53:33.689root 11241100x8000000000000000753257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a66a7bea4facf9f2021-12-20 15:53:33.689root 11241100x8000000000000000753258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2885ea077f71a0e92021-12-20 15:53:33.689root 11241100x8000000000000000753259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a724b966c3546032021-12-20 15:53:33.689root 11241100x8000000000000000753260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.692{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2706130206f598f32021-12-20 15:53:33.692root 11241100x8000000000000000753261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.692{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94423031ea6bb1732021-12-20 15:53:33.692root 11241100x8000000000000000753262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.692{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235e61651ff3c3cd2021-12-20 15:53:33.692root 11241100x8000000000000000753263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.692{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6743fec0c6426a52021-12-20 15:53:33.692root 11241100x8000000000000000753264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.693{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fb2ef1f23738822021-12-20 15:53:33.693root 11241100x8000000000000000753265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:33.693{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9662e0f684d483962021-12-20 15:53:33.693root 354300x8000000000000000753266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.037{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51334-false10.0.1.12-8000- 11241100x8000000000000000753267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f73f201abf1fd622021-12-20 15:53:34.038root 11241100x8000000000000000753268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6147527d13686552021-12-20 15:53:34.038root 11241100x8000000000000000753269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda499c675a5d9b82021-12-20 15:53:34.038root 11241100x8000000000000000753270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b2b0fff6249b232021-12-20 15:53:34.038root 11241100x8000000000000000753271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcf8a748eaf07472021-12-20 15:53:34.038root 11241100x8000000000000000753272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eae1e4e4732eeeb2021-12-20 15:53:34.038root 11241100x8000000000000000753273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97e52b28c9189232021-12-20 15:53:34.039root 11241100x8000000000000000753274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5863c2b83947e442021-12-20 15:53:34.039root 11241100x8000000000000000753275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be7078f317c415d2021-12-20 15:53:34.039root 11241100x8000000000000000753276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba4d5cc042d1df62021-12-20 15:53:34.039root 11241100x8000000000000000753277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d491a364122b5c2021-12-20 15:53:34.039root 11241100x8000000000000000753278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26b2a583f3027222021-12-20 15:53:34.039root 11241100x8000000000000000753279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71b203169dc7b1f2021-12-20 15:53:34.039root 11241100x8000000000000000753280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88791d0e65b5d14b2021-12-20 15:53:34.039root 11241100x8000000000000000753281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b53f4414ceb26492021-12-20 15:53:34.039root 11241100x8000000000000000753282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d27797bd802aadd2021-12-20 15:53:34.039root 11241100x8000000000000000753283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a91b421bc5f1cf02021-12-20 15:53:34.039root 11241100x8000000000000000753284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d29db40197794f2021-12-20 15:53:34.039root 11241100x8000000000000000753285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf49ece234a0e7862021-12-20 15:53:34.039root 11241100x8000000000000000753286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094fdeb944b2f81b2021-12-20 15:53:34.039root 11241100x8000000000000000753287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc6598e027662c22021-12-20 15:53:34.039root 11241100x8000000000000000753288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.040{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cd645505b8b7d82021-12-20 15:53:34.040root 11241100x8000000000000000753289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c857c93afaa37422021-12-20 15:53:34.041root 11241100x8000000000000000753290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1468c30f50cd4b72021-12-20 15:53:34.041root 11241100x8000000000000000753291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7dfa06e91e4ef62021-12-20 15:53:34.041root 11241100x8000000000000000753292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2eef0a05f81a9f62021-12-20 15:53:34.041root 11241100x8000000000000000753293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e65260c2aa4b5d2021-12-20 15:53:34.041root 11241100x8000000000000000753294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed712e0f8437f7dc2021-12-20 15:53:34.041root 11241100x8000000000000000753295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95678158bed0bb422021-12-20 15:53:34.041root 11241100x8000000000000000753296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5d2bb9ab7818542021-12-20 15:53:34.041root 11241100x8000000000000000753297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eab68346ad3329a2021-12-20 15:53:34.041root 11241100x8000000000000000753298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3422e4d12a05fc2021-12-20 15:53:34.041root 11241100x8000000000000000753299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561087a86dd096982021-12-20 15:53:34.041root 11241100x8000000000000000753300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6737ead93157d3422021-12-20 15:53:34.041root 11241100x8000000000000000753301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ecf4d5d3f92b712021-12-20 15:53:34.041root 11241100x8000000000000000753302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47622899257aa1db2021-12-20 15:53:34.042root 11241100x8000000000000000753303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de79d06a94a6b1d12021-12-20 15:53:34.042root 11241100x8000000000000000753304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931b2e08fd52aed32021-12-20 15:53:34.042root 11241100x8000000000000000753305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a9b96372fccda62021-12-20 15:53:34.042root 11241100x8000000000000000753306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea073c4284fc0ddb2021-12-20 15:53:34.042root 11241100x8000000000000000753307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb21efcc1749f5d82021-12-20 15:53:34.042root 11241100x8000000000000000753308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8e32932a8cbbb62021-12-20 15:53:34.042root 11241100x8000000000000000753309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980ff48c4b76262c2021-12-20 15:53:34.042root 11241100x8000000000000000753310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08bc8e57563ab692021-12-20 15:53:34.042root 11241100x8000000000000000753311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080c24620aba1c372021-12-20 15:53:34.042root 11241100x8000000000000000753312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb0c97ad9c35dab2021-12-20 15:53:34.042root 11241100x8000000000000000753313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbea50e7a2fb8362021-12-20 15:53:34.042root 11241100x8000000000000000753314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b82291fd7341cb22021-12-20 15:53:34.043root 11241100x8000000000000000753315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5eed1421a5c0ab2021-12-20 15:53:34.043root 11241100x8000000000000000753316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f661b58c32c1bd32021-12-20 15:53:34.043root 11241100x8000000000000000753317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e3716065dbc1b62021-12-20 15:53:34.043root 11241100x8000000000000000753318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818a47da5149977c2021-12-20 15:53:34.043root 11241100x8000000000000000753319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d22e91d26405402021-12-20 15:53:34.043root 11241100x8000000000000000753320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685d3730633bf4b42021-12-20 15:53:34.043root 11241100x8000000000000000753321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d5e9d38945d8922021-12-20 15:53:34.043root 11241100x8000000000000000753322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24a2453bb7c3d082021-12-20 15:53:34.043root 11241100x8000000000000000753323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab95bd4a4c0779f32021-12-20 15:53:34.043root 11241100x8000000000000000753324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a9b723b46e19102021-12-20 15:53:34.043root 11241100x8000000000000000753325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa31792b4d9d1292021-12-20 15:53:34.043root 11241100x8000000000000000753326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c860a5135d40cf722021-12-20 15:53:34.043root 11241100x8000000000000000753327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482442966fd772312021-12-20 15:53:34.043root 11241100x8000000000000000753328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a927ce917c0a79f82021-12-20 15:53:34.044root 11241100x8000000000000000753329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc6f0d24d733b742021-12-20 15:53:34.044root 11241100x8000000000000000753330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698f25af64d0453f2021-12-20 15:53:34.044root 11241100x8000000000000000753331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5493eb93f693112021-12-20 15:53:34.044root 11241100x8000000000000000753332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1589abc531a0e7a2021-12-20 15:53:34.044root 11241100x8000000000000000753333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c622e944364435492021-12-20 15:53:34.044root 11241100x8000000000000000753334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2239f03fb2600ae2021-12-20 15:53:34.044root 11241100x8000000000000000753335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2e00d51a74f85d2021-12-20 15:53:34.044root 11241100x8000000000000000753336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f15afe26eeff8f2021-12-20 15:53:34.044root 11241100x8000000000000000753337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43f3a892430f4c72021-12-20 15:53:34.044root 11241100x8000000000000000753338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66953ee678e8f702021-12-20 15:53:34.424root 11241100x8000000000000000753339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffda87dc5d2dfa42021-12-20 15:53:34.424root 11241100x8000000000000000753340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c447f17d58e0eb2021-12-20 15:53:34.425root 11241100x8000000000000000753341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bbd8e509bb32002021-12-20 15:53:34.425root 11241100x8000000000000000753342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831e6a2ff082ce0e2021-12-20 15:53:34.425root 11241100x8000000000000000753343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60322f22d6b2e5812021-12-20 15:53:34.425root 11241100x8000000000000000753344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5111ee3fed39fce82021-12-20 15:53:34.425root 11241100x8000000000000000753345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ca1b8b5eb3b2372021-12-20 15:53:34.425root 11241100x8000000000000000753346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cdca8623fa1c1e2021-12-20 15:53:34.425root 11241100x8000000000000000753347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cce22d04d4aa9d42021-12-20 15:53:34.425root 11241100x8000000000000000753348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12477d4f5717e782021-12-20 15:53:34.425root 11241100x8000000000000000753349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ca0db47e52acc72021-12-20 15:53:34.425root 11241100x8000000000000000753350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec157c1adb9d6b9a2021-12-20 15:53:34.426root 11241100x8000000000000000753351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7b845171f6cafe2021-12-20 15:53:34.426root 11241100x8000000000000000753352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58045fe538a432802021-12-20 15:53:34.426root 11241100x8000000000000000753353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430eb1c907d54b0b2021-12-20 15:53:34.426root 11241100x8000000000000000753354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37351e48a92df7af2021-12-20 15:53:34.426root 11241100x8000000000000000753355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90007e54bb694c32021-12-20 15:53:34.426root 11241100x8000000000000000753356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091b17713b5759662021-12-20 15:53:34.426root 11241100x8000000000000000753357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7743ca039f481772021-12-20 15:53:34.426root 11241100x8000000000000000753358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11b72ef10a1d08f2021-12-20 15:53:34.427root 11241100x8000000000000000753359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d331ca925a19c5ba2021-12-20 15:53:34.427root 11241100x8000000000000000753360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34429d4a9395c0d2021-12-20 15:53:34.427root 11241100x8000000000000000753361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f9e0e560abe5042021-12-20 15:53:34.427root 11241100x8000000000000000753362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b094c61bd91840ec2021-12-20 15:53:34.427root 11241100x8000000000000000753363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966e5cae8b219c0c2021-12-20 15:53:34.427root 11241100x8000000000000000753364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20478a7b9c2ee53b2021-12-20 15:53:34.427root 11241100x8000000000000000753365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c893b835fe345ad2021-12-20 15:53:34.427root 11241100x8000000000000000753366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f09e21d973bdc12021-12-20 15:53:34.428root 11241100x8000000000000000753367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15bb05a7f4439592021-12-20 15:53:34.428root 11241100x8000000000000000753368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9122cd8215c5ca862021-12-20 15:53:34.428root 11241100x8000000000000000753369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b2b3daf957dbcf2021-12-20 15:53:34.428root 11241100x8000000000000000753370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be480038d248436c2021-12-20 15:53:34.428root 11241100x8000000000000000753371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19cfe4588924fe62021-12-20 15:53:34.428root 11241100x8000000000000000753372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389b8537a71bf0cd2021-12-20 15:53:34.428root 11241100x8000000000000000753373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9343557fa81cb912021-12-20 15:53:34.428root 11241100x8000000000000000753374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3875efe897f7c532021-12-20 15:53:34.428root 11241100x8000000000000000753375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772b523fed8749212021-12-20 15:53:34.428root 11241100x8000000000000000753376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3891b26e8af2f52021-12-20 15:53:34.428root 11241100x8000000000000000753377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ffd7f3da40d1322021-12-20 15:53:34.428root 11241100x8000000000000000753378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8936deb3f489aebd2021-12-20 15:53:34.428root 11241100x8000000000000000753379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7de29cefdc36452021-12-20 15:53:34.428root 11241100x8000000000000000753380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efb5711003b588d2021-12-20 15:53:34.428root 11241100x8000000000000000753381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5913a6e44df491b2021-12-20 15:53:34.429root 11241100x8000000000000000753382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6ca01e00f86c542021-12-20 15:53:34.429root 11241100x8000000000000000753383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf466011cd69bb432021-12-20 15:53:34.429root 11241100x8000000000000000753384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055a140bc0e84d0b2021-12-20 15:53:34.429root 11241100x8000000000000000753385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcae2a33220e6b4b2021-12-20 15:53:34.429root 11241100x8000000000000000753386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d5c99da16916502021-12-20 15:53:34.429root 11241100x8000000000000000753387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7d78a8b57df0ec2021-12-20 15:53:34.429root 11241100x8000000000000000753388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a598484caf1f0132021-12-20 15:53:34.429root 11241100x8000000000000000753389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88229b5141e1d9302021-12-20 15:53:34.429root 11241100x8000000000000000753390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a32049d449ca102021-12-20 15:53:34.430root 11241100x8000000000000000753391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e01cae0f78a7c262021-12-20 15:53:34.430root 11241100x8000000000000000753392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267f38c40e203b6b2021-12-20 15:53:34.430root 11241100x8000000000000000753393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14790748255b63132021-12-20 15:53:34.924root 11241100x8000000000000000753394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c759608041ee34d2021-12-20 15:53:34.924root 11241100x8000000000000000753395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdfa16e63015b642021-12-20 15:53:34.924root 11241100x8000000000000000753396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3537f64ac73e092021-12-20 15:53:34.924root 11241100x8000000000000000753397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0f360349da18a12021-12-20 15:53:34.925root 11241100x8000000000000000753398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da884b4e3d4d8a72021-12-20 15:53:34.925root 11241100x8000000000000000753399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef0eddc7b4f0e202021-12-20 15:53:34.925root 11241100x8000000000000000753400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444c35a8e67aa23e2021-12-20 15:53:34.925root 11241100x8000000000000000753401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659cdb8dbc23cd562021-12-20 15:53:34.925root 11241100x8000000000000000753402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb25ebbfab7d9cf2021-12-20 15:53:34.925root 11241100x8000000000000000753403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b166c054414730a82021-12-20 15:53:34.925root 11241100x8000000000000000753404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6ac32744ce98c82021-12-20 15:53:34.926root 11241100x8000000000000000753405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09929c3a78747af2021-12-20 15:53:34.926root 11241100x8000000000000000753406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf644e8e4c0772d2021-12-20 15:53:34.926root 11241100x8000000000000000753407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31047caebb83a9b2021-12-20 15:53:34.926root 11241100x8000000000000000753408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29142b85bb327e7e2021-12-20 15:53:34.926root 11241100x8000000000000000753409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d892d4eaa616a4d42021-12-20 15:53:34.926root 11241100x8000000000000000753410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62e5214c619e2082021-12-20 15:53:34.926root 11241100x8000000000000000753411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8d5caa2c8227532021-12-20 15:53:34.926root 11241100x8000000000000000753412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe81eea892cd7bc2021-12-20 15:53:34.926root 11241100x8000000000000000753413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a3a537735283172021-12-20 15:53:34.927root 11241100x8000000000000000753414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3576ff4745514702021-12-20 15:53:34.927root 11241100x8000000000000000753415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a828a69b7a089c4d2021-12-20 15:53:34.927root 11241100x8000000000000000753416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2582b2bcee7db62021-12-20 15:53:34.927root 11241100x8000000000000000753417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6861a831c53829552021-12-20 15:53:34.927root 11241100x8000000000000000753418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cd13a9b97751f42021-12-20 15:53:34.927root 11241100x8000000000000000753419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0346ce7521af3a2021-12-20 15:53:34.927root 11241100x8000000000000000753420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1298344153a662e32021-12-20 15:53:34.927root 11241100x8000000000000000753421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b702c42d34377422021-12-20 15:53:34.927root 11241100x8000000000000000753422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4464ad79674f81a42021-12-20 15:53:34.927root 11241100x8000000000000000753423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ff55a2e19b81c62021-12-20 15:53:34.927root 11241100x8000000000000000753424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ba3fd6009414ef2021-12-20 15:53:34.927root 11241100x8000000000000000753425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6240914ab34683812021-12-20 15:53:34.927root 11241100x8000000000000000753426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92b03174efa8a332021-12-20 15:53:34.927root 11241100x8000000000000000753427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab5638912501cca2021-12-20 15:53:34.927root 11241100x8000000000000000753428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504810661875e04b2021-12-20 15:53:34.927root 11241100x8000000000000000753429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b6f6429193e6112021-12-20 15:53:34.928root 11241100x8000000000000000753430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538d77b01e648f832021-12-20 15:53:34.928root 11241100x8000000000000000753431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae8fd2a84e2fc802021-12-20 15:53:34.928root 11241100x8000000000000000753432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22da681cc75575482021-12-20 15:53:34.928root 11241100x8000000000000000753433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b4b966ecfa0fab2021-12-20 15:53:34.928root 11241100x8000000000000000753434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e4b0e41a41982b2021-12-20 15:53:34.928root 11241100x8000000000000000753435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1869fcfd31b9a5372021-12-20 15:53:34.928root 11241100x8000000000000000753436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde31c14af55cd052021-12-20 15:53:34.928root 11241100x8000000000000000753437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3171ad8f0dc64a02021-12-20 15:53:34.928root 11241100x8000000000000000753438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6b4b181d93b1f72021-12-20 15:53:34.928root 11241100x8000000000000000753439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081fb8f1917364dd2021-12-20 15:53:34.928root 11241100x8000000000000000753440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351a34b975d082cf2021-12-20 15:53:34.928root 11241100x8000000000000000753441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7346be639e316e52021-12-20 15:53:34.928root 11241100x8000000000000000753442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a486bcaab534cc2021-12-20 15:53:34.928root 11241100x8000000000000000753443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd0b890cfdce2b92021-12-20 15:53:34.928root 11241100x8000000000000000753444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6631fea353a2ab2021-12-20 15:53:34.928root 11241100x8000000000000000753445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed58c8bb97d01312021-12-20 15:53:34.929root 11241100x8000000000000000753446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edc1a90fd3d0bf42021-12-20 15:53:34.930root 11241100x8000000000000000753447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718290259632b3f72021-12-20 15:53:34.930root 11241100x8000000000000000753448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:34.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddbed109fdd96fc2021-12-20 15:53:34.930root 11241100x8000000000000000753449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1bb81f0739b5b42021-12-20 15:53:35.424root 11241100x8000000000000000753450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da16424411990d22021-12-20 15:53:35.424root 11241100x8000000000000000753451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0319d600718d052021-12-20 15:53:35.424root 11241100x8000000000000000753452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bde9ec2d66acdc32021-12-20 15:53:35.425root 11241100x8000000000000000753453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02519ee7f7657d542021-12-20 15:53:35.425root 11241100x8000000000000000753454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef0a58f8e378b582021-12-20 15:53:35.425root 11241100x8000000000000000753455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8522c5690fda4a22021-12-20 15:53:35.425root 11241100x8000000000000000753456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a950bb59e735ff2021-12-20 15:53:35.425root 11241100x8000000000000000753457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248c01228092d30b2021-12-20 15:53:35.425root 11241100x8000000000000000753458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1cc3d64a4c13d42021-12-20 15:53:35.426root 11241100x8000000000000000753459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561642f0b2bf5d1a2021-12-20 15:53:35.426root 11241100x8000000000000000753460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fbd074c5cc14c42021-12-20 15:53:35.426root 11241100x8000000000000000753461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2511624de3cedc912021-12-20 15:53:35.426root 11241100x8000000000000000753462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b947177cc9d21f2021-12-20 15:53:35.427root 11241100x8000000000000000753463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9e85a2ee1bb7252021-12-20 15:53:35.427root 11241100x8000000000000000753464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46ba19d5534ba862021-12-20 15:53:35.427root 11241100x8000000000000000753465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14510bbfe1240b02021-12-20 15:53:35.427root 11241100x8000000000000000753466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a95968dd79e14b2021-12-20 15:53:35.428root 11241100x8000000000000000753467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7867587f6a822c0a2021-12-20 15:53:35.428root 11241100x8000000000000000753468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81189078136629c2021-12-20 15:53:35.428root 11241100x8000000000000000753469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828fef5d71ecbb562021-12-20 15:53:35.428root 11241100x8000000000000000753470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574482c5d1a649fb2021-12-20 15:53:35.429root 11241100x8000000000000000753471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd693cdd015fb692021-12-20 15:53:35.429root 11241100x8000000000000000753472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be262c530484fed12021-12-20 15:53:35.429root 11241100x8000000000000000753473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7d8db06ea1d5b62021-12-20 15:53:35.429root 11241100x8000000000000000753474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac93b7f52417c372021-12-20 15:53:35.430root 11241100x8000000000000000753475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f528a522230e35412021-12-20 15:53:35.430root 11241100x8000000000000000753476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5085df54cfd48c5c2021-12-20 15:53:35.430root 11241100x8000000000000000753477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd8df0a555b27d62021-12-20 15:53:35.430root 11241100x8000000000000000753478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04e26bdd6e9e7742021-12-20 15:53:35.430root 11241100x8000000000000000753479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28acc4ba3b781eb2021-12-20 15:53:35.431root 11241100x8000000000000000753480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe160eb242cc6d02021-12-20 15:53:35.431root 11241100x8000000000000000753481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f289011913cf5ebb2021-12-20 15:53:35.431root 11241100x8000000000000000753482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0fb98369111a0c2021-12-20 15:53:35.431root 11241100x8000000000000000753483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6845c4daaa7c4a912021-12-20 15:53:35.431root 11241100x8000000000000000753484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744d84200219d19c2021-12-20 15:53:35.432root 11241100x8000000000000000753485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eade6ae53363dd142021-12-20 15:53:35.432root 11241100x8000000000000000753486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41eea8eca2ba21d12021-12-20 15:53:35.432root 11241100x8000000000000000753487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914a9fd5afd5fd6a2021-12-20 15:53:35.433root 11241100x8000000000000000753488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f604cd1c6f749a2021-12-20 15:53:35.433root 11241100x8000000000000000753489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc280105beb7b0172021-12-20 15:53:35.433root 11241100x8000000000000000753490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c7fa81e32ce3832021-12-20 15:53:35.433root 11241100x8000000000000000753491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2254837693789e2021-12-20 15:53:35.433root 11241100x8000000000000000753492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5377a19073c61f2021-12-20 15:53:35.433root 11241100x8000000000000000753493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95b6f9b61a568472021-12-20 15:53:35.433root 11241100x8000000000000000753494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd9c2dc72e0743a2021-12-20 15:53:35.434root 11241100x8000000000000000753495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8a70409e41d68e2021-12-20 15:53:35.434root 11241100x8000000000000000753496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1f84e415e5768d2021-12-20 15:53:35.434root 11241100x8000000000000000753497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d40b5dde33531102021-12-20 15:53:35.434root 11241100x8000000000000000753498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5445f2d8fceb13da2021-12-20 15:53:35.435root 11241100x8000000000000000753499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29de5019e7344e132021-12-20 15:53:35.435root 11241100x8000000000000000753500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5fd29536cedad52021-12-20 15:53:35.435root 11241100x8000000000000000753501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafbb46b018965e62021-12-20 15:53:35.435root 11241100x8000000000000000753502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6817415beaf3b6d92021-12-20 15:53:35.435root 11241100x8000000000000000753503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7254896b853e3f692021-12-20 15:53:35.924root 11241100x8000000000000000753504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49395f91d42c643d2021-12-20 15:53:35.924root 11241100x8000000000000000753505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5e00f2441343c62021-12-20 15:53:35.925root 11241100x8000000000000000753506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589b43225869b93b2021-12-20 15:53:35.925root 11241100x8000000000000000753507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e2933366ea47c52021-12-20 15:53:35.925root 11241100x8000000000000000753508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6868ea830e98e0692021-12-20 15:53:35.925root 11241100x8000000000000000753509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30c19f317235c672021-12-20 15:53:35.926root 11241100x8000000000000000753510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2905063720051c8e2021-12-20 15:53:35.926root 11241100x8000000000000000753511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77b5c701905588f2021-12-20 15:53:35.926root 11241100x8000000000000000753512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e121805b4584da672021-12-20 15:53:35.926root 11241100x8000000000000000753513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43291274e5896db82021-12-20 15:53:35.926root 11241100x8000000000000000753514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ef12fafa24b6dc2021-12-20 15:53:35.927root 11241100x8000000000000000753515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6b55c8a9f5557a2021-12-20 15:53:35.927root 11241100x8000000000000000753516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60eb2e652dc6c8252021-12-20 15:53:35.927root 11241100x8000000000000000753517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45095dd533eac7b62021-12-20 15:53:35.927root 11241100x8000000000000000753518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c10dbeed3c52782021-12-20 15:53:35.927root 11241100x8000000000000000753519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1352aaf382d65c2021-12-20 15:53:35.927root 11241100x8000000000000000753520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246dbc34228d435b2021-12-20 15:53:35.927root 11241100x8000000000000000753521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9214a332d9eb3fc92021-12-20 15:53:35.927root 11241100x8000000000000000753522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80451aa116a309a2021-12-20 15:53:35.928root 11241100x8000000000000000753523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1cf38d0b2a33382021-12-20 15:53:35.928root 11241100x8000000000000000753524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7af5bfc9c6f4efa2021-12-20 15:53:35.928root 11241100x8000000000000000753525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1b229a930983892021-12-20 15:53:35.928root 11241100x8000000000000000753526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ae1eaa303f31462021-12-20 15:53:35.928root 11241100x8000000000000000753527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81379c61d6da2d842021-12-20 15:53:35.928root 11241100x8000000000000000753528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e007ea361bd3bb42021-12-20 15:53:35.928root 11241100x8000000000000000753529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422dafc80dfdba6e2021-12-20 15:53:35.928root 11241100x8000000000000000753530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0006fca7a231bc172021-12-20 15:53:35.928root 11241100x8000000000000000753531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbe20f888a044f32021-12-20 15:53:35.928root 11241100x8000000000000000753532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d6b9d7250504d52021-12-20 15:53:35.928root 11241100x8000000000000000753533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01af95e987fc1242021-12-20 15:53:35.929root 11241100x8000000000000000753534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce5914e9b8be0a92021-12-20 15:53:35.929root 11241100x8000000000000000753535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa2a2e39fee41ae2021-12-20 15:53:35.929root 11241100x8000000000000000753536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32ab5c0bbecf5f32021-12-20 15:53:35.929root 11241100x8000000000000000753537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5641f574c1af79b12021-12-20 15:53:35.929root 11241100x8000000000000000753538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b89886305f37b782021-12-20 15:53:35.929root 11241100x8000000000000000753539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d263b5bba5d31a2021-12-20 15:53:35.930root 11241100x8000000000000000753540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d639ba608b131f642021-12-20 15:53:35.930root 11241100x8000000000000000753541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520402ad30b527e02021-12-20 15:53:35.930root 11241100x8000000000000000753542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2390e450bff643ff2021-12-20 15:53:35.930root 11241100x8000000000000000753543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dcc08c59bab6542021-12-20 15:53:35.930root 11241100x8000000000000000753544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462ad26b49f5dcf52021-12-20 15:53:35.930root 11241100x8000000000000000753545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bca38a0658bedb2021-12-20 15:53:35.930root 11241100x8000000000000000753546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b36c624489c73152021-12-20 15:53:35.930root 11241100x8000000000000000753547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04371681f128acd2021-12-20 15:53:35.931root 11241100x8000000000000000753548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797d75196264194d2021-12-20 15:53:35.931root 11241100x8000000000000000753549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa70d6f51b50ac42021-12-20 15:53:35.931root 11241100x8000000000000000753550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4a99a05577babf2021-12-20 15:53:35.931root 11241100x8000000000000000753551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.070{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:53:36.070root 11241100x8000000000000000753552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bc3661e48310982021-12-20 15:53:36.424root 11241100x8000000000000000753553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58867c7247f832612021-12-20 15:53:36.424root 11241100x8000000000000000753554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4289f6a450b5182b2021-12-20 15:53:36.424root 11241100x8000000000000000753555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bc9068ff1fa0ba2021-12-20 15:53:36.424root 11241100x8000000000000000753556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da38c198c96848f2021-12-20 15:53:36.425root 11241100x8000000000000000753557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22ece2553c46d8f2021-12-20 15:53:36.425root 11241100x8000000000000000753558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec155dd05d2892372021-12-20 15:53:36.425root 11241100x8000000000000000753559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d43fbfc62cec8c52021-12-20 15:53:36.425root 11241100x8000000000000000753560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc535a290f65199e2021-12-20 15:53:36.425root 11241100x8000000000000000753561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a02acc37a265a592021-12-20 15:53:36.425root 11241100x8000000000000000753562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af17a7b953f9cd42021-12-20 15:53:36.425root 11241100x8000000000000000753563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79633379d8b679c42021-12-20 15:53:36.425root 11241100x8000000000000000753564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fa1b2200c0f3cc2021-12-20 15:53:36.425root 11241100x8000000000000000753565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6f4ee42f03e3022021-12-20 15:53:36.425root 11241100x8000000000000000753566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da0961db4f164972021-12-20 15:53:36.425root 11241100x8000000000000000753567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203ab9323ab4568f2021-12-20 15:53:36.425root 11241100x8000000000000000753568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ee5e54634da6002021-12-20 15:53:36.426root 11241100x8000000000000000753569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d431e22b082b8e12021-12-20 15:53:36.426root 11241100x8000000000000000753570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9b41bcba5e06d92021-12-20 15:53:36.426root 11241100x8000000000000000753571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fa49ffe3b3428d2021-12-20 15:53:36.426root 11241100x8000000000000000753572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56f0b02363c8abb2021-12-20 15:53:36.426root 11241100x8000000000000000753573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c74c611197e905b2021-12-20 15:53:36.426root 11241100x8000000000000000753574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49c6b2ecda685a82021-12-20 15:53:36.426root 11241100x8000000000000000753575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf25614c87ed55022021-12-20 15:53:36.426root 11241100x8000000000000000753576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c99cf060006e7e2021-12-20 15:53:36.426root 11241100x8000000000000000753577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25ebc32b3e8da482021-12-20 15:53:36.426root 11241100x8000000000000000753578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38400048e3d9160a2021-12-20 15:53:36.426root 11241100x8000000000000000753579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd0ba521b34efa92021-12-20 15:53:36.426root 11241100x8000000000000000753580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed04fa89d8071812021-12-20 15:53:36.426root 11241100x8000000000000000753581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b55cc8074ec37e2021-12-20 15:53:36.426root 11241100x8000000000000000753582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68faf4e7fdba1ea62021-12-20 15:53:36.426root 11241100x8000000000000000753583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118d5756652b096f2021-12-20 15:53:36.426root 11241100x8000000000000000753584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba980525ae0a0562021-12-20 15:53:36.427root 11241100x8000000000000000753585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ec67d8a8c85af72021-12-20 15:53:36.427root 11241100x8000000000000000753586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a0a93a723131e82021-12-20 15:53:36.427root 11241100x8000000000000000753587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7190bb7a7ca0fe72021-12-20 15:53:36.427root 11241100x8000000000000000753588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbb67e1b01397642021-12-20 15:53:36.427root 11241100x8000000000000000753589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c1785bda264d6a2021-12-20 15:53:36.427root 11241100x8000000000000000753590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a8d6262d2662682021-12-20 15:53:36.427root 11241100x8000000000000000753591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994fee01a9238a422021-12-20 15:53:36.427root 11241100x8000000000000000753592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ecaa10be967a582021-12-20 15:53:36.427root 11241100x8000000000000000753593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b47e02b69860e942021-12-20 15:53:36.427root 11241100x8000000000000000753594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5c0d7248f7dec62021-12-20 15:53:36.427root 11241100x8000000000000000753595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8f8756a74e97252021-12-20 15:53:36.427root 11241100x8000000000000000753596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f9ed19e0a87e512021-12-20 15:53:36.427root 11241100x8000000000000000753597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7769b770eb8730b22021-12-20 15:53:36.427root 11241100x8000000000000000753598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3044c267c8d959d32021-12-20 15:53:36.427root 11241100x8000000000000000753599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b945033889a8282021-12-20 15:53:36.427root 11241100x8000000000000000753600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f0d6fb7cf31c4c2021-12-20 15:53:36.428root 11241100x8000000000000000753601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb411a6e951a13ff2021-12-20 15:53:36.428root 11241100x8000000000000000753602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1b4e131494525f2021-12-20 15:53:36.429root 11241100x8000000000000000753603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94afd186e8cf21472021-12-20 15:53:36.429root 11241100x8000000000000000753604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f8340a8ef9bc942021-12-20 15:53:36.429root 11241100x8000000000000000753605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8b5f0dda16a15e2021-12-20 15:53:36.429root 11241100x8000000000000000753606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b618cac55f2b74872021-12-20 15:53:36.429root 11241100x8000000000000000753607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c801b2b16ec63ab2021-12-20 15:53:36.429root 11241100x8000000000000000753608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63628ff1c38d054b2021-12-20 15:53:36.429root 11241100x8000000000000000753609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44b425c901da2a02021-12-20 15:53:36.429root 11241100x8000000000000000753610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c52a02e3a9183b2021-12-20 15:53:36.429root 11241100x8000000000000000753611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076958ef4092dca52021-12-20 15:53:36.429root 11241100x8000000000000000753612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b51ad16d5738732021-12-20 15:53:36.429root 11241100x8000000000000000753613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a9b480446912af2021-12-20 15:53:36.924root 11241100x8000000000000000753614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285eda471d23a39d2021-12-20 15:53:36.924root 11241100x8000000000000000753615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839b3e867826d54c2021-12-20 15:53:36.924root 11241100x8000000000000000753616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e21f489a76db6b2021-12-20 15:53:36.924root 11241100x8000000000000000753617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226765804ccf372b2021-12-20 15:53:36.925root 11241100x8000000000000000753618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcff604d59ca8a032021-12-20 15:53:36.925root 11241100x8000000000000000753619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2db8ee93829935f2021-12-20 15:53:36.925root 11241100x8000000000000000753620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad5572f8c51f5352021-12-20 15:53:36.925root 11241100x8000000000000000753621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deae95d5c5d2fafd2021-12-20 15:53:36.925root 11241100x8000000000000000753622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17ef9c51eb710dd2021-12-20 15:53:36.926root 11241100x8000000000000000753623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028a81fb520bbe9a2021-12-20 15:53:36.926root 11241100x8000000000000000753624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba8c4cbccae9c942021-12-20 15:53:36.926root 11241100x8000000000000000753625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e3a951bf19ee6b2021-12-20 15:53:36.926root 11241100x8000000000000000753626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bd563eef640a672021-12-20 15:53:36.926root 11241100x8000000000000000753627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2568771f3aadee152021-12-20 15:53:36.926root 11241100x8000000000000000753628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91296f615c1cd2a62021-12-20 15:53:36.926root 11241100x8000000000000000753629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818f90f92ff32d4a2021-12-20 15:53:36.927root 11241100x8000000000000000753630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9780b6a4669e502021-12-20 15:53:36.927root 11241100x8000000000000000753631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5293ec043754cc2d2021-12-20 15:53:36.927root 11241100x8000000000000000753632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be632dea535ca802021-12-20 15:53:36.928root 11241100x8000000000000000753633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23cb5bbf25fcb8c2021-12-20 15:53:36.928root 11241100x8000000000000000753634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e116eed3ef947f4a2021-12-20 15:53:36.928root 11241100x8000000000000000753635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688a934f6c64dc1f2021-12-20 15:53:36.928root 11241100x8000000000000000753636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbce092ae54b88b2021-12-20 15:53:36.928root 11241100x8000000000000000753637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e2a672c052d0ff2021-12-20 15:53:36.928root 11241100x8000000000000000753638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e201fe19fa05fba22021-12-20 15:53:36.928root 11241100x8000000000000000753639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e96d5b07716d562021-12-20 15:53:36.928root 11241100x8000000000000000753640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d474040747b4402021-12-20 15:53:36.930root 11241100x8000000000000000753641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1785cca17e4dceb72021-12-20 15:53:36.930root 11241100x8000000000000000753642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961134614f01164f2021-12-20 15:53:36.930root 11241100x8000000000000000753643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dea5e59d214db292021-12-20 15:53:36.930root 11241100x8000000000000000753644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf5a454283339482021-12-20 15:53:36.930root 11241100x8000000000000000753645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a148cbb5a1bee52021-12-20 15:53:36.930root 11241100x8000000000000000753646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4304a27abc17370e2021-12-20 15:53:36.930root 11241100x8000000000000000753647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da1fe1cf83e8e8a2021-12-20 15:53:36.930root 11241100x8000000000000000753648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dbcb3a2542cbad2021-12-20 15:53:36.930root 11241100x8000000000000000753649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bebc371f3605972021-12-20 15:53:36.931root 11241100x8000000000000000753650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5965e21a623dc2e2021-12-20 15:53:36.931root 11241100x8000000000000000753651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fc421e254d14e72021-12-20 15:53:36.931root 11241100x8000000000000000753652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bb805df60c728e2021-12-20 15:53:36.931root 11241100x8000000000000000753653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c182b4e3ea08e952021-12-20 15:53:36.931root 11241100x8000000000000000753654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935177dc16478b4e2021-12-20 15:53:36.931root 11241100x8000000000000000753655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a91895781765172021-12-20 15:53:36.931root 11241100x8000000000000000753656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407bd9aaeafecb812021-12-20 15:53:36.932root 11241100x8000000000000000753657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61257541b2b3158b2021-12-20 15:53:36.932root 11241100x8000000000000000753658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b93161beda35a0a2021-12-20 15:53:36.932root 11241100x8000000000000000753659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3705cf707860d792021-12-20 15:53:36.932root 11241100x8000000000000000753660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143a1472b4f9f94c2021-12-20 15:53:36.932root 11241100x8000000000000000753661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed78f2f57653d1702021-12-20 15:53:36.933root 11241100x8000000000000000753662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e22c01a9b2afe292021-12-20 15:53:36.933root 11241100x8000000000000000753663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d063b1150ee4482021-12-20 15:53:36.933root 11241100x8000000000000000753664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477abdb0cfe793312021-12-20 15:53:36.934root 11241100x8000000000000000753665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2085baa90ebd6e2021-12-20 15:53:36.934root 11241100x8000000000000000753666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6415b56c4013942021-12-20 15:53:36.934root 11241100x8000000000000000753667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddcfb3442a62cd22021-12-20 15:53:36.934root 11241100x8000000000000000753668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a44d465aba0f3932021-12-20 15:53:36.934root 11241100x8000000000000000753669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c895c35542e8e52021-12-20 15:53:36.934root 11241100x8000000000000000753670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430716d35aa8b1482021-12-20 15:53:36.934root 11241100x8000000000000000753671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4901d5ba7591e1ee2021-12-20 15:53:36.934root 11241100x8000000000000000753672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab9663b525428952021-12-20 15:53:36.934root 11241100x8000000000000000753673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfe5ae680b07c102021-12-20 15:53:36.934root 11241100x8000000000000000753674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9bf195e0ae64eb2021-12-20 15:53:36.935root 11241100x8000000000000000753675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caa7821ca8c0e9d2021-12-20 15:53:36.935root 11241100x8000000000000000753676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db04c82ba14aae392021-12-20 15:53:36.935root 11241100x8000000000000000753677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24746a40c3825dee2021-12-20 15:53:36.935root 11241100x8000000000000000753678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ec05a593bb03172021-12-20 15:53:36.935root 11241100x8000000000000000753679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955bf5829e86addb2021-12-20 15:53:36.935root 11241100x8000000000000000753680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e58e5872a01a7b2021-12-20 15:53:36.935root 11241100x8000000000000000753681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f964ec1f99ff7342021-12-20 15:53:36.935root 11241100x8000000000000000753682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a4c53304f205572021-12-20 15:53:36.935root 11241100x8000000000000000753683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335be1421594add82021-12-20 15:53:36.935root 11241100x8000000000000000753684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1076e2ea753b4892021-12-20 15:53:36.935root 11241100x8000000000000000753685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377b8717320534512021-12-20 15:53:36.935root 11241100x8000000000000000753686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f735f058e3af8b532021-12-20 15:53:36.937root 11241100x8000000000000000753687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf40593f618c7242021-12-20 15:53:36.937root 11241100x8000000000000000753688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eb2e924052f6222021-12-20 15:53:36.937root 11241100x8000000000000000753689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09676ab1cb796cbb2021-12-20 15:53:36.937root 11241100x8000000000000000753690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c84da09cecf328e2021-12-20 15:53:36.937root 11241100x8000000000000000753691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e884a28de37d1a82021-12-20 15:53:36.937root 11241100x8000000000000000753692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a66f41feb0debd2021-12-20 15:53:36.937root 11241100x8000000000000000753693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46ac0ced5ddcaa82021-12-20 15:53:36.937root 11241100x8000000000000000753694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5f944656ae48f72021-12-20 15:53:36.937root 11241100x8000000000000000753695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26528e095149c67c2021-12-20 15:53:36.937root 11241100x8000000000000000753696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2d94da3542a4232021-12-20 15:53:36.937root 11241100x8000000000000000753697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec3512cbe0405992021-12-20 15:53:36.938root 11241100x8000000000000000753698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3761d5f5c1cb46382021-12-20 15:53:36.938root 11241100x8000000000000000753699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b3862af02b48ce2021-12-20 15:53:36.938root 11241100x8000000000000000753700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30db250ef881610b2021-12-20 15:53:36.938root 11241100x8000000000000000753701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cddcf439145dded2021-12-20 15:53:36.938root 11241100x8000000000000000753702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70de14f129c491432021-12-20 15:53:36.938root 11241100x8000000000000000753703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:36.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2944a5145751642021-12-20 15:53:36.938root 11241100x8000000000000000753704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c64141c79756492021-12-20 15:53:37.424root 11241100x8000000000000000753705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdd72f47f22f1472021-12-20 15:53:37.425root 11241100x8000000000000000753706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc68831dae726f42021-12-20 15:53:37.426root 11241100x8000000000000000753707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84120e0910e5578c2021-12-20 15:53:37.426root 11241100x8000000000000000753708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96c453dd76268792021-12-20 15:53:37.426root 11241100x8000000000000000753709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699979b36f5a1f432021-12-20 15:53:37.426root 11241100x8000000000000000753710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f9df8e95cc6e0f2021-12-20 15:53:37.426root 11241100x8000000000000000753711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f6029192295f592021-12-20 15:53:37.426root 11241100x8000000000000000753712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a42f7aa1b06c3e2021-12-20 15:53:37.426root 11241100x8000000000000000753713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5a8d54845461242021-12-20 15:53:37.426root 11241100x8000000000000000753714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ac139d2e4eeb742021-12-20 15:53:37.426root 11241100x8000000000000000753715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a61b84d7261cf32021-12-20 15:53:37.426root 11241100x8000000000000000753716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042a8f174de43cf02021-12-20 15:53:37.426root 11241100x8000000000000000753717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521fb868a829cedf2021-12-20 15:53:37.426root 11241100x8000000000000000753718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052865371d4576ee2021-12-20 15:53:37.426root 11241100x8000000000000000753719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28b839780a242762021-12-20 15:53:37.426root 11241100x8000000000000000753720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f6217952ff655b2021-12-20 15:53:37.426root 11241100x8000000000000000753721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294282be4060404c2021-12-20 15:53:37.427root 11241100x8000000000000000753722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8145bd88a18e2c12021-12-20 15:53:37.427root 11241100x8000000000000000753723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1515c9d5ae0abfae2021-12-20 15:53:37.427root 11241100x8000000000000000753724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6174003e9eac48262021-12-20 15:53:37.427root 11241100x8000000000000000753725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a4f5021d0208d42021-12-20 15:53:37.427root 11241100x8000000000000000753726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e77debc861333e2021-12-20 15:53:37.427root 11241100x8000000000000000753727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1efcec6f73c9fc2021-12-20 15:53:37.427root 11241100x8000000000000000753728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0226da060aed262021-12-20 15:53:37.427root 11241100x8000000000000000753729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c687798e31fe8492021-12-20 15:53:37.427root 11241100x8000000000000000753730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a366ef79a65dc8c92021-12-20 15:53:37.427root 11241100x8000000000000000753731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a965610e03395d5f2021-12-20 15:53:37.427root 11241100x8000000000000000753732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ffbdffb39927c72021-12-20 15:53:37.427root 11241100x8000000000000000753733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f085e9f98917517e2021-12-20 15:53:37.427root 11241100x8000000000000000753734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e83b20d074a7e22021-12-20 15:53:37.428root 11241100x8000000000000000753735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b643a2b39a8630202021-12-20 15:53:37.428root 11241100x8000000000000000753736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0810f019009b1dd32021-12-20 15:53:37.428root 11241100x8000000000000000753737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032fd0fd88e3c4c32021-12-20 15:53:37.428root 11241100x8000000000000000753738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cab61e0c735ba02021-12-20 15:53:37.428root 11241100x8000000000000000753739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11418889a0f97f1c2021-12-20 15:53:37.428root 11241100x8000000000000000753740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3540bfca61c5e2b12021-12-20 15:53:37.428root 11241100x8000000000000000753741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd42ec71d48a70b32021-12-20 15:53:37.428root 11241100x8000000000000000753742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01972613e7ba06902021-12-20 15:53:37.428root 11241100x8000000000000000753743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc8a604c5529f732021-12-20 15:53:37.428root 11241100x8000000000000000753744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ad7e7c19cedde82021-12-20 15:53:37.428root 11241100x8000000000000000753745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97adab057409bf8e2021-12-20 15:53:37.428root 11241100x8000000000000000753746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc18a355edc952a2021-12-20 15:53:37.429root 11241100x8000000000000000753747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff031cc36baa01a2021-12-20 15:53:37.429root 11241100x8000000000000000753748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8fd527c88d65582021-12-20 15:53:37.924root 11241100x8000000000000000753749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7e41956a1798392021-12-20 15:53:37.924root 11241100x8000000000000000753750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc718653a389df52021-12-20 15:53:37.924root 11241100x8000000000000000753751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104d41ab2cd45b432021-12-20 15:53:37.925root 11241100x8000000000000000753752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf701ffc34b25002021-12-20 15:53:37.925root 11241100x8000000000000000753753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e81d51a8e6f06c2021-12-20 15:53:37.925root 11241100x8000000000000000753754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55dceb409fec6382021-12-20 15:53:37.925root 11241100x8000000000000000753755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451eb1459b65e57f2021-12-20 15:53:37.925root 11241100x8000000000000000753756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07318eee8a48d8b2021-12-20 15:53:37.925root 11241100x8000000000000000753757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8903c3b6f060d7a2021-12-20 15:53:37.925root 11241100x8000000000000000753758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d5bf4182792ae42021-12-20 15:53:37.925root 11241100x8000000000000000753759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc06f1a59d1d8942021-12-20 15:53:37.925root 11241100x8000000000000000753760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d379601420fe3f42021-12-20 15:53:37.925root 11241100x8000000000000000753761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4423699be34839262021-12-20 15:53:37.925root 11241100x8000000000000000753762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cdecf55769ccdc2021-12-20 15:53:37.926root 11241100x8000000000000000753763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448da91f4dad8a832021-12-20 15:53:37.926root 11241100x8000000000000000753764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a7c814c5fcfe012021-12-20 15:53:37.926root 11241100x8000000000000000753765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a95c05731b747e2021-12-20 15:53:37.926root 11241100x8000000000000000753766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab55e6a5aafca1a2021-12-20 15:53:37.926root 11241100x8000000000000000753767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5508e495653676f82021-12-20 15:53:37.926root 11241100x8000000000000000753768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4f043c90086a762021-12-20 15:53:37.926root 11241100x8000000000000000753769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afe6ed069b64b042021-12-20 15:53:37.926root 11241100x8000000000000000753770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be8f62c6f21f9c02021-12-20 15:53:37.926root 11241100x8000000000000000753771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64872347de5acf62021-12-20 15:53:37.926root 11241100x8000000000000000753772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65671b80793b3aa2021-12-20 15:53:37.926root 11241100x8000000000000000753773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3be2cc5e3cb7f662021-12-20 15:53:37.927root 11241100x8000000000000000753774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9220171dd026772021-12-20 15:53:37.927root 11241100x8000000000000000753775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ef609f9fa8a4242021-12-20 15:53:37.927root 11241100x8000000000000000753776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9600c1257556a8b2021-12-20 15:53:37.927root 11241100x8000000000000000753777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ebbe6c2f83bb0f2021-12-20 15:53:37.928root 11241100x8000000000000000753778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cba8c1a4958178b2021-12-20 15:53:37.928root 11241100x8000000000000000753779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2abaeb767201652021-12-20 15:53:37.928root 11241100x8000000000000000753780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5439be33a0dc4c7c2021-12-20 15:53:37.928root 11241100x8000000000000000753781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3e3f586f257c722021-12-20 15:53:37.928root 11241100x8000000000000000753782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fa0793cbe67a272021-12-20 15:53:37.928root 11241100x8000000000000000753783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50005dc0a71363ca2021-12-20 15:53:37.928root 11241100x8000000000000000753784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d889c907b5b1e42021-12-20 15:53:37.928root 11241100x8000000000000000753785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c922c759585202a52021-12-20 15:53:37.928root 11241100x8000000000000000753786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2489de8c32edf6b12021-12-20 15:53:37.929root 11241100x8000000000000000753787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffb8df4831fdca52021-12-20 15:53:37.929root 11241100x8000000000000000753788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedcc645fa6b34902021-12-20 15:53:37.929root 11241100x8000000000000000753789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b49b271569bdfd32021-12-20 15:53:37.933root 11241100x8000000000000000753790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3272649eed4eb3062021-12-20 15:53:37.934root 11241100x8000000000000000753791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dae9dc52ec9098b2021-12-20 15:53:37.934root 11241100x8000000000000000753792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1dfc62cf388a4a2021-12-20 15:53:37.934root 11241100x8000000000000000753793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6272b7859dedcc12021-12-20 15:53:37.934root 11241100x8000000000000000753794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987ae3ecf8b7ebd52021-12-20 15:53:37.934root 11241100x8000000000000000753795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92126329d4c1adf42021-12-20 15:53:37.934root 11241100x8000000000000000753796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93bbd6d0b4a07f42021-12-20 15:53:37.934root 11241100x8000000000000000753797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851f14f43a83b3752021-12-20 15:53:37.934root 11241100x8000000000000000753798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617d87efb48c89982021-12-20 15:53:37.936root 11241100x8000000000000000753799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf26379a17075012021-12-20 15:53:37.936root 11241100x8000000000000000753800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30bad40289b3ab12021-12-20 15:53:37.936root 11241100x8000000000000000753801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba03c4b1f8606e42021-12-20 15:53:37.937root 11241100x8000000000000000753802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6de1ae23296f0412021-12-20 15:53:37.937root 11241100x8000000000000000753803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b44374a4427b3be2021-12-20 15:53:37.937root 11241100x8000000000000000753804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d26db3869522d6e2021-12-20 15:53:37.937root 11241100x8000000000000000753805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a9086d3718d43a2021-12-20 15:53:37.937root 11241100x8000000000000000753806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726e146ef928bbab2021-12-20 15:53:37.938root 11241100x8000000000000000753807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7912da673c717982021-12-20 15:53:37.938root 11241100x8000000000000000753808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7a28aa686deed52021-12-20 15:53:37.938root 11241100x8000000000000000753809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8134ae0f880e44272021-12-20 15:53:37.938root 11241100x8000000000000000753810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eb754afbcce5112021-12-20 15:53:37.938root 11241100x8000000000000000753811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c039b2773aa64c2021-12-20 15:53:37.938root 11241100x8000000000000000753812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f74941192612f152021-12-20 15:53:37.940root 11241100x8000000000000000753813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d65136f8e4f2c222021-12-20 15:53:37.940root 11241100x8000000000000000753814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54abb98cea4ed38e2021-12-20 15:53:37.940root 11241100x8000000000000000753815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9396b05de55f7a92021-12-20 15:53:37.940root 11241100x8000000000000000753816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51135d3cb7d8d2c62021-12-20 15:53:37.941root 11241100x8000000000000000753817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5169f5dce97912021-12-20 15:53:37.942root 11241100x8000000000000000753818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b58ae768b373302021-12-20 15:53:37.942root 11241100x8000000000000000753819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f13140b412faa4b2021-12-20 15:53:37.942root 11241100x8000000000000000753820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4ad2b18fe79f0c2021-12-20 15:53:37.942root 11241100x8000000000000000753821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b7800394382a7d2021-12-20 15:53:37.942root 11241100x8000000000000000753822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75e0a2acf4c73812021-12-20 15:53:37.942root 11241100x8000000000000000753823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:37.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ab8026cbe39bcb2021-12-20 15:53:37.943root 11241100x8000000000000000753824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c71ae9162f30212021-12-20 15:53:38.424root 11241100x8000000000000000753825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa22324cdcd7227f2021-12-20 15:53:38.425root 11241100x8000000000000000753826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1763eef828506f672021-12-20 15:53:38.425root 11241100x8000000000000000753827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2995fea2911f66d72021-12-20 15:53:38.425root 11241100x8000000000000000753828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c1d3939b4710562021-12-20 15:53:38.425root 11241100x8000000000000000753829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a81aa0639949d9b2021-12-20 15:53:38.425root 11241100x8000000000000000753830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694b5d48939f93902021-12-20 15:53:38.426root 11241100x8000000000000000753831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25352b31617c26162021-12-20 15:53:38.426root 11241100x8000000000000000753832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e8ac8e1d9b1b772021-12-20 15:53:38.426root 11241100x8000000000000000753833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847497c7799be7ee2021-12-20 15:53:38.426root 11241100x8000000000000000753834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f2aa26b68d10692021-12-20 15:53:38.426root 11241100x8000000000000000753835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561b0da9ad2cfb982021-12-20 15:53:38.426root 11241100x8000000000000000753836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e7e0f13711ca872021-12-20 15:53:38.427root 11241100x8000000000000000753837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da7aebd4ed6d1432021-12-20 15:53:38.427root 11241100x8000000000000000753838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0b749ddb4347582021-12-20 15:53:38.427root 11241100x8000000000000000753839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc40c6807ae816d2021-12-20 15:53:38.427root 11241100x8000000000000000753840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d173e2ab56336b2021-12-20 15:53:38.427root 11241100x8000000000000000753841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8e87902eb441202021-12-20 15:53:38.427root 11241100x8000000000000000753842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7568b6be566021e52021-12-20 15:53:38.427root 11241100x8000000000000000753843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d8403e5e6167c92021-12-20 15:53:38.428root 11241100x8000000000000000753844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347f00fc4d0a458c2021-12-20 15:53:38.428root 11241100x8000000000000000753845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e8e0cea82a4d852021-12-20 15:53:38.428root 11241100x8000000000000000753846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7276e499755021f92021-12-20 15:53:38.428root 11241100x8000000000000000753847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afb6de3047328ce2021-12-20 15:53:38.428root 11241100x8000000000000000753848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597be16d4301f2642021-12-20 15:53:38.429root 11241100x8000000000000000753849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686737c69858a80f2021-12-20 15:53:38.429root 11241100x8000000000000000753850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f880e28e477dba72021-12-20 15:53:38.429root 11241100x8000000000000000753851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9821bca9d4292b32021-12-20 15:53:38.429root 11241100x8000000000000000753852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bd3da1a13815202021-12-20 15:53:38.429root 11241100x8000000000000000753853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e997db9871c36c582021-12-20 15:53:38.430root 11241100x8000000000000000753854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdab5b6f2ba1a422021-12-20 15:53:38.430root 11241100x8000000000000000753855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a52326f03d90eb2021-12-20 15:53:38.430root 11241100x8000000000000000753856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c735188741e3fe652021-12-20 15:53:38.430root 11241100x8000000000000000753857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ced11904d1920f2021-12-20 15:53:38.430root 11241100x8000000000000000753858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3317ecac42314a72021-12-20 15:53:38.430root 11241100x8000000000000000753859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6b5807f87333942021-12-20 15:53:38.430root 11241100x8000000000000000753860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fe5bba50c4a0142021-12-20 15:53:38.430root 11241100x8000000000000000753861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a905f92ed358182021-12-20 15:53:38.430root 11241100x8000000000000000753862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bc61245da4c7e72021-12-20 15:53:38.430root 11241100x8000000000000000753863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03848b18f2f79b3b2021-12-20 15:53:38.430root 11241100x8000000000000000753864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db570448594e87032021-12-20 15:53:38.431root 11241100x8000000000000000753865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd6ec6784dcf5b32021-12-20 15:53:38.431root 11241100x8000000000000000753866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99eb2e1fdbd1071b2021-12-20 15:53:38.431root 11241100x8000000000000000753867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd743477d9454fd32021-12-20 15:53:38.431root 11241100x8000000000000000753868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e66236f8a688302021-12-20 15:53:38.431root 11241100x8000000000000000753869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d9b8026b28def2021-12-20 15:53:38.431root 11241100x8000000000000000753870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41fc8138bbabea22021-12-20 15:53:38.431root 11241100x8000000000000000753871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcc24d7423720aa2021-12-20 15:53:38.431root 11241100x8000000000000000753872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2898aaeaa99e36c92021-12-20 15:53:38.431root 11241100x8000000000000000753873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f977c339ec243c242021-12-20 15:53:38.431root 534500x8000000000000000753874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.536{00000000-0000-0000-0000-000000000000}10191<unknown process>root 11241100x8000000000000000753875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38782b60a2f2b2be2021-12-20 15:53:38.924root 11241100x8000000000000000753876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44659dfd564eacf52021-12-20 15:53:38.924root 11241100x8000000000000000753877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5d65213044f4942021-12-20 15:53:38.924root 11241100x8000000000000000753878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95541872a70203ff2021-12-20 15:53:38.924root 11241100x8000000000000000753879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76b3eadd61d1d052021-12-20 15:53:38.925root 11241100x8000000000000000753880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114f22960ee971ed2021-12-20 15:53:38.925root 11241100x8000000000000000753881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6521f43025f166992021-12-20 15:53:38.925root 11241100x8000000000000000753882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09977cf2992cff872021-12-20 15:53:38.925root 11241100x8000000000000000753883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819376097134a84e2021-12-20 15:53:38.925root 11241100x8000000000000000753884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367dcc4961b554992021-12-20 15:53:38.925root 11241100x8000000000000000753885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4b09ed65766f4f2021-12-20 15:53:38.925root 11241100x8000000000000000753886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e48ee978d1a29e2021-12-20 15:53:38.925root 11241100x8000000000000000753887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4342ba7c7766b132021-12-20 15:53:38.925root 11241100x8000000000000000753888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09aa73edb39b7f12021-12-20 15:53:38.925root 11241100x8000000000000000753889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b65a41d12e386332021-12-20 15:53:38.925root 11241100x8000000000000000753890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2099156951ea9db72021-12-20 15:53:38.925root 11241100x8000000000000000753891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a28c09498379eef2021-12-20 15:53:38.925root 11241100x8000000000000000753892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a692c0dbd5220b42021-12-20 15:53:38.925root 11241100x8000000000000000753893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713485231709014b2021-12-20 15:53:38.926root 11241100x8000000000000000753894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eea6f5d5f685cd2021-12-20 15:53:38.926root 11241100x8000000000000000753895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c4ee8b4be938f92021-12-20 15:53:38.926root 11241100x8000000000000000753896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0894cf735359f2b62021-12-20 15:53:38.926root 11241100x8000000000000000753897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fa7e692d5e70cf2021-12-20 15:53:38.926root 11241100x8000000000000000753898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2101a0e41dbda32021-12-20 15:53:38.926root 11241100x8000000000000000753899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e15bda38e9c3592021-12-20 15:53:38.926root 11241100x8000000000000000753900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f193932e7956482021-12-20 15:53:38.926root 11241100x8000000000000000753901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497ed65f0c9d0e032021-12-20 15:53:38.926root 11241100x8000000000000000753902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad731ec552465d02021-12-20 15:53:38.926root 11241100x8000000000000000753903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257facded31a011e2021-12-20 15:53:38.926root 11241100x8000000000000000753904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee177e6b3bbecfeb2021-12-20 15:53:38.926root 11241100x8000000000000000753905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d7aed2a74af2b22021-12-20 15:53:38.926root 11241100x8000000000000000753906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca215f37d71dc3b2021-12-20 15:53:38.926root 11241100x8000000000000000753907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc2860daafca5ae2021-12-20 15:53:38.927root 11241100x8000000000000000753908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9ca81e2fecd0d52021-12-20 15:53:38.927root 11241100x8000000000000000753909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c924492a7e89d1a2021-12-20 15:53:38.927root 11241100x8000000000000000753910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992e0ae0de79ddfc2021-12-20 15:53:38.927root 11241100x8000000000000000753911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a05114fb00ec18f2021-12-20 15:53:38.927root 11241100x8000000000000000753912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4930caa5b76d702a2021-12-20 15:53:38.927root 11241100x8000000000000000753913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7605701e07885c6d2021-12-20 15:53:38.928root 11241100x8000000000000000753914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52d9a02e79006ec2021-12-20 15:53:38.928root 11241100x8000000000000000753915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105214558a0762d62021-12-20 15:53:38.928root 11241100x8000000000000000753916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242ffb2ab03914052021-12-20 15:53:38.928root 11241100x8000000000000000753917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3eb2a39b2629982021-12-20 15:53:38.928root 11241100x8000000000000000753918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34eef71215d81a42021-12-20 15:53:38.928root 11241100x8000000000000000753919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1251dcca927a9a782021-12-20 15:53:38.928root 11241100x8000000000000000753920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f9cce60eff41512021-12-20 15:53:38.928root 11241100x8000000000000000753921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8043276ecdb1f8b2021-12-20 15:53:38.928root 11241100x8000000000000000753922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb21f89689b288a72021-12-20 15:53:38.928root 11241100x8000000000000000753923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb273c8caa2872332021-12-20 15:53:38.929root 11241100x8000000000000000753924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460d58182df24cdd2021-12-20 15:53:38.929root 11241100x8000000000000000753925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda5b29adb8e37e52021-12-20 15:53:38.929root 11241100x8000000000000000753926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ee46883dd9eaa72021-12-20 15:53:38.929root 23542300x8000000000000000753927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.072{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000753928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f69107e0f2aa302021-12-20 15:53:39.424root 11241100x8000000000000000753929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacf6a71e0b0888b2021-12-20 15:53:39.424root 11241100x8000000000000000753930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e63e84bb8fe2282021-12-20 15:53:39.424root 11241100x8000000000000000753931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a524ebfc03534feb2021-12-20 15:53:39.424root 11241100x8000000000000000753932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07cef1a0de348a02021-12-20 15:53:39.425root 11241100x8000000000000000753933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed97e2dc38cfee52021-12-20 15:53:39.425root 11241100x8000000000000000753934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9987664235d6f42021-12-20 15:53:39.425root 11241100x8000000000000000753935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330686b38583b58b2021-12-20 15:53:39.425root 11241100x8000000000000000753936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b75b7de89caf71d2021-12-20 15:53:39.425root 11241100x8000000000000000753937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d23ce643b4e67932021-12-20 15:53:39.425root 11241100x8000000000000000753938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8a4f52efbf2c152021-12-20 15:53:39.425root 11241100x8000000000000000753939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825608463fb5c54e2021-12-20 15:53:39.425root 11241100x8000000000000000753940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba293435c0fb4b42021-12-20 15:53:39.425root 11241100x8000000000000000753941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc57c9d291b69d862021-12-20 15:53:39.425root 11241100x8000000000000000753942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28304d01257d20e2021-12-20 15:53:39.425root 11241100x8000000000000000753943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efe3b1ef73a8c682021-12-20 15:53:39.426root 11241100x8000000000000000753944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6e8d2e8c5a0a142021-12-20 15:53:39.426root 11241100x8000000000000000753945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462c31a192f7b3132021-12-20 15:53:39.426root 11241100x8000000000000000753946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721da4fdf0d854d2021-12-20 15:53:39.426root 11241100x8000000000000000753947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c3d22bb39e2882021-12-20 15:53:39.426root 11241100x8000000000000000753948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a51028b9047e8242021-12-20 15:53:39.426root 11241100x8000000000000000753949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769772df333338442021-12-20 15:53:39.426root 11241100x8000000000000000753950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a32235badf2f9192021-12-20 15:53:39.426root 11241100x8000000000000000753951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329976f8daa12c4c2021-12-20 15:53:39.426root 11241100x8000000000000000753952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5ce4fd76063aff2021-12-20 15:53:39.426root 11241100x8000000000000000753953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a58dba7a4184ef32021-12-20 15:53:39.426root 11241100x8000000000000000753954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e99269be445dd2b2021-12-20 15:53:39.426root 11241100x8000000000000000753955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8766b42c473fb3532021-12-20 15:53:39.426root 11241100x8000000000000000753956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ac860de8f7ab912021-12-20 15:53:39.427root 11241100x8000000000000000753957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69674636ef066d902021-12-20 15:53:39.427root 11241100x8000000000000000753958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1e78151df30b742021-12-20 15:53:39.427root 11241100x8000000000000000753959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fac395254e39aaf2021-12-20 15:53:39.427root 11241100x8000000000000000753960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e9e05efc9e8b872021-12-20 15:53:39.427root 11241100x8000000000000000753961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362ae009964eced52021-12-20 15:53:39.427root 11241100x8000000000000000753962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8e74fdaf7721312021-12-20 15:53:39.427root 11241100x8000000000000000753963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6824aec960c29e4d2021-12-20 15:53:39.427root 11241100x8000000000000000753964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14628cb6867070f2021-12-20 15:53:39.427root 11241100x8000000000000000753965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614f42a54a0761e12021-12-20 15:53:39.427root 11241100x8000000000000000753966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b135c95c9fc899722021-12-20 15:53:39.427root 11241100x8000000000000000753967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95fd433d0b546202021-12-20 15:53:39.427root 11241100x8000000000000000753968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb6288aff4deee2021-12-20 15:53:39.428root 11241100x8000000000000000753969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d98645bf4ffde7d2021-12-20 15:53:39.428root 11241100x8000000000000000753970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b552de0df75d5752021-12-20 15:53:39.428root 11241100x8000000000000000753971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c79965b747e6a582021-12-20 15:53:39.428root 11241100x8000000000000000753972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc6c9be12987d892021-12-20 15:53:39.428root 11241100x8000000000000000753973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3eb6da40e345b592021-12-20 15:53:39.428root 11241100x8000000000000000753974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376d14cbc913538c2021-12-20 15:53:39.428root 11241100x8000000000000000753975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f4f10129b3cf012021-12-20 15:53:39.428root 11241100x8000000000000000753976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a8b5150dcc693b2021-12-20 15:53:39.428root 11241100x8000000000000000753977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395b09f32be43cab2021-12-20 15:53:39.428root 11241100x8000000000000000753978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72fcd3725313e782021-12-20 15:53:39.428root 11241100x8000000000000000753979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412d899124788f912021-12-20 15:53:39.429root 11241100x8000000000000000753980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cd96d21eccbda62021-12-20 15:53:39.429root 11241100x8000000000000000753981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c21c5a8d0fdf262021-12-20 15:53:39.429root 11241100x8000000000000000753982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989998a723eb88692021-12-20 15:53:39.429root 11241100x8000000000000000753983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79ad3aa4b321dbb2021-12-20 15:53:39.429root 11241100x8000000000000000753984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c76f2af08306d82021-12-20 15:53:39.429root 11241100x8000000000000000753985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c50697dc4c2fac2021-12-20 15:53:39.429root 11241100x8000000000000000753986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37a5ced754228c12021-12-20 15:53:39.429root 11241100x8000000000000000753987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29df3d1b77e612f32021-12-20 15:53:39.429root 11241100x8000000000000000753988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc74493c3fbb7fe2021-12-20 15:53:39.430root 11241100x8000000000000000753989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b6d62232be422d2021-12-20 15:53:39.430root 11241100x8000000000000000753990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc374b98873c7642021-12-20 15:53:39.430root 11241100x8000000000000000753991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3846f476deded3182021-12-20 15:53:39.430root 11241100x8000000000000000753992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690fe1272177b2d92021-12-20 15:53:39.430root 11241100x8000000000000000753993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936a7c6487220ae92021-12-20 15:53:39.430root 11241100x8000000000000000753994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3b2578d8094b952021-12-20 15:53:39.430root 11241100x8000000000000000753995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c57ae00298f579a2021-12-20 15:53:39.430root 11241100x8000000000000000753996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e143b56341fecba2021-12-20 15:53:39.431root 11241100x8000000000000000753997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c17243052453e42021-12-20 15:53:39.431root 11241100x8000000000000000753998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffc565085345a272021-12-20 15:53:39.431root 11241100x8000000000000000753999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68ff715e84cd7882021-12-20 15:53:39.431root 11241100x8000000000000000754000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcacc1677c1858d2021-12-20 15:53:39.431root 11241100x8000000000000000754001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97cab72a5d8d9ed2021-12-20 15:53:39.431root 11241100x8000000000000000754002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4121a14f54faf2f22021-12-20 15:53:39.431root 11241100x8000000000000000754003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0cc2abcf3228ea2021-12-20 15:53:39.431root 11241100x8000000000000000754004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4ba7623247f02c2021-12-20 15:53:39.432root 11241100x8000000000000000754005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0296fb0b502f9b732021-12-20 15:53:39.432root 11241100x8000000000000000754006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bf817173c012a92021-12-20 15:53:39.432root 11241100x8000000000000000754007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22137274aeab9d6f2021-12-20 15:53:39.432root 11241100x8000000000000000754008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97499309efe2e152021-12-20 15:53:39.433root 11241100x8000000000000000754009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d0f91d3046a4892021-12-20 15:53:39.433root 11241100x8000000000000000754010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27a32460009e8a72021-12-20 15:53:39.433root 11241100x8000000000000000754011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2de3567336394f52021-12-20 15:53:39.433root 11241100x8000000000000000754012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1d230c4b5cbb7f2021-12-20 15:53:39.433root 11241100x8000000000000000754013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b520e75ea8423a2021-12-20 15:53:39.434root 11241100x8000000000000000754014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c0b5724b1190882021-12-20 15:53:39.434root 11241100x8000000000000000754015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1468a9b67afe58b2021-12-20 15:53:39.434root 11241100x8000000000000000754016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de2240dba3102d92021-12-20 15:53:39.434root 11241100x8000000000000000754017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad33c0b08031f462021-12-20 15:53:39.435root 11241100x8000000000000000754018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ead6ee843ad75982021-12-20 15:53:39.435root 11241100x8000000000000000754019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d2bc66d65aa5c22021-12-20 15:53:39.435root 11241100x8000000000000000754020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5048ef1f4237395e2021-12-20 15:53:39.435root 11241100x8000000000000000754021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe708bd47136e2c2021-12-20 15:53:39.435root 11241100x8000000000000000754022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8b4eaf0396c17a2021-12-20 15:53:39.435root 11241100x8000000000000000754023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd751235404c6092021-12-20 15:53:39.435root 11241100x8000000000000000754024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d04ad486bca26662021-12-20 15:53:39.436root 11241100x8000000000000000754025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5afff42d5326a42021-12-20 15:53:39.436root 11241100x8000000000000000754026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb1aa23bffaa7942021-12-20 15:53:39.436root 11241100x8000000000000000754027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c4200bcacd31d52021-12-20 15:53:39.436root 11241100x8000000000000000754028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f779e0b765f2d52021-12-20 15:53:39.436root 11241100x8000000000000000754029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9979128a85f882021-12-20 15:53:39.436root 11241100x8000000000000000754030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b248497c818592b2021-12-20 15:53:39.436root 11241100x8000000000000000754031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9456184860e58242021-12-20 15:53:39.436root 11241100x8000000000000000754032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d55946f890c7fa2021-12-20 15:53:39.436root 11241100x8000000000000000754033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6c6fe682a70b842021-12-20 15:53:39.436root 11241100x8000000000000000754034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615b229a177c2d392021-12-20 15:53:39.436root 11241100x8000000000000000754035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a435f28fdbb8edd2021-12-20 15:53:39.437root 11241100x8000000000000000754036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03b3b61505a929b2021-12-20 15:53:39.437root 11241100x8000000000000000754037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a75284a3346c272021-12-20 15:53:39.437root 11241100x8000000000000000754038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779eca626af57bdb2021-12-20 15:53:39.437root 11241100x8000000000000000754039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9be4165e4ea4ff2021-12-20 15:53:39.437root 11241100x8000000000000000754040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e96409b72c228be2021-12-20 15:53:39.437root 11241100x8000000000000000754041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e7e917923316f92021-12-20 15:53:39.437root 11241100x8000000000000000754042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beab4ef79b31b1642021-12-20 15:53:39.437root 11241100x8000000000000000754043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d7038067ff84eb2021-12-20 15:53:39.437root 11241100x8000000000000000754044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1039f7d9cb2f6b02021-12-20 15:53:39.437root 11241100x8000000000000000754045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874ae07ea67d25e42021-12-20 15:53:39.437root 11241100x8000000000000000754046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e32619dc15156c2021-12-20 15:53:39.437root 11241100x8000000000000000754047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7380826d8eb1f22021-12-20 15:53:39.437root 11241100x8000000000000000754048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362a7a9df86cc41a2021-12-20 15:53:39.437root 11241100x8000000000000000754049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4c3946d665b0122021-12-20 15:53:39.437root 11241100x8000000000000000754050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b964460e477c27a72021-12-20 15:53:39.924root 11241100x8000000000000000754051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37792985a546d9f2021-12-20 15:53:39.924root 11241100x8000000000000000754052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf1d05af6d2d1ed2021-12-20 15:53:39.924root 11241100x8000000000000000754053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f9a916374e87572021-12-20 15:53:39.924root 11241100x8000000000000000754054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddb52b9521ed8022021-12-20 15:53:39.925root 11241100x8000000000000000754055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85833038a2e022022021-12-20 15:53:39.925root 11241100x8000000000000000754056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f093f4be7537e1de2021-12-20 15:53:39.925root 11241100x8000000000000000754057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194c9931997b2ea32021-12-20 15:53:39.925root 11241100x8000000000000000754058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a275dbcc3eeaadd62021-12-20 15:53:39.925root 11241100x8000000000000000754059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e4e2479e44c3642021-12-20 15:53:39.925root 11241100x8000000000000000754060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce131ecf58db9422021-12-20 15:53:39.925root 11241100x8000000000000000754061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8ef77c8d4735802021-12-20 15:53:39.925root 11241100x8000000000000000754062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dba31ae9d87def62021-12-20 15:53:39.925root 11241100x8000000000000000754063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bda6f943d617e582021-12-20 15:53:39.925root 11241100x8000000000000000754064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cf5bdc3c6c46ef2021-12-20 15:53:39.926root 11241100x8000000000000000754065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d441a55156bce72021-12-20 15:53:39.926root 11241100x8000000000000000754066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab0f71b4b2bb1312021-12-20 15:53:39.926root 11241100x8000000000000000754067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26accd0bbbf9bcd32021-12-20 15:53:39.926root 11241100x8000000000000000754068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69f8f0d98358c522021-12-20 15:53:39.926root 11241100x8000000000000000754069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9a3937b230bc112021-12-20 15:53:39.926root 11241100x8000000000000000754070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9645a145a8cdb27d2021-12-20 15:53:39.926root 11241100x8000000000000000754071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363e5a3b2112d2f02021-12-20 15:53:39.926root 11241100x8000000000000000754072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aec8c3820334c202021-12-20 15:53:39.926root 11241100x8000000000000000754073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40981a6cff394972021-12-20 15:53:39.926root 11241100x8000000000000000754074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d9df088b09ca982021-12-20 15:53:39.926root 11241100x8000000000000000754075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b8733c31747c8d2021-12-20 15:53:39.927root 11241100x8000000000000000754076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4241e0c2b0f3b7b92021-12-20 15:53:39.927root 11241100x8000000000000000754077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8142a82a0c298b42021-12-20 15:53:39.927root 11241100x8000000000000000754078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701ae67ea6add6f22021-12-20 15:53:39.927root 11241100x8000000000000000754079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d5199344610afa2021-12-20 15:53:39.927root 11241100x8000000000000000754080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5a3d15cd25d8632021-12-20 15:53:39.927root 11241100x8000000000000000754081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b288d64c52a4e832021-12-20 15:53:39.927root 11241100x8000000000000000754082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66a7269a5a520222021-12-20 15:53:39.927root 11241100x8000000000000000754083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4fd47eee3e1b702021-12-20 15:53:39.927root 11241100x8000000000000000754084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31bd9aae442ffe82021-12-20 15:53:39.927root 11241100x8000000000000000754085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e5ea3dfa0576612021-12-20 15:53:39.928root 11241100x8000000000000000754086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2717235d0ebef22021-12-20 15:53:39.928root 11241100x8000000000000000754087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac4ed8d48608bbb2021-12-20 15:53:39.928root 11241100x8000000000000000754088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0645c3d648dde9482021-12-20 15:53:39.929root 11241100x8000000000000000754089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4073777240a95212021-12-20 15:53:39.929root 11241100x8000000000000000754090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e89c84bedb3a93d2021-12-20 15:53:39.929root 11241100x8000000000000000754091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f577f396e6443cee2021-12-20 15:53:39.929root 11241100x8000000000000000754092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa887b37c02784f2021-12-20 15:53:39.929root 11241100x8000000000000000754093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922817021df9d9d92021-12-20 15:53:39.929root 11241100x8000000000000000754094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a3208d9c53abcd2021-12-20 15:53:39.929root 11241100x8000000000000000754095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bded546154e9c0a2021-12-20 15:53:39.929root 11241100x8000000000000000754096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219e4a6d24ff03562021-12-20 15:53:39.929root 11241100x8000000000000000754097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be0c0fdf62587872021-12-20 15:53:39.930root 11241100x8000000000000000754098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2347291f629f8f5f2021-12-20 15:53:39.930root 11241100x8000000000000000754099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d675af96c982f0722021-12-20 15:53:39.930root 11241100x8000000000000000754100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f399c4ca65cd2fd42021-12-20 15:53:39.930root 11241100x8000000000000000754101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3291edf33ecfcfd2021-12-20 15:53:39.930root 11241100x8000000000000000754102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0ee9a39db7cfa82021-12-20 15:53:39.930root 11241100x8000000000000000754103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2de9f7e1be0ddcd2021-12-20 15:53:39.930root 11241100x8000000000000000754104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bd39cab9e630b42021-12-20 15:53:39.931root 11241100x8000000000000000754105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44eb55ca86355f2e2021-12-20 15:53:39.931root 11241100x8000000000000000754106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813587459d1c62ee2021-12-20 15:53:39.931root 11241100x8000000000000000754107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b096cdfea33a51e2021-12-20 15:53:39.931root 11241100x8000000000000000754108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6761486b0ed8b2021-12-20 15:53:39.931root 11241100x8000000000000000754109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5dd286e386c02c2021-12-20 15:53:39.931root 11241100x8000000000000000754110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e27cebcc9281062021-12-20 15:53:39.931root 11241100x8000000000000000754111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131766e7ec8278112021-12-20 15:53:39.931root 11241100x8000000000000000754112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b97de65a257b562021-12-20 15:53:39.931root 11241100x8000000000000000754113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d661fc4a76840a2021-12-20 15:53:39.932root 11241100x8000000000000000754114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2951a4fa0fad532021-12-20 15:53:39.932root 11241100x8000000000000000754115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2636e3ee8bae97e22021-12-20 15:53:39.932root 11241100x8000000000000000754116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6811c6024f319522021-12-20 15:53:39.932root 11241100x8000000000000000754117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf736a1858981672021-12-20 15:53:39.933root 11241100x8000000000000000754118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4a371181d256fb2021-12-20 15:53:39.933root 11241100x8000000000000000754119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2d9676a4e3b9432021-12-20 15:53:39.933root 11241100x8000000000000000754120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755313e90eafd4272021-12-20 15:53:39.933root 11241100x8000000000000000754121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea91866073d14a92021-12-20 15:53:39.933root 11241100x8000000000000000754122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17e7e4c1e38edbf2021-12-20 15:53:39.934root 11241100x8000000000000000754123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d08c1c4c0ccecc2021-12-20 15:53:39.934root 11241100x8000000000000000754124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466e1d152ee993ff2021-12-20 15:53:39.934root 11241100x8000000000000000754125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd196c5898a51162021-12-20 15:53:39.934root 11241100x8000000000000000754126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f83003f9151a482021-12-20 15:53:39.934root 11241100x8000000000000000754127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f9469b9636828e2021-12-20 15:53:39.934root 11241100x8000000000000000754128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff372be7156bf2db2021-12-20 15:53:39.934root 11241100x8000000000000000754129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18cd073e4bbd3da2021-12-20 15:53:39.935root 11241100x8000000000000000754130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41935384d9480b912021-12-20 15:53:39.935root 11241100x8000000000000000754131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb91abf4749c4e72021-12-20 15:53:39.935root 11241100x8000000000000000754132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ba882ce1bb44e62021-12-20 15:53:39.935root 11241100x8000000000000000754133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1540b1c80dfbc4f2021-12-20 15:53:39.935root 11241100x8000000000000000754134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6fc680119b17ae2021-12-20 15:53:39.935root 11241100x8000000000000000754135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597cbec97e209d5a2021-12-20 15:53:39.935root 11241100x8000000000000000754136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7182a42e85779b8b2021-12-20 15:53:39.935root 11241100x8000000000000000754137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb59d65c71ea75552021-12-20 15:53:39.935root 11241100x8000000000000000754138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679a8a431068f98c2021-12-20 15:53:39.935root 11241100x8000000000000000754139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcd80a3ade66eaf2021-12-20 15:53:39.935root 11241100x8000000000000000754140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:39.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6288d345306c65542021-12-20 15:53:39.936root 354300x8000000000000000754141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.016{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51336-false10.0.1.12-8000- 11241100x8000000000000000754142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cdeb1dbccfc6882021-12-20 15:53:40.424root 11241100x8000000000000000754143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33bff9d120b8b002021-12-20 15:53:40.425root 11241100x8000000000000000754144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041ab473b75ef7b22021-12-20 15:53:40.425root 11241100x8000000000000000754145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13690a285caef332021-12-20 15:53:40.425root 11241100x8000000000000000754146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7315732b23b3b242021-12-20 15:53:40.425root 11241100x8000000000000000754147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef16044a498f88b2021-12-20 15:53:40.425root 11241100x8000000000000000754148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42158b0925b5b2c82021-12-20 15:53:40.425root 11241100x8000000000000000754149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfde5f275fcbc10c2021-12-20 15:53:40.425root 11241100x8000000000000000754150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42df2a696513b26b2021-12-20 15:53:40.425root 11241100x8000000000000000754151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab25376468455e82021-12-20 15:53:40.426root 11241100x8000000000000000754152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b8f8fa464562822021-12-20 15:53:40.426root 11241100x8000000000000000754153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd35940114332ac42021-12-20 15:53:40.426root 11241100x8000000000000000754154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485be772418158742021-12-20 15:53:40.426root 11241100x8000000000000000754155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7195e989e574c22021-12-20 15:53:40.426root 11241100x8000000000000000754156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a575fb3d3fc94e2021-12-20 15:53:40.426root 11241100x8000000000000000754157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afaa09bf6bd6e222021-12-20 15:53:40.426root 11241100x8000000000000000754158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da829e792d81d2472021-12-20 15:53:40.427root 11241100x8000000000000000754159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a25f290cd9e4492021-12-20 15:53:40.427root 11241100x8000000000000000754160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abee8d805f0466b82021-12-20 15:53:40.427root 11241100x8000000000000000754161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a237993f763a952021-12-20 15:53:40.427root 11241100x8000000000000000754162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a1ee27a6ece5362021-12-20 15:53:40.427root 11241100x8000000000000000754163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd81323b8dbafa02021-12-20 15:53:40.427root 11241100x8000000000000000754164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138f44b14ed747442021-12-20 15:53:40.427root 11241100x8000000000000000754165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790969498891f5272021-12-20 15:53:40.427root 11241100x8000000000000000754166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e3492a68c1e5d22021-12-20 15:53:40.427root 11241100x8000000000000000754167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cb6d53c5556cc32021-12-20 15:53:40.427root 11241100x8000000000000000754168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c12f24430c28bcc2021-12-20 15:53:40.427root 11241100x8000000000000000754169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bf9db129702aa72021-12-20 15:53:40.428root 11241100x8000000000000000754170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e33f4068a3731072021-12-20 15:53:40.428root 11241100x8000000000000000754171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6f279a7acd0fb62021-12-20 15:53:40.428root 11241100x8000000000000000754172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c96d861d7237f792021-12-20 15:53:40.428root 11241100x8000000000000000754173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400917e1b2e341432021-12-20 15:53:40.428root 11241100x8000000000000000754174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf2a7b60c4d865a2021-12-20 15:53:40.428root 11241100x8000000000000000754175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3be5b6b6f280e82021-12-20 15:53:40.428root 11241100x8000000000000000754176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e5e2d015f04aff2021-12-20 15:53:40.428root 11241100x8000000000000000754177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d53a7f5f4d64b692021-12-20 15:53:40.428root 11241100x8000000000000000754178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ca079ef49831aa2021-12-20 15:53:40.428root 11241100x8000000000000000754179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d901a788050bf92021-12-20 15:53:40.428root 11241100x8000000000000000754180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23a250f488e08a82021-12-20 15:53:40.429root 11241100x8000000000000000754181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d946b9ec5884aff2021-12-20 15:53:40.429root 11241100x8000000000000000754182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760be9826dccc1b32021-12-20 15:53:40.429root 11241100x8000000000000000754183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d356746b2b09e32021-12-20 15:53:40.429root 11241100x8000000000000000754184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5595f878923179812021-12-20 15:53:40.429root 11241100x8000000000000000754185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f1f93bd1a035272021-12-20 15:53:40.429root 11241100x8000000000000000754186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bca7eb14441c272021-12-20 15:53:40.429root 11241100x8000000000000000754187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940e918393abff352021-12-20 15:53:40.429root 11241100x8000000000000000754188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0e938b0570d9282021-12-20 15:53:40.429root 11241100x8000000000000000754189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0233cb69453a1ff42021-12-20 15:53:40.429root 11241100x8000000000000000754190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2515ecd09df5e20c2021-12-20 15:53:40.429root 11241100x8000000000000000754191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5df1e420d23a08a2021-12-20 15:53:40.429root 11241100x8000000000000000754192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106b436f6263b4a42021-12-20 15:53:40.430root 11241100x8000000000000000754193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b6bc7a4860a8572021-12-20 15:53:40.430root 11241100x8000000000000000754194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9561ca132816685a2021-12-20 15:53:40.430root 11241100x8000000000000000754195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f585d1ec91259e2021-12-20 15:53:40.430root 11241100x8000000000000000754196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6bb801715e92632021-12-20 15:53:40.430root 11241100x8000000000000000754197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e9a637e5f1c45e2021-12-20 15:53:40.430root 11241100x8000000000000000754198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0b12c806537da72021-12-20 15:53:40.430root 11241100x8000000000000000754199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b4d13bcfcfb32d2021-12-20 15:53:40.430root 11241100x8000000000000000754200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464f2b13ae8597c32021-12-20 15:53:40.430root 11241100x8000000000000000754201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8c2aa75d8cce882021-12-20 15:53:40.430root 11241100x8000000000000000754202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c1038e753ae3592021-12-20 15:53:40.430root 11241100x8000000000000000754203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b1375453e2f0af2021-12-20 15:53:40.431root 11241100x8000000000000000754204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74af1c1b9da451992021-12-20 15:53:40.431root 11241100x8000000000000000754205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb601d21e4edc5712021-12-20 15:53:40.431root 11241100x8000000000000000754206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fc75520742fd9f2021-12-20 15:53:40.431root 11241100x8000000000000000754207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dee4f20e304d9492021-12-20 15:53:40.431root 11241100x8000000000000000754208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b021ddf7309668712021-12-20 15:53:40.431root 11241100x8000000000000000754209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b57ba37b94596da2021-12-20 15:53:40.431root 11241100x8000000000000000754210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79504172c63af38b2021-12-20 15:53:40.431root 11241100x8000000000000000754211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7663e8ee4b6b962021-12-20 15:53:40.924root 11241100x8000000000000000754212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c406d5ca414c9092021-12-20 15:53:40.924root 11241100x8000000000000000754213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07125c4002f687b2021-12-20 15:53:40.924root 11241100x8000000000000000754214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116a1baee20162842021-12-20 15:53:40.925root 11241100x8000000000000000754215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd0e2639518688f2021-12-20 15:53:40.925root 11241100x8000000000000000754216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60666462a80cf5362021-12-20 15:53:40.925root 11241100x8000000000000000754217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662ec3fbebcbb0032021-12-20 15:53:40.925root 11241100x8000000000000000754218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e6e40eda43a1cd2021-12-20 15:53:40.925root 11241100x8000000000000000754219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869117eeb142899f2021-12-20 15:53:40.925root 11241100x8000000000000000754220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be85aa1df514e892021-12-20 15:53:40.925root 11241100x8000000000000000754221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768be853d35a77402021-12-20 15:53:40.925root 11241100x8000000000000000754222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbadb311a20cfebe2021-12-20 15:53:40.925root 11241100x8000000000000000754223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348f1892512e5e432021-12-20 15:53:40.925root 11241100x8000000000000000754224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70963042833eea332021-12-20 15:53:40.926root 11241100x8000000000000000754225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef3e6572b936cfb2021-12-20 15:53:40.926root 11241100x8000000000000000754226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d472adad9715182021-12-20 15:53:40.926root 11241100x8000000000000000754227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1141a40b1550c7a42021-12-20 15:53:40.926root 11241100x8000000000000000754228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc41030a5c70d452021-12-20 15:53:40.926root 11241100x8000000000000000754229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1382e84cf64767d62021-12-20 15:53:40.926root 11241100x8000000000000000754230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af9ff9c324d95d22021-12-20 15:53:40.926root 11241100x8000000000000000754231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6ce1a1c05bf6182021-12-20 15:53:40.926root 11241100x8000000000000000754232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57552da95d1fafb32021-12-20 15:53:40.926root 11241100x8000000000000000754233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc521f90d530e4fe2021-12-20 15:53:40.926root 11241100x8000000000000000754234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e67aca90b358f042021-12-20 15:53:40.926root 11241100x8000000000000000754235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e717bb7b983eec2021-12-20 15:53:40.926root 11241100x8000000000000000754236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33eb1a826ef2aa0e2021-12-20 15:53:40.926root 11241100x8000000000000000754237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8763d7252a14b1f52021-12-20 15:53:40.926root 11241100x8000000000000000754238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd9ff53206d16302021-12-20 15:53:40.926root 11241100x8000000000000000754239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4054d58ddca04a7e2021-12-20 15:53:40.927root 11241100x8000000000000000754240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d0aa68cf0f94632021-12-20 15:53:40.927root 11241100x8000000000000000754241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a24664179cd8d982021-12-20 15:53:40.927root 11241100x8000000000000000754242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6f81b2a4fd18a52021-12-20 15:53:40.927root 11241100x8000000000000000754243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afcddc8649eeba92021-12-20 15:53:40.927root 11241100x8000000000000000754244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa8b3bd3c3be8e12021-12-20 15:53:40.927root 11241100x8000000000000000754245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffd350ba6dae01d2021-12-20 15:53:40.927root 11241100x8000000000000000754246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2b52588bac367d2021-12-20 15:53:40.927root 11241100x8000000000000000754247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6194ba9f3e6c4302021-12-20 15:53:40.927root 11241100x8000000000000000754248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902e0fdc3a17bec82021-12-20 15:53:40.927root 11241100x8000000000000000754249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bb4880d179299c2021-12-20 15:53:40.927root 11241100x8000000000000000754250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df7656a4e42caa02021-12-20 15:53:40.927root 11241100x8000000000000000754251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3181092288119cf02021-12-20 15:53:40.928root 11241100x8000000000000000754252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de14b6a7394bf6742021-12-20 15:53:40.928root 11241100x8000000000000000754253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffa0b207bc63dd22021-12-20 15:53:40.928root 11241100x8000000000000000754254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2629e2b14f9361892021-12-20 15:53:40.929root 11241100x8000000000000000754255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98061c34d9482e6a2021-12-20 15:53:40.929root 11241100x8000000000000000754256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf230c5949495ea2021-12-20 15:53:40.929root 11241100x8000000000000000754257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517979542eb3316f2021-12-20 15:53:40.930root 11241100x8000000000000000754258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596ba5ff44a265d02021-12-20 15:53:40.930root 11241100x8000000000000000754259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d489ec67d6ea02d2021-12-20 15:53:40.931root 11241100x8000000000000000754260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6962dd34a554f72021-12-20 15:53:40.931root 11241100x8000000000000000754261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e26d6ac4fa36e82021-12-20 15:53:40.931root 11241100x8000000000000000754262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1259a347196cd4c72021-12-20 15:53:40.932root 11241100x8000000000000000754263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7bedbe8f8f2c412021-12-20 15:53:40.932root 11241100x8000000000000000754264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5bd5b8590a82912021-12-20 15:53:40.932root 11241100x8000000000000000754265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4784c358c4a433b92021-12-20 15:53:40.935root 11241100x8000000000000000754266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3130eb385cf3bf9d2021-12-20 15:53:40.935root 11241100x8000000000000000754267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f416a82cb4065bfb2021-12-20 15:53:40.935root 11241100x8000000000000000754268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6fdd95ecdebe332021-12-20 15:53:40.935root 11241100x8000000000000000754269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94981c7cdbf89e8f2021-12-20 15:53:40.935root 11241100x8000000000000000754270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4908f633150cc52021-12-20 15:53:40.935root 11241100x8000000000000000754271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7c468ba46333a42021-12-20 15:53:40.935root 11241100x8000000000000000754272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055679ff9d3e1f0a2021-12-20 15:53:40.936root 11241100x8000000000000000754273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98a2a2f5767a45d2021-12-20 15:53:40.936root 11241100x8000000000000000754274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846353dc05e475a02021-12-20 15:53:40.937root 11241100x8000000000000000754275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23da67b5bc9928682021-12-20 15:53:40.937root 11241100x8000000000000000754276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac2b375795ebbec2021-12-20 15:53:40.937root 11241100x8000000000000000754277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4d236ed435ba8f2021-12-20 15:53:40.937root 11241100x8000000000000000754278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c847a4fcf8211f2021-12-20 15:53:40.937root 11241100x8000000000000000754279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778046585b97fcbb2021-12-20 15:53:40.937root 11241100x8000000000000000754280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19554666e4e6b5b2021-12-20 15:53:40.938root 11241100x8000000000000000754281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7044dbab8b633e302021-12-20 15:53:40.938root 11241100x8000000000000000754282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d524167835582d82021-12-20 15:53:40.939root 11241100x8000000000000000754283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894a9b9b8582018b2021-12-20 15:53:40.939root 11241100x8000000000000000754284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6818858c306f9d2021-12-20 15:53:40.939root 11241100x8000000000000000754285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f2e416c2bebdd02021-12-20 15:53:40.939root 11241100x8000000000000000754286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aa987cfa7300572021-12-20 15:53:40.939root 11241100x8000000000000000754287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d391e880f046d7672021-12-20 15:53:40.939root 11241100x8000000000000000754288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee400bc64a7ac112021-12-20 15:53:40.940root 11241100x8000000000000000754289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a57bbcaec12b82021-12-20 15:53:40.941root 11241100x8000000000000000754290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027eba6dec5d94562021-12-20 15:53:40.941root 11241100x8000000000000000754291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35108b1f58b770e62021-12-20 15:53:40.941root 11241100x8000000000000000754292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44b43f3b664ce182021-12-20 15:53:40.941root 11241100x8000000000000000754293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a96faa72ffa6ed2021-12-20 15:53:40.941root 11241100x8000000000000000754294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d618a76149617d12021-12-20 15:53:40.942root 11241100x8000000000000000754295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c557bc484ccd972021-12-20 15:53:40.942root 11241100x8000000000000000754296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78481241d9c064112021-12-20 15:53:40.942root 11241100x8000000000000000754297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0acc79238e85ab2021-12-20 15:53:40.942root 11241100x8000000000000000754298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb552a0e7c78fafd2021-12-20 15:53:40.943root 11241100x8000000000000000754299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f215c004319c35992021-12-20 15:53:40.943root 11241100x8000000000000000754300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33086179b22d265e2021-12-20 15:53:40.943root 11241100x8000000000000000754301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b958f434a5595e2d2021-12-20 15:53:40.943root 11241100x8000000000000000754302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a6461a2d9d4d982021-12-20 15:53:40.943root 11241100x8000000000000000754303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a9ffebc3a414b42021-12-20 15:53:40.945root 11241100x8000000000000000754304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab138b1c4f9162e32021-12-20 15:53:40.945root 11241100x8000000000000000754305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b4f93c519a72c42021-12-20 15:53:40.945root 11241100x8000000000000000754306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc98b2966be696c2021-12-20 15:53:40.945root 11241100x8000000000000000754307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff45e63ab4b57262021-12-20 15:53:40.945root 11241100x8000000000000000754308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ddceca70bff9a42021-12-20 15:53:40.945root 11241100x8000000000000000754309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e132de6f904219c2021-12-20 15:53:40.946root 11241100x8000000000000000754310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b954fea0f075b62021-12-20 15:53:40.946root 11241100x8000000000000000754311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8fdcc5eb95c0832021-12-20 15:53:40.946root 11241100x8000000000000000754312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d54c31530215bc42021-12-20 15:53:40.946root 11241100x8000000000000000754313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a0f56d81ad1d92021-12-20 15:53:40.946root 11241100x8000000000000000754314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e4c9cef3c8609f2021-12-20 15:53:40.947root 11241100x8000000000000000754315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf7135f09c154da2021-12-20 15:53:40.947root 11241100x8000000000000000754316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fa5b7cb00758bd2021-12-20 15:53:40.948root 11241100x8000000000000000754317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63a60665e8968432021-12-20 15:53:40.949root 11241100x8000000000000000754318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6829e6c91c7e3fdc2021-12-20 15:53:40.950root 11241100x8000000000000000754319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91dbd84405cfa332021-12-20 15:53:40.950root 11241100x8000000000000000754320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42e7f4b022cd2d22021-12-20 15:53:40.950root 11241100x8000000000000000754321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afac5975e6786982021-12-20 15:53:40.950root 11241100x8000000000000000754322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d52673818bf5882021-12-20 15:53:40.951root 11241100x8000000000000000754323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e492c06c1476674e2021-12-20 15:53:40.951root 11241100x8000000000000000754324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee11e1257f19ce82021-12-20 15:53:40.951root 11241100x8000000000000000754325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de247d08e112a7e22021-12-20 15:53:40.951root 11241100x8000000000000000754326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f75995d65f9ad942021-12-20 15:53:40.953root 11241100x8000000000000000754327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f813127783e89d322021-12-20 15:53:40.954root 11241100x8000000000000000754328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3eb496093a9644a2021-12-20 15:53:40.954root 11241100x8000000000000000754329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab124a70c7fa04352021-12-20 15:53:40.954root 11241100x8000000000000000754330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f311a364260596682021-12-20 15:53:40.954root 11241100x8000000000000000754331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498f7cba1b6182852021-12-20 15:53:40.955root 11241100x8000000000000000754332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0072e2c788ec6e9c2021-12-20 15:53:40.955root 11241100x8000000000000000754333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d3f6557d87546d2021-12-20 15:53:40.955root 11241100x8000000000000000754334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732a38ef9f5cac552021-12-20 15:53:40.955root 11241100x8000000000000000754335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aca45868caacd52021-12-20 15:53:40.955root 11241100x8000000000000000754336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e35c8853aa6c372021-12-20 15:53:40.955root 11241100x8000000000000000754337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d585e80aae506a2021-12-20 15:53:40.955root 11241100x8000000000000000754338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6415ea547d3169bc2021-12-20 15:53:40.956root 11241100x8000000000000000754339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd921117eb3aaf62021-12-20 15:53:40.956root 11241100x8000000000000000754340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6dd30e2f2141e92021-12-20 15:53:40.956root 11241100x8000000000000000754341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d4e7a987f9261e2021-12-20 15:53:40.956root 11241100x8000000000000000754342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b49580c88f22bff2021-12-20 15:53:40.956root 11241100x8000000000000000754343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0639df1d0f5a7d2021-12-20 15:53:40.956root 11241100x8000000000000000754344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da61234d6e9043bc2021-12-20 15:53:40.956root 11241100x8000000000000000754345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.956{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5d06ccb8be542e2021-12-20 15:53:40.956root 11241100x8000000000000000754346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098c4038ed7317992021-12-20 15:53:40.957root 11241100x8000000000000000754347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef78c9b4a0884f82021-12-20 15:53:40.957root 11241100x8000000000000000754348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef825e7d26989a6b2021-12-20 15:53:40.957root 11241100x8000000000000000754349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a956c7897a929232021-12-20 15:53:40.957root 11241100x8000000000000000754350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ed3c1ad4d2f4142021-12-20 15:53:40.957root 11241100x8000000000000000754351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d88430f2d5878c02021-12-20 15:53:40.957root 11241100x8000000000000000754352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf81707e7b8d35f42021-12-20 15:53:40.957root 11241100x8000000000000000754353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089c60c0379416292021-12-20 15:53:40.957root 11241100x8000000000000000754354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ea29df3bfe82332021-12-20 15:53:40.957root 11241100x8000000000000000754355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca9fd0a7d986dd52021-12-20 15:53:40.957root 11241100x8000000000000000754356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df35fa134bf41e22021-12-20 15:53:40.957root 11241100x8000000000000000754357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f9f25bea7eae432021-12-20 15:53:40.957root 11241100x8000000000000000754358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8846a7b24aaff51c2021-12-20 15:53:40.957root 11241100x8000000000000000754359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aac2c6aa37263f32021-12-20 15:53:40.957root 11241100x8000000000000000754360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26da651a667180ca2021-12-20 15:53:40.958root 11241100x8000000000000000754361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8231d42b5a7d9692021-12-20 15:53:40.958root 11241100x8000000000000000754362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7f83b1205abcc32021-12-20 15:53:40.958root 11241100x8000000000000000754363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f24f9b86a97af8f2021-12-20 15:53:40.958root 11241100x8000000000000000754364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b2fef1af5677a92021-12-20 15:53:40.958root 11241100x8000000000000000754365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6716bb359c3bc2372021-12-20 15:53:40.958root 11241100x8000000000000000754366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce51fd327673870e2021-12-20 15:53:40.958root 11241100x8000000000000000754367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3013446cdf354d2021-12-20 15:53:40.958root 11241100x8000000000000000754368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5054d49421dea7b2021-12-20 15:53:40.958root 11241100x8000000000000000754369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7522d9e8ce5e89f2021-12-20 15:53:40.958root 11241100x8000000000000000754370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea76a7ca351de7f32021-12-20 15:53:40.958root 11241100x8000000000000000754371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93700b7faf502ba72021-12-20 15:53:40.958root 11241100x8000000000000000754372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d043c1452c6fad2021-12-20 15:53:40.958root 11241100x8000000000000000754373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee5b5fdfe2ea6c62021-12-20 15:53:40.958root 11241100x8000000000000000754374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84de7b0e7a4452862021-12-20 15:53:40.959root 11241100x8000000000000000754375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c5dfcba3090922021-12-20 15:53:40.959root 11241100x8000000000000000754376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f601c68d532b822021-12-20 15:53:40.959root 11241100x8000000000000000754377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3631b3138bfcd7a82021-12-20 15:53:40.959root 11241100x8000000000000000754378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dd4409eb22ac6a2021-12-20 15:53:40.959root 11241100x8000000000000000754379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aceef55f6bc7d872021-12-20 15:53:40.959root 11241100x8000000000000000754380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9a60e8f96e10e72021-12-20 15:53:40.959root 11241100x8000000000000000754381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9517438c3bfb4b942021-12-20 15:53:40.959root 11241100x8000000000000000754382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dc7343b20595872021-12-20 15:53:40.959root 11241100x8000000000000000754383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f7153ac931d5ed2021-12-20 15:53:40.959root 11241100x8000000000000000754384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef3f5716d7262f12021-12-20 15:53:40.959root 11241100x8000000000000000754385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2ce5847af424c12021-12-20 15:53:40.959root 11241100x8000000000000000754386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c264022ed2d048b2021-12-20 15:53:40.959root 11241100x8000000000000000754387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d917128ee0a70ca2021-12-20 15:53:40.959root 11241100x8000000000000000754388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f7d1ebbd433a382021-12-20 15:53:40.960root 11241100x8000000000000000754389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3545dff5f73255112021-12-20 15:53:40.960root 11241100x8000000000000000754390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a9e3c67478430c2021-12-20 15:53:40.960root 11241100x8000000000000000754391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45868bb4c78e5582021-12-20 15:53:40.960root 11241100x8000000000000000754392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74edabdc2ae75ef32021-12-20 15:53:40.960root 11241100x8000000000000000754393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135f0e6c5659e2112021-12-20 15:53:40.960root 11241100x8000000000000000754394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb68c8241eb298952021-12-20 15:53:40.960root 11241100x8000000000000000754395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242490dd54d8b5902021-12-20 15:53:40.960root 11241100x8000000000000000754396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14db2a98d4d166b2021-12-20 15:53:40.960root 11241100x8000000000000000754397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afefd7f07b2022ca2021-12-20 15:53:40.960root 11241100x8000000000000000754398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28cf9a2257008362021-12-20 15:53:40.961root 11241100x8000000000000000754399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382e4f92e6dcb45e2021-12-20 15:53:40.961root 11241100x8000000000000000754400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a5f22f746248a42021-12-20 15:53:40.961root 11241100x8000000000000000754401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aff802ac9ae5c42021-12-20 15:53:40.961root 11241100x8000000000000000754402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35fbd5b40c12ef32021-12-20 15:53:40.961root 11241100x8000000000000000754403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b775d8afd1f57762021-12-20 15:53:40.961root 11241100x8000000000000000754404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb579816e073e0fb2021-12-20 15:53:40.961root 11241100x8000000000000000754405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0cd347dd177df62021-12-20 15:53:40.961root 11241100x8000000000000000754406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8cf0d09e82cdb22021-12-20 15:53:40.961root 11241100x8000000000000000754407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149a24a06d238b6d2021-12-20 15:53:40.961root 11241100x8000000000000000754408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e07024bab66aa932021-12-20 15:53:40.961root 11241100x8000000000000000754409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3e30bd4e4dac412021-12-20 15:53:40.961root 11241100x8000000000000000754410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fedee5d9cea4c62021-12-20 15:53:40.961root 11241100x8000000000000000754411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e03c2b64e5868e2021-12-20 15:53:40.962root 11241100x8000000000000000754412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e5586d3ee06fd42021-12-20 15:53:40.962root 11241100x8000000000000000754413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f8d3802693c5c02021-12-20 15:53:40.962root 11241100x8000000000000000754414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99b45e579d3cc422021-12-20 15:53:40.962root 11241100x8000000000000000754415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88ddf3e163637572021-12-20 15:53:40.962root 11241100x8000000000000000754416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ee8c6735c4e04a2021-12-20 15:53:40.962root 11241100x8000000000000000754417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34332efd525e17712021-12-20 15:53:40.962root 11241100x8000000000000000754418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5adcc0977fd09182021-12-20 15:53:40.962root 11241100x8000000000000000754419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42cae36c3b23b982021-12-20 15:53:40.962root 11241100x8000000000000000754420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99ee1817ff6ad692021-12-20 15:53:40.963root 11241100x8000000000000000754421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f28bf6c65a4b36e2021-12-20 15:53:40.963root 11241100x8000000000000000754422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd2dc61abe5337f2021-12-20 15:53:40.963root 11241100x8000000000000000754423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ecd3c0f20aefde2021-12-20 15:53:40.963root 11241100x8000000000000000754424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8a10b2efcdedab2021-12-20 15:53:40.963root 11241100x8000000000000000754425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143e14d10927124c2021-12-20 15:53:40.963root 11241100x8000000000000000754426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80e0e642f9255642021-12-20 15:53:40.963root 11241100x8000000000000000754427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ada7378991fcb82021-12-20 15:53:40.963root 11241100x8000000000000000754428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716b682a8d3d2ce12021-12-20 15:53:40.963root 11241100x8000000000000000754429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4195cacfe41817662021-12-20 15:53:40.963root 11241100x8000000000000000754430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf116389a009239d2021-12-20 15:53:40.964root 11241100x8000000000000000754431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d06b6cfe932cb92021-12-20 15:53:40.964root 11241100x8000000000000000754432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fa535f953a4ccf2021-12-20 15:53:40.964root 11241100x8000000000000000754433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf8b62147107c662021-12-20 15:53:40.964root 11241100x8000000000000000754434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7b42aee890d95d2021-12-20 15:53:40.964root 11241100x8000000000000000754435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9506247727c78b22021-12-20 15:53:40.964root 11241100x8000000000000000754436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2466edd33da0fabf2021-12-20 15:53:40.964root 11241100x8000000000000000754437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a96402689666ae2021-12-20 15:53:40.964root 11241100x8000000000000000754438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15b96828992ab6c2021-12-20 15:53:40.964root 11241100x8000000000000000754439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1280f96011e1e12021-12-20 15:53:40.964root 11241100x8000000000000000754440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2999f0e2af63582021-12-20 15:53:40.965root 11241100x8000000000000000754441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46b1edb85cf8c6d2021-12-20 15:53:40.965root 11241100x8000000000000000754442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac2cca0766b756c2021-12-20 15:53:40.965root 11241100x8000000000000000754443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45775936a8df81f12021-12-20 15:53:40.965root 11241100x8000000000000000754444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903dfa52631e4da02021-12-20 15:53:40.965root 11241100x8000000000000000754445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7e3b6984756bdc2021-12-20 15:53:40.965root 11241100x8000000000000000754446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b2bed07e0c99e62021-12-20 15:53:40.965root 11241100x8000000000000000754447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1333906769c516922021-12-20 15:53:40.965root 11241100x8000000000000000754448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7d2f027dd17e842021-12-20 15:53:40.965root 11241100x8000000000000000754449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf2cd7b5a32fba2021-12-20 15:53:40.966root 11241100x8000000000000000754450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d489897d85996cb42021-12-20 15:53:40.966root 11241100x8000000000000000754451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486817ec631955ec2021-12-20 15:53:40.966root 11241100x8000000000000000754452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b77e6fa833d8a42021-12-20 15:53:40.966root 11241100x8000000000000000754453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09e526c1873becd2021-12-20 15:53:40.966root 11241100x8000000000000000754454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d627b7458e9dbd2021-12-20 15:53:40.966root 11241100x8000000000000000754455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c425fb13d5da1a62021-12-20 15:53:40.966root 11241100x8000000000000000754456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7ba2a343e3e3cd2021-12-20 15:53:40.967root 11241100x8000000000000000754457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7a0ae8c903025a2021-12-20 15:53:40.967root 11241100x8000000000000000754458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0229d886ceb2142021-12-20 15:53:40.967root 11241100x8000000000000000754459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a3a712f3376c232021-12-20 15:53:40.967root 11241100x8000000000000000754460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08be269889bfe3802021-12-20 15:53:40.967root 11241100x8000000000000000754461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7b83a1a43973a92021-12-20 15:53:40.967root 11241100x8000000000000000754462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af8987b46516a202021-12-20 15:53:40.967root 11241100x8000000000000000754463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97d64148405a8bc2021-12-20 15:53:40.967root 11241100x8000000000000000754464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb819ab221c450df2021-12-20 15:53:40.968root 11241100x8000000000000000754465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1103cd6f7a76cc942021-12-20 15:53:40.968root 11241100x8000000000000000754466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a657627ff06be02021-12-20 15:53:40.968root 11241100x8000000000000000754467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26646ac21bcb0a72021-12-20 15:53:40.968root 11241100x8000000000000000754468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf6d6a7b75780b02021-12-20 15:53:40.968root 11241100x8000000000000000754469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aad0947496236922021-12-20 15:53:40.968root 11241100x8000000000000000754470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb562948ce2e7d032021-12-20 15:53:40.969root 11241100x8000000000000000754471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4214b0845c58aaa2021-12-20 15:53:40.969root 11241100x8000000000000000754472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0fac9434bb870c2021-12-20 15:53:40.969root 11241100x8000000000000000754473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74931957593885562021-12-20 15:53:40.969root 11241100x8000000000000000754474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b562817a126d542021-12-20 15:53:40.969root 11241100x8000000000000000754475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.970{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ff134467c7948b2021-12-20 15:53:40.970root 11241100x8000000000000000754476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.970{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14cd09e614fa0dc2021-12-20 15:53:40.970root 11241100x8000000000000000754477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.970{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e67b607a382ab52021-12-20 15:53:40.970root 11241100x8000000000000000754478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.970{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048163a7372001b22021-12-20 15:53:40.970root 11241100x8000000000000000754479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4309d00acf6d230c2021-12-20 15:53:40.971root 11241100x8000000000000000754480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0b0d8f728da2952021-12-20 15:53:40.971root 11241100x8000000000000000754481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85bccbd8fb85a1c2021-12-20 15:53:40.971root 11241100x8000000000000000754482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128cff4efc28f1c52021-12-20 15:53:40.971root 11241100x8000000000000000754483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286b588ab4be44a92021-12-20 15:53:40.971root 11241100x8000000000000000754484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195a9dbf58c388972021-12-20 15:53:40.971root 11241100x8000000000000000754485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.971{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2eab83035cbe162021-12-20 15:53:40.971root 11241100x8000000000000000754486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2391ebe31d508ae2021-12-20 15:53:40.972root 11241100x8000000000000000754487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9985f166507613272021-12-20 15:53:40.972root 11241100x8000000000000000754488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bda5c58c8afb002021-12-20 15:53:40.972root 11241100x8000000000000000754489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd80c6742e6d44ad2021-12-20 15:53:40.972root 11241100x8000000000000000754490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7ca7815020c2412021-12-20 15:53:40.972root 11241100x8000000000000000754491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.972{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0144a42cdc5a692f2021-12-20 15:53:40.972root 11241100x8000000000000000754492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89536b9f9beea1e02021-12-20 15:53:40.973root 11241100x8000000000000000754493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286679288239cadd2021-12-20 15:53:40.973root 11241100x8000000000000000754494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628dfca6d823655e2021-12-20 15:53:40.973root 11241100x8000000000000000754495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b4207b4cbcade92021-12-20 15:53:40.973root 11241100x8000000000000000754496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a5761a607b305e2021-12-20 15:53:40.973root 11241100x8000000000000000754497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7501953bd0c12bcf2021-12-20 15:53:40.973root 11241100x8000000000000000754498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.973{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed646a6d077a00f2021-12-20 15:53:40.973root 11241100x8000000000000000754499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8311375a2c9763202021-12-20 15:53:40.974root 11241100x8000000000000000754500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa964cb2fdba53a02021-12-20 15:53:40.974root 11241100x8000000000000000754501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e39cc155a241012021-12-20 15:53:40.974root 11241100x8000000000000000754502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746cc4dcac2e09892021-12-20 15:53:40.974root 11241100x8000000000000000754503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2f67cd25635f292021-12-20 15:53:40.974root 11241100x8000000000000000754504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9703077e6b7464ab2021-12-20 15:53:40.974root 11241100x8000000000000000754505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751514be6d0ef92d2021-12-20 15:53:40.974root 11241100x8000000000000000754506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.974{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11843def8d89dc72021-12-20 15:53:40.974root 11241100x8000000000000000754507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc17cd066aa4dc62021-12-20 15:53:40.975root 11241100x8000000000000000754508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea55d04ee8901aad2021-12-20 15:53:40.975root 11241100x8000000000000000754509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37da5a0a75bb73d32021-12-20 15:53:40.975root 11241100x8000000000000000754510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e4307f8f069ebf2021-12-20 15:53:40.975root 11241100x8000000000000000754511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e099abca106fbfb82021-12-20 15:53:40.975root 11241100x8000000000000000754512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4784f99f0946936c2021-12-20 15:53:40.975root 11241100x8000000000000000754513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f483a9279562ae62021-12-20 15:53:40.975root 11241100x8000000000000000754514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96244d3527f1779a2021-12-20 15:53:40.975root 11241100x8000000000000000754515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.975{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1258abad36bc392e2021-12-20 15:53:40.975root 11241100x8000000000000000754516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:40.976{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daacfd8b34b6ef72021-12-20 15:53:40.976root 11241100x8000000000000000754517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881b88a1d3aefaea2021-12-20 15:53:41.424root 11241100x8000000000000000754518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7226489ca96b9b62021-12-20 15:53:41.424root 11241100x8000000000000000754519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c429ceee5d594d2021-12-20 15:53:41.424root 11241100x8000000000000000754520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb5fba906a2ec9c2021-12-20 15:53:41.424root 11241100x8000000000000000754521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faf85d6d3891ead2021-12-20 15:53:41.424root 11241100x8000000000000000754522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445a900cd77190212021-12-20 15:53:41.425root 11241100x8000000000000000754523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93abfccffe0990962021-12-20 15:53:41.425root 11241100x8000000000000000754524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93789496a2b17872021-12-20 15:53:41.425root 11241100x8000000000000000754525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f1cb1c4a4483472021-12-20 15:53:41.425root 11241100x8000000000000000754526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5231c3b097ad0162021-12-20 15:53:41.425root 11241100x8000000000000000754527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a6838d89d2d81a2021-12-20 15:53:41.426root 11241100x8000000000000000754528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8400720396bb1af42021-12-20 15:53:41.426root 11241100x8000000000000000754529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe2a62f286f716a2021-12-20 15:53:41.426root 11241100x8000000000000000754530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4c2d99113862492021-12-20 15:53:41.426root 11241100x8000000000000000754531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54866dbd0ff59c82021-12-20 15:53:41.426root 11241100x8000000000000000754532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa156bbd860248e52021-12-20 15:53:41.426root 11241100x8000000000000000754533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3192b30bdfc4052021-12-20 15:53:41.426root 11241100x8000000000000000754534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f02f0607a2aa80c2021-12-20 15:53:41.426root 11241100x8000000000000000754535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda5c9d49d6ad1002021-12-20 15:53:41.426root 11241100x8000000000000000754536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b324ea298b0886ac2021-12-20 15:53:41.427root 11241100x8000000000000000754537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86edd33ccef552822021-12-20 15:53:41.427root 11241100x8000000000000000754538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eccb78d76cb5732021-12-20 15:53:41.427root 11241100x8000000000000000754539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a83cd67cf9cfe512021-12-20 15:53:41.427root 11241100x8000000000000000754540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4480729001138962021-12-20 15:53:41.427root 11241100x8000000000000000754541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e24281a6cd573c92021-12-20 15:53:41.427root 11241100x8000000000000000754542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cc1dabae82b63b2021-12-20 15:53:41.427root 11241100x8000000000000000754543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa56bbf5a4008be2021-12-20 15:53:41.427root 11241100x8000000000000000754544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d0e3ae4aa0ece42021-12-20 15:53:41.428root 11241100x8000000000000000754545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbf37a9b7d8ae6a2021-12-20 15:53:41.428root 11241100x8000000000000000754546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc73d3ed68b54a632021-12-20 15:53:41.428root 11241100x8000000000000000754547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a6cbecc8d9df312021-12-20 15:53:41.428root 11241100x8000000000000000754548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828f781857dc45752021-12-20 15:53:41.428root 11241100x8000000000000000754549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e19f929612ab84a2021-12-20 15:53:41.428root 11241100x8000000000000000754550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3faf035b96c6a2c42021-12-20 15:53:41.428root 11241100x8000000000000000754551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe6fdfe55300b072021-12-20 15:53:41.429root 11241100x8000000000000000754552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865562a2b17fb89e2021-12-20 15:53:41.429root 11241100x8000000000000000754553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a90dd0ef46c062a2021-12-20 15:53:41.429root 11241100x8000000000000000754554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cd38fb17f8c10c2021-12-20 15:53:41.429root 11241100x8000000000000000754555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0998960051fa69122021-12-20 15:53:41.430root 11241100x8000000000000000754556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b549685f7576e92021-12-20 15:53:41.430root 11241100x8000000000000000754557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c960c56ad4515d02021-12-20 15:53:41.430root 11241100x8000000000000000754558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a9821988e629342021-12-20 15:53:41.430root 11241100x8000000000000000754559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58fde925a1a84962021-12-20 15:53:41.430root 11241100x8000000000000000754560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5202d6e3e6671fee2021-12-20 15:53:41.431root 11241100x8000000000000000754561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4088d03e828ac902021-12-20 15:53:41.431root 11241100x8000000000000000754562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88977ca37a189832021-12-20 15:53:41.431root 11241100x8000000000000000754563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e304a38e8cbe3c52021-12-20 15:53:41.431root 11241100x8000000000000000754564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e06695f7ad324e2021-12-20 15:53:41.431root 11241100x8000000000000000754565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d1a7ac87f2f23f2021-12-20 15:53:41.431root 11241100x8000000000000000754566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d9956ca10a2aef2021-12-20 15:53:41.432root 11241100x8000000000000000754567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4508ba4a5dbf38d32021-12-20 15:53:41.432root 11241100x8000000000000000754568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d681049c3ed3212021-12-20 15:53:41.432root 11241100x8000000000000000754569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd85fc1296d2d47c2021-12-20 15:53:41.432root 11241100x8000000000000000754570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d95fb0d3c4768392021-12-20 15:53:41.432root 11241100x8000000000000000754571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2ca5e543d7ee172021-12-20 15:53:41.432root 11241100x8000000000000000754572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fbc6727a47a54b2021-12-20 15:53:41.432root 11241100x8000000000000000754573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9898180de2f7302021-12-20 15:53:41.432root 11241100x8000000000000000754574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0953bdf6bd83d52021-12-20 15:53:41.433root 11241100x8000000000000000754575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a192bcb9ae98f392021-12-20 15:53:41.433root 11241100x8000000000000000754576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51173662cd0394872021-12-20 15:53:41.433root 11241100x8000000000000000754577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3c5f2654bc723c2021-12-20 15:53:41.433root 11241100x8000000000000000754578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebf6d0f924d7a212021-12-20 15:53:41.433root 11241100x8000000000000000754579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6974366d721288122021-12-20 15:53:41.433root 11241100x8000000000000000754580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1686d882ff9ccbec2021-12-20 15:53:41.433root 11241100x8000000000000000754581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d8ff4bb6462a322021-12-20 15:53:41.434root 11241100x8000000000000000754582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507852602894e7852021-12-20 15:53:41.434root 11241100x8000000000000000754583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c8d24aa7e22b652021-12-20 15:53:41.434root 11241100x8000000000000000754584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8c465adb3455132021-12-20 15:53:41.434root 11241100x8000000000000000754585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80155588ba2a2982021-12-20 15:53:41.434root 11241100x8000000000000000754586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ea112762063e402021-12-20 15:53:41.434root 11241100x8000000000000000754587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be17d3cbddd5aba2021-12-20 15:53:41.434root 11241100x8000000000000000754588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42e3fb0025fc2732021-12-20 15:53:41.435root 11241100x8000000000000000754589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db51a376cad57602021-12-20 15:53:41.435root 11241100x8000000000000000754590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f734ddd0218fee2021-12-20 15:53:41.435root 11241100x8000000000000000754591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d126a71c46aae72021-12-20 15:53:41.435root 11241100x8000000000000000754592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77970b91b66727072021-12-20 15:53:41.435root 11241100x8000000000000000754593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129defc7c2b5f78d2021-12-20 15:53:41.435root 11241100x8000000000000000754594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9741ddfb9c3cad912021-12-20 15:53:41.435root 11241100x8000000000000000754595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcdb04b35ff509c2021-12-20 15:53:41.435root 11241100x8000000000000000754596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c60dc5cd2bfaaec2021-12-20 15:53:41.435root 11241100x8000000000000000754597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6ec37f58b26a9c2021-12-20 15:53:41.436root 11241100x8000000000000000754598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a010894c34a8c92021-12-20 15:53:41.436root 11241100x8000000000000000754599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cf8c4edc91ce552021-12-20 15:53:41.436root 11241100x8000000000000000754600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f52de78e1a94d062021-12-20 15:53:41.436root 11241100x8000000000000000754601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875332bf5e1679332021-12-20 15:53:41.436root 11241100x8000000000000000754602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4223842edbb6852021-12-20 15:53:41.436root 11241100x8000000000000000754603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da1784060e953582021-12-20 15:53:41.436root 11241100x8000000000000000754604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047974c1ade373642021-12-20 15:53:41.436root 11241100x8000000000000000754605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03425efaf03ba6512021-12-20 15:53:41.436root 11241100x8000000000000000754606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f30466d4392323f2021-12-20 15:53:41.437root 11241100x8000000000000000754607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18745b10ab0ae2702021-12-20 15:53:41.437root 11241100x8000000000000000754608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35602e7b595597012021-12-20 15:53:41.437root 11241100x8000000000000000754609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d32cbf68439944b2021-12-20 15:53:41.437root 11241100x8000000000000000754610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5782226b849ecd2021-12-20 15:53:41.437root 11241100x8000000000000000754611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f1a1d0496125722021-12-20 15:53:41.437root 11241100x8000000000000000754612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85b4264be1779de2021-12-20 15:53:41.437root 11241100x8000000000000000754613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0a62a6ffc0fa4d2021-12-20 15:53:41.924root 11241100x8000000000000000754614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea50fb1f03528ca2021-12-20 15:53:41.924root 11241100x8000000000000000754615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6dfe0f6c51f4c452021-12-20 15:53:41.924root 11241100x8000000000000000754616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92287983abf13ec2021-12-20 15:53:41.924root 11241100x8000000000000000754617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d16a8d91562e942021-12-20 15:53:41.925root 11241100x8000000000000000754618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eefffc6da3ef37d2021-12-20 15:53:41.925root 11241100x8000000000000000754619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa530972d79d73d2021-12-20 15:53:41.925root 11241100x8000000000000000754620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b6d0e5d470a6c42021-12-20 15:53:41.925root 11241100x8000000000000000754621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95fc22aad9726922021-12-20 15:53:41.925root 11241100x8000000000000000754622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f38da5a03fd10b2021-12-20 15:53:41.925root 11241100x8000000000000000754623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbe672e8eb558ee2021-12-20 15:53:41.926root 11241100x8000000000000000754624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14828f8b1dc43592021-12-20 15:53:41.926root 11241100x8000000000000000754625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7651e2d7badf9a122021-12-20 15:53:41.926root 11241100x8000000000000000754626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311e6877c6bd5d412021-12-20 15:53:41.926root 11241100x8000000000000000754627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89c1da266cde6e12021-12-20 15:53:41.926root 11241100x8000000000000000754628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0902ffbdab7441c82021-12-20 15:53:41.926root 11241100x8000000000000000754629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb55f8beed730412021-12-20 15:53:41.926root 11241100x8000000000000000754630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6307c8d19446b36c2021-12-20 15:53:41.926root 11241100x8000000000000000754631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e64f7d6ba50aaad2021-12-20 15:53:41.927root 11241100x8000000000000000754632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f45e9ba98144d42021-12-20 15:53:41.927root 11241100x8000000000000000754633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4bb582f51374b42021-12-20 15:53:41.927root 11241100x8000000000000000754634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada09f0ed9f30bea2021-12-20 15:53:41.927root 11241100x8000000000000000754635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1508444cbf59781c2021-12-20 15:53:41.927root 11241100x8000000000000000754636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf99146df960d7d2021-12-20 15:53:41.927root 11241100x8000000000000000754637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83f217f561341a22021-12-20 15:53:41.927root 11241100x8000000000000000754638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a5dc45b634a25a2021-12-20 15:53:41.927root 11241100x8000000000000000754639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3002b074565230502021-12-20 15:53:41.927root 11241100x8000000000000000754640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1bee40f0bd947c2021-12-20 15:53:41.927root 11241100x8000000000000000754641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c9a86f562856a62021-12-20 15:53:41.927root 11241100x8000000000000000754642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7e8dc6377096a82021-12-20 15:53:41.928root 11241100x8000000000000000754643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac1d256f9da032b2021-12-20 15:53:41.928root 11241100x8000000000000000754644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06378b10c1fb61202021-12-20 15:53:41.928root 11241100x8000000000000000754645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b462158c2f671392021-12-20 15:53:41.928root 11241100x8000000000000000754646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e921c0b7192e7af82021-12-20 15:53:41.928root 11241100x8000000000000000754647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e4d9b074eda55f2021-12-20 15:53:41.928root 11241100x8000000000000000754648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f375b998e0ae7c222021-12-20 15:53:41.928root 11241100x8000000000000000754649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd4a9da2e1efe6b2021-12-20 15:53:41.928root 11241100x8000000000000000754650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bc2e808be10bea2021-12-20 15:53:41.928root 11241100x8000000000000000754651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213d834fc3af8af42021-12-20 15:53:41.928root 11241100x8000000000000000754652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09eb42455b2fadd2021-12-20 15:53:41.928root 11241100x8000000000000000754653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1477f60c425fbc2021-12-20 15:53:41.929root 11241100x8000000000000000754654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3cabf52a0b14262021-12-20 15:53:41.929root 11241100x8000000000000000754655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85aff3b49d45e4902021-12-20 15:53:41.929root 11241100x8000000000000000754656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fe3d839fa96cbb2021-12-20 15:53:41.929root 11241100x8000000000000000754657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dfa84f793e57352021-12-20 15:53:41.929root 11241100x8000000000000000754658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52743f6d86ae3882021-12-20 15:53:41.929root 11241100x8000000000000000754659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdb338f93033cdd2021-12-20 15:53:41.929root 11241100x8000000000000000754660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c36981113c5d702021-12-20 15:53:41.929root 11241100x8000000000000000754661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a509b41e6680e1c2021-12-20 15:53:41.929root 11241100x8000000000000000754662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87247230a4c251ce2021-12-20 15:53:41.929root 11241100x8000000000000000754663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fff9d2f643e78202021-12-20 15:53:41.930root 11241100x8000000000000000754664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f237c404c7cb99272021-12-20 15:53:41.930root 11241100x8000000000000000754665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988a0ad0d5772b502021-12-20 15:53:41.930root 11241100x8000000000000000754666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce14378d510997b2021-12-20 15:53:41.931root 11241100x8000000000000000754667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8cdf3dc74582232021-12-20 15:53:41.931root 11241100x8000000000000000754668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd67667a0e5456522021-12-20 15:53:41.931root 11241100x8000000000000000754669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eb17fe8f93f74f2021-12-20 15:53:41.931root 11241100x8000000000000000754670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b3bff8660a50082021-12-20 15:53:41.931root 11241100x8000000000000000754671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2909451f5dcc34ac2021-12-20 15:53:41.932root 11241100x8000000000000000754672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:41.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43283f81b66033dc2021-12-20 15:53:41.932root 11241100x8000000000000000754673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e340517d9551f22021-12-20 15:53:42.424root 11241100x8000000000000000754674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ac1b2efac1c55c2021-12-20 15:53:42.424root 11241100x8000000000000000754675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed579612073a653b2021-12-20 15:53:42.425root 11241100x8000000000000000754676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e04d1c20665e9f2021-12-20 15:53:42.425root 11241100x8000000000000000754677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eb250e1a8e99a12021-12-20 15:53:42.425root 11241100x8000000000000000754678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8dd693c378eff42021-12-20 15:53:42.425root 11241100x8000000000000000754679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc71c26af22e8e902021-12-20 15:53:42.425root 11241100x8000000000000000754680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13cf03b98147e172021-12-20 15:53:42.425root 11241100x8000000000000000754681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef80f3940779dceb2021-12-20 15:53:42.425root 11241100x8000000000000000754682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0083ead04d92fc382021-12-20 15:53:42.425root 11241100x8000000000000000754683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cee728041b8f35b2021-12-20 15:53:42.425root 11241100x8000000000000000754684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d89a40a4638c7e2021-12-20 15:53:42.426root 11241100x8000000000000000754685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7a599a9b1cb7322021-12-20 15:53:42.426root 11241100x8000000000000000754686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b43d38dcca8fe2021-12-20 15:53:42.426root 11241100x8000000000000000754687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39d0f48c3b20b942021-12-20 15:53:42.426root 11241100x8000000000000000754688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828294f19819ca512021-12-20 15:53:42.426root 11241100x8000000000000000754689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e172959a8c728f2021-12-20 15:53:42.426root 11241100x8000000000000000754690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a65842874f92f72021-12-20 15:53:42.427root 11241100x8000000000000000754691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6918996e9c459c9e2021-12-20 15:53:42.427root 11241100x8000000000000000754692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6d73d47ce50a3c2021-12-20 15:53:42.427root 11241100x8000000000000000754693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e70e6a2e921dc412021-12-20 15:53:42.427root 11241100x8000000000000000754694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a79544a130bf412021-12-20 15:53:42.427root 11241100x8000000000000000754695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c34fc687895f3572021-12-20 15:53:42.427root 11241100x8000000000000000754696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ff32a8a40c9f372021-12-20 15:53:42.427root 11241100x8000000000000000754697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d0ca2054bb24372021-12-20 15:53:42.428root 11241100x8000000000000000754698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492d935043e599112021-12-20 15:53:42.428root 11241100x8000000000000000754699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e0784a0b34fe072021-12-20 15:53:42.428root 11241100x8000000000000000754700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55e22a9d20dca252021-12-20 15:53:42.428root 11241100x8000000000000000754701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ab3188433393e32021-12-20 15:53:42.428root 11241100x8000000000000000754702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f964eeae98343de12021-12-20 15:53:42.428root 11241100x8000000000000000754703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2aad94d2d2c7aa2021-12-20 15:53:42.428root 11241100x8000000000000000754704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d97663447d80d7f2021-12-20 15:53:42.428root 11241100x8000000000000000754705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e017c5a443a342382021-12-20 15:53:42.428root 11241100x8000000000000000754706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9d661e36c2dd992021-12-20 15:53:42.428root 11241100x8000000000000000754707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cad03da3ad58ce2021-12-20 15:53:42.428root 11241100x8000000000000000754708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c944e6e1bbf055e62021-12-20 15:53:42.428root 11241100x8000000000000000754709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32663fb7c4fb80ba2021-12-20 15:53:42.428root 11241100x8000000000000000754710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b36a2918eedab682021-12-20 15:53:42.428root 11241100x8000000000000000754711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5158b248ef131192021-12-20 15:53:42.428root 11241100x8000000000000000754712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd291d2a7b523512021-12-20 15:53:42.429root 11241100x8000000000000000754713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a90334109d3b96c2021-12-20 15:53:42.429root 11241100x8000000000000000754714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1648686f51e1718e2021-12-20 15:53:42.429root 11241100x8000000000000000754715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7929883616a7f24b2021-12-20 15:53:42.431root 11241100x8000000000000000754716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05e6d73f3199fe32021-12-20 15:53:42.432root 11241100x8000000000000000754717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5e9f2aa771f0a02021-12-20 15:53:42.432root 11241100x8000000000000000754718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c56d0e7abe29efc2021-12-20 15:53:42.433root 11241100x8000000000000000754719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4aa5f41fb91baa2021-12-20 15:53:42.433root 11241100x8000000000000000754720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e0adbfa661bae52021-12-20 15:53:42.434root 11241100x8000000000000000754721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a956fee3305b4b32021-12-20 15:53:42.434root 11241100x8000000000000000754722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8226c0e52484a2932021-12-20 15:53:42.434root 11241100x8000000000000000754723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b41df28de08cfb72021-12-20 15:53:42.434root 11241100x8000000000000000754724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5682436ce0139822021-12-20 15:53:42.434root 11241100x8000000000000000754725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3db2ad716bb82b2021-12-20 15:53:42.434root 11241100x8000000000000000754726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec94e0389e809fb2021-12-20 15:53:42.434root 11241100x8000000000000000754727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce54e0e9f2e5fb12021-12-20 15:53:42.435root 11241100x8000000000000000754728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7992cf2ecd3beb042021-12-20 15:53:42.436root 11241100x8000000000000000754729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2483ac7a2ab83f452021-12-20 15:53:42.436root 11241100x8000000000000000754730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4882a6532be8c25b2021-12-20 15:53:42.436root 11241100x8000000000000000754731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261d5f3e4f3a6412021-12-20 15:53:42.436root 11241100x8000000000000000754732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d074e75aa413e3fa2021-12-20 15:53:42.436root 11241100x8000000000000000754733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cac3e7819b8bcf2021-12-20 15:53:42.437root 11241100x8000000000000000754734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62813ec5dc41bac62021-12-20 15:53:42.437root 11241100x8000000000000000754735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521df2ee5a129e602021-12-20 15:53:42.437root 11241100x8000000000000000754736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a138cc1aaf80662021-12-20 15:53:42.437root 11241100x8000000000000000754737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3ca1e0bd42ddcb2021-12-20 15:53:42.438root 11241100x8000000000000000754738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ffed5d75d496852021-12-20 15:53:42.438root 11241100x8000000000000000754739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3469bfd04742aa92021-12-20 15:53:42.438root 11241100x8000000000000000754740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08178415bb49b0dc2021-12-20 15:53:42.438root 11241100x8000000000000000754741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3573c3a7952fe6452021-12-20 15:53:42.438root 11241100x8000000000000000754742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5301d890c0523e6f2021-12-20 15:53:42.438root 11241100x8000000000000000754743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8427e6bbd715b8d02021-12-20 15:53:42.438root 11241100x8000000000000000754744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0784e38f66b34322021-12-20 15:53:42.438root 11241100x8000000000000000754745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6acec20fbe834ed2021-12-20 15:53:42.438root 11241100x8000000000000000754746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7272a16ee5c427bb2021-12-20 15:53:42.439root 11241100x8000000000000000754747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7376b2c8d075e5892021-12-20 15:53:42.924root 11241100x8000000000000000754748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e702d1d637c12042021-12-20 15:53:42.924root 11241100x8000000000000000754749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c0ee3fd304c5ae2021-12-20 15:53:42.924root 11241100x8000000000000000754750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cfc9ce7164c9fa2021-12-20 15:53:42.924root 11241100x8000000000000000754751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d01ecad59b22162021-12-20 15:53:42.925root 11241100x8000000000000000754752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17adc232d45a60d32021-12-20 15:53:42.925root 11241100x8000000000000000754753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a4d5efd61c08132021-12-20 15:53:42.925root 11241100x8000000000000000754754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66be33fa6f1cc9122021-12-20 15:53:42.925root 11241100x8000000000000000754755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab754882cc3283022021-12-20 15:53:42.925root 11241100x8000000000000000754756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7d073ec1ae9a9c2021-12-20 15:53:42.925root 11241100x8000000000000000754757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db852f4c9c9b291a2021-12-20 15:53:42.925root 11241100x8000000000000000754758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce429873b0046ee2021-12-20 15:53:42.925root 11241100x8000000000000000754759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c7da319bd99b642021-12-20 15:53:42.925root 11241100x8000000000000000754760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0d638ae66c0b812021-12-20 15:53:42.925root 11241100x8000000000000000754761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf0d0107ddafd212021-12-20 15:53:42.925root 11241100x8000000000000000754762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0543945fc826e392021-12-20 15:53:42.926root 11241100x8000000000000000754763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2766edecbb3ff52021-12-20 15:53:42.926root 11241100x8000000000000000754764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30fa645bb7a158a2021-12-20 15:53:42.926root 11241100x8000000000000000754765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c28789c2f35b5ea2021-12-20 15:53:42.926root 11241100x8000000000000000754766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1e9c408b768b0d2021-12-20 15:53:42.926root 11241100x8000000000000000754767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1547e283e4ba8a552021-12-20 15:53:42.926root 11241100x8000000000000000754768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2793a6463f01b3082021-12-20 15:53:42.926root 11241100x8000000000000000754769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b04b857e2558852021-12-20 15:53:42.926root 11241100x8000000000000000754770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882808afd67092492021-12-20 15:53:42.926root 11241100x8000000000000000754771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343985d5c84156e32021-12-20 15:53:42.927root 11241100x8000000000000000754772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a65075cfa481452021-12-20 15:53:42.927root 11241100x8000000000000000754773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1eaa6d07cc03ca2021-12-20 15:53:42.927root 11241100x8000000000000000754774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8993db267822d7e42021-12-20 15:53:42.927root 11241100x8000000000000000754775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2965eefd2a345b9e2021-12-20 15:53:42.927root 11241100x8000000000000000754776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea594510aa81d42c2021-12-20 15:53:42.927root 11241100x8000000000000000754777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f75cb16708845be2021-12-20 15:53:42.928root 11241100x8000000000000000754778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2e3c920133832f2021-12-20 15:53:42.928root 11241100x8000000000000000754779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a6c1976dae15412021-12-20 15:53:42.928root 11241100x8000000000000000754780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5c7989728e23572021-12-20 15:53:42.928root 11241100x8000000000000000754781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daefcbc8b4e9b302021-12-20 15:53:42.928root 11241100x8000000000000000754782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b60b6c0de99c6612021-12-20 15:53:42.928root 11241100x8000000000000000754783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083eba729e6e38382021-12-20 15:53:42.928root 11241100x8000000000000000754784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd611acc1e67b652021-12-20 15:53:42.929root 11241100x8000000000000000754785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1af38e0a1d2851c2021-12-20 15:53:42.929root 11241100x8000000000000000754786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddca3eff99f49a3c2021-12-20 15:53:42.929root 11241100x8000000000000000754787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf20aecd5f4d0c202021-12-20 15:53:42.929root 11241100x8000000000000000754788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b071d4e784863f2021-12-20 15:53:42.929root 11241100x8000000000000000754789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd9598aa3725baa2021-12-20 15:53:42.929root 11241100x8000000000000000754790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4858a75b68f2f82021-12-20 15:53:42.930root 11241100x8000000000000000754791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77c6b60cc2258692021-12-20 15:53:42.930root 11241100x8000000000000000754792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24ea49556a79fee2021-12-20 15:53:42.932root 11241100x8000000000000000754793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a864b8f4745c38922021-12-20 15:53:42.933root 11241100x8000000000000000754794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e589871a062066592021-12-20 15:53:42.933root 11241100x8000000000000000754795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c17d54f398e085f2021-12-20 15:53:42.933root 11241100x8000000000000000754796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ae686ea8e597b52021-12-20 15:53:42.933root 11241100x8000000000000000754797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288f08a68315c74b2021-12-20 15:53:42.933root 11241100x8000000000000000754798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19038c9229ef5fb2021-12-20 15:53:42.933root 11241100x8000000000000000754799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90b3aa246b99e7c2021-12-20 15:53:42.934root 11241100x8000000000000000754800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12484f5ed0416f92021-12-20 15:53:42.934root 11241100x8000000000000000754801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d67371377d2d6a2021-12-20 15:53:42.934root 11241100x8000000000000000754802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9415cf232050532021-12-20 15:53:42.934root 11241100x8000000000000000754803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72264c3f21889b622021-12-20 15:53:42.934root 11241100x8000000000000000754804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6ca4ef76fd0f712021-12-20 15:53:42.934root 11241100x8000000000000000754805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3134f55ce10dc102021-12-20 15:53:42.934root 11241100x8000000000000000754806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172ae90f8639be3b2021-12-20 15:53:42.934root 11241100x8000000000000000754807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32b350b9d7513502021-12-20 15:53:42.934root 11241100x8000000000000000754808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d5890d1a8a744f2021-12-20 15:53:42.934root 11241100x8000000000000000754809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f7f03b0368ffc02021-12-20 15:53:42.935root 11241100x8000000000000000754810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a23370f1dd56732021-12-20 15:53:42.935root 11241100x8000000000000000754811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2282d790af2dc59a2021-12-20 15:53:42.935root 11241100x8000000000000000754812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4468c2f24205b692021-12-20 15:53:42.935root 11241100x8000000000000000754813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b241963da9ecde02021-12-20 15:53:42.935root 11241100x8000000000000000754814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2df6fde46241662021-12-20 15:53:42.935root 11241100x8000000000000000754815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0163ca84a6386cc2021-12-20 15:53:42.935root 11241100x8000000000000000754816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5eceddec9a993f2021-12-20 15:53:42.935root 11241100x8000000000000000754817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4b483c0da0a8bd2021-12-20 15:53:42.935root 11241100x8000000000000000754818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed212cb17f753eb2021-12-20 15:53:42.935root 11241100x8000000000000000754819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3d488c71c7cc2a2021-12-20 15:53:42.936root 11241100x8000000000000000754820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cc55c110ba3c342021-12-20 15:53:42.936root 11241100x8000000000000000754821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8f73b30b52b0e72021-12-20 15:53:42.936root 11241100x8000000000000000754822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56da10a53980acd82021-12-20 15:53:42.936root 11241100x8000000000000000754823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242dc8b802c84fd92021-12-20 15:53:42.936root 11241100x8000000000000000754824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf010eedf6dc1012021-12-20 15:53:42.936root 11241100x8000000000000000754825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7682d5fd0975305d2021-12-20 15:53:42.936root 11241100x8000000000000000754826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ca96d8a01128202021-12-20 15:53:42.936root 11241100x8000000000000000754827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed44c141871434f2021-12-20 15:53:42.936root 11241100x8000000000000000754828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b039d78aea15c6e02021-12-20 15:53:42.936root 11241100x8000000000000000754829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5634dda2f21a79652021-12-20 15:53:42.936root 11241100x8000000000000000754830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bc3ca02f71a0182021-12-20 15:53:42.936root 11241100x8000000000000000754831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93d77dfe85670362021-12-20 15:53:42.936root 11241100x8000000000000000754832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e18d252e32f69812021-12-20 15:53:42.937root 11241100x8000000000000000754833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58dc3733e3888102021-12-20 15:53:42.937root 11241100x8000000000000000754834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1634cad732825a2021-12-20 15:53:42.937root 11241100x8000000000000000754835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36683cb43cb8b742021-12-20 15:53:42.937root 11241100x8000000000000000754836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c97d04f5704bda2021-12-20 15:53:42.937root 11241100x8000000000000000754837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05911247cf4309912021-12-20 15:53:42.937root 11241100x8000000000000000754838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7e9fe7138214092021-12-20 15:53:42.937root 11241100x8000000000000000754839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f683742c109952021-12-20 15:53:42.937root 11241100x8000000000000000754840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b2f2787b7b5d0b2021-12-20 15:53:42.937root 11241100x8000000000000000754841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2943b62773fc38892021-12-20 15:53:42.938root 11241100x8000000000000000754842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ead91207d13dea2021-12-20 15:53:42.938root 11241100x8000000000000000754843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb75976ff5a47692021-12-20 15:53:42.938root 11241100x8000000000000000754844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea0e0130bb7f43f2021-12-20 15:53:42.938root 11241100x8000000000000000754845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46bee6e58b2a83e2021-12-20 15:53:42.938root 11241100x8000000000000000754846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fcb2773dfd8d242021-12-20 15:53:42.938root 11241100x8000000000000000754847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2445e2c1bf524d422021-12-20 15:53:42.938root 11241100x8000000000000000754848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2b5878667516ab2021-12-20 15:53:42.938root 11241100x8000000000000000754849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d550abb9a2291f62021-12-20 15:53:42.938root 11241100x8000000000000000754850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93a8f13125faf1f2021-12-20 15:53:42.938root 11241100x8000000000000000754851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5802657f194720a2021-12-20 15:53:42.940root 11241100x8000000000000000754852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5ff6da7e4679682021-12-20 15:53:42.940root 11241100x8000000000000000754853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ef87cd960e16f32021-12-20 15:53:42.940root 11241100x8000000000000000754854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903138c543b7c8102021-12-20 15:53:42.940root 11241100x8000000000000000754855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db3e03824452b662021-12-20 15:53:42.940root 11241100x8000000000000000754856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bae34b540f7a612021-12-20 15:53:42.941root 11241100x8000000000000000754857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e62f610260045e62021-12-20 15:53:42.941root 11241100x8000000000000000754858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6aabb4ef872ebe2021-12-20 15:53:42.941root 11241100x8000000000000000754859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b18aea3314e00d2021-12-20 15:53:42.941root 11241100x8000000000000000754860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8388da6db569aeaa2021-12-20 15:53:42.941root 11241100x8000000000000000754861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865d9c7cd9c221c12021-12-20 15:53:42.941root 11241100x8000000000000000754862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4221b7faf0799b2021-12-20 15:53:42.941root 11241100x8000000000000000754863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3d5a3a64be9d752021-12-20 15:53:42.941root 11241100x8000000000000000754864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284b48b30190306e2021-12-20 15:53:42.941root 11241100x8000000000000000754865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3c6b0f607a4be42021-12-20 15:53:42.941root 11241100x8000000000000000754866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b5a73b7d23b3d02021-12-20 15:53:42.942root 11241100x8000000000000000754867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55137973de3e0e7d2021-12-20 15:53:42.942root 11241100x8000000000000000754868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3c897d508fea0a2021-12-20 15:53:42.942root 11241100x8000000000000000754869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92db387521ef8f072021-12-20 15:53:42.942root 11241100x8000000000000000754870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233462432e5427d72021-12-20 15:53:42.942root 11241100x8000000000000000754871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4557128f081219632021-12-20 15:53:42.942root 11241100x8000000000000000754872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b65cb296ed73b622021-12-20 15:53:42.942root 11241100x8000000000000000754873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d8934dc13562602021-12-20 15:53:42.942root 11241100x8000000000000000754874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb9ef8381b5ea6b2021-12-20 15:53:42.942root 11241100x8000000000000000754875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eaca58665a5ed42021-12-20 15:53:42.942root 11241100x8000000000000000754876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a117316b139babfa2021-12-20 15:53:42.942root 11241100x8000000000000000754877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e9cc20634ffdf92021-12-20 15:53:42.943root 11241100x8000000000000000754878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9b572d012fa8272021-12-20 15:53:42.943root 11241100x8000000000000000754879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3832981260262d2021-12-20 15:53:42.943root 11241100x8000000000000000754880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581e98d2a5cf37ac2021-12-20 15:53:42.943root 11241100x8000000000000000754881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f667d8239cbf3eb42021-12-20 15:53:42.943root 11241100x8000000000000000754882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35422e323790d4ec2021-12-20 15:53:42.943root 11241100x8000000000000000754883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082c86c0caba8aa62021-12-20 15:53:42.943root 11241100x8000000000000000754884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e81820bfce84622021-12-20 15:53:42.943root 11241100x8000000000000000754885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b86e183f4580c672021-12-20 15:53:42.943root 11241100x8000000000000000754886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d96a113dc3c9122021-12-20 15:53:42.943root 11241100x8000000000000000754887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af6ad52267871472021-12-20 15:53:42.943root 11241100x8000000000000000754888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36084d1fac019b7f2021-12-20 15:53:42.944root 11241100x8000000000000000754889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e580b3f3145bd8782021-12-20 15:53:42.944root 11241100x8000000000000000754890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb6ec7db3347c782021-12-20 15:53:42.944root 11241100x8000000000000000754891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe4257778079d6c2021-12-20 15:53:42.944root 11241100x8000000000000000754892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded03943e5649c8a2021-12-20 15:53:42.944root 11241100x8000000000000000754893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14e78dffa97bf2a2021-12-20 15:53:42.944root 11241100x8000000000000000754894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e202ee0000ac372021-12-20 15:53:42.944root 11241100x8000000000000000754895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06793fa38de709422021-12-20 15:53:42.946root 11241100x8000000000000000754896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ef42408e77c9532021-12-20 15:53:42.946root 11241100x8000000000000000754897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e7f22f5bdd422b2021-12-20 15:53:42.946root 11241100x8000000000000000754898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562b9906a40a099c2021-12-20 15:53:42.947root 11241100x8000000000000000754899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9685e91f85f773d42021-12-20 15:53:42.947root 11241100x8000000000000000754900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e568c8a76353511e2021-12-20 15:53:42.947root 11241100x8000000000000000754901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d9c270a9abcd182021-12-20 15:53:42.947root 11241100x8000000000000000754902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e6f01a3f2e6262021-12-20 15:53:42.947root 11241100x8000000000000000754903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e2c1c95e9ad2c92021-12-20 15:53:42.947root 11241100x8000000000000000754904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffee7d823fae4bdd2021-12-20 15:53:42.947root 11241100x8000000000000000754905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d08c78e44ffad8a2021-12-20 15:53:42.947root 11241100x8000000000000000754906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee94e1773bc4ee42021-12-20 15:53:42.947root 11241100x8000000000000000754907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965b65dac8993ab72021-12-20 15:53:42.947root 11241100x8000000000000000754908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29942a8183e016e82021-12-20 15:53:42.948root 11241100x8000000000000000754909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8424bd24e4d06382021-12-20 15:53:42.948root 11241100x8000000000000000754910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fc88b3456017a82021-12-20 15:53:42.948root 11241100x8000000000000000754911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e45e450797b3192021-12-20 15:53:42.948root 11241100x8000000000000000754912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b18d192735ea472021-12-20 15:53:42.948root 11241100x8000000000000000754913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2852da1fef864842021-12-20 15:53:42.948root 11241100x8000000000000000754914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2855a2efc78ac72021-12-20 15:53:42.948root 11241100x8000000000000000754915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f03a1de6944bb52021-12-20 15:53:42.948root 11241100x8000000000000000754916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016bb149441e77da2021-12-20 15:53:42.949root 11241100x8000000000000000754917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ba37a01b14edb22021-12-20 15:53:42.949root 11241100x8000000000000000754918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d184d6fdb35d7b12021-12-20 15:53:42.949root 11241100x8000000000000000754919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca84193394e62ef12021-12-20 15:53:42.949root 11241100x8000000000000000754920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ce956fcf0eb2172021-12-20 15:53:42.949root 11241100x8000000000000000754921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3000ffa91f8e3f2021-12-20 15:53:42.949root 11241100x8000000000000000754922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610a1f968ade03be2021-12-20 15:53:42.949root 11241100x8000000000000000754923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc815dbffd630cc2021-12-20 15:53:42.950root 11241100x8000000000000000754924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18b1141072280bc2021-12-20 15:53:42.950root 11241100x8000000000000000754925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aab797b1c1b35022021-12-20 15:53:42.950root 11241100x8000000000000000754926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9f62cbb42fee982021-12-20 15:53:42.950root 11241100x8000000000000000754927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a0d841fbda5cd82021-12-20 15:53:42.950root 11241100x8000000000000000754928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3f8e7f41d2c98a2021-12-20 15:53:42.950root 11241100x8000000000000000754929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7ed2b67023557b2021-12-20 15:53:42.950root 11241100x8000000000000000754930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290ba75cf2f13b7d2021-12-20 15:53:42.950root 11241100x8000000000000000754931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ca03712352a7b92021-12-20 15:53:42.950root 11241100x8000000000000000754932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb2a8e1ea74279a2021-12-20 15:53:42.950root 11241100x8000000000000000754933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f432953ed2b4232021-12-20 15:53:42.951root 11241100x8000000000000000754934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00756f21ce20acfd2021-12-20 15:53:42.951root 11241100x8000000000000000754935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9151f98102bb9b82021-12-20 15:53:42.951root 11241100x8000000000000000754936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da596ad307282ab2021-12-20 15:53:42.951root 11241100x8000000000000000754937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc1666c299578f52021-12-20 15:53:42.951root 11241100x8000000000000000754938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eab7ea52752cfc2021-12-20 15:53:42.951root 11241100x8000000000000000754939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98ef2e20bd94f8b2021-12-20 15:53:42.951root 11241100x8000000000000000754940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4fbc19106149d92021-12-20 15:53:42.951root 11241100x8000000000000000754941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72657af5235dccc82021-12-20 15:53:42.951root 11241100x8000000000000000754942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5246779e272642021-12-20 15:53:42.951root 11241100x8000000000000000754943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d25e076b0c290fb2021-12-20 15:53:42.952root 11241100x8000000000000000754944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d48182729038a052021-12-20 15:53:42.952root 11241100x8000000000000000754945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c38498b0ce3ab02021-12-20 15:53:42.952root 11241100x8000000000000000754946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c84787924896f3d2021-12-20 15:53:42.952root 11241100x8000000000000000754947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429e216959b7d32f2021-12-20 15:53:42.952root 11241100x8000000000000000754948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e4f0082ceb552d2021-12-20 15:53:42.952root 11241100x8000000000000000754949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ef71cfe0b020d52021-12-20 15:53:42.952root 11241100x8000000000000000754950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2f435758f8cc4c2021-12-20 15:53:42.952root 11241100x8000000000000000754951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8932ba5f2150b0bb2021-12-20 15:53:42.952root 11241100x8000000000000000754952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94578ad1583bd3252021-12-20 15:53:42.952root 11241100x8000000000000000754953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e724ee75d796f79d2021-12-20 15:53:42.953root 11241100x8000000000000000754954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc795b3c55032b532021-12-20 15:53:42.953root 11241100x8000000000000000754955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac6ed401ef704f52021-12-20 15:53:42.953root 11241100x8000000000000000754956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dae2c8fba214182021-12-20 15:53:42.953root 11241100x8000000000000000754957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2dcdea886c4f4e2021-12-20 15:53:42.953root 11241100x8000000000000000754958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0edea01a88a1882021-12-20 15:53:42.953root 11241100x8000000000000000754959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f35792722e0b502021-12-20 15:53:42.953root 11241100x8000000000000000754960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8717cf47d5f76132021-12-20 15:53:42.953root 11241100x8000000000000000754961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95da22d001449fc62021-12-20 15:53:42.954root 11241100x8000000000000000754962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655cdf7ce7c461302021-12-20 15:53:42.954root 11241100x8000000000000000754963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db069ed8bd0fdc32021-12-20 15:53:42.954root 11241100x8000000000000000754964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb784b63bff95a002021-12-20 15:53:42.954root 11241100x8000000000000000754965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:42.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eb21ed19b36c392021-12-20 15:53:42.954root 11241100x8000000000000000754966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3f46175c66fec92021-12-20 15:53:43.424root 11241100x8000000000000000754967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d2e08ff6faa90f2021-12-20 15:53:43.424root 11241100x8000000000000000754968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cb1b1ec4cfb76e2021-12-20 15:53:43.424root 11241100x8000000000000000754969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6c60ffd9e640bd2021-12-20 15:53:43.424root 11241100x8000000000000000754970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5728c675c472edad2021-12-20 15:53:43.425root 11241100x8000000000000000754971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539c5507cdeaf3b72021-12-20 15:53:43.425root 11241100x8000000000000000754972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134fb11c5223ed7f2021-12-20 15:53:43.425root 11241100x8000000000000000754973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a3c6fd23b90aa92021-12-20 15:53:43.425root 11241100x8000000000000000754974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2703e61452312d62021-12-20 15:53:43.425root 11241100x8000000000000000754975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9175154866fe7272021-12-20 15:53:43.425root 11241100x8000000000000000754976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f4687a9547dad82021-12-20 15:53:43.425root 11241100x8000000000000000754977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01d52ca2f374d6a2021-12-20 15:53:43.425root 11241100x8000000000000000754978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c35534ab0468e392021-12-20 15:53:43.425root 11241100x8000000000000000754979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fcb75252a2c57a2021-12-20 15:53:43.425root 11241100x8000000000000000754980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbffc93b28aa42882021-12-20 15:53:43.426root 11241100x8000000000000000754981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded30d7d75fa71b42021-12-20 15:53:43.426root 11241100x8000000000000000754982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb89691e80281c632021-12-20 15:53:43.426root 11241100x8000000000000000754983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35423dc70f38e1a02021-12-20 15:53:43.426root 11241100x8000000000000000754984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cf68527d0c55a62021-12-20 15:53:43.426root 11241100x8000000000000000754985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353765cbd8b7f63c2021-12-20 15:53:43.426root 11241100x8000000000000000754986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29980e545cef78522021-12-20 15:53:43.426root 11241100x8000000000000000754987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9c0c6b0fbf27122021-12-20 15:53:43.426root 11241100x8000000000000000754988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0d717390aa9b662021-12-20 15:53:43.426root 11241100x8000000000000000754989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13409f686cf3b2222021-12-20 15:53:43.426root 11241100x8000000000000000754990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be784722a3c3b8a02021-12-20 15:53:43.426root 11241100x8000000000000000754991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ee142be5cb5b712021-12-20 15:53:43.427root 11241100x8000000000000000754992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc29e7fdb04dc2e2021-12-20 15:53:43.427root 11241100x8000000000000000754993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3ffc7dc9d640312021-12-20 15:53:43.427root 11241100x8000000000000000754994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4bedbea4785fb42021-12-20 15:53:43.427root 11241100x8000000000000000754995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d329e43dea49cc602021-12-20 15:53:43.427root 11241100x8000000000000000754996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88b7529f64938b72021-12-20 15:53:43.427root 11241100x8000000000000000754997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4366d81f4c990f702021-12-20 15:53:43.427root 11241100x8000000000000000754998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f6b4f28752acef2021-12-20 15:53:43.427root 11241100x8000000000000000754999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e017668c5c649e272021-12-20 15:53:43.427root 11241100x8000000000000000755000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86d87496626b1c52021-12-20 15:53:43.427root 11241100x8000000000000000755001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c45184ac7d7d3002021-12-20 15:53:43.427root 11241100x8000000000000000755002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dfcf0d3a7cd1122021-12-20 15:53:43.427root 11241100x8000000000000000755003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051f28448d1fa2f82021-12-20 15:53:43.428root 11241100x8000000000000000755004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325a2bc3d7b9ebbc2021-12-20 15:53:43.428root 11241100x8000000000000000755005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e32d667b880c242021-12-20 15:53:43.428root 11241100x8000000000000000755006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbe652f84d7f96f2021-12-20 15:53:43.428root 11241100x8000000000000000755007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0b6b9faff796432021-12-20 15:53:43.428root 11241100x8000000000000000755008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f79163aad9ae4fc2021-12-20 15:53:43.428root 11241100x8000000000000000755009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881daec677155d262021-12-20 15:53:43.429root 11241100x8000000000000000755010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cf962d2499606f2021-12-20 15:53:43.429root 11241100x8000000000000000755011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061371a777e14e842021-12-20 15:53:43.429root 11241100x8000000000000000755012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6446877f62b2f5d02021-12-20 15:53:43.429root 11241100x8000000000000000755013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6450ad08ddded1652021-12-20 15:53:43.429root 11241100x8000000000000000755014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3d7756ab34c3e72021-12-20 15:53:43.429root 11241100x8000000000000000755015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1960c762d92654f42021-12-20 15:53:43.429root 11241100x8000000000000000755016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d6cc03346606452021-12-20 15:53:43.924root 11241100x8000000000000000755017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ee7cb4494fe5052021-12-20 15:53:43.924root 11241100x8000000000000000755018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9fe53667874d092021-12-20 15:53:43.924root 11241100x8000000000000000755019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9256f8e8dffc01112021-12-20 15:53:43.924root 11241100x8000000000000000755020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770e676dd913bec62021-12-20 15:53:43.925root 11241100x8000000000000000755021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dec230a9acf2122021-12-20 15:53:43.925root 11241100x8000000000000000755022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f74ec3d08971e52021-12-20 15:53:43.925root 11241100x8000000000000000755023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bba3f69721eb352021-12-20 15:53:43.925root 11241100x8000000000000000755024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754e8c0b30ec3a522021-12-20 15:53:43.925root 11241100x8000000000000000755025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40887d432ddcf45e2021-12-20 15:53:43.925root 11241100x8000000000000000755026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1e256f69a3a0ad2021-12-20 15:53:43.925root 11241100x8000000000000000755027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c87463b8bf43a22021-12-20 15:53:43.925root 11241100x8000000000000000755028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f993076b12d092f02021-12-20 15:53:43.925root 11241100x8000000000000000755029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd91e9ddbe57e9d02021-12-20 15:53:43.925root 11241100x8000000000000000755030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e949669ddf9de3552021-12-20 15:53:43.925root 11241100x8000000000000000755031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc619bc3e51bc97b2021-12-20 15:53:43.925root 11241100x8000000000000000755032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e549b4c1fdaa7c7a2021-12-20 15:53:43.925root 11241100x8000000000000000755033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0adb6ba42f9be0b2021-12-20 15:53:43.925root 11241100x8000000000000000755034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fc0dfa9e319a772021-12-20 15:53:43.925root 11241100x8000000000000000755035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae74a79932eb1f182021-12-20 15:53:43.925root 11241100x8000000000000000755036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820d5cbb15e65d862021-12-20 15:53:43.926root 11241100x8000000000000000755037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3199283f7dd4782021-12-20 15:53:43.926root 11241100x8000000000000000755038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d2c579e7b1294b2021-12-20 15:53:43.926root 11241100x8000000000000000755039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fc723fbd6d693e2021-12-20 15:53:43.926root 11241100x8000000000000000755040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4beb4b5c10ffd22021-12-20 15:53:43.926root 11241100x8000000000000000755041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a30e31968f222e2021-12-20 15:53:43.926root 11241100x8000000000000000755042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21de81ccaca83bd72021-12-20 15:53:43.926root 11241100x8000000000000000755043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fac9d77d55e8542021-12-20 15:53:43.926root 11241100x8000000000000000755044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f06fb147884bf62021-12-20 15:53:43.926root 11241100x8000000000000000755045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf438763ba0270642021-12-20 15:53:43.926root 11241100x8000000000000000755046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785c90c95b3ef1342021-12-20 15:53:43.926root 11241100x8000000000000000755047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f3cc58dab997352021-12-20 15:53:43.926root 11241100x8000000000000000755048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526a6a656cfc1c342021-12-20 15:53:43.926root 11241100x8000000000000000755049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161e012d261790372021-12-20 15:53:43.926root 11241100x8000000000000000755050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf27b14946a8beff2021-12-20 15:53:43.926root 11241100x8000000000000000755051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f4dc09ad0a660a2021-12-20 15:53:43.926root 11241100x8000000000000000755052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26979896bf5323f32021-12-20 15:53:43.927root 11241100x8000000000000000755053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6155b47cb30d78922021-12-20 15:53:43.927root 11241100x8000000000000000755054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d67a3db268875d2021-12-20 15:53:43.927root 11241100x8000000000000000755055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9feb519d0ea8f72021-12-20 15:53:43.927root 11241100x8000000000000000755056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3130beffc8e33dd2021-12-20 15:53:43.927root 11241100x8000000000000000755057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412a8d1abebd6d772021-12-20 15:53:43.927root 11241100x8000000000000000755058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a79e6ffe227f642021-12-20 15:53:43.927root 11241100x8000000000000000755059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35511a38d10dd162021-12-20 15:53:43.927root 11241100x8000000000000000755060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82636eb562d3ff0b2021-12-20 15:53:43.927root 11241100x8000000000000000755061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa055519b3d434ff2021-12-20 15:53:43.927root 11241100x8000000000000000755062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8620245fd498db522021-12-20 15:53:43.927root 11241100x8000000000000000755063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b695ab6f7a25cc32021-12-20 15:53:43.928root 11241100x8000000000000000755064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28923ed2899cdfc2021-12-20 15:53:43.928root 11241100x8000000000000000755065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b103451e91eff3512021-12-20 15:53:43.928root 11241100x8000000000000000755066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79fd7df636ed0012021-12-20 15:53:43.928root 11241100x8000000000000000755067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca8ce503ef31adf2021-12-20 15:53:43.928root 11241100x8000000000000000755068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114683053f0bb7982021-12-20 15:53:43.928root 11241100x8000000000000000755069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770ef05ec071b5c32021-12-20 15:53:43.928root 11241100x8000000000000000755070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c6f4cde3ecda12021-12-20 15:53:43.928root 11241100x8000000000000000755071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98abab247e77b6a72021-12-20 15:53:43.929root 11241100x8000000000000000755072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea370a0075fc1da2021-12-20 15:53:44.424root 11241100x8000000000000000755073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6546b6728afe61b62021-12-20 15:53:44.424root 11241100x8000000000000000755074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18f0018d337c18a2021-12-20 15:53:44.425root 11241100x8000000000000000755075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab5b14c962f13d82021-12-20 15:53:44.425root 11241100x8000000000000000755076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff75f9a19a3f08a2021-12-20 15:53:44.425root 11241100x8000000000000000755077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524990ba6c460d8f2021-12-20 15:53:44.425root 11241100x8000000000000000755078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba364952e33e34f22021-12-20 15:53:44.425root 11241100x8000000000000000755079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8670af48b37be14c2021-12-20 15:53:44.425root 11241100x8000000000000000755080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa77f30285e527d2021-12-20 15:53:44.425root 11241100x8000000000000000755081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dff1c940dee497f2021-12-20 15:53:44.425root 11241100x8000000000000000755082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89930b344c0ee5d32021-12-20 15:53:44.425root 11241100x8000000000000000755083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd87e83917c33e612021-12-20 15:53:44.425root 11241100x8000000000000000755084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db290e51b9f499642021-12-20 15:53:44.425root 11241100x8000000000000000755085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2ff236dff02a0b2021-12-20 15:53:44.425root 11241100x8000000000000000755086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18267ec2982538092021-12-20 15:53:44.426root 11241100x8000000000000000755087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755860871da8579e2021-12-20 15:53:44.426root 11241100x8000000000000000755088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0334dc054bc0322021-12-20 15:53:44.426root 11241100x8000000000000000755089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea00be5aca68f4b82021-12-20 15:53:44.426root 11241100x8000000000000000755090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7c17bb4f3385952021-12-20 15:53:44.426root 11241100x8000000000000000755091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41f3b637a7de5512021-12-20 15:53:44.426root 11241100x8000000000000000755092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396e6f1b495daf662021-12-20 15:53:44.426root 11241100x8000000000000000755093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2990ae3a4ac8c82021-12-20 15:53:44.426root 11241100x8000000000000000755094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e25447848e3955d2021-12-20 15:53:44.426root 11241100x8000000000000000755095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e415bc540588c52021-12-20 15:53:44.426root 11241100x8000000000000000755096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf78db72a7a103d52021-12-20 15:53:44.426root 11241100x8000000000000000755097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e799c1fc0ed60e0c2021-12-20 15:53:44.427root 11241100x8000000000000000755098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48e02bbadcb6e3a2021-12-20 15:53:44.427root 11241100x8000000000000000755099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89b9f773020b9792021-12-20 15:53:44.427root 11241100x8000000000000000755100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f3ec96f4199ac52021-12-20 15:53:44.427root 11241100x8000000000000000755101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9963803afabe1492021-12-20 15:53:44.427root 11241100x8000000000000000755102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f4ebb9c05743012021-12-20 15:53:44.427root 11241100x8000000000000000755103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cff5595138c49bc2021-12-20 15:53:44.427root 11241100x8000000000000000755104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c1d46d5cfdbe832021-12-20 15:53:44.427root 11241100x8000000000000000755105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927a1f70d4c549d32021-12-20 15:53:44.427root 11241100x8000000000000000755106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5086c55f1143c2282021-12-20 15:53:44.428root 11241100x8000000000000000755107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e293489f5c3e852021-12-20 15:53:44.428root 11241100x8000000000000000755108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e3b89e5cc758b02021-12-20 15:53:44.428root 11241100x8000000000000000755109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df78cdcf342cc5c82021-12-20 15:53:44.428root 11241100x8000000000000000755110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba93083d46e2f9c2021-12-20 15:53:44.428root 11241100x8000000000000000755111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f5974f3b8477732021-12-20 15:53:44.428root 11241100x8000000000000000755112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4c1089f2a79cc22021-12-20 15:53:44.428root 11241100x8000000000000000755113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee86fc936d6a02b2021-12-20 15:53:44.428root 11241100x8000000000000000755114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc63fde14365ebf42021-12-20 15:53:44.428root 11241100x8000000000000000755115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0828ff47e9eaf52021-12-20 15:53:44.428root 11241100x8000000000000000755116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205bc2732eaec4b22021-12-20 15:53:44.428root 11241100x8000000000000000755117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1047d0f9167e6eae2021-12-20 15:53:44.428root 11241100x8000000000000000755118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e610e15554348a4c2021-12-20 15:53:44.429root 11241100x8000000000000000755119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3efaaa0e05407d2021-12-20 15:53:44.429root 11241100x8000000000000000755120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ac9e8cf51cccc12021-12-20 15:53:44.429root 11241100x8000000000000000755121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e7ef476ebfe7482021-12-20 15:53:44.429root 11241100x8000000000000000755122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95828a3a893682852021-12-20 15:53:44.429root 11241100x8000000000000000755123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c53101332cca262021-12-20 15:53:44.429root 11241100x8000000000000000755124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596372e5d0020f192021-12-20 15:53:44.429root 11241100x8000000000000000755125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55e377318a04f612021-12-20 15:53:44.429root 11241100x8000000000000000755126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7d9d4f83d4f8982021-12-20 15:53:44.429root 11241100x8000000000000000755127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b93f6c087799ff92021-12-20 15:53:44.429root 11241100x8000000000000000755128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b995e8baa91a67f72021-12-20 15:53:44.429root 11241100x8000000000000000755129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5826a38bb37ba08d2021-12-20 15:53:44.429root 11241100x8000000000000000755130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4090ae72e9b9c1342021-12-20 15:53:44.430root 11241100x8000000000000000755131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789a8b97783584112021-12-20 15:53:44.924root 11241100x8000000000000000755132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b08217a4ae97a22021-12-20 15:53:44.924root 11241100x8000000000000000755133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1b98abac4779ff2021-12-20 15:53:44.924root 11241100x8000000000000000755134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22082216f09075c2021-12-20 15:53:44.924root 11241100x8000000000000000755135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade16acfc86f18842021-12-20 15:53:44.924root 11241100x8000000000000000755136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615a72082654c7d72021-12-20 15:53:44.924root 11241100x8000000000000000755137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32544a4ecc6bb7b2021-12-20 15:53:44.925root 11241100x8000000000000000755138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bfdb7e0c3828472021-12-20 15:53:44.925root 11241100x8000000000000000755139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4892e0ec7da56b332021-12-20 15:53:44.925root 11241100x8000000000000000755140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755c9f6ff90486082021-12-20 15:53:44.925root 11241100x8000000000000000755141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5e0fa8f1fcdae82021-12-20 15:53:44.925root 11241100x8000000000000000755142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a731a3ced6006f12021-12-20 15:53:44.925root 11241100x8000000000000000755143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f556184ff2cf0c2021-12-20 15:53:44.925root 11241100x8000000000000000755144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0105a16045ab3b2021-12-20 15:53:44.925root 11241100x8000000000000000755145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686b4af47f5c885a2021-12-20 15:53:44.925root 11241100x8000000000000000755146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f4a01474d872cd2021-12-20 15:53:44.926root 11241100x8000000000000000755147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a0516648e3e4342021-12-20 15:53:44.926root 11241100x8000000000000000755148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb5a85140152e342021-12-20 15:53:44.926root 11241100x8000000000000000755149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3edabfd15be1482021-12-20 15:53:44.926root 11241100x8000000000000000755150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be9b1269c2ba4ec2021-12-20 15:53:44.926root 11241100x8000000000000000755151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2c4736d184080f2021-12-20 15:53:44.926root 11241100x8000000000000000755152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8430b765eb85232021-12-20 15:53:44.926root 11241100x8000000000000000755153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a034e92d0cb7ae302021-12-20 15:53:44.927root 11241100x8000000000000000755154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493275956681d78e2021-12-20 15:53:44.927root 11241100x8000000000000000755155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833abb9994ed5d6e2021-12-20 15:53:44.927root 11241100x8000000000000000755156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7f7be60e577ab72021-12-20 15:53:44.927root 11241100x8000000000000000755157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a3fd426119f4972021-12-20 15:53:44.927root 11241100x8000000000000000755158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82e385abf8884772021-12-20 15:53:44.928root 11241100x8000000000000000755159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc308b836cead1b2021-12-20 15:53:44.928root 11241100x8000000000000000755160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b775fe7fbc5ace2021-12-20 15:53:44.928root 11241100x8000000000000000755161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89a5ff83ea3c5412021-12-20 15:53:44.928root 11241100x8000000000000000755162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ef9f1e4d399d772021-12-20 15:53:44.931root 11241100x8000000000000000755163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99094031f10c9462021-12-20 15:53:44.932root 11241100x8000000000000000755164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98da24fc1eb38eb2021-12-20 15:53:44.932root 11241100x8000000000000000755165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5714082460447bc72021-12-20 15:53:44.932root 11241100x8000000000000000755166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b653703ef1300ba22021-12-20 15:53:44.932root 11241100x8000000000000000755167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e0cdbcb1108b5e2021-12-20 15:53:44.932root 11241100x8000000000000000755168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103ffd22632d90c82021-12-20 15:53:44.932root 11241100x8000000000000000755169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91abc5bb348ce6672021-12-20 15:53:44.932root 11241100x8000000000000000755170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28b74fc6303c8e12021-12-20 15:53:44.932root 11241100x8000000000000000755171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d2423e3cb4a7832021-12-20 15:53:44.932root 11241100x8000000000000000755172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d063a88c59cf632021-12-20 15:53:44.933root 11241100x8000000000000000755173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a2d8baf7841e062021-12-20 15:53:44.933root 11241100x8000000000000000755174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b0a13fe294e7f22021-12-20 15:53:44.933root 11241100x8000000000000000755175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe86449099299932021-12-20 15:53:44.933root 11241100x8000000000000000755176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3518b3b78343d2f72021-12-20 15:53:44.933root 11241100x8000000000000000755177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8edf395b35f04e2021-12-20 15:53:44.933root 11241100x8000000000000000755178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817f0e1c2a8cbd542021-12-20 15:53:44.933root 11241100x8000000000000000755179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c06506f48a817f32021-12-20 15:53:44.933root 11241100x8000000000000000755180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1fd36e3ac9afd22021-12-20 15:53:44.933root 11241100x8000000000000000755181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce4bc92cc0201372021-12-20 15:53:44.933root 11241100x8000000000000000755182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f66d320aa45bcb2021-12-20 15:53:44.933root 11241100x8000000000000000755183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f214f200fea75502021-12-20 15:53:44.934root 11241100x8000000000000000755184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c050f5bc7daa04a42021-12-20 15:53:44.934root 11241100x8000000000000000755185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c28bb463d4806c62021-12-20 15:53:44.934root 11241100x8000000000000000755186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3194ece521839b8c2021-12-20 15:53:44.934root 11241100x8000000000000000755187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a6d3d1816bc7ed2021-12-20 15:53:44.934root 11241100x8000000000000000755188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9924baede3db31a2021-12-20 15:53:44.934root 11241100x8000000000000000755189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd593a5fd4a628a2021-12-20 15:53:44.934root 11241100x8000000000000000755190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac5395eb65d57302021-12-20 15:53:44.934root 11241100x8000000000000000755191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743b586e360f7f7a2021-12-20 15:53:44.934root 11241100x8000000000000000755192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b5fed4f652b8782021-12-20 15:53:44.934root 11241100x8000000000000000755193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:44.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8c99e32145229e2021-12-20 15:53:44.935root 11241100x8000000000000000755194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab22100918aa53b2021-12-20 15:53:45.425root 11241100x8000000000000000755195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afc34cead137e1f2021-12-20 15:53:45.426root 11241100x8000000000000000755196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af01de868cdcf2d32021-12-20 15:53:45.426root 11241100x8000000000000000755197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ac05ea306eb192021-12-20 15:53:45.426root 11241100x8000000000000000755198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a0976ea2cca24f2021-12-20 15:53:45.426root 11241100x8000000000000000755199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa03d6e891cb76b2021-12-20 15:53:45.427root 11241100x8000000000000000755200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2b23a443ae84602021-12-20 15:53:45.427root 11241100x8000000000000000755201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97df6567bd11afe82021-12-20 15:53:45.427root 11241100x8000000000000000755202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d44fc293b906e9c2021-12-20 15:53:45.427root 11241100x8000000000000000755203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211451546c1bfaea2021-12-20 15:53:45.428root 11241100x8000000000000000755204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb6089e9b176e2b2021-12-20 15:53:45.428root 11241100x8000000000000000755205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4266a495a467a1f2021-12-20 15:53:45.428root 11241100x8000000000000000755206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57533d0aba58f1c62021-12-20 15:53:45.428root 11241100x8000000000000000755207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479d3e2054ee68152021-12-20 15:53:45.428root 11241100x8000000000000000755208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3924c70bcc06aa2021-12-20 15:53:45.429root 11241100x8000000000000000755209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e9acbe03141f602021-12-20 15:53:45.429root 11241100x8000000000000000755210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645b2b9903fc9d6c2021-12-20 15:53:45.429root 11241100x8000000000000000755211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c027f700ac8d4c2d2021-12-20 15:53:45.429root 11241100x8000000000000000755212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47303917dbd83db2021-12-20 15:53:45.429root 11241100x8000000000000000755213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e657700fa8cd82892021-12-20 15:53:45.429root 11241100x8000000000000000755214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229da8c703f51ecd2021-12-20 15:53:45.433root 11241100x8000000000000000755215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c218553a9b042652021-12-20 15:53:45.433root 11241100x8000000000000000755216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483b3acab42039eb2021-12-20 15:53:45.433root 11241100x8000000000000000755217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bde4fada933024b2021-12-20 15:53:45.433root 11241100x8000000000000000755218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c601dd97a226aeb2021-12-20 15:53:45.433root 11241100x8000000000000000755219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85bb64e37fe603b2021-12-20 15:53:45.433root 11241100x8000000000000000755220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3c89a78ae140262021-12-20 15:53:45.433root 11241100x8000000000000000755221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daac82b4f2e13452021-12-20 15:53:45.434root 11241100x8000000000000000755222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9459f7656944e42021-12-20 15:53:45.434root 11241100x8000000000000000755223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24374133b9dbfb6e2021-12-20 15:53:45.434root 11241100x8000000000000000755224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75d558ee2a605242021-12-20 15:53:45.434root 11241100x8000000000000000755225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0a32fcf2b84c012021-12-20 15:53:45.434root 11241100x8000000000000000755226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b181fe55d32269352021-12-20 15:53:45.434root 11241100x8000000000000000755227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f202c0f744585c62021-12-20 15:53:45.434root 11241100x8000000000000000755228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10849040061aa5182021-12-20 15:53:45.434root 11241100x8000000000000000755229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6999985cd976ecfe2021-12-20 15:53:45.434root 11241100x8000000000000000755230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6dc4a0be097b912021-12-20 15:53:45.435root 11241100x8000000000000000755231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b0000f69e2a8d92021-12-20 15:53:45.435root 11241100x8000000000000000755232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fef8e9fdcbd7ef92021-12-20 15:53:45.435root 11241100x8000000000000000755233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ec005be60211b72021-12-20 15:53:45.435root 11241100x8000000000000000755234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2104e3fa36a57852021-12-20 15:53:45.435root 11241100x8000000000000000755235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f5d6356b0bf7382021-12-20 15:53:45.435root 11241100x8000000000000000755236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d32aababcda1022021-12-20 15:53:45.435root 11241100x8000000000000000755237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15705729ac985312021-12-20 15:53:45.435root 11241100x8000000000000000755238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0d01fd7b308f5f2021-12-20 15:53:45.435root 11241100x8000000000000000755239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9e414f9290b37a2021-12-20 15:53:45.436root 11241100x8000000000000000755240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc1bcbd2953be3e2021-12-20 15:53:45.924root 11241100x8000000000000000755241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e98a76edf0ef112021-12-20 15:53:45.924root 11241100x8000000000000000755242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d1cb83410258e02021-12-20 15:53:45.924root 11241100x8000000000000000755243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac3afbb82e8ecc32021-12-20 15:53:45.924root 11241100x8000000000000000755244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef7af0760bc4e082021-12-20 15:53:45.925root 11241100x8000000000000000755245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c672c159d3065082021-12-20 15:53:45.925root 11241100x8000000000000000755246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d9fc008154c5e82021-12-20 15:53:45.925root 11241100x8000000000000000755247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eb3ef82291d4d92021-12-20 15:53:45.925root 11241100x8000000000000000755248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea120439e2d900fe2021-12-20 15:53:45.925root 11241100x8000000000000000755249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439c613324e324652021-12-20 15:53:45.925root 11241100x8000000000000000755250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412a0870e7bb14d12021-12-20 15:53:45.925root 11241100x8000000000000000755251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc534f015ba5a9722021-12-20 15:53:45.925root 11241100x8000000000000000755252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a019e654f41f1c2021-12-20 15:53:45.925root 11241100x8000000000000000755253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e20db49fc155c1a2021-12-20 15:53:45.925root 11241100x8000000000000000755254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecfea5033c4a1b92021-12-20 15:53:45.925root 11241100x8000000000000000755255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ae3b67a649e6e12021-12-20 15:53:45.926root 11241100x8000000000000000755256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aa8ea03c6110392021-12-20 15:53:45.926root 11241100x8000000000000000755257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef61e43bc548aba42021-12-20 15:53:45.927root 11241100x8000000000000000755258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab0f2a830a5a7d32021-12-20 15:53:45.927root 11241100x8000000000000000755259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f97ca66718112212021-12-20 15:53:45.928root 11241100x8000000000000000755260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa42e4530ae897602021-12-20 15:53:45.928root 11241100x8000000000000000755261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f631dce84283ff72021-12-20 15:53:45.928root 11241100x8000000000000000755262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc842a4698d20cee2021-12-20 15:53:45.928root 11241100x8000000000000000755263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb883e20f69bc2172021-12-20 15:53:45.928root 11241100x8000000000000000755264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa7dbf12b8aa90f2021-12-20 15:53:45.928root 11241100x8000000000000000755265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1306c999388116892021-12-20 15:53:45.930root 11241100x8000000000000000755266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cc1ed37a4c00342021-12-20 15:53:45.930root 11241100x8000000000000000755267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2448974d226408a2021-12-20 15:53:45.930root 11241100x8000000000000000755268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe812b60ebb3d8d02021-12-20 15:53:45.930root 11241100x8000000000000000755269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:53:45.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45335010639e98fb2021-12-20 15:53:45.930root 354300x8000000000000000755321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:03.018{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51344-false10.0.1.12-8000- 11241100x8000000000000000755322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1178dacb8b220fbc2021-12-20 15:54:03.424root 11241100x8000000000000000755323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:03.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b862f0b8f4b846832021-12-20 15:54:03.923root 11241100x8000000000000000755324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:04.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3372348d7a0b792021-12-20 15:54:04.423root 11241100x8000000000000000755325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:04.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86c298c8cec318c2021-12-20 15:54:04.923root 11241100x8000000000000000755326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:05.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926f286a7c4661922021-12-20 15:54:05.423root 11241100x8000000000000000755327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:05.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34ad44d67bdf2a62021-12-20 15:54:05.923root 11241100x8000000000000000755328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:06.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:54:06.069root 11241100x8000000000000000755329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010c8d565b3a7b802021-12-20 15:54:06.424root 11241100x8000000000000000755330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39554bcaea3f49932021-12-20 15:54:06.424root 11241100x8000000000000000755331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2799c661dc783bd2021-12-20 15:54:06.924root 11241100x8000000000000000755332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5612ca72576da5a2021-12-20 15:54:06.924root 11241100x8000000000000000755333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae37964f3a1a1c22021-12-20 15:54:07.424root 11241100x8000000000000000755334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3ebc5e854cf06b2021-12-20 15:54:07.424root 11241100x8000000000000000755335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676f7fdfffc47fa92021-12-20 15:54:07.924root 11241100x8000000000000000755336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d767561f6d5416d52021-12-20 15:54:07.924root 354300x8000000000000000755337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:08.043{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51346-false10.0.1.12-8000- 11241100x8000000000000000755338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8ffba3dbf8cbda2021-12-20 15:54:08.424root 11241100x8000000000000000755339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2ceaacaa3d7ec02021-12-20 15:54:08.424root 11241100x8000000000000000755340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63d5a1f7481eb2e2021-12-20 15:54:08.424root 11241100x8000000000000000755341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6352564aac5f85952021-12-20 15:54:08.924root 11241100x8000000000000000755342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b7912159b514bb2021-12-20 15:54:08.924root 11241100x8000000000000000755343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4d5bc1459929882021-12-20 15:54:08.924root 23542300x8000000000000000755344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:09.060{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000755345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062f3ade86f822c22021-12-20 15:54:09.424root 11241100x8000000000000000755346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced000d33864b9a72021-12-20 15:54:09.424root 11241100x8000000000000000755347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f1405986e1b9fb2021-12-20 15:54:09.424root 11241100x8000000000000000755348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e3d239293989542021-12-20 15:54:09.424root 11241100x8000000000000000755349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819c9cd1bb9538cc2021-12-20 15:54:09.924root 11241100x8000000000000000755350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62910cdad76b4a92021-12-20 15:54:09.924root 11241100x8000000000000000755351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e234b839d670432021-12-20 15:54:09.924root 11241100x8000000000000000755352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e719a0596ff6509a2021-12-20 15:54:09.924root 11241100x8000000000000000755353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce038a62628b1422021-12-20 15:54:10.424root 11241100x8000000000000000755354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9062cf862b522d252021-12-20 15:54:10.424root 11241100x8000000000000000755355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04b150199f69f732021-12-20 15:54:10.424root 11241100x8000000000000000755356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f18d1734d9f6f42021-12-20 15:54:10.424root 11241100x8000000000000000755357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea20bf1d17a768892021-12-20 15:54:10.924root 11241100x8000000000000000755358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f997ae23f7b38bba2021-12-20 15:54:10.924root 11241100x8000000000000000755359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02802045d3909c72021-12-20 15:54:10.924root 11241100x8000000000000000755360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1d08d896bb54782021-12-20 15:54:10.924root 11241100x8000000000000000755361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0a12f0e8d6e7252021-12-20 15:54:11.424root 11241100x8000000000000000755362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0e9080ee8645df2021-12-20 15:54:11.424root 11241100x8000000000000000755363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adbadc03179644e2021-12-20 15:54:11.424root 11241100x8000000000000000755364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31e3ce41fd70ef92021-12-20 15:54:11.424root 11241100x8000000000000000755365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b8b0c1bde3fbc92021-12-20 15:54:11.924root 11241100x8000000000000000755366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba44e0522dce20d2021-12-20 15:54:11.924root 11241100x8000000000000000755367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adca105e40b190aa2021-12-20 15:54:11.924root 11241100x8000000000000000755368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f39c5030a16a162021-12-20 15:54:11.924root 154100x8000000000000000755369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.245{ec2c97d1-a724-61c0-6864-1831e8550000}10203/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000755370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.246{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d10ba7b43a7fa62021-12-20 15:54:12.246root 11241100x8000000000000000755371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.246{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af157bb10f423452021-12-20 15:54:12.246root 11241100x8000000000000000755372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.246{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcb1c4d5ea224942021-12-20 15:54:12.246root 11241100x8000000000000000755373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.246{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adec4d1a8e64795f2021-12-20 15:54:12.246root 11241100x8000000000000000755374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.246{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fd3ce0fb647be42021-12-20 15:54:12.246root 534500x8000000000000000755375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.257{ec2c97d1-a724-61c0-6864-1831e8550000}10203/bin/psroot 11241100x8000000000000000755376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3a5766b28ed8b52021-12-20 15:54:12.674root 11241100x8000000000000000755377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec2c7546f4de7cd2021-12-20 15:54:12.674root 11241100x8000000000000000755378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5683e2b53c8d0c572021-12-20 15:54:12.674root 11241100x8000000000000000755379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e6b968031e970e2021-12-20 15:54:12.674root 11241100x8000000000000000755380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c0ff9cdc5cb97f2021-12-20 15:54:12.675root 11241100x8000000000000000755381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:12.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4577b06975688ab2021-12-20 15:54:12.675root 11241100x8000000000000000755382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239eca0b53de6a852021-12-20 15:54:13.174root 11241100x8000000000000000755383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813b2b89d5f3f47c2021-12-20 15:54:13.174root 11241100x8000000000000000755384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65d6081967575f42021-12-20 15:54:13.174root 11241100x8000000000000000755385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2dc35fb2929c8e2021-12-20 15:54:13.174root 11241100x8000000000000000755386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cb811d3ef765cc2021-12-20 15:54:13.174root 11241100x8000000000000000755387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38d03c435ab5f2c2021-12-20 15:54:13.175root 11241100x8000000000000000755388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20e38dc9ea0fed22021-12-20 15:54:13.674root 11241100x8000000000000000755389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f4e7d15b6420e92021-12-20 15:54:13.674root 11241100x8000000000000000755390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366d9eaaa9d56bf62021-12-20 15:54:13.674root 11241100x8000000000000000755391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf211bc7b54f6ba2021-12-20 15:54:13.674root 11241100x8000000000000000755392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175523d9f9eb31602021-12-20 15:54:13.674root 11241100x8000000000000000755393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fda033a4bf480db2021-12-20 15:54:13.674root 354300x8000000000000000755394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.041{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51348-false10.0.1.12-8000- 11241100x8000000000000000755395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f2fe98308931c52021-12-20 15:54:14.041root 11241100x8000000000000000755396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4555beb943f1885b2021-12-20 15:54:14.042root 11241100x8000000000000000755397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a952cb93b13a7232021-12-20 15:54:14.042root 11241100x8000000000000000755398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e658d65b8b18fa2021-12-20 15:54:14.042root 11241100x8000000000000000755399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755c1e7d4216f6712021-12-20 15:54:14.042root 11241100x8000000000000000755400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d32179c9824d492021-12-20 15:54:14.042root 11241100x8000000000000000755401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d637cda3d0387a872021-12-20 15:54:14.042root 11241100x8000000000000000755402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1616ee04f22f6d7f2021-12-20 15:54:14.424root 11241100x8000000000000000755403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02269cfc7fb162d2021-12-20 15:54:14.424root 11241100x8000000000000000755404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6696a2af5dcc4a82021-12-20 15:54:14.424root 11241100x8000000000000000755405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913a4f0b74ff4f9f2021-12-20 15:54:14.424root 11241100x8000000000000000755406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def9c5186490aca52021-12-20 15:54:14.424root 11241100x8000000000000000755407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d6c271c22f647d2021-12-20 15:54:14.424root 11241100x8000000000000000755408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c624737e4d930b32021-12-20 15:54:14.424root 11241100x8000000000000000755409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c6f168826d7ada2021-12-20 15:54:14.924root 11241100x8000000000000000755410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c590ad219edbb982021-12-20 15:54:14.924root 11241100x8000000000000000755411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c7f2b154bca7e22021-12-20 15:54:14.924root 11241100x8000000000000000755412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9844a847ae8f2292021-12-20 15:54:14.924root 11241100x8000000000000000755413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b092d0fc4671a6ba2021-12-20 15:54:14.924root 11241100x8000000000000000755414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb4cdb5bfce55442021-12-20 15:54:14.924root 11241100x8000000000000000755415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3386a1df608f0e2021-12-20 15:54:14.925root 11241100x8000000000000000755416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcbbc7410dfbb892021-12-20 15:54:14.925root 11241100x8000000000000000755417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f386db414fdd5132021-12-20 15:54:14.925root 11241100x8000000000000000755418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceef8e8a464c4e252021-12-20 15:54:15.424root 11241100x8000000000000000755419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40be79b5d625d1ef2021-12-20 15:54:15.424root 11241100x8000000000000000755420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbdde755176e2c62021-12-20 15:54:15.424root 11241100x8000000000000000755421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9022f74489ce49ff2021-12-20 15:54:15.424root 11241100x8000000000000000755422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c5a7d267c85f7e2021-12-20 15:54:15.424root 11241100x8000000000000000755423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b880db94b3dccd2021-12-20 15:54:15.424root 11241100x8000000000000000755424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b215620bd74add2021-12-20 15:54:15.425root 11241100x8000000000000000755425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c3b513b72e209f2021-12-20 15:54:15.924root 11241100x8000000000000000755426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ce0ca3a0739e972021-12-20 15:54:15.924root 11241100x8000000000000000755427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e27beaccdb5b0b2021-12-20 15:54:15.924root 11241100x8000000000000000755428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af76aacb089599272021-12-20 15:54:15.924root 11241100x8000000000000000755429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34904dbf57958a0b2021-12-20 15:54:15.924root 11241100x8000000000000000755430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0760e93c77caf2fc2021-12-20 15:54:15.925root 11241100x8000000000000000755431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aba64d3c95ac3352021-12-20 15:54:15.925root 11241100x8000000000000000755432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a309112ba92393162021-12-20 15:54:16.424root 11241100x8000000000000000755433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bd036b4055e0722021-12-20 15:54:16.424root 11241100x8000000000000000755434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9317ad1412e26c32021-12-20 15:54:16.424root 11241100x8000000000000000755435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710498b70adb3f572021-12-20 15:54:16.424root 11241100x8000000000000000755436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccda840ab8504d552021-12-20 15:54:16.424root 11241100x8000000000000000755437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245a39de03e8945d2021-12-20 15:54:16.424root 11241100x8000000000000000755438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4c528e743f6a462021-12-20 15:54:16.424root 11241100x8000000000000000755439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25c253a1128cc072021-12-20 15:54:16.924root 11241100x8000000000000000755440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe22d1ff0e5e4da22021-12-20 15:54:16.924root 11241100x8000000000000000755441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e46fc5d69c66ad02021-12-20 15:54:16.924root 11241100x8000000000000000755442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e885fb7238e06fc72021-12-20 15:54:16.924root 11241100x8000000000000000755443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a2f4a9f62b66952021-12-20 15:54:16.924root 11241100x8000000000000000755444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34eb76211ce1aaa12021-12-20 15:54:16.924root 11241100x8000000000000000755445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cf4a13d0ee82f92021-12-20 15:54:16.924root 11241100x8000000000000000755446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3f97132b8cc8402021-12-20 15:54:17.424root 11241100x8000000000000000755447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2750cfe25569c922021-12-20 15:54:17.424root 11241100x8000000000000000755448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be846569ae46f97b2021-12-20 15:54:17.424root 11241100x8000000000000000755449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dbba3a8841d3192021-12-20 15:54:17.424root 11241100x8000000000000000755450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebceab2f31f4d8352021-12-20 15:54:17.424root 11241100x8000000000000000755451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ddb7045462a17f2021-12-20 15:54:17.425root 11241100x8000000000000000755452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618db587b4075b972021-12-20 15:54:17.425root 11241100x8000000000000000755453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544df0a3d749f9512021-12-20 15:54:17.924root 11241100x8000000000000000755454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc06aae179c2b5b52021-12-20 15:54:17.924root 11241100x8000000000000000755455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca83d68c703c808d2021-12-20 15:54:17.924root 11241100x8000000000000000755456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0615a409fe3483a2021-12-20 15:54:17.924root 11241100x8000000000000000755457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a732b347b111f32021-12-20 15:54:17.924root 11241100x8000000000000000755458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3a2c3c0a430cfb2021-12-20 15:54:17.924root 11241100x8000000000000000755459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be76b4c893455332021-12-20 15:54:17.925root 11241100x8000000000000000755460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6f814b407694992021-12-20 15:54:18.424root 11241100x8000000000000000755461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a0781546a04a9c2021-12-20 15:54:18.424root 11241100x8000000000000000755462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff875febbc2a703e2021-12-20 15:54:18.424root 11241100x8000000000000000755463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ecfe99c8b935422021-12-20 15:54:18.424root 11241100x8000000000000000755464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bd8ea229c6332c2021-12-20 15:54:18.424root 11241100x8000000000000000755465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec578b5627fd1d982021-12-20 15:54:18.424root 11241100x8000000000000000755466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5727d7420fc50c462021-12-20 15:54:18.424root 11241100x8000000000000000755467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c3aabbe922f0552021-12-20 15:54:18.924root 11241100x8000000000000000755468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dff813a781c0492021-12-20 15:54:18.924root 11241100x8000000000000000755469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d19306acc1fa19a2021-12-20 15:54:18.924root 11241100x8000000000000000755470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde9d8d26e0143392021-12-20 15:54:18.924root 11241100x8000000000000000755471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6556375b386684ec2021-12-20 15:54:18.924root 11241100x8000000000000000755472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ac10eefc687d212021-12-20 15:54:18.924root 11241100x8000000000000000755473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8851a199d7cbda2021-12-20 15:54:18.924root 11241100x8000000000000000755474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a699aa360266d25c2021-12-20 15:54:19.424root 11241100x8000000000000000755475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48e76df4135bca62021-12-20 15:54:19.424root 11241100x8000000000000000755476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219c622dfdb58cfa2021-12-20 15:54:19.424root 11241100x8000000000000000755477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3259b45a9cca1a4b2021-12-20 15:54:19.424root 11241100x8000000000000000755478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07917f7fb1a6b932021-12-20 15:54:19.425root 11241100x8000000000000000755479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c368408ba33ca62021-12-20 15:54:19.425root 11241100x8000000000000000755480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f713e3710e03527f2021-12-20 15:54:19.425root 11241100x8000000000000000755481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c79bc926c3aa6392021-12-20 15:54:19.924root 11241100x8000000000000000755482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fd114bd62752c42021-12-20 15:54:19.924root 11241100x8000000000000000755483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6067cef79238915d2021-12-20 15:54:19.924root 11241100x8000000000000000755484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba5c145ee02b4dc2021-12-20 15:54:19.924root 11241100x8000000000000000755485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a20ae1bcb9867f2021-12-20 15:54:19.924root 11241100x8000000000000000755486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270fe26e8ac169082021-12-20 15:54:19.924root 11241100x8000000000000000755487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7cdadd5a5b80e42021-12-20 15:54:19.925root 354300x8000000000000000755488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.033{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46052-false10.0.1.12-8089- 354300x8000000000000000755489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.035{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51352-false10.0.1.12-8000- 11241100x8000000000000000755490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcb35233067067f2021-12-20 15:54:20.424root 11241100x8000000000000000755491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8738ec47e79f92b72021-12-20 15:54:20.424root 11241100x8000000000000000755492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3fe3e7a720a8c62021-12-20 15:54:20.424root 11241100x8000000000000000755493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260900f541b03d7f2021-12-20 15:54:20.424root 11241100x8000000000000000755494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64323a87afb5a6d2021-12-20 15:54:20.424root 11241100x8000000000000000755495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2ad54c6362989a2021-12-20 15:54:20.424root 11241100x8000000000000000755496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7844011ec557772021-12-20 15:54:20.425root 11241100x8000000000000000755497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3be21c791625f2a2021-12-20 15:54:20.425root 11241100x8000000000000000755498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3302ca01c1ddc6b62021-12-20 15:54:20.425root 11241100x8000000000000000755499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3df120119307a02021-12-20 15:54:20.924root 11241100x8000000000000000755500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427264a8e7e3b7cb2021-12-20 15:54:20.924root 11241100x8000000000000000755501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d531e554be2716502021-12-20 15:54:20.924root 11241100x8000000000000000755502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3cace77f06c1c02021-12-20 15:54:20.924root 11241100x8000000000000000755503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b4b8ce3cf0e8692021-12-20 15:54:20.925root 11241100x8000000000000000755504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f56fb08729fc1772021-12-20 15:54:20.925root 11241100x8000000000000000755505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997d9a549b86316d2021-12-20 15:54:20.925root 11241100x8000000000000000755506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65829a40c60dc0e02021-12-20 15:54:20.925root 11241100x8000000000000000755507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0c6d14416dda8c2021-12-20 15:54:20.925root 11241100x8000000000000000755508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36144a05bdbf90a32021-12-20 15:54:21.424root 11241100x8000000000000000755509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d4f18fa2f051872021-12-20 15:54:21.424root 11241100x8000000000000000755510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de8e93e894ec14c2021-12-20 15:54:21.424root 11241100x8000000000000000755511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222fc7a09c93ecc82021-12-20 15:54:21.425root 11241100x8000000000000000755512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd342c941be8914d2021-12-20 15:54:21.425root 11241100x8000000000000000755513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ea9d5aaf2e94b62021-12-20 15:54:21.425root 11241100x8000000000000000755514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68393dc85ad287aa2021-12-20 15:54:21.425root 11241100x8000000000000000755515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771995d0581467b02021-12-20 15:54:21.425root 11241100x8000000000000000755516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef941bc6fbd7b8fc2021-12-20 15:54:21.425root 11241100x8000000000000000755517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba96620eb2ddf372021-12-20 15:54:21.924root 11241100x8000000000000000755518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af731320c6630cc72021-12-20 15:54:21.924root 11241100x8000000000000000755519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44406776b232e7f2021-12-20 15:54:21.924root 11241100x8000000000000000755520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc22efe4058f62ef2021-12-20 15:54:21.924root 11241100x8000000000000000755521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bedaa3ec65fa092021-12-20 15:54:21.924root 11241100x8000000000000000755522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847172d6335d89762021-12-20 15:54:21.924root 11241100x8000000000000000755523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcfab032539f2e32021-12-20 15:54:21.925root 11241100x8000000000000000755524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af09a11bf8ee50d2021-12-20 15:54:21.925root 11241100x8000000000000000755525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d331476aee05852021-12-20 15:54:21.925root 11241100x8000000000000000755526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c58e78466aa4e9a2021-12-20 15:54:22.424root 11241100x8000000000000000755527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98ec49bdfa941ed2021-12-20 15:54:22.424root 11241100x8000000000000000755528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e5a259abf19d0e2021-12-20 15:54:22.424root 11241100x8000000000000000755529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15761470bd78e422021-12-20 15:54:22.424root 11241100x8000000000000000755530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6dfe8e685f35e922021-12-20 15:54:22.424root 11241100x8000000000000000755531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0799f0f21d21dc2021-12-20 15:54:22.424root 11241100x8000000000000000755532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f048069da289d32021-12-20 15:54:22.425root 11241100x8000000000000000755533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b61976bed816b462021-12-20 15:54:22.425root 11241100x8000000000000000755534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20fd9c30c4ac3472021-12-20 15:54:22.425root 11241100x8000000000000000755535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556ceb20fbf2bb1e2021-12-20 15:54:22.924root 11241100x8000000000000000755536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b190648887f5682021-12-20 15:54:22.924root 11241100x8000000000000000755537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1227ef086af7d92021-12-20 15:54:22.924root 11241100x8000000000000000755538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d253197f97f2a5aa2021-12-20 15:54:22.924root 11241100x8000000000000000755539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efda1725b4da4d612021-12-20 15:54:22.924root 11241100x8000000000000000755540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd45fe7cf38b0fc02021-12-20 15:54:22.924root 11241100x8000000000000000755541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a95a13008b230e2021-12-20 15:54:22.924root 11241100x8000000000000000755542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7ae8c07046cc552021-12-20 15:54:22.924root 11241100x8000000000000000755543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd8151205d733aa2021-12-20 15:54:22.924root 11241100x8000000000000000755544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de326bc65961985e2021-12-20 15:54:23.424root 11241100x8000000000000000755545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9e2c750cebfa0c2021-12-20 15:54:23.424root 11241100x8000000000000000755546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf743692a8a22e82021-12-20 15:54:23.424root 11241100x8000000000000000755547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7de9710f91aa612021-12-20 15:54:23.424root 11241100x8000000000000000755548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2c1280eaea89fb2021-12-20 15:54:23.424root 11241100x8000000000000000755549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4aa63abf3734142021-12-20 15:54:23.424root 11241100x8000000000000000755550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef693c5c17e75d3c2021-12-20 15:54:23.425root 11241100x8000000000000000755551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5258d709a51b2a02021-12-20 15:54:23.425root 11241100x8000000000000000755552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487510c243232bd12021-12-20 15:54:23.425root 11241100x8000000000000000755553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23277a815c21e25d2021-12-20 15:54:23.924root 11241100x8000000000000000755554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986340a74dd112e72021-12-20 15:54:23.924root 11241100x8000000000000000755555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614bc2e58a8b299f2021-12-20 15:54:23.924root 11241100x8000000000000000755556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f397e940bfd48b42021-12-20 15:54:23.924root 11241100x8000000000000000755557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c79d9a20c4a38a2021-12-20 15:54:23.925root 11241100x8000000000000000755558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11d573c5c4d462c2021-12-20 15:54:23.925root 11241100x8000000000000000755559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d51789ff1141a82021-12-20 15:54:23.925root 11241100x8000000000000000755560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fac9b9513e02022021-12-20 15:54:23.925root 11241100x8000000000000000755561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b19c3b852fcf722021-12-20 15:54:23.925root 11241100x8000000000000000755562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6dc25b6c3cd06c2021-12-20 15:54:24.424root 11241100x8000000000000000755563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62032e55d576ed12021-12-20 15:54:24.424root 11241100x8000000000000000755564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d261ce29b5b5e4ae2021-12-20 15:54:24.424root 11241100x8000000000000000755565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06907e75689e14412021-12-20 15:54:24.424root 11241100x8000000000000000755566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252497d0f66d65fb2021-12-20 15:54:24.424root 11241100x8000000000000000755567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a013444e28594dd2021-12-20 15:54:24.424root 11241100x8000000000000000755568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9c3eddf6bcee762021-12-20 15:54:24.425root 11241100x8000000000000000755569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984dda52ff79eab52021-12-20 15:54:24.425root 11241100x8000000000000000755570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6c7e9843002f602021-12-20 15:54:24.425root 11241100x8000000000000000755571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2ec92b6676200b2021-12-20 15:54:24.924root 11241100x8000000000000000755572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88eedd45ed01f91b2021-12-20 15:54:24.924root 11241100x8000000000000000755573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1d2327bcefe0382021-12-20 15:54:24.924root 11241100x8000000000000000755574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe38c87e77da994e2021-12-20 15:54:24.924root 11241100x8000000000000000755575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727b1b52c2355fac2021-12-20 15:54:24.925root 11241100x8000000000000000755576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae89c00cc43afeb2021-12-20 15:54:24.925root 11241100x8000000000000000755577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea995698c9289de2021-12-20 15:54:24.925root 11241100x8000000000000000755578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b55743f52cf82c2021-12-20 15:54:24.925root 11241100x8000000000000000755579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ebca02bffce7bb2021-12-20 15:54:24.925root 354300x8000000000000000755580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.242{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51354-false10.0.1.12-8000- 11241100x8000000000000000755581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.243{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d0bc3d88af9ad12021-12-20 15:54:25.243root 11241100x8000000000000000755582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.243{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab8eda4ab8db3dd2021-12-20 15:54:25.243root 11241100x8000000000000000755583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e01df700d2bf9ec2021-12-20 15:54:25.244root 11241100x8000000000000000755584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009945dbc4ac711a2021-12-20 15:54:25.244root 11241100x8000000000000000755585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e6722694d5a41b2021-12-20 15:54:25.244root 11241100x8000000000000000755586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bafe733de0d64e2021-12-20 15:54:25.244root 11241100x8000000000000000755587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1885f4a1ceb76b922021-12-20 15:54:25.244root 11241100x8000000000000000755588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d163825c102716c12021-12-20 15:54:25.244root 11241100x8000000000000000755589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c174876cfe3a0f32021-12-20 15:54:25.244root 11241100x8000000000000000755590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f8667fa0806fa42021-12-20 15:54:25.244root 11241100x8000000000000000755591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80575e0f5c39ab252021-12-20 15:54:25.674root 11241100x8000000000000000755592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a09f539f35546282021-12-20 15:54:25.674root 11241100x8000000000000000755593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87c2d65d4e6e0142021-12-20 15:54:25.674root 11241100x8000000000000000755594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b21b77aaed15292021-12-20 15:54:25.674root 11241100x8000000000000000755595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720b1b3bb335b4902021-12-20 15:54:25.674root 11241100x8000000000000000755596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3a540b6e6a53022021-12-20 15:54:25.675root 11241100x8000000000000000755597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd9d9cb31c59ce62021-12-20 15:54:25.675root 11241100x8000000000000000755598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b918eecad6a4d6bc2021-12-20 15:54:25.675root 11241100x8000000000000000755599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbc801be04713142021-12-20 15:54:25.675root 11241100x8000000000000000755600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca04e55fb82dece62021-12-20 15:54:25.675root 11241100x8000000000000000755601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06edd947df4e63fd2021-12-20 15:54:26.174root 11241100x8000000000000000755602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe2e47d4fa44c812021-12-20 15:54:26.174root 11241100x8000000000000000755603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6f3263b7448a232021-12-20 15:54:26.174root 11241100x8000000000000000755604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a311b04caecf2192021-12-20 15:54:26.174root 11241100x8000000000000000755605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabb811a1f10bfb32021-12-20 15:54:26.174root 11241100x8000000000000000755606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69109aae09797b5f2021-12-20 15:54:26.174root 11241100x8000000000000000755607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f16f87fe64f9972021-12-20 15:54:26.174root 11241100x8000000000000000755608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce586205d23fa8652021-12-20 15:54:26.175root 11241100x8000000000000000755609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c7743d02f9c2272021-12-20 15:54:26.175root 11241100x8000000000000000755610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36c91e32a28a63b2021-12-20 15:54:26.175root 11241100x8000000000000000755611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc13f5f390ae10e22021-12-20 15:54:26.674root 11241100x8000000000000000755612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef78b855020761222021-12-20 15:54:26.674root 11241100x8000000000000000755613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5034b72463ae9ef62021-12-20 15:54:26.674root 11241100x8000000000000000755614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e46b2a7fdd62772021-12-20 15:54:26.674root 11241100x8000000000000000755615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa17de8d8b9608742021-12-20 15:54:26.674root 11241100x8000000000000000755616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a969120d9640d66f2021-12-20 15:54:26.674root 11241100x8000000000000000755617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0facacf418ed80912021-12-20 15:54:26.674root 11241100x8000000000000000755618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35169b234ff4e74b2021-12-20 15:54:26.674root 11241100x8000000000000000755619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b40ffa76de2c0972021-12-20 15:54:26.675root 11241100x8000000000000000755620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada6eafd3fd225552021-12-20 15:54:26.675root 11241100x8000000000000000755621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d403636869b62a2021-12-20 15:54:27.174root 11241100x8000000000000000755622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc074f9ec900e2552021-12-20 15:54:27.174root 11241100x8000000000000000755623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e92c43e916610512021-12-20 15:54:27.174root 11241100x8000000000000000755624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf6fb62d720610e2021-12-20 15:54:27.174root 11241100x8000000000000000755625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b43eefa89868672021-12-20 15:54:27.174root 11241100x8000000000000000755626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c08ec97c91b608e2021-12-20 15:54:27.174root 11241100x8000000000000000755627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d28ea37a8a7fd22021-12-20 15:54:27.174root 11241100x8000000000000000755628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3cafc0f40c35d62021-12-20 15:54:27.174root 11241100x8000000000000000755629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10989b4315b7627a2021-12-20 15:54:27.175root 11241100x8000000000000000755630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dc4207174014bf2021-12-20 15:54:27.175root 11241100x8000000000000000755631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8ba28dcc0eda252021-12-20 15:54:27.674root 11241100x8000000000000000755632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854230ccba3714f42021-12-20 15:54:27.674root 11241100x8000000000000000755633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15428c1766d0be82021-12-20 15:54:27.674root 11241100x8000000000000000755634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f657d5a5ca75e452021-12-20 15:54:27.674root 11241100x8000000000000000755635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182355e334e302a72021-12-20 15:54:27.674root 11241100x8000000000000000755636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156b34ef466aff882021-12-20 15:54:27.674root 11241100x8000000000000000755637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f3bf4e01eed6d2021-12-20 15:54:27.674root 11241100x8000000000000000755638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71baf68e1e86f6402021-12-20 15:54:27.674root 11241100x8000000000000000755639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d912021f5c9ac1682021-12-20 15:54:27.675root 11241100x8000000000000000755640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b368cc390aaba0242021-12-20 15:54:27.675root 11241100x8000000000000000755641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43701ce684cdb9c62021-12-20 15:54:28.174root 11241100x8000000000000000755642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619c95fcc86e037a2021-12-20 15:54:28.174root 11241100x8000000000000000755643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d703438a21edf02021-12-20 15:54:28.174root 11241100x8000000000000000755644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda04daab243d9bf2021-12-20 15:54:28.174root 11241100x8000000000000000755645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc88a030ec409992021-12-20 15:54:28.174root 11241100x8000000000000000755646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11174a7abcbf0a9c2021-12-20 15:54:28.174root 11241100x8000000000000000755647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7029388eb27204222021-12-20 15:54:28.174root 11241100x8000000000000000755648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9fd5365ae589192021-12-20 15:54:28.175root 11241100x8000000000000000755649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69d7a6d749a5eb72021-12-20 15:54:28.175root 11241100x8000000000000000755650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a6353cbb25f60e2021-12-20 15:54:28.175root 11241100x8000000000000000755651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8fa35e8f75e6b12021-12-20 15:54:28.674root 11241100x8000000000000000755652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717d56239d7e21862021-12-20 15:54:28.674root 11241100x8000000000000000755653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dee28817fe540082021-12-20 15:54:28.674root 11241100x8000000000000000755654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c98967b189a83de2021-12-20 15:54:28.674root 11241100x8000000000000000755655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dd2053d981451c2021-12-20 15:54:28.674root 11241100x8000000000000000755656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3409d6aac0f92962021-12-20 15:54:28.674root 11241100x8000000000000000755657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e928093525a70a2021-12-20 15:54:28.674root 11241100x8000000000000000755658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1cb1ef5e2961d02021-12-20 15:54:28.674root 11241100x8000000000000000755659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bac95d041e95562021-12-20 15:54:28.675root 11241100x8000000000000000755660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f68e497568c55022021-12-20 15:54:28.675root 11241100x8000000000000000755661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e727932b793fc5172021-12-20 15:54:29.174root 11241100x8000000000000000755662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9971ea808f731fa2021-12-20 15:54:29.174root 11241100x8000000000000000755663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f296dbe9804981862021-12-20 15:54:29.174root 11241100x8000000000000000755664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53c228d9fc03f3f2021-12-20 15:54:29.174root 11241100x8000000000000000755665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9997daec81c5b7922021-12-20 15:54:29.174root 11241100x8000000000000000755666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea12f54fb275f3e2021-12-20 15:54:29.174root 11241100x8000000000000000755667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5004ef03e6cb9f8f2021-12-20 15:54:29.174root 11241100x8000000000000000755668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f5f6cd1bcb8f812021-12-20 15:54:29.175root 11241100x8000000000000000755669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74ec1c652db28e12021-12-20 15:54:29.175root 11241100x8000000000000000755670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab8b0f8e0fc56a12021-12-20 15:54:29.175root 11241100x8000000000000000755671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06fdb6db397c1792021-12-20 15:54:29.674root 11241100x8000000000000000755672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7400025ada3165042021-12-20 15:54:29.674root 11241100x8000000000000000755673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6349807db6eb972021-12-20 15:54:29.674root 11241100x8000000000000000755674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708c71e3cdee92992021-12-20 15:54:29.674root 11241100x8000000000000000755675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1d145541be56952021-12-20 15:54:29.674root 11241100x8000000000000000755676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33344d5142bd9722021-12-20 15:54:29.674root 11241100x8000000000000000755677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab5202b708cd2252021-12-20 15:54:29.674root 11241100x8000000000000000755678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b90b151e16e5652021-12-20 15:54:29.674root 11241100x8000000000000000755679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c532378eafbe0c8d2021-12-20 15:54:29.675root 11241100x8000000000000000755680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3959e2582c0507f32021-12-20 15:54:29.675root 11241100x8000000000000000755681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c748c880c656512021-12-20 15:54:30.174root 11241100x8000000000000000755682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a570018dab34ae2021-12-20 15:54:30.174root 11241100x8000000000000000755683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4216fcd1c5caf632021-12-20 15:54:30.174root 11241100x8000000000000000755684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20968b2d653c9242021-12-20 15:54:30.174root 11241100x8000000000000000755685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aae93a7186ef98d2021-12-20 15:54:30.174root 11241100x8000000000000000755686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c54cb56e1e49e632021-12-20 15:54:30.175root 11241100x8000000000000000755687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87c39497237aad82021-12-20 15:54:30.175root 11241100x8000000000000000755688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f581da491d47792c2021-12-20 15:54:30.175root 11241100x8000000000000000755689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb44ff197c83aad2021-12-20 15:54:30.175root 11241100x8000000000000000755690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edf37bc1ce990592021-12-20 15:54:30.176root 11241100x8000000000000000755691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fe1f47390982de2021-12-20 15:54:30.674root 11241100x8000000000000000755692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477b62203873d01d2021-12-20 15:54:30.674root 11241100x8000000000000000755693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43226012df1a603c2021-12-20 15:54:30.674root 11241100x8000000000000000755694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c4ed50d2e09eb02021-12-20 15:54:30.675root 11241100x8000000000000000755695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df06482abf6291712021-12-20 15:54:30.675root 11241100x8000000000000000755696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f31070a74cc6be2021-12-20 15:54:30.675root 11241100x8000000000000000755697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b92601cacec93272021-12-20 15:54:30.675root 11241100x8000000000000000755698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4dde7f74e180c72021-12-20 15:54:30.675root 11241100x8000000000000000755699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34c5bc6252670842021-12-20 15:54:30.675root 11241100x8000000000000000755700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7af469fcff567fa2021-12-20 15:54:30.675root 11241100x8000000000000000755701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbf96a218c1dd1b2021-12-20 15:54:31.174root 11241100x8000000000000000755702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d577aaea4549b5f02021-12-20 15:54:31.174root 11241100x8000000000000000755703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c0335f6771b7aa2021-12-20 15:54:31.174root 11241100x8000000000000000755704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49de47fb9308cd22021-12-20 15:54:31.174root 11241100x8000000000000000755705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e5ac0857741e6e2021-12-20 15:54:31.174root 11241100x8000000000000000755706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fad66d6244644e2021-12-20 15:54:31.174root 11241100x8000000000000000755707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3e86bd87203e632021-12-20 15:54:31.174root 11241100x8000000000000000755708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbedc2f234e72a7b2021-12-20 15:54:31.175root 11241100x8000000000000000755709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3db42497d80992f2021-12-20 15:54:31.175root 11241100x8000000000000000755710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58889d2fec60f85b2021-12-20 15:54:31.175root 354300x8000000000000000755711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.220{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51356-false10.0.1.12-8000- 11241100x8000000000000000755712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08956ef92cadc8b2021-12-20 15:54:31.674root 11241100x8000000000000000755713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42d60078197e0282021-12-20 15:54:31.674root 11241100x8000000000000000755714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c68951b869f05a2021-12-20 15:54:31.674root 11241100x8000000000000000755715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d61fe120f4115d2021-12-20 15:54:31.674root 11241100x8000000000000000755716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba07e47eaae7a6f2021-12-20 15:54:31.674root 11241100x8000000000000000755717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85c5dac13600bcd2021-12-20 15:54:31.674root 11241100x8000000000000000755718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238604300202bc232021-12-20 15:54:31.674root 11241100x8000000000000000755719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44703a16f47f465f2021-12-20 15:54:31.674root 11241100x8000000000000000755720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b0308116b942172021-12-20 15:54:31.675root 11241100x8000000000000000755721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7698d495f571ee2021-12-20 15:54:31.675root 11241100x8000000000000000755722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b26526d6c84aeca2021-12-20 15:54:31.675root 11241100x8000000000000000755723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43eb4de81913aed52021-12-20 15:54:32.174root 11241100x8000000000000000755724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c6444a6b5af90d2021-12-20 15:54:32.174root 11241100x8000000000000000755725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b4fb45849703902021-12-20 15:54:32.174root 11241100x8000000000000000755726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3febf670aa01082021-12-20 15:54:32.174root 11241100x8000000000000000755727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1fea24bc4fea412021-12-20 15:54:32.174root 11241100x8000000000000000755728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1a0d632a08725b2021-12-20 15:54:32.174root 11241100x8000000000000000755729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b593f6624e7d252021-12-20 15:54:32.174root 11241100x8000000000000000755730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd99ef7fdd0d0722021-12-20 15:54:32.175root 11241100x8000000000000000755731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5516abe8a15089b2021-12-20 15:54:32.175root 11241100x8000000000000000755732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c69793b05dc8b82021-12-20 15:54:32.175root 11241100x8000000000000000755733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824493ad3f08e3b72021-12-20 15:54:32.175root 11241100x8000000000000000755734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d668b04e98c746c12021-12-20 15:54:32.674root 11241100x8000000000000000755735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ff96f7acf8dd022021-12-20 15:54:32.674root 11241100x8000000000000000755736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf11cde303703ac02021-12-20 15:54:32.674root 11241100x8000000000000000755737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3992b45de19041b2021-12-20 15:54:32.675root 11241100x8000000000000000755738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8634cbedf5622e2021-12-20 15:54:32.675root 11241100x8000000000000000755739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc552685ba196e32021-12-20 15:54:32.675root 11241100x8000000000000000755740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012a1a5c298f91432021-12-20 15:54:32.676root 11241100x8000000000000000755741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7132938869a0be6e2021-12-20 15:54:32.676root 11241100x8000000000000000755742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb831041f0eeb58b2021-12-20 15:54:32.676root 11241100x8000000000000000755743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c973c36f2b4ce2d22021-12-20 15:54:32.676root 11241100x8000000000000000755744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2b5b99c860580a2021-12-20 15:54:32.676root 11241100x8000000000000000755745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8caaffe784ad552021-12-20 15:54:33.178root 11241100x8000000000000000755746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa0d8b22dba38972021-12-20 15:54:33.178root 11241100x8000000000000000755747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f56b139871e43d22021-12-20 15:54:33.178root 11241100x8000000000000000755748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb126a3f06c8df52021-12-20 15:54:33.178root 11241100x8000000000000000755749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368bf6f83e32346d2021-12-20 15:54:33.178root 11241100x8000000000000000755750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81afe5c22f86f4fb2021-12-20 15:54:33.178root 11241100x8000000000000000755751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51bfedb2d9676be2021-12-20 15:54:33.179root 11241100x8000000000000000755752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c85ff0f868624a42021-12-20 15:54:33.179root 11241100x8000000000000000755753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f868074917fa2202021-12-20 15:54:33.179root 11241100x8000000000000000755754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1c993954b28be22021-12-20 15:54:33.179root 11241100x8000000000000000755755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3392699c1e02cec42021-12-20 15:54:33.179root 11241100x8000000000000000755756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02791a025029d3db2021-12-20 15:54:33.674root 11241100x8000000000000000755757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f47a8efaeda5512021-12-20 15:54:33.674root 11241100x8000000000000000755758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6169afbd3d9652da2021-12-20 15:54:33.674root 11241100x8000000000000000755759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4d13a31d8680982021-12-20 15:54:33.674root 11241100x8000000000000000755760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ce74bdb13369262021-12-20 15:54:33.675root 11241100x8000000000000000755761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72edd0f1a2f8371a2021-12-20 15:54:33.675root 11241100x8000000000000000755762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd4affd434553c42021-12-20 15:54:33.675root 11241100x8000000000000000755763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e5785d69c41a1d2021-12-20 15:54:33.675root 11241100x8000000000000000755764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039d8f264817b7022021-12-20 15:54:33.675root 11241100x8000000000000000755765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a47ca9931f0acc2021-12-20 15:54:33.676root 11241100x8000000000000000755766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170332b4a34e50ae2021-12-20 15:54:33.676root 11241100x8000000000000000755767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbf7ac4e972026f2021-12-20 15:54:34.174root 11241100x8000000000000000755768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97d10864e5c701c2021-12-20 15:54:34.174root 11241100x8000000000000000755769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9091d14979e44a2021-12-20 15:54:34.174root 11241100x8000000000000000755770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cca26bb2e3c74b82021-12-20 15:54:34.174root 11241100x8000000000000000755771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5d40ca3df2bac42021-12-20 15:54:34.174root 11241100x8000000000000000755772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9f815454079a452021-12-20 15:54:34.174root 11241100x8000000000000000755773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab3d5b9bffbef482021-12-20 15:54:34.175root 11241100x8000000000000000755774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869883e31b043bb62021-12-20 15:54:34.175root 11241100x8000000000000000755775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775cd03773d9a74c2021-12-20 15:54:34.175root 11241100x8000000000000000755776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6e27bf5a5d145b2021-12-20 15:54:34.175root 11241100x8000000000000000755777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8888aa15591622002021-12-20 15:54:34.175root 11241100x8000000000000000755778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d1a588729952c02021-12-20 15:54:34.674root 11241100x8000000000000000755779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33ec79958b100512021-12-20 15:54:34.674root 11241100x8000000000000000755780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de95280edcb167672021-12-20 15:54:34.674root 11241100x8000000000000000755781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa26655e43de48a2021-12-20 15:54:34.674root 11241100x8000000000000000755782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7b0c995426d37d2021-12-20 15:54:34.674root 11241100x8000000000000000755783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11450f68578e7e4e2021-12-20 15:54:34.675root 11241100x8000000000000000755784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5993a08762c555d32021-12-20 15:54:34.675root 11241100x8000000000000000755785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e3298c159831d72021-12-20 15:54:34.675root 11241100x8000000000000000755786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae3ac456b03709e2021-12-20 15:54:34.675root 11241100x8000000000000000755787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c07b0a8507beb192021-12-20 15:54:34.675root 11241100x8000000000000000755788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3052a5a5beb8ae2021-12-20 15:54:34.675root 11241100x8000000000000000755789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95906fda39a20c012021-12-20 15:54:35.174root 11241100x8000000000000000755790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfd1928acef2c7d2021-12-20 15:54:35.174root 11241100x8000000000000000755791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bd0a135130f4fd2021-12-20 15:54:35.174root 11241100x8000000000000000755792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dfdcc827d2f23f2021-12-20 15:54:35.174root 11241100x8000000000000000755793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6a7566fabfc3842021-12-20 15:54:35.174root 11241100x8000000000000000755794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d12a67e42cdf3f2021-12-20 15:54:35.174root 11241100x8000000000000000755795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ec0721186ebf5e2021-12-20 15:54:35.174root 11241100x8000000000000000755796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208f3f5d4f2289302021-12-20 15:54:35.175root 11241100x8000000000000000755797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf8b40cfe77b80c2021-12-20 15:54:35.175root 11241100x8000000000000000755798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8d285115ef4a862021-12-20 15:54:35.175root 11241100x8000000000000000755799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a0f98c5ddfee842021-12-20 15:54:35.175root 11241100x8000000000000000755800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537c7d69c1a5ff0f2021-12-20 15:54:35.674root 11241100x8000000000000000755801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bb49e71fa7a4e12021-12-20 15:54:35.674root 11241100x8000000000000000755802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f6c4aada5ee2a12021-12-20 15:54:35.674root 11241100x8000000000000000755803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733621eba84c19212021-12-20 15:54:35.674root 11241100x8000000000000000755804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e91b58548604c9b2021-12-20 15:54:35.674root 11241100x8000000000000000755805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e275a716811bf37c2021-12-20 15:54:35.674root 11241100x8000000000000000755806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f36b89523ad64362021-12-20 15:54:35.674root 11241100x8000000000000000755807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4860cf4abed9ed472021-12-20 15:54:35.674root 11241100x8000000000000000755808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffbaf86ac3b2ebd2021-12-20 15:54:35.675root 11241100x8000000000000000755809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9a65e05f8b1b8a2021-12-20 15:54:35.675root 11241100x8000000000000000755810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ad5882480a09a52021-12-20 15:54:35.675root 11241100x8000000000000000755811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:54:36.069root 11241100x8000000000000000755812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4ad6d31c5a2f062021-12-20 15:54:36.070root 11241100x8000000000000000755813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9946a3634e079cd02021-12-20 15:54:36.070root 11241100x8000000000000000755814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17896b142f967fdc2021-12-20 15:54:36.070root 11241100x8000000000000000755815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0646fd69f517349c2021-12-20 15:54:36.070root 11241100x8000000000000000755816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eafdc258e8fbfcc2021-12-20 15:54:36.070root 11241100x8000000000000000755817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8207af122bb1541a2021-12-20 15:54:36.071root 11241100x8000000000000000755818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02b436c0cf750552021-12-20 15:54:36.071root 11241100x8000000000000000755819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047805120a980bdd2021-12-20 15:54:36.071root 11241100x8000000000000000755820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae3385a12f3d2e52021-12-20 15:54:36.071root 11241100x8000000000000000755821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa09aae77b22fb042021-12-20 15:54:36.071root 11241100x8000000000000000755822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86feeffe7a4c7be42021-12-20 15:54:36.071root 11241100x8000000000000000755823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f48710a68f40b92021-12-20 15:54:36.071root 354300x8000000000000000755824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.232{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51358-false10.0.1.12-8000- 11241100x8000000000000000755825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b46aedd72a763c02021-12-20 15:54:36.424root 11241100x8000000000000000755826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0202aa520600770b2021-12-20 15:54:36.424root 11241100x8000000000000000755827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2252a20e58e516322021-12-20 15:54:36.424root 11241100x8000000000000000755828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a2feaf787c83cf2021-12-20 15:54:36.424root 11241100x8000000000000000755829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a732119f9a277b2021-12-20 15:54:36.424root 11241100x8000000000000000755830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a7c05a454b9c332021-12-20 15:54:36.425root 11241100x8000000000000000755831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66664218c8ba72272021-12-20 15:54:36.425root 11241100x8000000000000000755832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4043b806e5513e0c2021-12-20 15:54:36.425root 11241100x8000000000000000755833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a711871185822e2021-12-20 15:54:36.425root 11241100x8000000000000000755834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9b5dffe2636c352021-12-20 15:54:36.425root 11241100x8000000000000000755835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83392dbd474294b2021-12-20 15:54:36.425root 11241100x8000000000000000755836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507971fec7b8c89a2021-12-20 15:54:36.425root 11241100x8000000000000000755837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54b2d6f4d6b1f8d2021-12-20 15:54:36.426root 11241100x8000000000000000755838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2e32cbbdc7e9d12021-12-20 15:54:36.924root 11241100x8000000000000000755839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28665b866d544aab2021-12-20 15:54:36.924root 11241100x8000000000000000755840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558c262e963fc7d02021-12-20 15:54:36.924root 11241100x8000000000000000755841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351099a01d4016e22021-12-20 15:54:36.924root 11241100x8000000000000000755842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f47edb440383732021-12-20 15:54:36.925root 11241100x8000000000000000755843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffbdac6ee8229732021-12-20 15:54:36.925root 11241100x8000000000000000755844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f148b3802d63b62021-12-20 15:54:36.925root 11241100x8000000000000000755845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0afa1e4205f3862021-12-20 15:54:36.925root 11241100x8000000000000000755846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d1a9e85d9a10a52021-12-20 15:54:36.925root 11241100x8000000000000000755847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903b4d79faca70ac2021-12-20 15:54:36.925root 11241100x8000000000000000755848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fcf114cd3c27bb2021-12-20 15:54:36.925root 11241100x8000000000000000755849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229ef7a6038dd4932021-12-20 15:54:36.925root 11241100x8000000000000000755850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0e693916d66d312021-12-20 15:54:36.925root 11241100x8000000000000000755851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8d64438750fc962021-12-20 15:54:37.424root 11241100x8000000000000000755852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85549d77b68557d2021-12-20 15:54:37.424root 11241100x8000000000000000755853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d253555bf5ce9b8a2021-12-20 15:54:37.424root 11241100x8000000000000000755854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a92f7786485e09f2021-12-20 15:54:37.424root 11241100x8000000000000000755855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc17ca62edf68b522021-12-20 15:54:37.424root 11241100x8000000000000000755856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce6efbf98bb917d2021-12-20 15:54:37.424root 11241100x8000000000000000755857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5707d16ac36d3782021-12-20 15:54:37.425root 11241100x8000000000000000755858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83405784497d36882021-12-20 15:54:37.425root 11241100x8000000000000000755859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa061234fa0dbaf2021-12-20 15:54:37.425root 11241100x8000000000000000755860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277042fece7b54f62021-12-20 15:54:37.425root 11241100x8000000000000000755861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535dcf7d6aa32a6f2021-12-20 15:54:37.425root 11241100x8000000000000000755862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e90a7189ebf1fa12021-12-20 15:54:37.425root 11241100x8000000000000000755863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0228543f937b45052021-12-20 15:54:37.425root 11241100x8000000000000000755864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617947bdd164e3f42021-12-20 15:54:37.924root 11241100x8000000000000000755865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff1dff5c85699452021-12-20 15:54:37.924root 11241100x8000000000000000755866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da74b1d95dbb0f0b2021-12-20 15:54:37.924root 11241100x8000000000000000755867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33f9bf5bd351ec72021-12-20 15:54:37.924root 11241100x8000000000000000755868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3879944f07c9d12021-12-20 15:54:37.924root 11241100x8000000000000000755869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534bd9e0e760e16a2021-12-20 15:54:37.924root 11241100x8000000000000000755870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c41160904c5a752021-12-20 15:54:37.925root 11241100x8000000000000000755871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8738a71ac84078c52021-12-20 15:54:37.925root 11241100x8000000000000000755872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db62a5f1431e3062021-12-20 15:54:37.925root 11241100x8000000000000000755873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d78ac58273cba272021-12-20 15:54:37.925root 11241100x8000000000000000755874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64242e26ac4db5542021-12-20 15:54:37.925root 11241100x8000000000000000755875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5be92039032a7472021-12-20 15:54:37.925root 11241100x8000000000000000755876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c33ae1f60fd99062021-12-20 15:54:37.925root 11241100x8000000000000000755877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2deeb39f1039ff2021-12-20 15:54:38.424root 11241100x8000000000000000755878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7d91e601b9bfba2021-12-20 15:54:38.424root 11241100x8000000000000000755879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436e1523f373ceda2021-12-20 15:54:38.424root 11241100x8000000000000000755880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59150055162c66ec2021-12-20 15:54:38.425root 11241100x8000000000000000755881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23124274694e8dd92021-12-20 15:54:38.425root 11241100x8000000000000000755882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ecbf8ce000952a2021-12-20 15:54:38.425root 11241100x8000000000000000755883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13861f7095259f322021-12-20 15:54:38.425root 11241100x8000000000000000755884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c55bc4651a2c71d2021-12-20 15:54:38.425root 11241100x8000000000000000755885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3c54b02d44af2a2021-12-20 15:54:38.425root 11241100x8000000000000000755886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbab533f9bb8d062021-12-20 15:54:38.425root 11241100x8000000000000000755887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9459b55cec37dcf32021-12-20 15:54:38.425root 11241100x8000000000000000755888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a1e2d09c59970d2021-12-20 15:54:38.426root 11241100x8000000000000000755889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8300c1e62b415b2f2021-12-20 15:54:38.426root 11241100x8000000000000000755890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f44d1cb4ba459f62021-12-20 15:54:38.924root 11241100x8000000000000000755891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cd7fc3f285e9052021-12-20 15:54:38.924root 11241100x8000000000000000755892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd51c9932452949c2021-12-20 15:54:38.924root 11241100x8000000000000000755893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c36fa6f66bada062021-12-20 15:54:38.925root 11241100x8000000000000000755894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e3ced7e55a44bf2021-12-20 15:54:38.925root 11241100x8000000000000000755895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4efa3358eecaf462021-12-20 15:54:38.925root 11241100x8000000000000000755896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc07a0313911cc652021-12-20 15:54:38.925root 11241100x8000000000000000755897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c5a509e1d36e42021-12-20 15:54:38.925root 11241100x8000000000000000755898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9706b8e838e8949a2021-12-20 15:54:38.925root 11241100x8000000000000000755899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddae97a7b22df582021-12-20 15:54:38.925root 11241100x8000000000000000755900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b1d7773e9c43fa2021-12-20 15:54:38.925root 11241100x8000000000000000755901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70304f4dba265ef2021-12-20 15:54:38.925root 11241100x8000000000000000755902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fc6f851798f6742021-12-20 15:54:38.925root 11241100x8000000000000000755903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bfd85ccb9067f02021-12-20 15:54:39.424root 11241100x8000000000000000755904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7915ef4727d5caea2021-12-20 15:54:39.424root 11241100x8000000000000000755905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787b91d26b0381132021-12-20 15:54:39.424root 11241100x8000000000000000755906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f9e812f9bac1af2021-12-20 15:54:39.425root 11241100x8000000000000000755907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198e91767d6bfa422021-12-20 15:54:39.425root 11241100x8000000000000000755908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec58f96bfd033672021-12-20 15:54:39.425root 11241100x8000000000000000755909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593feb0fbca16a362021-12-20 15:54:39.425root 11241100x8000000000000000755910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64719ea631585ed2021-12-20 15:54:39.425root 11241100x8000000000000000755911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f581982d7bce5cbc2021-12-20 15:54:39.425root 11241100x8000000000000000755912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c7f0cf6e7500462021-12-20 15:54:39.425root 11241100x8000000000000000755913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4348665ecb65c502021-12-20 15:54:39.425root 11241100x8000000000000000755914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed0103be6a772802021-12-20 15:54:39.425root 11241100x8000000000000000755915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f20f9669c37bd562021-12-20 15:54:39.425root 11241100x8000000000000000755916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec5a46e9ac91fa02021-12-20 15:54:39.924root 11241100x8000000000000000755917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1798dfe728adee12021-12-20 15:54:39.924root 11241100x8000000000000000755918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b575bff040a49eac2021-12-20 15:54:39.925root 11241100x8000000000000000755919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c731fba8850d812021-12-20 15:54:39.925root 11241100x8000000000000000755920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa141686ef24b22021-12-20 15:54:39.925root 11241100x8000000000000000755921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec8fd9a282db7bb2021-12-20 15:54:39.925root 11241100x8000000000000000755922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4bce7d4cbebc702021-12-20 15:54:39.925root 11241100x8000000000000000755923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0e045255e8e6032021-12-20 15:54:39.925root 11241100x8000000000000000755924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e6bc8887fd78a42021-12-20 15:54:39.925root 11241100x8000000000000000755925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ccb5c069302a4e2021-12-20 15:54:39.925root 11241100x8000000000000000755926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553cc3fe0a1ba5d42021-12-20 15:54:39.925root 11241100x8000000000000000755927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eafbc0ebd7bf4e2021-12-20 15:54:39.925root 11241100x8000000000000000755928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5cd9d6a35950a12021-12-20 15:54:39.925root 11241100x8000000000000000755929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ab9fcf8cecce962021-12-20 15:54:40.424root 11241100x8000000000000000755930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d353ee6d643ab52021-12-20 15:54:40.424root 11241100x8000000000000000755931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb483de19d3b79082021-12-20 15:54:40.424root 11241100x8000000000000000755932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8ac0497f4832af2021-12-20 15:54:40.424root 11241100x8000000000000000755933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bc3deba7b630182021-12-20 15:54:40.424root 11241100x8000000000000000755934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f1c0b2668971362021-12-20 15:54:40.424root 11241100x8000000000000000755935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dd243ea7afbd422021-12-20 15:54:40.425root 11241100x8000000000000000755936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eccb01df3979b322021-12-20 15:54:40.425root 11241100x8000000000000000755937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8255b28ca390ad12021-12-20 15:54:40.425root 11241100x8000000000000000755938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e223882205cf7eda2021-12-20 15:54:40.425root 11241100x8000000000000000755939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0922c4b286a6972021-12-20 15:54:40.425root 11241100x8000000000000000755940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa93868b2fdc7492021-12-20 15:54:40.425root 11241100x8000000000000000755941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f728f3a565f03a2021-12-20 15:54:40.425root 11241100x8000000000000000755942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695248f6ffb976fd2021-12-20 15:54:40.924root 11241100x8000000000000000755943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9369dd9dc55dea2021-12-20 15:54:40.924root 11241100x8000000000000000755944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0df050c43943e42021-12-20 15:54:40.924root 11241100x8000000000000000755945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aff672c0e7026bb2021-12-20 15:54:40.924root 11241100x8000000000000000755946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee44c0a35b208722021-12-20 15:54:40.924root 11241100x8000000000000000755947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f97148e1065d602021-12-20 15:54:40.925root 11241100x8000000000000000755948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07be43b263f45562021-12-20 15:54:40.925root 11241100x8000000000000000755949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb732976d75f68372021-12-20 15:54:40.925root 11241100x8000000000000000755950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d93a7d1d1df1522021-12-20 15:54:40.925root 11241100x8000000000000000755951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64523c246791aa32021-12-20 15:54:40.925root 11241100x8000000000000000755952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86cbcdc399840382021-12-20 15:54:40.925root 11241100x8000000000000000755953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fe7eaa390dc6ca2021-12-20 15:54:40.925root 11241100x8000000000000000755954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d64f8f936a420a2021-12-20 15:54:40.925root 11241100x8000000000000000755955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02321cb15e005bc22021-12-20 15:54:41.424root 11241100x8000000000000000755956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70291e011a8a8b482021-12-20 15:54:41.424root 11241100x8000000000000000755957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea50df3d920f9042021-12-20 15:54:41.424root 11241100x8000000000000000755958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b4f0a797f37a912021-12-20 15:54:41.424root 11241100x8000000000000000755959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d348f8db26fdaf082021-12-20 15:54:41.424root 11241100x8000000000000000755960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c62a16acc403ac92021-12-20 15:54:41.424root 11241100x8000000000000000755961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec84f40df71eb512021-12-20 15:54:41.424root 11241100x8000000000000000755962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e42c4f0bccffe312021-12-20 15:54:41.424root 11241100x8000000000000000755963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7b28f1a91c0d8a2021-12-20 15:54:41.425root 11241100x8000000000000000755964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d188107e8c6d0e4b2021-12-20 15:54:41.425root 11241100x8000000000000000755965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514610837f121df72021-12-20 15:54:41.425root 11241100x8000000000000000755966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c3c92e498c61132021-12-20 15:54:41.425root 11241100x8000000000000000755967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a355c92d63437e72021-12-20 15:54:41.425root 11241100x8000000000000000755968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a78497f39d0dec2021-12-20 15:54:41.924root 11241100x8000000000000000755969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f96a488a5790a42021-12-20 15:54:41.924root 11241100x8000000000000000755970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8fd7026fbc02322021-12-20 15:54:41.924root 11241100x8000000000000000755971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1319ad02033d8c152021-12-20 15:54:41.925root 11241100x8000000000000000755972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccc8d6a306b6bb72021-12-20 15:54:41.925root 11241100x8000000000000000755973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7f1071f65897942021-12-20 15:54:41.925root 11241100x8000000000000000755974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301d83c5a69c56da2021-12-20 15:54:41.925root 11241100x8000000000000000755975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b5874a1477a8c92021-12-20 15:54:41.925root 11241100x8000000000000000755976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630e8d2ec0c99ba52021-12-20 15:54:41.925root 11241100x8000000000000000755977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c4a2b5d322ca922021-12-20 15:54:41.925root 11241100x8000000000000000755978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d529d97c4b36e5d2021-12-20 15:54:41.925root 11241100x8000000000000000755979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7378c7f56700a8ba2021-12-20 15:54:41.926root 11241100x8000000000000000755980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5cb9b5dc29fd802021-12-20 15:54:41.926root 23542300x8000000000000000755981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:41.976{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000755982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.187{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51360-false10.0.1.12-8000- 11241100x8000000000000000755983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56124afc01dad4e62021-12-20 15:54:42.188root 11241100x8000000000000000755984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cfa776c02819592021-12-20 15:54:42.188root 11241100x8000000000000000755985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea04f809fe916cf2021-12-20 15:54:42.188root 11241100x8000000000000000755986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232815ea4810a1712021-12-20 15:54:42.189root 11241100x8000000000000000755987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067dad4e0dfa320b2021-12-20 15:54:42.189root 11241100x8000000000000000755988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025daab0fc39ce502021-12-20 15:54:42.189root 11241100x8000000000000000755989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374ca41aa6dfae242021-12-20 15:54:42.189root 11241100x8000000000000000755990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764edb8283c918ed2021-12-20 15:54:42.190root 11241100x8000000000000000755991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cb261b18ef5e512021-12-20 15:54:42.190root 11241100x8000000000000000755992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da66c6e7bc7346252021-12-20 15:54:42.190root 11241100x8000000000000000755993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7055353e2883b11d2021-12-20 15:54:42.190root 11241100x8000000000000000755994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff9e9eadc9632632021-12-20 15:54:42.190root 11241100x8000000000000000755995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9512e44bbc8945642021-12-20 15:54:42.190root 11241100x8000000000000000755996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92617185f4b55fc2021-12-20 15:54:42.190root 11241100x8000000000000000755997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c5429532eeb3c22021-12-20 15:54:42.190root 11241100x8000000000000000755998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9336e4cbed895a042021-12-20 15:54:42.191root 11241100x8000000000000000755999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2be6b511cfd0512021-12-20 15:54:42.191root 11241100x8000000000000000756000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0f28c1048ff2d82021-12-20 15:54:42.675root 11241100x8000000000000000756001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6143f8a2939ce0eb2021-12-20 15:54:42.675root 11241100x8000000000000000756002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76031c5797e02fdd2021-12-20 15:54:42.675root 11241100x8000000000000000756003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f452a00f23d990d2021-12-20 15:54:42.675root 11241100x8000000000000000756004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8000064cf8216fb82021-12-20 15:54:42.675root 11241100x8000000000000000756005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2295fe854196ed2021-12-20 15:54:42.675root 11241100x8000000000000000756006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e250a949b5635432021-12-20 15:54:42.675root 11241100x8000000000000000756007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d4438323e951f32021-12-20 15:54:42.675root 11241100x8000000000000000756008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9db1e2706b57152021-12-20 15:54:42.675root 11241100x8000000000000000756009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d8efacc6e9da9c2021-12-20 15:54:42.675root 11241100x8000000000000000756010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1907a4153889f74d2021-12-20 15:54:42.675root 11241100x8000000000000000756011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebb9990923a93a12021-12-20 15:54:42.675root 11241100x8000000000000000756012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cb7c86bb978d0c2021-12-20 15:54:42.675root 11241100x8000000000000000756013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4021d00822ffa02021-12-20 15:54:42.675root 11241100x8000000000000000756014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:42.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27063e1400b280c2021-12-20 15:54:42.675root 11241100x8000000000000000756015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a698e8b0712043512021-12-20 15:54:43.174root 11241100x8000000000000000756016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e7afc4a55460612021-12-20 15:54:43.175root 11241100x8000000000000000756017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da242824c1c57132021-12-20 15:54:43.175root 11241100x8000000000000000756018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fd92f12d48727f2021-12-20 15:54:43.175root 11241100x8000000000000000756019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b81e8905218bbb2021-12-20 15:54:43.175root 11241100x8000000000000000756020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54758791a426e2022021-12-20 15:54:43.175root 11241100x8000000000000000756021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f46f1f84042b9112021-12-20 15:54:43.175root 11241100x8000000000000000756022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e8676bdd9999fd2021-12-20 15:54:43.175root 11241100x8000000000000000756023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0d7b3ac924f5da2021-12-20 15:54:43.176root 11241100x8000000000000000756024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8fe380599f88b72021-12-20 15:54:43.176root 11241100x8000000000000000756025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6e547f04b4c85f2021-12-20 15:54:43.176root 11241100x8000000000000000756026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f1a9f28a4a64d2021-12-20 15:54:43.176root 11241100x8000000000000000756027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e918ec1f9e107b6b2021-12-20 15:54:43.176root 11241100x8000000000000000756028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2881df157904b5e2021-12-20 15:54:43.176root 11241100x8000000000000000756029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f568fe0d72d0066b2021-12-20 15:54:43.176root 11241100x8000000000000000756030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba6a2545014397b2021-12-20 15:54:43.674root 11241100x8000000000000000756031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ef58c10106d3322021-12-20 15:54:43.675root 11241100x8000000000000000756032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d472c197741d42ba2021-12-20 15:54:43.675root 11241100x8000000000000000756033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fb0776fd6364e22021-12-20 15:54:43.675root 11241100x8000000000000000756034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86766dbbcfb7fbe2021-12-20 15:54:43.675root 11241100x8000000000000000756035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6830b2d73be7abc52021-12-20 15:54:43.675root 11241100x8000000000000000756036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6ec7f475ddfab32021-12-20 15:54:43.675root 11241100x8000000000000000756037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357b1d1bf932002f2021-12-20 15:54:43.675root 11241100x8000000000000000756038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ca6073792b67242021-12-20 15:54:43.675root 11241100x8000000000000000756039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8042a4f93097f92021-12-20 15:54:43.675root 11241100x8000000000000000756040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36bf4de6567af942021-12-20 15:54:43.675root 11241100x8000000000000000756041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a368e88948d2e02021-12-20 15:54:43.675root 11241100x8000000000000000756042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db86f44ac2a5b5222021-12-20 15:54:43.676root 11241100x8000000000000000756043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3fc26769cb4dcd2021-12-20 15:54:43.676root 11241100x8000000000000000756044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e954483c363294902021-12-20 15:54:43.676root 11241100x8000000000000000756045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accd38ffc8d90b2f2021-12-20 15:54:44.174root 11241100x8000000000000000756046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5713c4848a15dcb92021-12-20 15:54:44.175root 11241100x8000000000000000756047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778b787b9b3d2ad02021-12-20 15:54:44.175root 11241100x8000000000000000756048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba70e7960823e992021-12-20 15:54:44.175root 11241100x8000000000000000756049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db59bd5950896fe62021-12-20 15:54:44.175root 11241100x8000000000000000756050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d91315cee8df2522021-12-20 15:54:44.176root 11241100x8000000000000000756051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89253723699ad552021-12-20 15:54:44.176root 11241100x8000000000000000756052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caba04d4be91806f2021-12-20 15:54:44.176root 11241100x8000000000000000756053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e948eafd2f97292021-12-20 15:54:44.177root 11241100x8000000000000000756054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2da078b1d1f5bdf2021-12-20 15:54:44.177root 11241100x8000000000000000756055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639bc436fb07deb12021-12-20 15:54:44.177root 11241100x8000000000000000756056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3871e39784edd62021-12-20 15:54:44.177root 11241100x8000000000000000756057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579866c92261dabe2021-12-20 15:54:44.177root 11241100x8000000000000000756058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528804e179b6e8fa2021-12-20 15:54:44.177root 11241100x8000000000000000756059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6329a4e274edeeea2021-12-20 15:54:44.177root 11241100x8000000000000000756060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73b08769ce872a62021-12-20 15:54:44.674root 11241100x8000000000000000756061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3de091d4b70b5fd2021-12-20 15:54:44.674root 11241100x8000000000000000756062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b21b31287862032021-12-20 15:54:44.675root 11241100x8000000000000000756063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b33e81893d00fc2021-12-20 15:54:44.675root 11241100x8000000000000000756064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76b891a6a14eb7b2021-12-20 15:54:44.675root 11241100x8000000000000000756065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931685e7731a28ce2021-12-20 15:54:44.675root 11241100x8000000000000000756066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2e774debcb90692021-12-20 15:54:44.675root 11241100x8000000000000000756067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ad6d649126726b2021-12-20 15:54:44.675root 11241100x8000000000000000756068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ac945cca3654cd2021-12-20 15:54:44.675root 11241100x8000000000000000756069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e5629b7f787a322021-12-20 15:54:44.675root 11241100x8000000000000000756070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c467fb3cabefa8ba2021-12-20 15:54:44.675root 11241100x8000000000000000756071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5027af0563fbfbab2021-12-20 15:54:44.675root 11241100x8000000000000000756072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f40b57dfa87aa02021-12-20 15:54:44.675root 11241100x8000000000000000756073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1627f34bab0271ce2021-12-20 15:54:44.676root 11241100x8000000000000000756074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834333e1b9ea67a82021-12-20 15:54:44.676root 11241100x8000000000000000756075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6519f9979c67d53e2021-12-20 15:54:45.174root 11241100x8000000000000000756076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290a1d03f76f55be2021-12-20 15:54:45.174root 11241100x8000000000000000756077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fab13f3e8ce41e42021-12-20 15:54:45.175root 11241100x8000000000000000756078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab06c2e78c545d32021-12-20 15:54:45.175root 11241100x8000000000000000756079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec7f707a951e2d52021-12-20 15:54:45.175root 11241100x8000000000000000756080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a5bc2a80be37c92021-12-20 15:54:45.175root 11241100x8000000000000000756081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4debe8f7db13555d2021-12-20 15:54:45.175root 11241100x8000000000000000756082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cdb6b95f0a3e602021-12-20 15:54:45.175root 11241100x8000000000000000756083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79f359f019aadc52021-12-20 15:54:45.175root 11241100x8000000000000000756084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7892e1895e9c8c132021-12-20 15:54:45.175root 11241100x8000000000000000756085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aab18b1e071173e2021-12-20 15:54:45.175root 11241100x8000000000000000756086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057c8f2514303a962021-12-20 15:54:45.175root 11241100x8000000000000000756087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4322504ca191a6182021-12-20 15:54:45.175root 11241100x8000000000000000756088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c265ef68302ce92021-12-20 15:54:45.176root 11241100x8000000000000000756089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44f2cde31f562432021-12-20 15:54:45.176root 11241100x8000000000000000756090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25534ad996a2cf742021-12-20 15:54:45.674root 11241100x8000000000000000756091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e591d0adbae46dc92021-12-20 15:54:45.674root 11241100x8000000000000000756092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11584b8b830f51202021-12-20 15:54:45.675root 11241100x8000000000000000756093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3614bf7ad7df02382021-12-20 15:54:45.675root 11241100x8000000000000000756094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72799209a8d064282021-12-20 15:54:45.675root 11241100x8000000000000000756095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9835fc23dfa4a54a2021-12-20 15:54:45.675root 11241100x8000000000000000756096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54f33b561d3fbb32021-12-20 15:54:45.675root 11241100x8000000000000000756097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d682880d829d6e2021-12-20 15:54:45.675root 11241100x8000000000000000756098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee029b2b7d3b0fa2021-12-20 15:54:45.675root 11241100x8000000000000000756099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ca2c10e0dd0ae72021-12-20 15:54:45.675root 11241100x8000000000000000756100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca3ed23376229902021-12-20 15:54:45.675root 11241100x8000000000000000756101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742acff58d4f79aa2021-12-20 15:54:45.675root 11241100x8000000000000000756102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb237af57fb0db432021-12-20 15:54:45.675root 11241100x8000000000000000756103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb52df563b7599092021-12-20 15:54:45.675root 11241100x8000000000000000756104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7dfa326200d1e92021-12-20 15:54:45.675root 11241100x8000000000000000756105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5159ad6926590902021-12-20 15:54:46.174root 11241100x8000000000000000756106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8556d3fb0b46a62021-12-20 15:54:46.174root 11241100x8000000000000000756107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfddc879a644a7242021-12-20 15:54:46.174root 11241100x8000000000000000756108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c6bb71c009dbab2021-12-20 15:54:46.174root 11241100x8000000000000000756109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5adf1681f47602d2021-12-20 15:54:46.174root 11241100x8000000000000000756110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90103c094ce860102021-12-20 15:54:46.175root 11241100x8000000000000000756111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa3522fc4487f912021-12-20 15:54:46.175root 11241100x8000000000000000756112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82aa3c84974eee12021-12-20 15:54:46.175root 11241100x8000000000000000756113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4753fac823acc82021-12-20 15:54:46.175root 11241100x8000000000000000756114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5653943ab196012d2021-12-20 15:54:46.175root 11241100x8000000000000000756115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0f2b6b0d49cf622021-12-20 15:54:46.175root 11241100x8000000000000000756116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dcec3499d0f4ae2021-12-20 15:54:46.175root 11241100x8000000000000000756117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754dc0624ec912db2021-12-20 15:54:46.175root 11241100x8000000000000000756118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82da81ae5a02f0292021-12-20 15:54:46.175root 11241100x8000000000000000756119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5538dc2aefa10d2021-12-20 15:54:46.175root 11241100x8000000000000000756120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa9f90201acd8352021-12-20 15:54:46.674root 11241100x8000000000000000756121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafd47838a4335a62021-12-20 15:54:46.674root 11241100x8000000000000000756122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612a99f5edc709032021-12-20 15:54:46.674root 11241100x8000000000000000756123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083b732c854bc62c2021-12-20 15:54:46.674root 11241100x8000000000000000756124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0232d6a9015541622021-12-20 15:54:46.674root 11241100x8000000000000000756125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1ddb912e430ac82021-12-20 15:54:46.675root 11241100x8000000000000000756126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3f8853e16321242021-12-20 15:54:46.675root 11241100x8000000000000000756127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db07d67ac37281b2021-12-20 15:54:46.675root 11241100x8000000000000000756128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07bba726f2c91452021-12-20 15:54:46.675root 11241100x8000000000000000756129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebecdda15bee91e42021-12-20 15:54:46.675root 11241100x8000000000000000756130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0443a1d9b698ecc2021-12-20 15:54:46.675root 11241100x8000000000000000756131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692db23c8ef36f162021-12-20 15:54:46.675root 11241100x8000000000000000756132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aac865704bdd722021-12-20 15:54:46.675root 11241100x8000000000000000756133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24268654b05b850f2021-12-20 15:54:46.675root 11241100x8000000000000000756134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf8c157aa050a932021-12-20 15:54:46.675root 11241100x8000000000000000756135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664da4fd084423882021-12-20 15:54:47.174root 11241100x8000000000000000756136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19afd22e8dc035d42021-12-20 15:54:47.175root 11241100x8000000000000000756137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294b7480030296ba2021-12-20 15:54:47.175root 11241100x8000000000000000756138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ecb1a92d04d4852021-12-20 15:54:47.175root 11241100x8000000000000000756139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1b882e7f012e2a2021-12-20 15:54:47.175root 11241100x8000000000000000756140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759988b5136b9b822021-12-20 15:54:47.175root 11241100x8000000000000000756141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9875f321ea9a4892021-12-20 15:54:47.175root 11241100x8000000000000000756142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd12479df6483ba2021-12-20 15:54:47.175root 11241100x8000000000000000756143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417066b5eb80e9492021-12-20 15:54:47.175root 11241100x8000000000000000756144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7b97037864eb1d2021-12-20 15:54:47.175root 11241100x8000000000000000756145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c034d79d7aadd6cf2021-12-20 15:54:47.175root 11241100x8000000000000000756146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f64be814ecddda82021-12-20 15:54:47.176root 11241100x8000000000000000756147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c48b0d77dba45b2021-12-20 15:54:47.176root 11241100x8000000000000000756148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6918f4cb1ca520bf2021-12-20 15:54:47.176root 11241100x8000000000000000756149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4cd24cf7ac63e52021-12-20 15:54:47.176root 11241100x8000000000000000756150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2085e13d9552e9142021-12-20 15:54:47.674root 11241100x8000000000000000756151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36d47e148927f982021-12-20 15:54:47.674root 11241100x8000000000000000756152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13928d244ae4d25d2021-12-20 15:54:47.674root 11241100x8000000000000000756153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b744a3bb63c7872021-12-20 15:54:47.674root 11241100x8000000000000000756154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd7c478fd60bd532021-12-20 15:54:47.674root 11241100x8000000000000000756155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3804d0b661c13e2021-12-20 15:54:47.674root 11241100x8000000000000000756156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9c12c703497abf2021-12-20 15:54:47.675root 11241100x8000000000000000756157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e436ea025ac18b32021-12-20 15:54:47.675root 11241100x8000000000000000756158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e82eb1b511c5922021-12-20 15:54:47.675root 11241100x8000000000000000756159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9b7fe8ec20e9222021-12-20 15:54:47.675root 11241100x8000000000000000756160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bae0f8680a62a12021-12-20 15:54:47.675root 11241100x8000000000000000756161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c060e138771aea2021-12-20 15:54:47.675root 11241100x8000000000000000756162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4769ffba5c2da43a2021-12-20 15:54:47.675root 11241100x8000000000000000756163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550a624f14551c512021-12-20 15:54:47.675root 11241100x8000000000000000756164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24c4939858487bc2021-12-20 15:54:47.675root 354300x8000000000000000756165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.169{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51362-false10.0.1.12-8000- 11241100x8000000000000000756166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa3e0f56b74c7082021-12-20 15:54:48.170root 11241100x8000000000000000756167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093fa74b8150ce5b2021-12-20 15:54:48.170root 11241100x8000000000000000756168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1652810e0627e8bc2021-12-20 15:54:48.170root 11241100x8000000000000000756169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176330be7aa916fb2021-12-20 15:54:48.170root 11241100x8000000000000000756170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14df56e1257a19392021-12-20 15:54:48.170root 11241100x8000000000000000756171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539488d2e404354b2021-12-20 15:54:48.170root 11241100x8000000000000000756172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d8eefc559f98132021-12-20 15:54:48.170root 11241100x8000000000000000756173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3d80b075b126182021-12-20 15:54:48.170root 11241100x8000000000000000756174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b12a04ad09ec642021-12-20 15:54:48.170root 11241100x8000000000000000756175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e13110f0745840d2021-12-20 15:54:48.170root 11241100x8000000000000000756176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.171{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01bc06c4a9e91662021-12-20 15:54:48.171root 11241100x8000000000000000756177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.171{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f012dab9b54bc9b82021-12-20 15:54:48.171root 11241100x8000000000000000756178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.171{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc9df4c7d2038bc2021-12-20 15:54:48.171root 11241100x8000000000000000756179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.171{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbd826ced9cce9e2021-12-20 15:54:48.171root 11241100x8000000000000000756180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.171{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e32c1b99d15bd22021-12-20 15:54:48.171root 11241100x8000000000000000756181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.171{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2932d84aafd0ea32021-12-20 15:54:48.171root 11241100x8000000000000000756182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6d0fff38c454492021-12-20 15:54:48.424root 11241100x8000000000000000756183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ef4fcc6c2115362021-12-20 15:54:48.424root 11241100x8000000000000000756184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cd004f090bdee62021-12-20 15:54:48.424root 11241100x8000000000000000756185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446994a22543e31d2021-12-20 15:54:48.424root 11241100x8000000000000000756186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc2c3c5068d5dcb2021-12-20 15:54:48.425root 11241100x8000000000000000756187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4efdbc7c9ff9beb2021-12-20 15:54:48.425root 11241100x8000000000000000756188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d53d4302e04fb22021-12-20 15:54:48.425root 11241100x8000000000000000756189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867ae0daccbffe2a2021-12-20 15:54:48.425root 11241100x8000000000000000756190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9708f4304209a22c2021-12-20 15:54:48.425root 11241100x8000000000000000756191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82891fcdd42d91b2021-12-20 15:54:48.425root 11241100x8000000000000000756192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1228ad4308f7ad8a2021-12-20 15:54:48.425root 11241100x8000000000000000756193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869a2698e61d85cf2021-12-20 15:54:48.425root 11241100x8000000000000000756194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea16c876304763f72021-12-20 15:54:48.425root 11241100x8000000000000000756195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2a800da573a9e72021-12-20 15:54:48.425root 11241100x8000000000000000756196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b42c33e674bdd0a2021-12-20 15:54:48.425root 11241100x8000000000000000756197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dc5911fb3719b82021-12-20 15:54:48.425root 11241100x8000000000000000756198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569224124cff50192021-12-20 15:54:48.924root 11241100x8000000000000000756199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cacb3f2fc0750d82021-12-20 15:54:48.924root 11241100x8000000000000000756200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544b4631b2e313c52021-12-20 15:54:48.924root 11241100x8000000000000000756201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed26f080a55aea072021-12-20 15:54:48.924root 11241100x8000000000000000756202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73616ff76481f1112021-12-20 15:54:48.924root 11241100x8000000000000000756203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da803f7dc0262a02021-12-20 15:54:48.924root 11241100x8000000000000000756204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2856d62964b072512021-12-20 15:54:48.924root 11241100x8000000000000000756205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1767309d98685792021-12-20 15:54:48.924root 11241100x8000000000000000756206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd9a912aed9b82a2021-12-20 15:54:48.925root 11241100x8000000000000000756207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9101acb35d9d8902021-12-20 15:54:48.925root 11241100x8000000000000000756208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bee4c2d88863102021-12-20 15:54:48.925root 11241100x8000000000000000756209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb72cf02ede7336d2021-12-20 15:54:48.925root 11241100x8000000000000000756210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fd3eae285cf4a42021-12-20 15:54:48.925root 11241100x8000000000000000756211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff0099b1c0fd7d42021-12-20 15:54:48.925root 11241100x8000000000000000756212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b8ba4cac74992f2021-12-20 15:54:48.925root 11241100x8000000000000000756213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828e8063a95aea512021-12-20 15:54:48.925root 11241100x8000000000000000756214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a834218f09b0b2f2021-12-20 15:54:49.424root 11241100x8000000000000000756215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28bb2e9f3b144b72021-12-20 15:54:49.424root 11241100x8000000000000000756216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9991cbaad63927132021-12-20 15:54:49.424root 11241100x8000000000000000756217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918c8d438ca728082021-12-20 15:54:49.424root 11241100x8000000000000000756218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88410a28f43ecdee2021-12-20 15:54:49.424root 11241100x8000000000000000756219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afa617c81a186672021-12-20 15:54:49.424root 11241100x8000000000000000756220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d577e9ecd2a388562021-12-20 15:54:49.424root 11241100x8000000000000000756221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab69c0f058e513d92021-12-20 15:54:49.425root 11241100x8000000000000000756222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c84dec406532f62021-12-20 15:54:49.425root 11241100x8000000000000000756223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ebc93b59ef313e2021-12-20 15:54:49.425root 11241100x8000000000000000756224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8cfc4031648e502021-12-20 15:54:49.425root 11241100x8000000000000000756225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fc3ff3686a536b2021-12-20 15:54:49.425root 11241100x8000000000000000756226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8482f4309521702021-12-20 15:54:49.425root 11241100x8000000000000000756227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f265ee8435d803502021-12-20 15:54:49.425root 11241100x8000000000000000756228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26352a03f12379b82021-12-20 15:54:49.425root 11241100x8000000000000000756229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709e157df526e7102021-12-20 15:54:49.425root 11241100x8000000000000000756230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d779d23d4a61652021-12-20 15:54:49.924root 11241100x8000000000000000756231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fdb302fc55045e2021-12-20 15:54:49.924root 11241100x8000000000000000756232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed3d4ff09dd25d52021-12-20 15:54:49.924root 11241100x8000000000000000756233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39db969dc2b3ff312021-12-20 15:54:49.924root 11241100x8000000000000000756234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b329ee5a504b120c2021-12-20 15:54:49.924root 11241100x8000000000000000756235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c43ccb7cbf1c422021-12-20 15:54:49.924root 11241100x8000000000000000756236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46b7a0fe608f5152021-12-20 15:54:49.924root 11241100x8000000000000000756237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e538cace948a68d42021-12-20 15:54:49.924root 11241100x8000000000000000756238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f597563d3243eb2021-12-20 15:54:49.924root 11241100x8000000000000000756239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2518f3982eeb86ef2021-12-20 15:54:49.924root 11241100x8000000000000000756240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92c3761091692402021-12-20 15:54:49.925root 11241100x8000000000000000756241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c626c12919931c5c2021-12-20 15:54:49.925root 11241100x8000000000000000756242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214a8a304669369d2021-12-20 15:54:49.925root 11241100x8000000000000000756243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c4b72c118552fc2021-12-20 15:54:49.925root 11241100x8000000000000000756244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df821d73b62b4aea2021-12-20 15:54:49.925root 11241100x8000000000000000756245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cf413ed0da59012021-12-20 15:54:49.925root 11241100x8000000000000000756246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6f891c28f2336f2021-12-20 15:54:50.424root 11241100x8000000000000000756247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422f261a5664f45a2021-12-20 15:54:50.424root 11241100x8000000000000000756248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0b947cb3f0834f2021-12-20 15:54:50.424root 11241100x8000000000000000756249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27ca505880a945f2021-12-20 15:54:50.424root 11241100x8000000000000000756250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c55b468e9f5fe6f2021-12-20 15:54:50.424root 11241100x8000000000000000756251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6219862c059b952021-12-20 15:54:50.424root 11241100x8000000000000000756252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b940036f59bf392021-12-20 15:54:50.424root 11241100x8000000000000000756253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c239c3786e1da9fa2021-12-20 15:54:50.424root 11241100x8000000000000000756254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8a7fe8235b57cf2021-12-20 15:54:50.424root 11241100x8000000000000000756255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb326f834a90e502021-12-20 15:54:50.425root 11241100x8000000000000000756256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a87f68fcf474652021-12-20 15:54:50.425root 11241100x8000000000000000756257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49eb3651766ebcd2021-12-20 15:54:50.425root 11241100x8000000000000000756258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f95c08156381a12021-12-20 15:54:50.425root 11241100x8000000000000000756259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0bc550b969d27f2021-12-20 15:54:50.425root 11241100x8000000000000000756260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692868ef62b4838f2021-12-20 15:54:50.426root 11241100x8000000000000000756261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba56230cabf803332021-12-20 15:54:50.426root 11241100x8000000000000000756262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc79fec3da61fe442021-12-20 15:54:50.924root 11241100x8000000000000000756263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e444843ad432ac6d2021-12-20 15:54:50.924root 11241100x8000000000000000756264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29245d8ba6fcc63e2021-12-20 15:54:50.924root 11241100x8000000000000000756265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5877e9e29890c7fa2021-12-20 15:54:50.925root 11241100x8000000000000000756266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19583cffed439d132021-12-20 15:54:50.925root 11241100x8000000000000000756267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ef73138d2e42e22021-12-20 15:54:50.925root 11241100x8000000000000000756268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128056c22c0467f22021-12-20 15:54:50.925root 11241100x8000000000000000756269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ce5bcd5feedb312021-12-20 15:54:50.925root 11241100x8000000000000000756270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c41c307df06cd32021-12-20 15:54:50.925root 11241100x8000000000000000756271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daf03bd750d03242021-12-20 15:54:50.925root 11241100x8000000000000000756272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89222c93acd5268f2021-12-20 15:54:50.925root 11241100x8000000000000000756273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf88a447229798352021-12-20 15:54:50.925root 11241100x8000000000000000756274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f27e1f343b24552021-12-20 15:54:50.925root 11241100x8000000000000000756275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856f39494b90b8f02021-12-20 15:54:50.925root 11241100x8000000000000000756276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bad0ed1b1fb9d4c2021-12-20 15:54:50.925root 11241100x8000000000000000756277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8527cdc6fc8504d62021-12-20 15:54:50.925root 11241100x8000000000000000756278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45acfd6f11bc50b22021-12-20 15:54:51.424root 11241100x8000000000000000756279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efbec2e41badc792021-12-20 15:54:51.424root 11241100x8000000000000000756280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6073bc4b2140562021-12-20 15:54:51.424root 11241100x8000000000000000756281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b710f7ff30fc4b12021-12-20 15:54:51.424root 11241100x8000000000000000756282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96a4eac24f37b7c2021-12-20 15:54:51.425root 11241100x8000000000000000756283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d31468369f687dd2021-12-20 15:54:51.425root 11241100x8000000000000000756284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7700eeb6798f62742021-12-20 15:54:51.425root 11241100x8000000000000000756285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64a5efbacc082862021-12-20 15:54:51.425root 11241100x8000000000000000756286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd113f1768f8aab2021-12-20 15:54:51.425root 11241100x8000000000000000756287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b3b74698f1b2622021-12-20 15:54:51.425root 11241100x8000000000000000756288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af55bbcf08669f1e2021-12-20 15:54:51.425root 11241100x8000000000000000756289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2a1eb6248126aa2021-12-20 15:54:51.425root 11241100x8000000000000000756290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24791ffb0040404b2021-12-20 15:54:51.425root 11241100x8000000000000000756291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dc3809a610dd8f2021-12-20 15:54:51.426root 11241100x8000000000000000756292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c69c20830bf7f72021-12-20 15:54:51.426root 11241100x8000000000000000756293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dbbbbefa3789ce2021-12-20 15:54:51.426root 11241100x8000000000000000756294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf22364878965532021-12-20 15:54:51.924root 11241100x8000000000000000756295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c44d466bb75c9f2021-12-20 15:54:51.924root 11241100x8000000000000000756296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1091c277c5d14d2021-12-20 15:54:51.924root 11241100x8000000000000000756297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038dbe5abec738452021-12-20 15:54:51.925root 11241100x8000000000000000756298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7d33e450e56cbf2021-12-20 15:54:51.925root 11241100x8000000000000000756299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e5018f96f15c6f2021-12-20 15:54:51.925root 11241100x8000000000000000756300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2426f9a5c1fee0ba2021-12-20 15:54:51.925root 11241100x8000000000000000756301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb4f8b3ddcacbd62021-12-20 15:54:51.925root 11241100x8000000000000000756302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ca6d8ebb4917702021-12-20 15:54:51.925root 11241100x8000000000000000756303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fd1e90b309d5e52021-12-20 15:54:51.925root 11241100x8000000000000000756304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88347885e4b25bb2021-12-20 15:54:51.925root 11241100x8000000000000000756305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695d73ce5b6a45fe2021-12-20 15:54:51.925root 11241100x8000000000000000756306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252de7e8f2efd4a62021-12-20 15:54:51.925root 11241100x8000000000000000756307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6a7404249ecf872021-12-20 15:54:51.925root 11241100x8000000000000000756308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7098991977cbf6a42021-12-20 15:54:51.925root 11241100x8000000000000000756309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28082a439c4dfa622021-12-20 15:54:51.925root 11241100x8000000000000000756310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e4faa7f737ce452021-12-20 15:54:52.424root 11241100x8000000000000000756311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be9e81edca665102021-12-20 15:54:52.424root 11241100x8000000000000000756312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c9cc1d36755a752021-12-20 15:54:52.424root 11241100x8000000000000000756313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6f6e06bbf49e192021-12-20 15:54:52.424root 11241100x8000000000000000756314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01cca62cecb96a52021-12-20 15:54:52.425root 11241100x8000000000000000756315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690619d52ee364282021-12-20 15:54:52.425root 11241100x8000000000000000756316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d98d3b8c55b205e2021-12-20 15:54:52.425root 11241100x8000000000000000756317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edd6d82aaf4e5922021-12-20 15:54:52.425root 11241100x8000000000000000756318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6dc8bc9f9f6ed22021-12-20 15:54:52.425root 11241100x8000000000000000756319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890ebe71dec074e32021-12-20 15:54:52.425root 11241100x8000000000000000756320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe756b569e9b7112021-12-20 15:54:52.426root 11241100x8000000000000000756321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00c5397c62f17ca2021-12-20 15:54:52.426root 11241100x8000000000000000756322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb6e801a7e5c1b52021-12-20 15:54:52.426root 11241100x8000000000000000756323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb632bd87571fec2021-12-20 15:54:52.426root 11241100x8000000000000000756324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f24ec3cf1a74752021-12-20 15:54:52.426root 11241100x8000000000000000756325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0032b4ab1c0a5d882021-12-20 15:54:52.426root 11241100x8000000000000000756326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb3935518d35ebc2021-12-20 15:54:52.924root 11241100x8000000000000000756327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9005c7790d283e72021-12-20 15:54:52.924root 11241100x8000000000000000756328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d6685a01f80d8c2021-12-20 15:54:52.924root 11241100x8000000000000000756329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f49850b83e346522021-12-20 15:54:52.925root 11241100x8000000000000000756330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bb8aa66c0609352021-12-20 15:54:52.925root 11241100x8000000000000000756331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1092c9a78d16b0c32021-12-20 15:54:52.925root 11241100x8000000000000000756332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4509f610a1b2c0b72021-12-20 15:54:52.925root 11241100x8000000000000000756333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8db8fd9a09827f2021-12-20 15:54:52.925root 11241100x8000000000000000756334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97bf1f923420add2021-12-20 15:54:52.926root 11241100x8000000000000000756335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7d95cd945e0a462021-12-20 15:54:52.926root 11241100x8000000000000000756336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55f5eb3b7a6d9042021-12-20 15:54:52.926root 11241100x8000000000000000756337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5afbb8efb7516182021-12-20 15:54:52.926root 11241100x8000000000000000756338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f74f56967a7bde2021-12-20 15:54:52.926root 11241100x8000000000000000756339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229fe097dd498b982021-12-20 15:54:52.927root 11241100x8000000000000000756340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab4575509c859032021-12-20 15:54:52.928root 11241100x8000000000000000756341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb77b0327cbf9a3b2021-12-20 15:54:52.928root 11241100x8000000000000000756342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a4882565c0955b2021-12-20 15:54:53.424root 11241100x8000000000000000756343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f754cdbc61d90f2021-12-20 15:54:53.424root 11241100x8000000000000000756344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e417ae17e948722021-12-20 15:54:53.424root 11241100x8000000000000000756345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257d26ff6a8452cf2021-12-20 15:54:53.424root 11241100x8000000000000000756346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0c10dd361859692021-12-20 15:54:53.425root 11241100x8000000000000000756347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debeb2217b0a548b2021-12-20 15:54:53.425root 11241100x8000000000000000756348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2b91def6e548642021-12-20 15:54:53.425root 11241100x8000000000000000756349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6615e80a194678ff2021-12-20 15:54:53.425root 11241100x8000000000000000756350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa24014708c3a5712021-12-20 15:54:53.425root 11241100x8000000000000000756351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea08cd70e963391f2021-12-20 15:54:53.425root 11241100x8000000000000000756352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80f81786cd18c302021-12-20 15:54:53.425root 11241100x8000000000000000756353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c3e9adc31945e32021-12-20 15:54:53.425root 11241100x8000000000000000756354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1375222ca0461f62021-12-20 15:54:53.425root 11241100x8000000000000000756355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd16bd6d2d552952021-12-20 15:54:53.425root 11241100x8000000000000000756356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2639b7f6a504fd32021-12-20 15:54:53.425root 11241100x8000000000000000756357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9d5680b23d0ab82021-12-20 15:54:53.425root 11241100x8000000000000000756358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbf5528c61320422021-12-20 15:54:53.924root 11241100x8000000000000000756359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6266c3caf96e8ca32021-12-20 15:54:53.924root 11241100x8000000000000000756360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f060ebd0f2a87c5f2021-12-20 15:54:53.925root 11241100x8000000000000000756361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168e0ab6f8b90d892021-12-20 15:54:53.925root 11241100x8000000000000000756362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a150367a6628b292021-12-20 15:54:53.925root 11241100x8000000000000000756363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91861d2a706050f02021-12-20 15:54:53.925root 11241100x8000000000000000756364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646888b9ec06cee62021-12-20 15:54:53.926root 11241100x8000000000000000756365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1d20b77a1727c32021-12-20 15:54:53.926root 11241100x8000000000000000756366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b1f46692c4e74a2021-12-20 15:54:53.926root 11241100x8000000000000000756367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d9ed3de6d25cad2021-12-20 15:54:53.926root 11241100x8000000000000000756368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccfdce6d68926de2021-12-20 15:54:53.926root 11241100x8000000000000000756369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145724eef6b0c6992021-12-20 15:54:53.926root 11241100x8000000000000000756370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a2d4da973169112021-12-20 15:54:53.927root 11241100x8000000000000000756371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b808c6f6e0975f52021-12-20 15:54:53.927root 11241100x8000000000000000756372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ca5ddbd5aae6512021-12-20 15:54:53.927root 11241100x8000000000000000756373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2855a797755aafd92021-12-20 15:54:53.927root 354300x8000000000000000756374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.129{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51364-false10.0.1.12-8000- 11241100x8000000000000000756375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2cbc1e6d1cde462021-12-20 15:54:54.424root 11241100x8000000000000000756376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0a8f085e327d442021-12-20 15:54:54.424root 11241100x8000000000000000756377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa05cff5426dff292021-12-20 15:54:54.424root 11241100x8000000000000000756378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d06fe46208eed62021-12-20 15:54:54.424root 11241100x8000000000000000756379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb8c73a1a8a81b92021-12-20 15:54:54.424root 11241100x8000000000000000756380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b280937383489b322021-12-20 15:54:54.424root 11241100x8000000000000000756381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9f00d694d5708a2021-12-20 15:54:54.424root 11241100x8000000000000000756382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4e9a2ab8a6c88f2021-12-20 15:54:54.425root 11241100x8000000000000000756383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae0454a4d300dc62021-12-20 15:54:54.425root 11241100x8000000000000000756384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f3867c8923af7d2021-12-20 15:54:54.425root 11241100x8000000000000000756385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076d1eb829b36f032021-12-20 15:54:54.425root 11241100x8000000000000000756386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3d478d453c5f7c2021-12-20 15:54:54.425root 11241100x8000000000000000756387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdf950cdbaae86d2021-12-20 15:54:54.425root 11241100x8000000000000000756388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579bc6a36a2e18b52021-12-20 15:54:54.425root 11241100x8000000000000000756389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26218585960c3f792021-12-20 15:54:54.425root 11241100x8000000000000000756390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7eb6c21e356a9d2021-12-20 15:54:54.426root 11241100x8000000000000000756391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af70137ce0c8b822021-12-20 15:54:54.426root 11241100x8000000000000000756392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee0e62e014c5ca42021-12-20 15:54:54.426root 11241100x8000000000000000756393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd86aec93d46a80c2021-12-20 15:54:54.426root 11241100x8000000000000000756394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b17955d2adaa2ca2021-12-20 15:54:54.426root 11241100x8000000000000000756395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9ba3ab89c8138d2021-12-20 15:54:54.426root 11241100x8000000000000000756396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cb6055e82222ee2021-12-20 15:54:54.426root 11241100x8000000000000000756397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a185c4952bb0d3f82021-12-20 15:54:54.427root 11241100x8000000000000000756398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2d51880afe3ac02021-12-20 15:54:54.427root 11241100x8000000000000000756399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302b27684494afea2021-12-20 15:54:54.924root 11241100x8000000000000000756400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b771e5b01513467b2021-12-20 15:54:54.924root 11241100x8000000000000000756401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84c0ab0916441842021-12-20 15:54:54.925root 11241100x8000000000000000756402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eac5ab911e2085b2021-12-20 15:54:54.925root 11241100x8000000000000000756403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c48ba18e892e662021-12-20 15:54:54.925root 11241100x8000000000000000756404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2415b9c8476f122021-12-20 15:54:54.925root 11241100x8000000000000000756405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3de2006e6ce82e2021-12-20 15:54:54.925root 11241100x8000000000000000756406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef413eb84834cf682021-12-20 15:54:54.925root 11241100x8000000000000000756407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29823d966298267e2021-12-20 15:54:54.925root 11241100x8000000000000000756408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41029590402430532021-12-20 15:54:54.926root 11241100x8000000000000000756409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c30d69e1d20a0072021-12-20 15:54:54.926root 11241100x8000000000000000756410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7849d14699eb45222021-12-20 15:54:54.926root 11241100x8000000000000000756411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a6792e86b08a412021-12-20 15:54:54.926root 11241100x8000000000000000756412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096c03fb32580ec02021-12-20 15:54:54.926root 11241100x8000000000000000756413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bf814eba2b7c162021-12-20 15:54:54.926root 11241100x8000000000000000756414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ce7dbfa13453072021-12-20 15:54:54.926root 11241100x8000000000000000756415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031143d6587bc2532021-12-20 15:54:54.927root 11241100x8000000000000000756416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d8ad0706ecdbf62021-12-20 15:54:55.424root 11241100x8000000000000000756417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392b08788d967a8e2021-12-20 15:54:55.424root 11241100x8000000000000000756418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f97c5867d829722021-12-20 15:54:55.424root 11241100x8000000000000000756419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9f3b577d4cecf22021-12-20 15:54:55.425root 11241100x8000000000000000756420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f025056221fa25452021-12-20 15:54:55.425root 11241100x8000000000000000756421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279f2e4ce98cc09d2021-12-20 15:54:55.425root 11241100x8000000000000000756422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19adb5fb37fbb932021-12-20 15:54:55.425root 11241100x8000000000000000756423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6745835441cca7572021-12-20 15:54:55.425root 11241100x8000000000000000756424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a171f0ff174d346b2021-12-20 15:54:55.425root 11241100x8000000000000000756425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f29910ec5e6bd32021-12-20 15:54:55.425root 11241100x8000000000000000756426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bd7707e3a649392021-12-20 15:54:55.425root 11241100x8000000000000000756427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4224742b2a092d2021-12-20 15:54:55.425root 11241100x8000000000000000756428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257bcab09d0637c32021-12-20 15:54:55.425root 11241100x8000000000000000756429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60581bf371932cfd2021-12-20 15:54:55.425root 11241100x8000000000000000756430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc87902044e2f282021-12-20 15:54:55.425root 11241100x8000000000000000756431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc178fb74773f9e82021-12-20 15:54:55.426root 11241100x8000000000000000756432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7a97a3de09b6d42021-12-20 15:54:55.426root 11241100x8000000000000000756433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc028d3da36dfe8a2021-12-20 15:54:55.924root 11241100x8000000000000000756434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164f3793232eddd32021-12-20 15:54:55.924root 11241100x8000000000000000756435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9fc846ec90a7832021-12-20 15:54:55.925root 11241100x8000000000000000756436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6681803ab37887522021-12-20 15:54:55.925root 11241100x8000000000000000756437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34de83ffb71ddb1c2021-12-20 15:54:55.925root 11241100x8000000000000000756438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da333709e44c792021-12-20 15:54:55.925root 11241100x8000000000000000756439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1722c6e8bbc6a42021-12-20 15:54:55.925root 11241100x8000000000000000756440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64285eb2eb77d532021-12-20 15:54:55.925root 11241100x8000000000000000756441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b447f99d8407f9992021-12-20 15:54:55.925root 11241100x8000000000000000756442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5242c3e1f33e17392021-12-20 15:54:55.925root 11241100x8000000000000000756443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe89c3804dabf182021-12-20 15:54:55.925root 11241100x8000000000000000756444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9718f1d99db02a8a2021-12-20 15:54:55.925root 11241100x8000000000000000756445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff588e988287026c2021-12-20 15:54:55.926root 11241100x8000000000000000756446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8445108737201e2021-12-20 15:54:55.926root 11241100x8000000000000000756447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b709511d7e1515962021-12-20 15:54:55.926root 11241100x8000000000000000756448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979855adb509456d2021-12-20 15:54:55.926root 11241100x8000000000000000756449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401f60142775818d2021-12-20 15:54:55.926root 11241100x8000000000000000756450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cf7171d977ab552021-12-20 15:54:56.424root 11241100x8000000000000000756451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee5ea010e134dda2021-12-20 15:54:56.424root 11241100x8000000000000000756452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a0db968b46dea62021-12-20 15:54:56.424root 11241100x8000000000000000756453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f557ff02a2293b2021-12-20 15:54:56.424root 11241100x8000000000000000756454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115080fb098f01db2021-12-20 15:54:56.425root 11241100x8000000000000000756455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1690415617a0642021-12-20 15:54:56.425root 11241100x8000000000000000756456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647fa73bbdf9ceb32021-12-20 15:54:56.425root 11241100x8000000000000000756457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00836fcd7d6662592021-12-20 15:54:56.425root 11241100x8000000000000000756458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4438b81a8306812021-12-20 15:54:56.425root 11241100x8000000000000000756459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d69575e667b2212021-12-20 15:54:56.425root 11241100x8000000000000000756460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303c9e0f87a56b2c2021-12-20 15:54:56.426root 11241100x8000000000000000756461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90654d9b325ce5a92021-12-20 15:54:56.426root 11241100x8000000000000000756462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf431951b6d07f82021-12-20 15:54:56.426root 11241100x8000000000000000756463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff32126d41ec8932021-12-20 15:54:56.427root 11241100x8000000000000000756464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d986df83d3a334a02021-12-20 15:54:56.427root 11241100x8000000000000000756465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4964458757005502021-12-20 15:54:56.428root 11241100x8000000000000000756466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c967e4ec43bec452021-12-20 15:54:56.428root 11241100x8000000000000000756467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50eedadf80f62d6a2021-12-20 15:54:56.428root 11241100x8000000000000000756468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536ac547fbb551ec2021-12-20 15:54:56.924root 11241100x8000000000000000756469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f25e27f46a342322021-12-20 15:54:56.924root 11241100x8000000000000000756470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b4dba8872c895e2021-12-20 15:54:56.925root 11241100x8000000000000000756471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe5ad1a298c24c02021-12-20 15:54:56.925root 11241100x8000000000000000756472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b3c399843fc0a2021-12-20 15:54:56.925root 11241100x8000000000000000756473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7ae3d8f005ce0f2021-12-20 15:54:56.925root 11241100x8000000000000000756474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2977ebe060a39b782021-12-20 15:54:56.925root 11241100x8000000000000000756475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2412062f0dd9cb7c2021-12-20 15:54:56.926root 11241100x8000000000000000756476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d3b5c7c41693162021-12-20 15:54:56.926root 11241100x8000000000000000756477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1108f0fdda880a72021-12-20 15:54:56.926root 11241100x8000000000000000756478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d284ea608bf2713a2021-12-20 15:54:56.926root 11241100x8000000000000000756479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e9a493ed30b3322021-12-20 15:54:56.926root 11241100x8000000000000000756480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3610228be40f1ae92021-12-20 15:54:56.926root 11241100x8000000000000000756481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa13a5c6248dff5e2021-12-20 15:54:56.927root 11241100x8000000000000000756482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c76de878e1d18d2021-12-20 15:54:56.927root 11241100x8000000000000000756483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630ad234d721aece2021-12-20 15:54:56.927root 11241100x8000000000000000756484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:56.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bcc97a4a8677562021-12-20 15:54:56.928root 11241100x8000000000000000756485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647897f13070084b2021-12-20 15:54:57.424root 11241100x8000000000000000756486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc68c3771b0a53642021-12-20 15:54:57.424root 11241100x8000000000000000756487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f84af51cc4d0b72021-12-20 15:54:57.424root 11241100x8000000000000000756488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918550ab2695282d2021-12-20 15:54:57.424root 11241100x8000000000000000756489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768532de93339d032021-12-20 15:54:57.425root 11241100x8000000000000000756490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f824d7091b06b22021-12-20 15:54:57.425root 11241100x8000000000000000756491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c0bb99d4f9a5a42021-12-20 15:54:57.425root 11241100x8000000000000000756492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b20b7251bd76dc72021-12-20 15:54:57.425root 11241100x8000000000000000756493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61afaa09151248c82021-12-20 15:54:57.425root 11241100x8000000000000000756494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e253f19709a28d42021-12-20 15:54:57.425root 11241100x8000000000000000756495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3adfcab7fe0184b2021-12-20 15:54:57.425root 11241100x8000000000000000756496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d06037e73aae172021-12-20 15:54:57.425root 11241100x8000000000000000756497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d113c93548b0249a2021-12-20 15:54:57.425root 11241100x8000000000000000756498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ecd45b48addbd42021-12-20 15:54:57.425root 11241100x8000000000000000756499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25a1ce950bb0c482021-12-20 15:54:57.425root 11241100x8000000000000000756500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c5a1027d0d43672021-12-20 15:54:57.426root 11241100x8000000000000000756501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d7c3b64354bec92021-12-20 15:54:57.426root 11241100x8000000000000000756502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155820fd9198265b2021-12-20 15:54:57.924root 11241100x8000000000000000756503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c984e5f0132d7cab2021-12-20 15:54:57.924root 11241100x8000000000000000756504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822e14cf6db2632c2021-12-20 15:54:57.924root 11241100x8000000000000000756505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a7caadb714ec12021-12-20 15:54:57.924root 11241100x8000000000000000756506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d49ab3d038db3032021-12-20 15:54:57.925root 11241100x8000000000000000756507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc217b04d59af102021-12-20 15:54:57.925root 11241100x8000000000000000756508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1bd480e714916b2021-12-20 15:54:57.925root 11241100x8000000000000000756509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0700d882b0cf562021-12-20 15:54:57.925root 11241100x8000000000000000756510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2daeb2358e4cdb512021-12-20 15:54:57.925root 11241100x8000000000000000756511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d1457f1cdb4bf22021-12-20 15:54:57.925root 11241100x8000000000000000756512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac830f123bf25f72021-12-20 15:54:57.925root 11241100x8000000000000000756513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f9fd7d668f32a92021-12-20 15:54:57.925root 11241100x8000000000000000756514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70739a556b9e8bd2021-12-20 15:54:57.925root 11241100x8000000000000000756515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c80c598c9e90a2d2021-12-20 15:54:57.925root 11241100x8000000000000000756516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733c5e8278f965172021-12-20 15:54:57.925root 11241100x8000000000000000756517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a446fc036270162021-12-20 15:54:57.925root 11241100x8000000000000000756518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9df6ef7d4c58312021-12-20 15:54:57.926root 11241100x8000000000000000756519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caac7b79ac5087732021-12-20 15:54:58.424root 11241100x8000000000000000756520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0a51e609a7ed5b2021-12-20 15:54:58.424root 11241100x8000000000000000756521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63767c7405088f92021-12-20 15:54:58.424root 11241100x8000000000000000756522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48590ce560bce002021-12-20 15:54:58.424root 11241100x8000000000000000756523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7168149da9d8072021-12-20 15:54:58.425root 11241100x8000000000000000756524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99055ba20c2d6b92021-12-20 15:54:58.425root 11241100x8000000000000000756525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c33f5628ee827e2021-12-20 15:54:58.425root 11241100x8000000000000000756526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b47daf9ab22beb2021-12-20 15:54:58.425root 11241100x8000000000000000756527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5be1f1d32e472bb2021-12-20 15:54:58.425root 11241100x8000000000000000756528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fe342845ef3a322021-12-20 15:54:58.425root 11241100x8000000000000000756529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e28355462ed7022021-12-20 15:54:58.425root 11241100x8000000000000000756530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a641640df40678db2021-12-20 15:54:58.425root 11241100x8000000000000000756531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a270a1082b44e5d52021-12-20 15:54:58.425root 11241100x8000000000000000756532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bab3cda4c415132021-12-20 15:54:58.425root 11241100x8000000000000000756533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d054ddaed58c9bb62021-12-20 15:54:58.426root 11241100x8000000000000000756534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5179e857d86bea92021-12-20 15:54:58.426root 11241100x8000000000000000756535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3e4ef7de2d58452021-12-20 15:54:58.426root 11241100x8000000000000000756536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aed9b295fd86e32021-12-20 15:54:58.924root 11241100x8000000000000000756537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c2d222161b1dff2021-12-20 15:54:58.924root 11241100x8000000000000000756538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0c72f297412f692021-12-20 15:54:58.924root 11241100x8000000000000000756539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80bca4d2fe4dc892021-12-20 15:54:58.924root 11241100x8000000000000000756540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b42d24f1e5514d2021-12-20 15:54:58.925root 11241100x8000000000000000756541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd9cfc7bd44fd982021-12-20 15:54:58.925root 11241100x8000000000000000756542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df17663381bfb9c2021-12-20 15:54:58.925root 11241100x8000000000000000756543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42f9a68646848cd2021-12-20 15:54:58.925root 11241100x8000000000000000756544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5ba2c014e7f4f02021-12-20 15:54:58.925root 11241100x8000000000000000756545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b932c01aa5a5b3612021-12-20 15:54:58.925root 11241100x8000000000000000756546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3903f21ff4788432021-12-20 15:54:58.925root 11241100x8000000000000000756547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06f9d4a9d23e0992021-12-20 15:54:58.926root 11241100x8000000000000000756548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1984b8e5022ce66a2021-12-20 15:54:58.926root 11241100x8000000000000000756549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15550180c6d426342021-12-20 15:54:58.926root 11241100x8000000000000000756550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b6df09838657a72021-12-20 15:54:58.926root 11241100x8000000000000000756551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032b6b546357aafc2021-12-20 15:54:58.926root 11241100x8000000000000000756552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e0796b005dbaed2021-12-20 15:54:58.926root 11241100x8000000000000000756553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d788ef58325f2bbf2021-12-20 15:54:58.926root 354300x8000000000000000756554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.134{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51366-false10.0.1.12-8000- 11241100x8000000000000000756555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5e7096806364622021-12-20 15:54:59.424root 11241100x8000000000000000756556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dafe0676b1879f2021-12-20 15:54:59.424root 11241100x8000000000000000756557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c14a59a859a6832021-12-20 15:54:59.424root 11241100x8000000000000000756558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15d6905d42bf3ba2021-12-20 15:54:59.424root 11241100x8000000000000000756559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e44bdbf58ee3502021-12-20 15:54:59.424root 11241100x8000000000000000756560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c0f5daa5e42c5c2021-12-20 15:54:59.424root 11241100x8000000000000000756561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b885e4177e0468422021-12-20 15:54:59.424root 11241100x8000000000000000756562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0904c509777bccac2021-12-20 15:54:59.424root 11241100x8000000000000000756563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e743b5d962e2514a2021-12-20 15:54:59.425root 11241100x8000000000000000756564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c8db0c40c5c0fe2021-12-20 15:54:59.425root 11241100x8000000000000000756565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d88315608c29912021-12-20 15:54:59.425root 11241100x8000000000000000756566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56aac8d29c4c4fe2021-12-20 15:54:59.425root 11241100x8000000000000000756567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaf20eb5870a7cf2021-12-20 15:54:59.425root 11241100x8000000000000000756568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beac35b84772c00e2021-12-20 15:54:59.425root 11241100x8000000000000000756569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4463885b05fb47f42021-12-20 15:54:59.425root 11241100x8000000000000000756570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd86cb223e404ef62021-12-20 15:54:59.425root 11241100x8000000000000000756571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9030ca5e569c39a72021-12-20 15:54:59.426root 11241100x8000000000000000756572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2748ace72023c3832021-12-20 15:54:59.426root 11241100x8000000000000000756573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec781519e550b1b2021-12-20 15:54:59.426root 11241100x8000000000000000756574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63a825cb89653212021-12-20 15:54:59.924root 11241100x8000000000000000756575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c836b91ac641fdad2021-12-20 15:54:59.924root 11241100x8000000000000000756576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1127d9930d78a3d2021-12-20 15:54:59.924root 11241100x8000000000000000756577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a7083d7c1b5a3f2021-12-20 15:54:59.925root 11241100x8000000000000000756578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91dc70c1a727e072021-12-20 15:54:59.925root 11241100x8000000000000000756579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85eb0515ea507032021-12-20 15:54:59.925root 11241100x8000000000000000756580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d94b944471864452021-12-20 15:54:59.925root 11241100x8000000000000000756581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ccc1c6a7fa60922021-12-20 15:54:59.926root 11241100x8000000000000000756582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03ae7cb8529d0d12021-12-20 15:54:59.926root 11241100x8000000000000000756583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880108126f57152f2021-12-20 15:54:59.926root 11241100x8000000000000000756584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efd4e39080261a42021-12-20 15:54:59.926root 11241100x8000000000000000756585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4c5677d874941a2021-12-20 15:54:59.926root 11241100x8000000000000000756586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe77310f7c16a8e2021-12-20 15:54:59.926root 11241100x8000000000000000756587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b117873f021ccd2021-12-20 15:54:59.926root 11241100x8000000000000000756588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9f963f3fe1dbf42021-12-20 15:54:59.926root 11241100x8000000000000000756589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bfe47e9b6cc37a2021-12-20 15:54:59.926root 11241100x8000000000000000756590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33068f4e8ec27082021-12-20 15:54:59.926root 11241100x8000000000000000756591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:54:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9c0560497040172021-12-20 15:54:59.926root 11241100x8000000000000000756592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06054895118745972021-12-20 15:55:00.424root 11241100x8000000000000000756593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172f816f4cf7f2492021-12-20 15:55:00.424root 11241100x8000000000000000756594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bba21b3029994a12021-12-20 15:55:00.424root 11241100x8000000000000000756595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8817535411486342021-12-20 15:55:00.424root 11241100x8000000000000000756596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fa7d15c69acc2a2021-12-20 15:55:00.424root 11241100x8000000000000000756597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f1578462bbf3a02021-12-20 15:55:00.424root 11241100x8000000000000000756598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a994eb450608555b2021-12-20 15:55:00.424root 11241100x8000000000000000756599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e0f1edf90de0c82021-12-20 15:55:00.424root 11241100x8000000000000000756600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45db24cb69baf46b2021-12-20 15:55:00.424root 11241100x8000000000000000756601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df5867ed8160cef2021-12-20 15:55:00.425root 11241100x8000000000000000756602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4305fce9767ad32021-12-20 15:55:00.425root 11241100x8000000000000000756603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25204a6d7471475b2021-12-20 15:55:00.425root 11241100x8000000000000000756604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547fc767f8ac62a72021-12-20 15:55:00.425root 11241100x8000000000000000756605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0ca5a1c247ed4b2021-12-20 15:55:00.425root 11241100x8000000000000000756606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ca4e3f13b9bb5d2021-12-20 15:55:00.425root 11241100x8000000000000000756607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74240c6e03a7b5d82021-12-20 15:55:00.425root 11241100x8000000000000000756608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56e5838f1ffe9e02021-12-20 15:55:00.425root 11241100x8000000000000000756609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9243ca2efa1ff7ad2021-12-20 15:55:00.425root 11241100x8000000000000000756610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f376abc7743fd5d2021-12-20 15:55:00.426root 11241100x8000000000000000756611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f14377ead7945be2021-12-20 15:55:00.426root 11241100x8000000000000000756612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e061ce2f1137132021-12-20 15:55:00.924root 11241100x8000000000000000756613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2b6846f0e53b8b2021-12-20 15:55:00.924root 11241100x8000000000000000756614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370ff9531dc3388a2021-12-20 15:55:00.924root 11241100x8000000000000000756615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8243b09ab2115f42021-12-20 15:55:00.924root 11241100x8000000000000000756616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61958d8bc7dc7b92021-12-20 15:55:00.925root 11241100x8000000000000000756617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc652d4f40b95d92021-12-20 15:55:00.925root 11241100x8000000000000000756618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7296bb25b49e612021-12-20 15:55:00.925root 11241100x8000000000000000756619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9920d12ab793f972021-12-20 15:55:00.925root 11241100x8000000000000000756620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b7ffec2d8b61e32021-12-20 15:55:00.925root 11241100x8000000000000000756621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adefcb3795283352021-12-20 15:55:00.925root 11241100x8000000000000000756622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e176baa30c3e502021-12-20 15:55:00.925root 11241100x8000000000000000756623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90b6a31010e39032021-12-20 15:55:00.925root 11241100x8000000000000000756624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac3fbaad7aa09162021-12-20 15:55:00.925root 11241100x8000000000000000756625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d384673ffe49a9aa2021-12-20 15:55:00.925root 11241100x8000000000000000756626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c80b6ea227e2ec22021-12-20 15:55:00.925root 11241100x8000000000000000756627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e7b242c32150a12021-12-20 15:55:00.926root 11241100x8000000000000000756628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fde48016d0d30a2021-12-20 15:55:00.926root 11241100x8000000000000000756629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390ba074dc600bcc2021-12-20 15:55:00.926root 11241100x8000000000000000756630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ad8e6c97ceab682021-12-20 15:55:00.926root 11241100x8000000000000000756631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37bde4cc8b08d0b2021-12-20 15:55:00.926root 11241100x8000000000000000756632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c3a7b13371c4e22021-12-20 15:55:00.926root 11241100x8000000000000000756633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b71d4c4405feae2021-12-20 15:55:00.926root 11241100x8000000000000000756634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631a41594bae2c242021-12-20 15:55:00.926root 11241100x8000000000000000756635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfda51d6c573b252021-12-20 15:55:00.926root 11241100x8000000000000000756636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06605007c22a74b82021-12-20 15:55:00.926root 11241100x8000000000000000756637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea210f090e51eef2021-12-20 15:55:00.926root 11241100x8000000000000000756638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2d96240f93dbc22021-12-20 15:55:00.926root 11241100x8000000000000000756639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa286ba99c0d9ca2021-12-20 15:55:00.926root 11241100x8000000000000000756640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:00.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9d0d3b010e61632021-12-20 15:55:00.927root 11241100x8000000000000000756641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78dd2d7471317382021-12-20 15:55:01.424root 11241100x8000000000000000756642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5f63118b6e54522021-12-20 15:55:01.425root 11241100x8000000000000000756643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6509dd8bed84ba2021-12-20 15:55:01.425root 11241100x8000000000000000756644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9767d7d42643ca22021-12-20 15:55:01.425root 11241100x8000000000000000756645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0972f0d956b5beb92021-12-20 15:55:01.425root 11241100x8000000000000000756646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1473e7e6233f5862021-12-20 15:55:01.425root 11241100x8000000000000000756647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea4e0f78744e58d2021-12-20 15:55:01.425root 11241100x8000000000000000756648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab1961cec7cbd572021-12-20 15:55:01.426root 11241100x8000000000000000756649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11291783b735ffe72021-12-20 15:55:01.426root 11241100x8000000000000000756650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992b6acc01dfc69f2021-12-20 15:55:01.426root 11241100x8000000000000000756651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cc5922c56c9d2e2021-12-20 15:55:01.426root 11241100x8000000000000000756652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38230149bccabbdf2021-12-20 15:55:01.426root 11241100x8000000000000000756653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d83d4b8cae5de62021-12-20 15:55:01.426root 11241100x8000000000000000756654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0341381229047d52021-12-20 15:55:01.426root 11241100x8000000000000000756655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18850a7076f394052021-12-20 15:55:01.427root 11241100x8000000000000000756656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3703d24eab90d8112021-12-20 15:55:01.427root 11241100x8000000000000000756657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88af80d1c72c39682021-12-20 15:55:01.427root 11241100x8000000000000000756658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5aa22f32c506632021-12-20 15:55:01.427root 11241100x8000000000000000756659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc16292d82d761d2021-12-20 15:55:01.924root 11241100x8000000000000000756660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adbb5dba5f637682021-12-20 15:55:01.925root 11241100x8000000000000000756661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd3e8e0140eafd42021-12-20 15:55:01.925root 11241100x8000000000000000756662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5210763f1b903fa52021-12-20 15:55:01.925root 11241100x8000000000000000756663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ebaaeab40285492021-12-20 15:55:01.925root 11241100x8000000000000000756664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9979c5b22887b82021-12-20 15:55:01.925root 11241100x8000000000000000756665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23665818eb5a8ca2021-12-20 15:55:01.934root 11241100x8000000000000000756666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acdab76ccf6094e2021-12-20 15:55:01.934root 11241100x8000000000000000756667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00aedd945141e9c42021-12-20 15:55:01.934root 11241100x8000000000000000756668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320e603ea858a0d62021-12-20 15:55:01.935root 11241100x8000000000000000756669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d725d6a9f89efac32021-12-20 15:55:01.935root 11241100x8000000000000000756670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc963f0998947fec2021-12-20 15:55:01.935root 11241100x8000000000000000756671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867a3f844b4f77b32021-12-20 15:55:01.935root 11241100x8000000000000000756672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e40cc40894188862021-12-20 15:55:01.935root 11241100x8000000000000000756673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018846cf8664d8f12021-12-20 15:55:01.935root 11241100x8000000000000000756674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a639d245262fc0b62021-12-20 15:55:01.935root 11241100x8000000000000000756675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477e3aad69207e372021-12-20 15:55:01.935root 11241100x8000000000000000756676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:01.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db7d1d3b29f37c62021-12-20 15:55:01.935root 11241100x8000000000000000756677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308809ec154ba59c2021-12-20 15:55:02.424root 11241100x8000000000000000756678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf03f7af0de91102021-12-20 15:55:02.424root 11241100x8000000000000000756679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c056988ccbcd602021-12-20 15:55:02.424root 11241100x8000000000000000756680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec2c8f5872da4ba2021-12-20 15:55:02.424root 11241100x8000000000000000756681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b4c4d57208e972021-12-20 15:55:02.424root 11241100x8000000000000000756682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c37bdc1690290322021-12-20 15:55:02.424root 11241100x8000000000000000756683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadfff40c9999e812021-12-20 15:55:02.424root 11241100x8000000000000000756684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4ca63bb4a4a1802021-12-20 15:55:02.425root 11241100x8000000000000000756685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2896ccaa33fc9e292021-12-20 15:55:02.425root 11241100x8000000000000000756686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0026e3a9a53a05f52021-12-20 15:55:02.425root 11241100x8000000000000000756687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dbdcffbb80ab5c2021-12-20 15:55:02.425root 11241100x8000000000000000756688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6047667ea09ce7af2021-12-20 15:55:02.425root 11241100x8000000000000000756689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5a43a996b280bc2021-12-20 15:55:02.426root 11241100x8000000000000000756690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc019fe6cddf2bca2021-12-20 15:55:02.426root 11241100x8000000000000000756691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5282039e39df98792021-12-20 15:55:02.426root 11241100x8000000000000000756692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d044a9fbdc09da42021-12-20 15:55:02.426root 11241100x8000000000000000756693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dc56c3c828a9ae2021-12-20 15:55:02.426root 11241100x8000000000000000756694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda840a065b691142021-12-20 15:55:02.426root 11241100x8000000000000000756695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac72010f90b1532021-12-20 15:55:02.924root 11241100x8000000000000000756696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582b8d17a65f2a5a2021-12-20 15:55:02.924root 11241100x8000000000000000756697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b284caefeb2565d2021-12-20 15:55:02.925root 11241100x8000000000000000756698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501cf1eff56806652021-12-20 15:55:02.925root 11241100x8000000000000000756699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc6d014a9bee0bd2021-12-20 15:55:02.925root 11241100x8000000000000000756700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef442a170db11dd2021-12-20 15:55:02.925root 11241100x8000000000000000756701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9788c6b8bd6ef52021-12-20 15:55:02.925root 11241100x8000000000000000756702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe38642d4c2c09d2021-12-20 15:55:02.925root 11241100x8000000000000000756703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2455da6c00d5d802021-12-20 15:55:02.925root 11241100x8000000000000000756704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bee10afc5485f62021-12-20 15:55:02.925root 11241100x8000000000000000756705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845212dd33dea4b52021-12-20 15:55:02.925root 11241100x8000000000000000756706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef185ef9e31450792021-12-20 15:55:02.926root 11241100x8000000000000000756707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ea7a49a0aabc4b2021-12-20 15:55:02.926root 11241100x8000000000000000756708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6b84d4139f4b772021-12-20 15:55:02.926root 11241100x8000000000000000756709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ac33e5294c6c522021-12-20 15:55:02.926root 11241100x8000000000000000756710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838c65804ad45d192021-12-20 15:55:02.926root 11241100x8000000000000000756711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800cd8aa032252272021-12-20 15:55:02.926root 11241100x8000000000000000756712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d0cbccd5bda59b2021-12-20 15:55:02.926root 11241100x8000000000000000756713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0603850f662acc3f2021-12-20 15:55:03.425root 11241100x8000000000000000756714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0acc58f15eada742021-12-20 15:55:03.425root 11241100x8000000000000000756715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b2a8180d248bf42021-12-20 15:55:03.425root 11241100x8000000000000000756716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6ccfd6dd82cb762021-12-20 15:55:03.425root 11241100x8000000000000000756717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4060ca3efb5b49c72021-12-20 15:55:03.425root 11241100x8000000000000000756718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a4b443ba7a36c02021-12-20 15:55:03.426root 11241100x8000000000000000756719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292801fefc22e0ab2021-12-20 15:55:03.426root 11241100x8000000000000000756720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2863e2fb202c702021-12-20 15:55:03.426root 11241100x8000000000000000756721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534e1b574c4ec1992021-12-20 15:55:03.426root 11241100x8000000000000000756722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a1b4b3750f722e2021-12-20 15:55:03.426root 11241100x8000000000000000756723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67999d01bc3319542021-12-20 15:55:03.427root 11241100x8000000000000000756724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf36bbf0cf3260192021-12-20 15:55:03.427root 11241100x8000000000000000756725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7003968bed49a2d42021-12-20 15:55:03.427root 11241100x8000000000000000756726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fbf9bdd1c37cc42021-12-20 15:55:03.427root 11241100x8000000000000000756727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006a18920430fafa2021-12-20 15:55:03.427root 11241100x8000000000000000756728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9823a78a85b653282021-12-20 15:55:03.427root 11241100x8000000000000000756729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7872545bceb2116e2021-12-20 15:55:03.427root 11241100x8000000000000000756730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eafeab67bcfa842021-12-20 15:55:03.428root 11241100x8000000000000000756731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7a8e02948085b22021-12-20 15:55:03.924root 11241100x8000000000000000756732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f608778327f2502021-12-20 15:55:03.924root 11241100x8000000000000000756733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8a0cc93616c0b62021-12-20 15:55:03.924root 11241100x8000000000000000756734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c98173834f429c12021-12-20 15:55:03.924root 11241100x8000000000000000756735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2fd89da1c288702021-12-20 15:55:03.924root 11241100x8000000000000000756736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ff83652f174f362021-12-20 15:55:03.925root 11241100x8000000000000000756737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fb1114bfc51dbc2021-12-20 15:55:03.925root 11241100x8000000000000000756738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbca976d99b39ac2021-12-20 15:55:03.925root 11241100x8000000000000000756739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875b4175fabd1a6a2021-12-20 15:55:03.925root 11241100x8000000000000000756740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8aeed9f5cad34282021-12-20 15:55:03.925root 11241100x8000000000000000756741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe696dc2f0be8d42021-12-20 15:55:03.925root 11241100x8000000000000000756742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c688022287ff5232021-12-20 15:55:03.925root 11241100x8000000000000000756743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f59628961d56282021-12-20 15:55:03.925root 11241100x8000000000000000756744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a6fe5b001eefa12021-12-20 15:55:03.925root 11241100x8000000000000000756745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995d4c25f95ecf132021-12-20 15:55:03.925root 11241100x8000000000000000756746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8628f06a3d51a632021-12-20 15:55:03.926root 11241100x8000000000000000756747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8dda421f6379272021-12-20 15:55:03.926root 11241100x8000000000000000756748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9701d8b2952c472021-12-20 15:55:03.926root 11241100x8000000000000000756749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a486a35657d880e82021-12-20 15:55:04.424root 11241100x8000000000000000756750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6550e4611f3d2e172021-12-20 15:55:04.424root 11241100x8000000000000000756751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0d94257d3492b02021-12-20 15:55:04.424root 11241100x8000000000000000756752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25afee350113e3562021-12-20 15:55:04.424root 11241100x8000000000000000756753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2effbf55c2510b2021-12-20 15:55:04.424root 11241100x8000000000000000756754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3dd39aacdea0d62021-12-20 15:55:04.425root 11241100x8000000000000000756755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614278911ed9e2902021-12-20 15:55:04.425root 11241100x8000000000000000756756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbcc67530a1b55e2021-12-20 15:55:04.425root 11241100x8000000000000000756757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057247ebf33414072021-12-20 15:55:04.425root 11241100x8000000000000000756758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a30d31da2b55b62021-12-20 15:55:04.425root 11241100x8000000000000000756759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bfbb80695e469b2021-12-20 15:55:04.425root 11241100x8000000000000000756760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090145edf16101c42021-12-20 15:55:04.425root 11241100x8000000000000000756761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910db7c959602deb2021-12-20 15:55:04.425root 11241100x8000000000000000756762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb7eb9973f227932021-12-20 15:55:04.425root 11241100x8000000000000000756763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84255cddc950b8c2021-12-20 15:55:04.425root 11241100x8000000000000000756764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2738c540f1cc6ecd2021-12-20 15:55:04.425root 11241100x8000000000000000756765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c3b4d3113c3e742021-12-20 15:55:04.426root 11241100x8000000000000000756766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bed9d3bd563f3382021-12-20 15:55:04.426root 11241100x8000000000000000756767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e1cfb723c0c99e2021-12-20 15:55:04.924root 11241100x8000000000000000756768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332f8a0ae1880f7d2021-12-20 15:55:04.924root 11241100x8000000000000000756769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698c95dad9324d8c2021-12-20 15:55:04.925root 11241100x8000000000000000756770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6932c089e33202282021-12-20 15:55:04.925root 11241100x8000000000000000756771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ff5e9e9cb5300d2021-12-20 15:55:04.925root 11241100x8000000000000000756772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615846c7c4f9fa222021-12-20 15:55:04.925root 11241100x8000000000000000756773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c10516c261b0072021-12-20 15:55:04.926root 11241100x8000000000000000756774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a08a94dda9162c2021-12-20 15:55:04.926root 11241100x8000000000000000756775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222fcfe556d9ad102021-12-20 15:55:04.926root 11241100x8000000000000000756776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c97cd85ad41f5ad2021-12-20 15:55:04.926root 11241100x8000000000000000756777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43023ebd9cc5f4702021-12-20 15:55:04.926root 11241100x8000000000000000756778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af50559bb345f75b2021-12-20 15:55:04.926root 11241100x8000000000000000756779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aceb0a878359ee742021-12-20 15:55:04.927root 11241100x8000000000000000756780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636530b77fb5c17e2021-12-20 15:55:04.927root 11241100x8000000000000000756781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de9d823c99d10a92021-12-20 15:55:04.927root 11241100x8000000000000000756782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336d431a66e91bfe2021-12-20 15:55:04.927root 11241100x8000000000000000756783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3342eb822b21ce052021-12-20 15:55:04.927root 11241100x8000000000000000756784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81502fec3cc3a0cf2021-12-20 15:55:04.927root 354300x8000000000000000756785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.128{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51368-false10.0.1.12-8000- 11241100x8000000000000000756786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee872a52a729a822021-12-20 15:55:05.424root 11241100x8000000000000000756787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8f35be2bf1c0402021-12-20 15:55:05.424root 11241100x8000000000000000756788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186a6696c0af88ac2021-12-20 15:55:05.424root 11241100x8000000000000000756789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d97b4a3dab4cd62021-12-20 15:55:05.424root 11241100x8000000000000000756790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab74ad56006c2ab2021-12-20 15:55:05.424root 11241100x8000000000000000756791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1edde2972c00232021-12-20 15:55:05.424root 11241100x8000000000000000756792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15462e4d540fe2c02021-12-20 15:55:05.425root 11241100x8000000000000000756793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526028243b987ac32021-12-20 15:55:05.425root 11241100x8000000000000000756794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc73e46d4b67ab22021-12-20 15:55:05.425root 11241100x8000000000000000756795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccd84dad954b5622021-12-20 15:55:05.425root 11241100x8000000000000000756796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5abee30a1ce8d32021-12-20 15:55:05.425root 11241100x8000000000000000756797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e014db36ba8da6622021-12-20 15:55:05.425root 11241100x8000000000000000756798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d31dc4f4d9456332021-12-20 15:55:05.425root 11241100x8000000000000000756799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e514723eca46ae2021-12-20 15:55:05.425root 11241100x8000000000000000756800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b978b85f5c057d3b2021-12-20 15:55:05.426root 11241100x8000000000000000756801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1930180e082d525b2021-12-20 15:55:05.426root 11241100x8000000000000000756802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fd0409c96e02fb2021-12-20 15:55:05.426root 11241100x8000000000000000756803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ca0c3e844e47d2021-12-20 15:55:05.426root 11241100x8000000000000000756804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de6ff2a3d42256f2021-12-20 15:55:05.426root 11241100x8000000000000000756805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cf67fe40abc01b2021-12-20 15:55:05.924root 11241100x8000000000000000756806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbdd257fb500f552021-12-20 15:55:05.924root 11241100x8000000000000000756807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f2c29b03d751932021-12-20 15:55:05.924root 11241100x8000000000000000756808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6100c8361974689c2021-12-20 15:55:05.924root 11241100x8000000000000000756809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950d004274343ea62021-12-20 15:55:05.924root 11241100x8000000000000000756810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11a3cb3e6e1aaa02021-12-20 15:55:05.925root 11241100x8000000000000000756811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b94cb31b573f6d52021-12-20 15:55:05.925root 11241100x8000000000000000756812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ec599cbc8930e92021-12-20 15:55:05.925root 11241100x8000000000000000756813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0ff4b7b7d8f472021-12-20 15:55:05.925root 11241100x8000000000000000756814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cef04b9b86631e52021-12-20 15:55:05.925root 11241100x8000000000000000756815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe2cf15e4144f292021-12-20 15:55:05.925root 11241100x8000000000000000756816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4512c7c37ed481ad2021-12-20 15:55:05.925root 11241100x8000000000000000756817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5c399e3ecb690f2021-12-20 15:55:05.926root 11241100x8000000000000000756818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f497224f329e635b2021-12-20 15:55:05.926root 11241100x8000000000000000756819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a00f6f3124f7bb82021-12-20 15:55:05.926root 11241100x8000000000000000756820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece335c0f3b0d62f2021-12-20 15:55:05.926root 11241100x8000000000000000756821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0e3104d23dc8422021-12-20 15:55:05.926root 11241100x8000000000000000756822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8c0795d8070c112021-12-20 15:55:05.926root 11241100x8000000000000000756823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0e57543d3fc2092021-12-20 15:55:05.926root 11241100x8000000000000000756824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:55:06.069root 11241100x8000000000000000756825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1833cf3cd51e71102021-12-20 15:55:06.424root 11241100x8000000000000000756826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb2f0c911ed9c372021-12-20 15:55:06.424root 11241100x8000000000000000756827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa34b0d2811fdda2021-12-20 15:55:06.424root 11241100x8000000000000000756828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ecae3cd093b05a2021-12-20 15:55:06.424root 11241100x8000000000000000756829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2e4bc4099d85ba2021-12-20 15:55:06.425root 11241100x8000000000000000756830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e1d076ba91445b2021-12-20 15:55:06.425root 11241100x8000000000000000756831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1404f5bc9cbd090a2021-12-20 15:55:06.425root 11241100x8000000000000000756832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55985d67b586662f2021-12-20 15:55:06.425root 11241100x8000000000000000756833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccee3c6cd58a9f352021-12-20 15:55:06.425root 11241100x8000000000000000756834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdd361d14ce5b502021-12-20 15:55:06.425root 11241100x8000000000000000756835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb08c6e266c68d472021-12-20 15:55:06.425root 11241100x8000000000000000756836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc81ffcc964a66b2021-12-20 15:55:06.425root 11241100x8000000000000000756837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e44555a4e62fca22021-12-20 15:55:06.426root 11241100x8000000000000000756838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a24a820760ef5352021-12-20 15:55:06.426root 11241100x8000000000000000756839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc824b7596f367a62021-12-20 15:55:06.426root 11241100x8000000000000000756840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e89814002b9f292021-12-20 15:55:06.426root 11241100x8000000000000000756841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8edd16a089110062021-12-20 15:55:06.426root 11241100x8000000000000000756842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6be9d47c40950e52021-12-20 15:55:06.426root 11241100x8000000000000000756843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db995f1a3f01cc282021-12-20 15:55:06.426root 11241100x8000000000000000756844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdd5fa678f88fc32021-12-20 15:55:06.427root 11241100x8000000000000000756845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdb934107d8b6de2021-12-20 15:55:06.924root 11241100x8000000000000000756846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f89f60f48ca9fa2021-12-20 15:55:06.924root 11241100x8000000000000000756847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28504b63dbdcba072021-12-20 15:55:06.925root 11241100x8000000000000000756848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e92204e3e3c56d62021-12-20 15:55:06.925root 11241100x8000000000000000756849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bff1460a4a8baa2021-12-20 15:55:06.925root 11241100x8000000000000000756850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdb20442d4e2c972021-12-20 15:55:06.925root 11241100x8000000000000000756851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21333a647bc154d32021-12-20 15:55:06.925root 11241100x8000000000000000756852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfed0fe20ff91972021-12-20 15:55:06.925root 11241100x8000000000000000756853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4583db5876a71b842021-12-20 15:55:06.925root 11241100x8000000000000000756854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cefcaaa083fdb812021-12-20 15:55:06.925root 11241100x8000000000000000756855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bf1672bb01f60e2021-12-20 15:55:06.925root 11241100x8000000000000000756856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e04d8e0d40b2a392021-12-20 15:55:06.925root 11241100x8000000000000000756857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb28b7ce4e64cbe72021-12-20 15:55:06.925root 11241100x8000000000000000756858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed2f8f2e1cf42182021-12-20 15:55:06.926root 11241100x8000000000000000756859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee682fbea83232352021-12-20 15:55:06.926root 11241100x8000000000000000756860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9076f8b4cd9b2372021-12-20 15:55:06.926root 11241100x8000000000000000756861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce3d5e73ae2c5e62021-12-20 15:55:06.926root 11241100x8000000000000000756862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb93007563a0aeb02021-12-20 15:55:06.926root 11241100x8000000000000000756863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d81d769318d16fd2021-12-20 15:55:06.926root 11241100x8000000000000000756864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642ae0cf2b326cba2021-12-20 15:55:06.926root 11241100x8000000000000000756865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797d285731d5011f2021-12-20 15:55:07.424root 11241100x8000000000000000756866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa67758ec05ce0a52021-12-20 15:55:07.424root 11241100x8000000000000000756867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56b41587339c7242021-12-20 15:55:07.424root 11241100x8000000000000000756868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65125e188b910e122021-12-20 15:55:07.425root 11241100x8000000000000000756869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39228ebf2828cd552021-12-20 15:55:07.425root 11241100x8000000000000000756870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f092f15334eb5f802021-12-20 15:55:07.425root 11241100x8000000000000000756871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6095d09d164373252021-12-20 15:55:07.425root 11241100x8000000000000000756872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d0b2695a7444562021-12-20 15:55:07.426root 11241100x8000000000000000756873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e88ea5c3eea0842021-12-20 15:55:07.426root 11241100x8000000000000000756874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf817465fe0558d12021-12-20 15:55:07.426root 11241100x8000000000000000756875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff61559e31ae3f372021-12-20 15:55:07.426root 11241100x8000000000000000756876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f2cda6d3dbcb872021-12-20 15:55:07.427root 11241100x8000000000000000756877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f34b37ec77ea242021-12-20 15:55:07.427root 11241100x8000000000000000756878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd28ff23856ae262021-12-20 15:55:07.427root 11241100x8000000000000000756879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d7f07f8da03f512021-12-20 15:55:07.427root 11241100x8000000000000000756880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90606784f8046e82021-12-20 15:55:07.428root 11241100x8000000000000000756881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2af05bd22775632021-12-20 15:55:07.428root 11241100x8000000000000000756882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3245f97bb35ac92021-12-20 15:55:07.428root 11241100x8000000000000000756883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ec387658c656af2021-12-20 15:55:07.428root 11241100x8000000000000000756884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492486b6de1623e52021-12-20 15:55:07.429root 11241100x8000000000000000756885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2ba4c4553482492021-12-20 15:55:07.429root 11241100x8000000000000000756886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c375ae6a8941b3502021-12-20 15:55:07.429root 11241100x8000000000000000756887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080e282e6d9864ab2021-12-20 15:55:07.924root 11241100x8000000000000000756888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff02d978a1ca9612021-12-20 15:55:07.925root 11241100x8000000000000000756889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de3495abd8595f32021-12-20 15:55:07.925root 11241100x8000000000000000756890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ad70f8bb3318692021-12-20 15:55:07.925root 11241100x8000000000000000756891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e8d7b6f991be842021-12-20 15:55:07.925root 11241100x8000000000000000756892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec00203e8dadbd682021-12-20 15:55:07.925root 11241100x8000000000000000756893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fe3b6e575ed99c2021-12-20 15:55:07.925root 11241100x8000000000000000756894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68c6e65db59f6ec2021-12-20 15:55:07.925root 11241100x8000000000000000756895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10587cab19e765942021-12-20 15:55:07.925root 11241100x8000000000000000756896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6386469f2a4cf9722021-12-20 15:55:07.925root 11241100x8000000000000000756897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49800a63237853142021-12-20 15:55:07.925root 11241100x8000000000000000756898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bed5202765a31c22021-12-20 15:55:07.926root 11241100x8000000000000000756899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c189ab610bee2e2021-12-20 15:55:07.926root 11241100x8000000000000000756900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7db9140e8fabab2021-12-20 15:55:07.926root 11241100x8000000000000000756901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f27a34a3e168c622021-12-20 15:55:07.926root 11241100x8000000000000000756902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3063c84d3aa67102021-12-20 15:55:07.926root 11241100x8000000000000000756903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cac79515abc92f2021-12-20 15:55:07.926root 11241100x8000000000000000756904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e39ef92647163f2021-12-20 15:55:07.926root 11241100x8000000000000000756905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7549186d0d5ea6e52021-12-20 15:55:07.926root 11241100x8000000000000000756906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1b14c2180ffbe42021-12-20 15:55:07.926root 11241100x8000000000000000756907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0954046414e83a02021-12-20 15:55:08.424root 11241100x8000000000000000756908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e287909540b15252021-12-20 15:55:08.424root 11241100x8000000000000000756909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a5e3d0e0a64c9f2021-12-20 15:55:08.425root 11241100x8000000000000000756910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb80efbaacc432f2021-12-20 15:55:08.425root 11241100x8000000000000000756911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61343f159482fa32021-12-20 15:55:08.425root 11241100x8000000000000000756912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacf38f7f506def52021-12-20 15:55:08.425root 11241100x8000000000000000756913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002c690f2f0b730a2021-12-20 15:55:08.425root 11241100x8000000000000000756914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88ccc041581cacc2021-12-20 15:55:08.426root 11241100x8000000000000000756915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd949236c5a99a92021-12-20 15:55:08.426root 11241100x8000000000000000756916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19240fcc555139782021-12-20 15:55:08.426root 11241100x8000000000000000756917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bca4953ff7210412021-12-20 15:55:08.426root 11241100x8000000000000000756918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de5ef44d74cb5732021-12-20 15:55:08.426root 11241100x8000000000000000756919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd39642f5cef02b2021-12-20 15:55:08.426root 11241100x8000000000000000756920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7095fba4b77911182021-12-20 15:55:08.427root 11241100x8000000000000000756921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c17345472de73d2021-12-20 15:55:08.427root 11241100x8000000000000000756922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882654e850ee24fc2021-12-20 15:55:08.427root 11241100x8000000000000000756923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984519cb70f38a862021-12-20 15:55:08.429root 11241100x8000000000000000756924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c15392a22f59eea2021-12-20 15:55:08.430root 11241100x8000000000000000756925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e00fe972baa0b92021-12-20 15:55:08.430root 11241100x8000000000000000756926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c45ddd3d50ef472021-12-20 15:55:08.430root 11241100x8000000000000000756927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b7680fdf71c7ab2021-12-20 15:55:08.924root 11241100x8000000000000000756928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbeb3c4f9b814642021-12-20 15:55:08.924root 11241100x8000000000000000756929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6dcdc704051d4d2021-12-20 15:55:08.924root 11241100x8000000000000000756930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8edbc7d9a20ff962021-12-20 15:55:08.925root 11241100x8000000000000000756931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf5f6a76abacada2021-12-20 15:55:08.925root 11241100x8000000000000000756932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b170e2d939b94b12021-12-20 15:55:08.925root 11241100x8000000000000000756933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca671c3286573f52021-12-20 15:55:08.925root 11241100x8000000000000000756934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7cb3bb72700a722021-12-20 15:55:08.925root 11241100x8000000000000000756935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daf5febc404a7022021-12-20 15:55:08.925root 11241100x8000000000000000756936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931d5b61f3ff84c62021-12-20 15:55:08.925root 11241100x8000000000000000756937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf03e633ab932f62021-12-20 15:55:08.925root 11241100x8000000000000000756938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acaf3e0b6054d0c2021-12-20 15:55:08.925root 11241100x8000000000000000756939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef397f9fee6fb402021-12-20 15:55:08.926root 11241100x8000000000000000756940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60891279a555f102021-12-20 15:55:08.926root 11241100x8000000000000000756941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a2fd009b8c78ca2021-12-20 15:55:08.926root 11241100x8000000000000000756942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af8231dffa15d4c2021-12-20 15:55:08.926root 11241100x8000000000000000756943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c17a4f4de2460f02021-12-20 15:55:08.926root 11241100x8000000000000000756944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066677fe4f34d71e2021-12-20 15:55:08.926root 11241100x8000000000000000756945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c1ea890640467d2021-12-20 15:55:08.926root 11241100x8000000000000000756946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc6b3aba71290da2021-12-20 15:55:08.926root 23542300x8000000000000000756947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.070{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000756948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd7a5bbe1d7922b2021-12-20 15:55:09.424root 11241100x8000000000000000756949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e990495c5f0d4a222021-12-20 15:55:09.424root 11241100x8000000000000000756950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756515d0a6d5c0542021-12-20 15:55:09.424root 11241100x8000000000000000756951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d9afa0c9554da62021-12-20 15:55:09.424root 11241100x8000000000000000756952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479892ffe5957d822021-12-20 15:55:09.425root 11241100x8000000000000000756953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa107cb698cbba12021-12-20 15:55:09.425root 11241100x8000000000000000756954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090fc9db74aa7def2021-12-20 15:55:09.425root 11241100x8000000000000000756955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c18cf8f36fbdfb82021-12-20 15:55:09.425root 11241100x8000000000000000756956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230611b0c376db4f2021-12-20 15:55:09.425root 11241100x8000000000000000756957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bba0beb9f3bd5192021-12-20 15:55:09.425root 11241100x8000000000000000756958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1caf8c2839cb12d2021-12-20 15:55:09.425root 11241100x8000000000000000756959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bc7f94cba65d252021-12-20 15:55:09.425root 11241100x8000000000000000756960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a10b00d2962a2022021-12-20 15:55:09.426root 11241100x8000000000000000756961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f929c63ebfd9c43e2021-12-20 15:55:09.426root 11241100x8000000000000000756962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1129a842e928102021-12-20 15:55:09.426root 11241100x8000000000000000756963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f310a09ed77c5bce2021-12-20 15:55:09.426root 11241100x8000000000000000756964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398cd5a93eeab9b52021-12-20 15:55:09.426root 11241100x8000000000000000756965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1317d2f6a062ba142021-12-20 15:55:09.426root 11241100x8000000000000000756966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4530d8729554162e2021-12-20 15:55:09.426root 11241100x8000000000000000756967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9277b852d89005d62021-12-20 15:55:09.426root 11241100x8000000000000000756968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e29ed5d139a396f2021-12-20 15:55:09.426root 11241100x8000000000000000756969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b18b15fae7ab9332021-12-20 15:55:09.924root 11241100x8000000000000000756970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7dea9e5d25bb302021-12-20 15:55:09.925root 11241100x8000000000000000756971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aa248f4202e5b72021-12-20 15:55:09.925root 11241100x8000000000000000756972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bf594780081b5b2021-12-20 15:55:09.925root 11241100x8000000000000000756973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e3dffe6caa31d32021-12-20 15:55:09.925root 11241100x8000000000000000756974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa755c04f6d3d9e2021-12-20 15:55:09.926root 11241100x8000000000000000756975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6fff65883c89cb2021-12-20 15:55:09.926root 11241100x8000000000000000756976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fb505ad5a380c92021-12-20 15:55:09.926root 11241100x8000000000000000756977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6fbbe3dad98dfe2021-12-20 15:55:09.926root 11241100x8000000000000000756978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a95b8ef3d1bc942021-12-20 15:55:09.926root 11241100x8000000000000000756979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae65934d94c7f0f72021-12-20 15:55:09.926root 11241100x8000000000000000756980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a4cbb0c49ee9c82021-12-20 15:55:09.927root 11241100x8000000000000000756981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56174ec2edbecb62021-12-20 15:55:09.927root 11241100x8000000000000000756982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27b563fa56e1a992021-12-20 15:55:09.927root 11241100x8000000000000000756983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d991cf70c864af0f2021-12-20 15:55:09.927root 11241100x8000000000000000756984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a550cd69a690cd492021-12-20 15:55:09.928root 11241100x8000000000000000756985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95be5cad32fa87c92021-12-20 15:55:09.928root 11241100x8000000000000000756986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f7dda5433765682021-12-20 15:55:09.928root 11241100x8000000000000000756987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ed0161c0627f432021-12-20 15:55:09.928root 11241100x8000000000000000756988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789fe757e47c8f792021-12-20 15:55:09.929root 11241100x8000000000000000756989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96286e62ad37a592021-12-20 15:55:09.929root 354300x8000000000000000756990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.234{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51370-false10.0.1.12-8000- 11241100x8000000000000000756991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f5807414d611962021-12-20 15:55:10.235root 11241100x8000000000000000756992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e23e55353bd30cd2021-12-20 15:55:10.235root 11241100x8000000000000000756993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbbdaec8cf249832021-12-20 15:55:10.235root 11241100x8000000000000000756994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0019071147eae12021-12-20 15:55:10.235root 11241100x8000000000000000756995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8de01209a1d813e2021-12-20 15:55:10.235root 11241100x8000000000000000756996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83be077df98beb792021-12-20 15:55:10.235root 11241100x8000000000000000756997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39edcd18232a4f4a2021-12-20 15:55:10.235root 11241100x8000000000000000756998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aad349376df10d2021-12-20 15:55:10.235root 11241100x8000000000000000756999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.235{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d5a43f46f9e2912021-12-20 15:55:10.235root 11241100x8000000000000000757000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3434003a0312ddd42021-12-20 15:55:10.236root 11241100x8000000000000000757001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d116d070ed88c72021-12-20 15:55:10.236root 11241100x8000000000000000757002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42e6d2ef6cbdcae2021-12-20 15:55:10.236root 11241100x8000000000000000757003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4f3421cf2151262021-12-20 15:55:10.236root 11241100x8000000000000000757004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5f8846217c4d682021-12-20 15:55:10.236root 11241100x8000000000000000757005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.236{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c372663f1c8ccad22021-12-20 15:55:10.236root 11241100x8000000000000000757006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4f15f7afd90dfb2021-12-20 15:55:10.237root 11241100x8000000000000000757007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebe965e552938942021-12-20 15:55:10.237root 11241100x8000000000000000757008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7449de136bc26a7a2021-12-20 15:55:10.237root 11241100x8000000000000000757009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac83328abc9e94782021-12-20 15:55:10.237root 11241100x8000000000000000757010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5268ebfabb24f8942021-12-20 15:55:10.237root 11241100x8000000000000000757011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f621ae4665a10d2021-12-20 15:55:10.237root 11241100x8000000000000000757012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43919c0d37a717532021-12-20 15:55:10.237root 11241100x8000000000000000757013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632585c93c3d765e2021-12-20 15:55:10.674root 11241100x8000000000000000757014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052bde9f5139c1f62021-12-20 15:55:10.674root 11241100x8000000000000000757015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278a8ccef9f704552021-12-20 15:55:10.674root 11241100x8000000000000000757016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a6150619629f352021-12-20 15:55:10.674root 11241100x8000000000000000757017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d4e94b87fd18322021-12-20 15:55:10.675root 11241100x8000000000000000757018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037a220f210f0fc42021-12-20 15:55:10.675root 11241100x8000000000000000757019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb6a2fda3f547012021-12-20 15:55:10.675root 11241100x8000000000000000757020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bb8def20c40f772021-12-20 15:55:10.675root 11241100x8000000000000000757021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab294c57771ae8022021-12-20 15:55:10.675root 11241100x8000000000000000757022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da497fbe3fbd859b2021-12-20 15:55:10.675root 11241100x8000000000000000757023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b2a912afe2a2032021-12-20 15:55:10.675root 11241100x8000000000000000757024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b3460db80f5d0e2021-12-20 15:55:10.675root 11241100x8000000000000000757025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1902fc290d5c2b2021-12-20 15:55:10.675root 11241100x8000000000000000757026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37066f5e00f57422021-12-20 15:55:10.675root 11241100x8000000000000000757027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ebc1221f7a30b92021-12-20 15:55:10.676root 11241100x8000000000000000757028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f144591e2a3c722021-12-20 15:55:10.676root 11241100x8000000000000000757029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a54b3e55c5226e2021-12-20 15:55:10.676root 11241100x8000000000000000757030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56483697d83e79572021-12-20 15:55:10.676root 11241100x8000000000000000757031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05b5f10fff1da872021-12-20 15:55:10.676root 11241100x8000000000000000757032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870dfeb6853331ba2021-12-20 15:55:10.676root 11241100x8000000000000000757033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6adcb7cb1ead452021-12-20 15:55:10.676root 11241100x8000000000000000757034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:10.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda8fdbf7211c6322021-12-20 15:55:10.676root 11241100x8000000000000000757035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2218a151fd7f132021-12-20 15:55:11.174root 11241100x8000000000000000757036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac583ef74304d1272021-12-20 15:55:11.175root 11241100x8000000000000000757037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f26654330652d32021-12-20 15:55:11.175root 11241100x8000000000000000757038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2e69568a701f492021-12-20 15:55:11.175root 11241100x8000000000000000757039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b340631bdb39bdf2021-12-20 15:55:11.176root 11241100x8000000000000000757040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445ab9f2e3b54b912021-12-20 15:55:11.176root 11241100x8000000000000000757041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a7627e5c388da2021-12-20 15:55:11.176root 11241100x8000000000000000757042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddb3b665ac0594b2021-12-20 15:55:11.176root 11241100x8000000000000000757043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9800a9fa2e58c1c2021-12-20 15:55:11.177root 11241100x8000000000000000757044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b89d5dc5f162382021-12-20 15:55:11.177root 11241100x8000000000000000757045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406b71950bfc30252021-12-20 15:55:11.177root 11241100x8000000000000000757046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897279ce08eb4f372021-12-20 15:55:11.178root 11241100x8000000000000000757047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d5aa6ec716de692021-12-20 15:55:11.178root 11241100x8000000000000000757048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c29e05c46b4d9c02021-12-20 15:55:11.178root 11241100x8000000000000000757049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78c1eebbb6965932021-12-20 15:55:11.178root 11241100x8000000000000000757050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c7dd76ad4b48252021-12-20 15:55:11.178root 11241100x8000000000000000757051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbf54fdac5cdc122021-12-20 15:55:11.178root 11241100x8000000000000000757052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27d3f925db3ee6c2021-12-20 15:55:11.178root 11241100x8000000000000000757053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8632eeab60a2baf62021-12-20 15:55:11.178root 11241100x8000000000000000757054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea2ae5ecaf764dd2021-12-20 15:55:11.178root 11241100x8000000000000000757055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09793a4e0456d0d42021-12-20 15:55:11.178root 11241100x8000000000000000757056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5338641efaaf5b2021-12-20 15:55:11.178root 11241100x8000000000000000757057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4656bfaf88e0b84e2021-12-20 15:55:11.674root 11241100x8000000000000000757058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fcb7d204bd1a522021-12-20 15:55:11.674root 11241100x8000000000000000757059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e85734171943012021-12-20 15:55:11.675root 11241100x8000000000000000757060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e19f1a230d17592021-12-20 15:55:11.675root 11241100x8000000000000000757061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043b297adf7c92682021-12-20 15:55:11.675root 11241100x8000000000000000757062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf0231936664ff72021-12-20 15:55:11.675root 11241100x8000000000000000757063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb90aa7c8bdf92812021-12-20 15:55:11.675root 11241100x8000000000000000757064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d388af23e0cd182021-12-20 15:55:11.675root 11241100x8000000000000000757065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f43936b34ed987e2021-12-20 15:55:11.676root 11241100x8000000000000000757066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790fc53d1d1b83c92021-12-20 15:55:11.676root 11241100x8000000000000000757067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b3eb995083bd9b2021-12-20 15:55:11.676root 11241100x8000000000000000757068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655be240340b39a22021-12-20 15:55:11.676root 11241100x8000000000000000757069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc679e9f1e4c5f432021-12-20 15:55:11.676root 11241100x8000000000000000757070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043864b3ace93b0e2021-12-20 15:55:11.676root 11241100x8000000000000000757071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8253dce703c9c32021-12-20 15:55:11.677root 11241100x8000000000000000757072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e365364a852e032021-12-20 15:55:11.677root 11241100x8000000000000000757073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9506c76816c4bd2021-12-20 15:55:11.677root 11241100x8000000000000000757074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb27daf5df15af672021-12-20 15:55:11.677root 11241100x8000000000000000757075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cb74a8392578c72021-12-20 15:55:11.677root 11241100x8000000000000000757076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d71f230c0c55262021-12-20 15:55:11.677root 11241100x8000000000000000757077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e53a7ccfecaee782021-12-20 15:55:11.677root 11241100x8000000000000000757078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:11.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21277f1b097624602021-12-20 15:55:11.677root 11241100x8000000000000000757079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3e50430bedc65d2021-12-20 15:55:12.174root 11241100x8000000000000000757080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb25fea706f1f5f2021-12-20 15:55:12.174root 11241100x8000000000000000757081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51785a8cfc5b27862021-12-20 15:55:12.175root 11241100x8000000000000000757082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711c319d9e78df8e2021-12-20 15:55:12.175root 11241100x8000000000000000757083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e734d1e7f8cce8fd2021-12-20 15:55:12.175root 11241100x8000000000000000757084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8a4d68f6d698c62021-12-20 15:55:12.175root 11241100x8000000000000000757085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebc0760fcc7b45b2021-12-20 15:55:12.175root 11241100x8000000000000000757086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7e11ebb19a62ca2021-12-20 15:55:12.175root 11241100x8000000000000000757087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b699411cabde792021-12-20 15:55:12.175root 11241100x8000000000000000757088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abf4565fee8bb9b2021-12-20 15:55:12.175root 11241100x8000000000000000757089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f551713741d6f0902021-12-20 15:55:12.176root 11241100x8000000000000000757090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf701296f46c7ca02021-12-20 15:55:12.176root 11241100x8000000000000000757091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16432fbed22667e2021-12-20 15:55:12.176root 11241100x8000000000000000757092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9147ee37c0df53422021-12-20 15:55:12.176root 11241100x8000000000000000757093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b501c6a104dcb5322021-12-20 15:55:12.176root 11241100x8000000000000000757094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c220cdf0797456c42021-12-20 15:55:12.176root 11241100x8000000000000000757095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf17341f8c577062021-12-20 15:55:12.176root 11241100x8000000000000000757096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab2b12c50fb1dd22021-12-20 15:55:12.176root 11241100x8000000000000000757097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba479a4a45a6d012021-12-20 15:55:12.176root 11241100x8000000000000000757098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc465622ee0a9982021-12-20 15:55:12.176root 11241100x8000000000000000757099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42e544140856cf72021-12-20 15:55:12.177root 11241100x8000000000000000757100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce50c76fe183f1f2021-12-20 15:55:12.177root 11241100x8000000000000000757101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94481243d15ddf8f2021-12-20 15:55:12.177root 11241100x8000000000000000757102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e216700c81b02e9e2021-12-20 15:55:12.177root 11241100x8000000000000000757103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c16cfab6d1f5f82021-12-20 15:55:12.674root 11241100x8000000000000000757104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6c39a4a02e7a632021-12-20 15:55:12.675root 11241100x8000000000000000757105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b91b57ce113d9d2021-12-20 15:55:12.675root 11241100x8000000000000000757106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a75349b4ae61572021-12-20 15:55:12.675root 11241100x8000000000000000757107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd8c1090c9f54052021-12-20 15:55:12.675root 11241100x8000000000000000757108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0da7243ebf32322021-12-20 15:55:12.675root 11241100x8000000000000000757109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35877c79258718fb2021-12-20 15:55:12.675root 11241100x8000000000000000757110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d95c4e767920d112021-12-20 15:55:12.675root 11241100x8000000000000000757111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c294381c07decf2021-12-20 15:55:12.676root 11241100x8000000000000000757112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23942ef12d3727d02021-12-20 15:55:12.676root 11241100x8000000000000000757113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdc65fbc80b49142021-12-20 15:55:12.676root 11241100x8000000000000000757114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f38041c58af82d2021-12-20 15:55:12.676root 11241100x8000000000000000757115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff068bc360f9ff422021-12-20 15:55:12.676root 11241100x8000000000000000757116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3682a94ee7b20982021-12-20 15:55:12.676root 11241100x8000000000000000757117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228d9be137d9a5982021-12-20 15:55:12.676root 11241100x8000000000000000757118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c9a373195972c42021-12-20 15:55:12.676root 11241100x8000000000000000757119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de196aade8237e82021-12-20 15:55:12.676root 11241100x8000000000000000757120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbdbfed437c67a82021-12-20 15:55:12.676root 11241100x8000000000000000757121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3069e0e19564442021-12-20 15:55:12.676root 11241100x8000000000000000757122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7701a4a6e1a569982021-12-20 15:55:12.677root 11241100x8000000000000000757123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8deb34e1cbdf322021-12-20 15:55:12.677root 11241100x8000000000000000757124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:12.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e2c2ae73390c172021-12-20 15:55:12.677root 11241100x8000000000000000757125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed8348b8da625b12021-12-20 15:55:13.174root 11241100x8000000000000000757126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4172a2a10fee15e32021-12-20 15:55:13.174root 11241100x8000000000000000757127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405f615f3b1625ca2021-12-20 15:55:13.174root 11241100x8000000000000000757128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7c80291816f39f2021-12-20 15:55:13.175root 11241100x8000000000000000757129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41350da7dc2486f92021-12-20 15:55:13.175root 11241100x8000000000000000757130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489e8fd80cf97ce32021-12-20 15:55:13.175root 11241100x8000000000000000757131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6c835e8b2c32a42021-12-20 15:55:13.175root 11241100x8000000000000000757132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa82625f9f1139b22021-12-20 15:55:13.176root 11241100x8000000000000000757133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2bbc00759add392021-12-20 15:55:13.176root 11241100x8000000000000000757134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0111dc4d0492b9e2021-12-20 15:55:13.176root 11241100x8000000000000000757135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841ce46c21b642b92021-12-20 15:55:13.176root 11241100x8000000000000000757136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb3639b14c4b5702021-12-20 15:55:13.176root 11241100x8000000000000000757137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fa4c1174e600b92021-12-20 15:55:13.176root 11241100x8000000000000000757138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea26474b40089942021-12-20 15:55:13.176root 11241100x8000000000000000757139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eb06e229922c1a2021-12-20 15:55:13.176root 11241100x8000000000000000757140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f187b972755d85102021-12-20 15:55:13.177root 11241100x8000000000000000757141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd30bc611bddf9932021-12-20 15:55:13.177root 11241100x8000000000000000757142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9327b439961b08542021-12-20 15:55:13.177root 11241100x8000000000000000757143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b653a3da5b7df71f2021-12-20 15:55:13.177root 11241100x8000000000000000757144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70275ddc970e9a4f2021-12-20 15:55:13.177root 11241100x8000000000000000757145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa18da4a2e085dc2021-12-20 15:55:13.177root 11241100x8000000000000000757146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ebc3c38e48c0742021-12-20 15:55:13.177root 154100x8000000000000000757147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.257{ec2c97d1-a761-61c0-68b4-f967b4550000}10204/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 534500x8000000000000000757148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.269{ec2c97d1-a761-61c0-68b4-f967b4550000}10204/bin/psroot 11241100x8000000000000000757149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48422b02d4ae60b92021-12-20 15:55:13.674root 11241100x8000000000000000757150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41eed91403ecc192021-12-20 15:55:13.674root 11241100x8000000000000000757151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248aea0484fa64122021-12-20 15:55:13.674root 11241100x8000000000000000757152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75eec40d79d38602021-12-20 15:55:13.674root 11241100x8000000000000000757153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77158fa0e52f59f2021-12-20 15:55:13.674root 11241100x8000000000000000757154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1fee7b271083eb2021-12-20 15:55:13.675root 11241100x8000000000000000757155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be23e3c411e1a88d2021-12-20 15:55:13.675root 11241100x8000000000000000757156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ee5e992daf58942021-12-20 15:55:13.675root 11241100x8000000000000000757157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3936f8958795fe612021-12-20 15:55:13.675root 11241100x8000000000000000757158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acd6ac20bb879c12021-12-20 15:55:13.675root 11241100x8000000000000000757159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bb6a43feffe6352021-12-20 15:55:13.675root 11241100x8000000000000000757160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51b5a1789a9cc8c2021-12-20 15:55:13.675root 11241100x8000000000000000757161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdb134e52c559a22021-12-20 15:55:13.676root 11241100x8000000000000000757162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68946e91a59c7682021-12-20 15:55:13.676root 11241100x8000000000000000757163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2778e8974cabf2021-12-20 15:55:13.676root 11241100x8000000000000000757164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22a4401ed949e542021-12-20 15:55:13.676root 11241100x8000000000000000757165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e875bf2abd62312021-12-20 15:55:13.676root 11241100x8000000000000000757166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da031db48a9d0fc2021-12-20 15:55:13.676root 11241100x8000000000000000757167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98799e5f6ba2c21c2021-12-20 15:55:13.676root 11241100x8000000000000000757168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ae43fca9eeb0182021-12-20 15:55:13.676root 11241100x8000000000000000757169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29072c1d4b00a3002021-12-20 15:55:13.676root 11241100x8000000000000000757170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf8a3cc4488042d2021-12-20 15:55:13.677root 11241100x8000000000000000757171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf6de58c4d952eb2021-12-20 15:55:13.677root 11241100x8000000000000000757172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f98522021c32dc2021-12-20 15:55:13.677root 11241100x8000000000000000757173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47ee144b94ff5582021-12-20 15:55:13.677root 11241100x8000000000000000757174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b20514f8e5a92c22021-12-20 15:55:13.677root 11241100x8000000000000000757175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f990de31c3114bd2021-12-20 15:55:13.677root 11241100x8000000000000000757176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f61872f12c9fa812021-12-20 15:55:13.677root 11241100x8000000000000000757177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5231db4e9072952021-12-20 15:55:13.677root 11241100x8000000000000000757178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0148ced6aeeaeef82021-12-20 15:55:13.677root 11241100x8000000000000000757179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d131d6aaf88d062021-12-20 15:55:13.677root 11241100x8000000000000000757180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8a8269992de3562021-12-20 15:55:13.678root 11241100x8000000000000000757181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb19d62ed44f9cd2021-12-20 15:55:13.678root 11241100x8000000000000000757182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbc747d33425bc62021-12-20 15:55:13.678root 11241100x8000000000000000757183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13ec824bfad98132021-12-20 15:55:13.678root 11241100x8000000000000000757184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3941671eb9c68b2021-12-20 15:55:13.678root 11241100x8000000000000000757185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0b93ee8eb5e45f2021-12-20 15:55:13.678root 11241100x8000000000000000757186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759562ba34ef8f2e2021-12-20 15:55:13.678root 11241100x8000000000000000757187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede80f788c1346562021-12-20 15:55:13.678root 11241100x8000000000000000757188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86d74e1b64d8cdd2021-12-20 15:55:13.678root 11241100x8000000000000000757189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebddb87ee232df22021-12-20 15:55:13.679root 11241100x8000000000000000757190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:13.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b445ba2a58ab80d2021-12-20 15:55:13.679root 11241100x8000000000000000757191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df6a5f18c2e84232021-12-20 15:55:14.174root 11241100x8000000000000000757192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b00859ef54bb9a02021-12-20 15:55:14.174root 11241100x8000000000000000757193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50be7e18f6ae6982021-12-20 15:55:14.174root 11241100x8000000000000000757194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37fb20327bcb3282021-12-20 15:55:14.174root 11241100x8000000000000000757195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab478a21b1fc42f52021-12-20 15:55:14.175root 11241100x8000000000000000757196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa9320e82e963002021-12-20 15:55:14.175root 11241100x8000000000000000757197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c126eded8f57d72021-12-20 15:55:14.175root 11241100x8000000000000000757198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aed1c344dc8ff152021-12-20 15:55:14.175root 11241100x8000000000000000757199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c842bf74489b922021-12-20 15:55:14.175root 11241100x8000000000000000757200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7844d9fbcecbb6a02021-12-20 15:55:14.175root 11241100x8000000000000000757201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899e9dfc0db90b692021-12-20 15:55:14.175root 11241100x8000000000000000757202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6ae9b468fd09062021-12-20 15:55:14.175root 11241100x8000000000000000757203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835f692da11a3d092021-12-20 15:55:14.175root 11241100x8000000000000000757204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723a98c6f82a151f2021-12-20 15:55:14.175root 11241100x8000000000000000757205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bc68f48fc6866a2021-12-20 15:55:14.175root 11241100x8000000000000000757206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dfebb732e950262021-12-20 15:55:14.175root 11241100x8000000000000000757207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58828ccb9a2d54ee2021-12-20 15:55:14.175root 11241100x8000000000000000757208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb04b658c8f7ba92021-12-20 15:55:14.176root 11241100x8000000000000000757209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed8da0fd76376bf2021-12-20 15:55:14.176root 11241100x8000000000000000757210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5859ad65078db92c2021-12-20 15:55:14.176root 11241100x8000000000000000757211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac2a8fa455f82c82021-12-20 15:55:14.176root 11241100x8000000000000000757212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e2ffd87848532c2021-12-20 15:55:14.176root 11241100x8000000000000000757213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2744cb8e3a68342d2021-12-20 15:55:14.176root 11241100x8000000000000000757214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cabef7b09436602021-12-20 15:55:14.176root 11241100x8000000000000000757215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7990159cc5f4f2a82021-12-20 15:55:14.176root 11241100x8000000000000000757216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103a69a60af370102021-12-20 15:55:14.176root 11241100x8000000000000000757217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a92ecef6827faf2021-12-20 15:55:14.176root 11241100x8000000000000000757218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec343a74854d5bf2021-12-20 15:55:14.176root 11241100x8000000000000000757219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d770f2b8df0cac8e2021-12-20 15:55:14.674root 11241100x8000000000000000757220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a328d1e48f013ec72021-12-20 15:55:14.674root 11241100x8000000000000000757221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afe4aff6b709ffb2021-12-20 15:55:14.674root 11241100x8000000000000000757222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48734a84f83011d52021-12-20 15:55:14.674root 11241100x8000000000000000757223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7d1760b7ce47132021-12-20 15:55:14.674root 11241100x8000000000000000757224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f715ba49f13192a62021-12-20 15:55:14.674root 11241100x8000000000000000757225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8717b44c51ff1a82021-12-20 15:55:14.675root 11241100x8000000000000000757226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc357d3dd7f875742021-12-20 15:55:14.675root 11241100x8000000000000000757227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e4a99e083cf29d2021-12-20 15:55:14.675root 11241100x8000000000000000757228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c304d27b8b8c586a2021-12-20 15:55:14.675root 11241100x8000000000000000757229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2d8900f6666a9b2021-12-20 15:55:14.675root 11241100x8000000000000000757230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8166d079ba2b9f7e2021-12-20 15:55:14.675root 11241100x8000000000000000757231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa9851f9bf69a002021-12-20 15:55:14.675root 11241100x8000000000000000757232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4221dac40d01b7a2021-12-20 15:55:14.675root 11241100x8000000000000000757233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4be2af31d76da4c2021-12-20 15:55:14.676root 11241100x8000000000000000757234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9e7d950d24850e2021-12-20 15:55:14.676root 11241100x8000000000000000757235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521122d4b9c1e9b52021-12-20 15:55:14.676root 11241100x8000000000000000757236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd80dc2090eb1eb2021-12-20 15:55:14.676root 11241100x8000000000000000757237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b4a021a934b34d2021-12-20 15:55:14.677root 11241100x8000000000000000757238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f478e3937eff106f2021-12-20 15:55:14.677root 11241100x8000000000000000757239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1e2464a1f20eff2021-12-20 15:55:14.677root 11241100x8000000000000000757240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6367a9b057f7df0a2021-12-20 15:55:14.677root 11241100x8000000000000000757241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2446c1b7cf277d1f2021-12-20 15:55:14.677root 11241100x8000000000000000757242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b094c3fb9b75fd32021-12-20 15:55:14.678root 11241100x8000000000000000757243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39db7d7e3cc83b32021-12-20 15:55:14.678root 11241100x8000000000000000757244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b689781e9eb3c12021-12-20 15:55:14.678root 11241100x8000000000000000757245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1010ed4f03c2722021-12-20 15:55:14.678root 11241100x8000000000000000757246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78e1dd1ba335ca72021-12-20 15:55:14.678root 11241100x8000000000000000757247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cc8e84b7b7fbf82021-12-20 15:55:14.679root 11241100x8000000000000000757248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4569be6dbe013f72021-12-20 15:55:14.679root 11241100x8000000000000000757249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d7475f5e2c96a2021-12-20 15:55:14.679root 11241100x8000000000000000757250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a030349dd5cbba62021-12-20 15:55:14.679root 11241100x8000000000000000757251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604a8d2c134130102021-12-20 15:55:14.679root 11241100x8000000000000000757252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fccc9793000eb772021-12-20 15:55:14.679root 11241100x8000000000000000757253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986a15e6c22a5e8f2021-12-20 15:55:14.680root 11241100x8000000000000000757254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f424c7f6ee24cb2021-12-20 15:55:14.680root 11241100x8000000000000000757255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca13d076d4ea69832021-12-20 15:55:14.680root 11241100x8000000000000000757256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e410c0e5867de22021-12-20 15:55:14.680root 11241100x8000000000000000757257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6046e3be1d96af362021-12-20 15:55:14.680root 11241100x8000000000000000757258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:14.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cacb24e45cff05a2021-12-20 15:55:14.680root 11241100x8000000000000000757259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4258c452277b2952021-12-20 15:55:15.174root 11241100x8000000000000000757260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f3fdddd01043bc2021-12-20 15:55:15.174root 11241100x8000000000000000757261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf81ff33a388ecef2021-12-20 15:55:15.175root 11241100x8000000000000000757262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab5a09682f03cc22021-12-20 15:55:15.175root 11241100x8000000000000000757263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ad2a51f88573ea2021-12-20 15:55:15.175root 11241100x8000000000000000757264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003f438c2b5a82a82021-12-20 15:55:15.175root 11241100x8000000000000000757265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705bfe4966b07bc72021-12-20 15:55:15.175root 11241100x8000000000000000757266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a890fb201f8ce9712021-12-20 15:55:15.176root 11241100x8000000000000000757267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630769591b15afbb2021-12-20 15:55:15.176root 11241100x8000000000000000757268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e7590e2de7037b2021-12-20 15:55:15.176root 11241100x8000000000000000757269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a10881835d1d8512021-12-20 15:55:15.176root 11241100x8000000000000000757270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eb12ccbfc2ad282021-12-20 15:55:15.176root 11241100x8000000000000000757271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4c600c1c366cb42021-12-20 15:55:15.176root 11241100x8000000000000000757272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3ad5214c71a48b2021-12-20 15:55:15.176root 11241100x8000000000000000757273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4a549ea1ae8bc92021-12-20 15:55:15.176root 11241100x8000000000000000757274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2467d5db6efb322021-12-20 15:55:15.176root 11241100x8000000000000000757275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b7049fb8e794dd2021-12-20 15:55:15.176root 11241100x8000000000000000757276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da298e252bf8ca82021-12-20 15:55:15.177root 11241100x8000000000000000757277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e956eed59dada342021-12-20 15:55:15.177root 11241100x8000000000000000757278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4de7ff73b93d822021-12-20 15:55:15.177root 11241100x8000000000000000757279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c183356d30606c2021-12-20 15:55:15.177root 11241100x8000000000000000757280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be82efcecac3ccc2021-12-20 15:55:15.177root 11241100x8000000000000000757281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0cf5151d1eb5e32021-12-20 15:55:15.177root 11241100x8000000000000000757282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71aab76644c3b7af2021-12-20 15:55:15.177root 11241100x8000000000000000757283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797056eec40532362021-12-20 15:55:15.177root 11241100x8000000000000000757284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21542b7291ada782021-12-20 15:55:15.674root 11241100x8000000000000000757285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969032418045b2d92021-12-20 15:55:15.675root 11241100x8000000000000000757286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3e71e85f6226e92021-12-20 15:55:15.675root 11241100x8000000000000000757287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25343aab35f87bce2021-12-20 15:55:15.675root 11241100x8000000000000000757288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40c2a0a55f9e0e62021-12-20 15:55:15.675root 11241100x8000000000000000757289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb5f2da5ab665112021-12-20 15:55:15.676root 11241100x8000000000000000757290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a66d818d2f3174f2021-12-20 15:55:15.676root 11241100x8000000000000000757291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f0f89e8d5870492021-12-20 15:55:15.676root 11241100x8000000000000000757292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5747f0ff787de042021-12-20 15:55:15.676root 11241100x8000000000000000757293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6dd279443bf2782021-12-20 15:55:15.676root 11241100x8000000000000000757294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eceaabe92eccefc2021-12-20 15:55:15.676root 11241100x8000000000000000757295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1123934a457674e52021-12-20 15:55:15.676root 11241100x8000000000000000757296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee54d987750927192021-12-20 15:55:15.676root 11241100x8000000000000000757297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5fb8ebeb8239852021-12-20 15:55:15.676root 11241100x8000000000000000757298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0011e4122e779d3a2021-12-20 15:55:15.677root 11241100x8000000000000000757299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e1e6ab1d25a96f2021-12-20 15:55:15.677root 11241100x8000000000000000757300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f475c988581b17eb2021-12-20 15:55:15.677root 11241100x8000000000000000757301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c43ec058b6688d2021-12-20 15:55:15.677root 11241100x8000000000000000757302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c5bc56722fbb0f2021-12-20 15:55:15.677root 11241100x8000000000000000757303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9373da76848cce112021-12-20 15:55:15.678root 11241100x8000000000000000757304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18f447ebf26d5582021-12-20 15:55:15.678root 11241100x8000000000000000757305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9297ec5abe6e0dc02021-12-20 15:55:15.678root 11241100x8000000000000000757306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a35ad2438e54632021-12-20 15:55:15.678root 11241100x8000000000000000757307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:15.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4fad7f4a8de31d2021-12-20 15:55:15.678root 11241100x8000000000000000757308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58daa39406ded5592021-12-20 15:55:16.174root 11241100x8000000000000000757309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeaa071dafcbde32021-12-20 15:55:16.174root 11241100x8000000000000000757310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966b3e5c44f33ab62021-12-20 15:55:16.174root 11241100x8000000000000000757311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d25528963624792021-12-20 15:55:16.174root 11241100x8000000000000000757312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5fcc4f7aa94bc32021-12-20 15:55:16.174root 11241100x8000000000000000757313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d8c65cbeeafa192021-12-20 15:55:16.174root 11241100x8000000000000000757314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8622b5d763c847542021-12-20 15:55:16.174root 11241100x8000000000000000757315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f2a8f28fd20c8d2021-12-20 15:55:16.174root 11241100x8000000000000000757316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cfe3909621b3c92021-12-20 15:55:16.174root 11241100x8000000000000000757317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36ed996e7c017c42021-12-20 15:55:16.174root 11241100x8000000000000000757318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0180cd904536a842021-12-20 15:55:16.175root 11241100x8000000000000000757319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3acbd53a2483c9b2021-12-20 15:55:16.175root 11241100x8000000000000000757320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23e2a1f260da3d22021-12-20 15:55:16.175root 11241100x8000000000000000757321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32df83bacd84d2a12021-12-20 15:55:16.176root 11241100x8000000000000000757322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa55db0ec0215f62021-12-20 15:55:16.176root 11241100x8000000000000000757323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d919c3cce875985b2021-12-20 15:55:16.176root 11241100x8000000000000000757324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7942df36798d0b8c2021-12-20 15:55:16.176root 11241100x8000000000000000757325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7613c12e85a7d6862021-12-20 15:55:16.176root 11241100x8000000000000000757326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9373a55a3dc52212021-12-20 15:55:16.176root 11241100x8000000000000000757327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4441b2879554a2f32021-12-20 15:55:16.176root 11241100x8000000000000000757328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9db3862b5a4f4bd2021-12-20 15:55:16.176root 11241100x8000000000000000757329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4931e79da5af9b2021-12-20 15:55:16.176root 11241100x8000000000000000757330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed457199317507ed2021-12-20 15:55:16.177root 11241100x8000000000000000757331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c25332cec50c2452021-12-20 15:55:16.177root 11241100x8000000000000000757332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb022bab11598762021-12-20 15:55:16.177root 11241100x8000000000000000757333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f2a7e46527c5b92021-12-20 15:55:16.177root 11241100x8000000000000000757334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c964922daa623a272021-12-20 15:55:16.177root 11241100x8000000000000000757335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe778db263f0592f2021-12-20 15:55:16.177root 11241100x8000000000000000757336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9bf7d3552615a02021-12-20 15:55:16.177root 11241100x8000000000000000757337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd47f06404fa4e5c2021-12-20 15:55:16.177root 11241100x8000000000000000757338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab999183b693e38c2021-12-20 15:55:16.178root 11241100x8000000000000000757339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6ce48fccaf5fd92021-12-20 15:55:16.178root 11241100x8000000000000000757340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc3e3569029995d2021-12-20 15:55:16.178root 11241100x8000000000000000757341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc4e0f50ef352ee2021-12-20 15:55:16.178root 11241100x8000000000000000757342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fce1adb595a0cd2021-12-20 15:55:16.178root 11241100x8000000000000000757343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88b855d2679306b2021-12-20 15:55:16.178root 354300x8000000000000000757344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.203{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51372-false10.0.1.12-8000- 11241100x8000000000000000757345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831785044a4f7c602021-12-20 15:55:16.674root 11241100x8000000000000000757346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960fc036429b89002021-12-20 15:55:16.674root 11241100x8000000000000000757347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390b1c95d594d91e2021-12-20 15:55:16.674root 11241100x8000000000000000757348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4691b732211d53e02021-12-20 15:55:16.674root 11241100x8000000000000000757349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39c9189c3efbec62021-12-20 15:55:16.674root 11241100x8000000000000000757350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c973882ade552b2021-12-20 15:55:16.675root 11241100x8000000000000000757351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5ccd5ff72a0b132021-12-20 15:55:16.675root 11241100x8000000000000000757352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c59717eab7dd502021-12-20 15:55:16.675root 11241100x8000000000000000757353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1bd60c5c410acd2021-12-20 15:55:16.675root 11241100x8000000000000000757354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371af0cf0e9ab5842021-12-20 15:55:16.675root 11241100x8000000000000000757355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73eaf196f8a78f272021-12-20 15:55:16.675root 11241100x8000000000000000757356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b018f6658cf8c42021-12-20 15:55:16.675root 11241100x8000000000000000757357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbd62c9a5309bb32021-12-20 15:55:16.675root 11241100x8000000000000000757358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b355c3938d81fa2021-12-20 15:55:16.676root 11241100x8000000000000000757359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9352849d44bc3ef42021-12-20 15:55:16.676root 11241100x8000000000000000757360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28045c1db1af6472021-12-20 15:55:16.676root 11241100x8000000000000000757361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2722f3d2dbde30a2021-12-20 15:55:16.676root 11241100x8000000000000000757362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018ad80a4dcbe6552021-12-20 15:55:16.676root 11241100x8000000000000000757363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e14cf0af930970a2021-12-20 15:55:16.676root 11241100x8000000000000000757364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf21d332fdfcedef2021-12-20 15:55:16.676root 11241100x8000000000000000757365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e18d0d19f96d632021-12-20 15:55:16.677root 11241100x8000000000000000757366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43799edee4258442021-12-20 15:55:16.677root 11241100x8000000000000000757367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abed54b965424aaa2021-12-20 15:55:16.677root 11241100x8000000000000000757368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26771bf799e226582021-12-20 15:55:16.677root 11241100x8000000000000000757369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f0e85f9d0a005d2021-12-20 15:55:16.678root 11241100x8000000000000000757370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c11e541d4eb2942021-12-20 15:55:16.678root 11241100x8000000000000000757371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d128f003da683a262021-12-20 15:55:16.678root 11241100x8000000000000000757372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e562dad360a3dcc2021-12-20 15:55:16.678root 11241100x8000000000000000757373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d7e105ccc1c7d92021-12-20 15:55:16.679root 11241100x8000000000000000757374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468752032a7fdb6a2021-12-20 15:55:16.679root 11241100x8000000000000000757375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aabb52fa673f7662021-12-20 15:55:16.679root 11241100x8000000000000000757376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51ee405ecc2a2bb2021-12-20 15:55:16.679root 11241100x8000000000000000757377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bc23fe513238c52021-12-20 15:55:16.680root 11241100x8000000000000000757378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8225073ed89491282021-12-20 15:55:16.680root 11241100x8000000000000000757379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f1c5e78866a92a2021-12-20 15:55:16.682root 11241100x8000000000000000757380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3beae029bba3961a2021-12-20 15:55:16.682root 11241100x8000000000000000757381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989c35699b8e36682021-12-20 15:55:16.683root 11241100x8000000000000000757382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd35823d12aa1cd02021-12-20 15:55:16.683root 11241100x8000000000000000757383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a06fc6c3da95a592021-12-20 15:55:16.684root 11241100x8000000000000000757384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e814a95ceac1612021-12-20 15:55:16.684root 11241100x8000000000000000757385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:16.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b07b01804d0e372021-12-20 15:55:16.684root 11241100x8000000000000000757386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f207d6917dce9c522021-12-20 15:55:17.175root 11241100x8000000000000000757387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cb12f308e9cfef2021-12-20 15:55:17.175root 11241100x8000000000000000757388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2278915090e3d3f52021-12-20 15:55:17.175root 11241100x8000000000000000757389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c298af2f74e8032021-12-20 15:55:17.175root 11241100x8000000000000000757390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7173389ed9bdb02021-12-20 15:55:17.175root 11241100x8000000000000000757391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf6c207656d08032021-12-20 15:55:17.175root 11241100x8000000000000000757392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23af088f9736d1432021-12-20 15:55:17.175root 11241100x8000000000000000757393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba1d866ff2f4d322021-12-20 15:55:17.175root 11241100x8000000000000000757394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced13414e87675222021-12-20 15:55:17.175root 11241100x8000000000000000757395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0725c6c40ab4e32021-12-20 15:55:17.175root 11241100x8000000000000000757396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66c9fe8b6a5a5ad2021-12-20 15:55:17.176root 11241100x8000000000000000757397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f418ccb71ff6042021-12-20 15:55:17.176root 11241100x8000000000000000757398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3136143c1ef7946f2021-12-20 15:55:17.176root 11241100x8000000000000000757399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9d3c88ba6b731b2021-12-20 15:55:17.176root 11241100x8000000000000000757400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1cfd2f33cdb0c82021-12-20 15:55:17.176root 11241100x8000000000000000757401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a99cf7615e0744c2021-12-20 15:55:17.176root 11241100x8000000000000000757402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa979b8903d238122021-12-20 15:55:17.176root 11241100x8000000000000000757403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22a13c01eb0c8bf2021-12-20 15:55:17.176root 11241100x8000000000000000757404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a670b17815dbc7ca2021-12-20 15:55:17.176root 11241100x8000000000000000757405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b5655541a2aa2c2021-12-20 15:55:17.177root 11241100x8000000000000000757406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7291eeaf557751a22021-12-20 15:55:17.177root 11241100x8000000000000000757407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3db30cb524cd0b2021-12-20 15:55:17.177root 11241100x8000000000000000757408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad55e0a99d5399ce2021-12-20 15:55:17.177root 11241100x8000000000000000757409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbc3f547012b1f72021-12-20 15:55:17.177root 11241100x8000000000000000757410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fd0562ec05f5d82021-12-20 15:55:17.177root 11241100x8000000000000000757411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4c426636412d1d2021-12-20 15:55:17.674root 11241100x8000000000000000757412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcb8ee17aac72962021-12-20 15:55:17.674root 11241100x8000000000000000757413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109a13ac6b8422c32021-12-20 15:55:17.674root 11241100x8000000000000000757414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f24cf835da136712021-12-20 15:55:17.674root 11241100x8000000000000000757415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8dc62a7ff01dbd2021-12-20 15:55:17.675root 11241100x8000000000000000757416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d21de0fe93db7062021-12-20 15:55:17.675root 11241100x8000000000000000757417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e1a368ffff21622021-12-20 15:55:17.675root 11241100x8000000000000000757418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a9c4db73f543bb2021-12-20 15:55:17.675root 11241100x8000000000000000757419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a149dc6eed3b40c92021-12-20 15:55:17.675root 11241100x8000000000000000757420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043626a8b0356eec2021-12-20 15:55:17.675root 11241100x8000000000000000757421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe513a750370d3dd2021-12-20 15:55:17.675root 11241100x8000000000000000757422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659aebe0aa5177412021-12-20 15:55:17.676root 11241100x8000000000000000757423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901791a0192de2fd2021-12-20 15:55:17.676root 11241100x8000000000000000757424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6b75ba2c7e530f2021-12-20 15:55:17.676root 11241100x8000000000000000757425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2f760be91bdbe62021-12-20 15:55:17.677root 11241100x8000000000000000757426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14d16b8162a6cb92021-12-20 15:55:17.677root 11241100x8000000000000000757427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ee7f513227fa4b2021-12-20 15:55:17.677root 11241100x8000000000000000757428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d27356e3a2488e2021-12-20 15:55:17.677root 11241100x8000000000000000757429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6f492790e0a69a2021-12-20 15:55:17.677root 11241100x8000000000000000757430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35219276d7802dcd2021-12-20 15:55:17.678root 11241100x8000000000000000757431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0191a00ae45d932021-12-20 15:55:17.678root 11241100x8000000000000000757432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bae12c0bdf6a302021-12-20 15:55:17.678root 11241100x8000000000000000757433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ced15cbb8776712021-12-20 15:55:17.678root 11241100x8000000000000000757434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a195e26cb982ba2021-12-20 15:55:17.679root 11241100x8000000000000000757435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4233f8b0abbd74d2021-12-20 15:55:17.679root 11241100x8000000000000000757436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63da5f305894d4962021-12-20 15:55:17.679root 11241100x8000000000000000757437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1459bbadd43aa92021-12-20 15:55:17.679root 11241100x8000000000000000757438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be27360adb0d05ca2021-12-20 15:55:17.680root 11241100x8000000000000000757439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cc6e0ae2fab2c42021-12-20 15:55:17.680root 11241100x8000000000000000757440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db554379830779262021-12-20 15:55:17.680root 11241100x8000000000000000757441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582f7f9ccb8c62672021-12-20 15:55:17.680root 11241100x8000000000000000757442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68947ee27531a9e52021-12-20 15:55:17.680root 11241100x8000000000000000757443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3baf44ccfc9466e2021-12-20 15:55:17.681root 11241100x8000000000000000757444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faec32c2200fe66b2021-12-20 15:55:17.681root 11241100x8000000000000000757445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcb25f6613a9e602021-12-20 15:55:17.681root 11241100x8000000000000000757446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e64716e916df342021-12-20 15:55:17.681root 11241100x8000000000000000757447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba1c56348880c732021-12-20 15:55:17.681root 11241100x8000000000000000757448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc80f673eeed49cd2021-12-20 15:55:17.681root 11241100x8000000000000000757449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2714fbe390c23ed62021-12-20 15:55:17.681root 11241100x8000000000000000757450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fcff37bd0452b82021-12-20 15:55:17.681root 11241100x8000000000000000757451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97807b06f6ce31d12021-12-20 15:55:17.681root 11241100x8000000000000000757452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd78150822dd06dd2021-12-20 15:55:17.682root 11241100x8000000000000000757453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223e2528647479e32021-12-20 15:55:17.682root 11241100x8000000000000000757454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7fe0bce55632522021-12-20 15:55:17.682root 11241100x8000000000000000757455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2889630999b94f2021-12-20 15:55:17.682root 11241100x8000000000000000757456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b3660fbf75a01a2021-12-20 15:55:17.682root 11241100x8000000000000000757457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c90ba5a932d1482021-12-20 15:55:17.682root 11241100x8000000000000000757458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae89cc874873d9852021-12-20 15:55:17.682root 11241100x8000000000000000757459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979d4ccb91b80eab2021-12-20 15:55:18.174root 11241100x8000000000000000757460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82cacd30260ca5f2021-12-20 15:55:18.174root 11241100x8000000000000000757461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344a0b9b4a8b671a2021-12-20 15:55:18.174root 11241100x8000000000000000757462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22d8f93016288e72021-12-20 15:55:18.175root 11241100x8000000000000000757463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4dac66227277f72021-12-20 15:55:18.175root 11241100x8000000000000000757464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1f24a47dc4e4f22021-12-20 15:55:18.175root 11241100x8000000000000000757465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485c6746ef66add62021-12-20 15:55:18.175root 11241100x8000000000000000757466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011d59de30e571ef2021-12-20 15:55:18.175root 11241100x8000000000000000757467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf90002ea76d19bc2021-12-20 15:55:18.175root 11241100x8000000000000000757468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f842f621ac6b252021-12-20 15:55:18.176root 11241100x8000000000000000757469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c18ce93ce9353d12021-12-20 15:55:18.176root 11241100x8000000000000000757470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755c9fed8313b1832021-12-20 15:55:18.176root 11241100x8000000000000000757471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac2fbd371144b4e2021-12-20 15:55:18.176root 11241100x8000000000000000757472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1487060aa3845272021-12-20 15:55:18.176root 11241100x8000000000000000757473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df8c3cfa9e99ac92021-12-20 15:55:18.176root 11241100x8000000000000000757474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543c91912f990ee12021-12-20 15:55:18.177root 11241100x8000000000000000757475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49769e11a54f32342021-12-20 15:55:18.177root 11241100x8000000000000000757476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831139e5402191b32021-12-20 15:55:18.177root 11241100x8000000000000000757477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b40de3585a8e31f2021-12-20 15:55:18.177root 11241100x8000000000000000757478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874a165c875b00f32021-12-20 15:55:18.178root 11241100x8000000000000000757479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58290a529905441f2021-12-20 15:55:18.178root 11241100x8000000000000000757480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9e987177addca02021-12-20 15:55:18.178root 11241100x8000000000000000757481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981ff549e1a0558b2021-12-20 15:55:18.178root 11241100x8000000000000000757482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0303fd7f573772021-12-20 15:55:18.178root 11241100x8000000000000000757483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b0d7af45a748382021-12-20 15:55:18.178root 11241100x8000000000000000757484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b531ab730a16f562021-12-20 15:55:18.179root 11241100x8000000000000000757485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0922f9e2ada0342021-12-20 15:55:18.179root 11241100x8000000000000000757486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffdb85fc32e59ff2021-12-20 15:55:18.179root 11241100x8000000000000000757487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4fa9cbd3052b182021-12-20 15:55:18.179root 11241100x8000000000000000757488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7380268e93811e1a2021-12-20 15:55:18.179root 11241100x8000000000000000757489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924c6f80d22291e92021-12-20 15:55:18.181root 11241100x8000000000000000757490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec94b8bf5f569ec2021-12-20 15:55:18.181root 11241100x8000000000000000757491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e49910369ecc7712021-12-20 15:55:18.181root 11241100x8000000000000000757492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8633c38ef0dcc92021-12-20 15:55:18.181root 11241100x8000000000000000757493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca69fd57e01f32d2021-12-20 15:55:18.674root 11241100x8000000000000000757494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aca441fd44fe8e2021-12-20 15:55:18.675root 11241100x8000000000000000757495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bab00d6d624982c2021-12-20 15:55:18.675root 11241100x8000000000000000757496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bc54c027e52e922021-12-20 15:55:18.675root 11241100x8000000000000000757497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda3dbe1421210fe2021-12-20 15:55:18.675root 11241100x8000000000000000757498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b9a904136c67e2021-12-20 15:55:18.675root 11241100x8000000000000000757499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b734384cbc320c412021-12-20 15:55:18.675root 11241100x8000000000000000757500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68601e838ae08472021-12-20 15:55:18.676root 11241100x8000000000000000757501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5da89227388bbf72021-12-20 15:55:18.676root 11241100x8000000000000000757502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b1fd55e0944bfe2021-12-20 15:55:18.676root 11241100x8000000000000000757503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68ad956695fd2c52021-12-20 15:55:18.676root 11241100x8000000000000000757504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94d3f16ccb5f84e2021-12-20 15:55:18.676root 11241100x8000000000000000757505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0752b691d0b26e2021-12-20 15:55:18.676root 11241100x8000000000000000757506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54c5c5016d67c612021-12-20 15:55:18.676root 11241100x8000000000000000757507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f00fcc7c871cbac2021-12-20 15:55:18.676root 11241100x8000000000000000757508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f88b4b65a223962021-12-20 15:55:18.676root 11241100x8000000000000000757509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04599b2959418032021-12-20 15:55:18.677root 11241100x8000000000000000757510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ad5f3bf7da9baa2021-12-20 15:55:18.677root 11241100x8000000000000000757511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ee85da910d92032021-12-20 15:55:18.677root 11241100x8000000000000000757512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eabe9c31d61a7b12021-12-20 15:55:18.677root 11241100x8000000000000000757513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cd54224f32bec42021-12-20 15:55:18.677root 11241100x8000000000000000757514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeea610a6073f782021-12-20 15:55:18.677root 11241100x8000000000000000757515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da74dc26b77429d2021-12-20 15:55:18.677root 11241100x8000000000000000757516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1822bdfd7fccf5d2021-12-20 15:55:18.677root 11241100x8000000000000000757517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c6439bb7c4abd32021-12-20 15:55:18.677root 11241100x8000000000000000757518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d9eb4bbd947dfd2021-12-20 15:55:19.174root 11241100x8000000000000000757519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e243d1160e37d9d22021-12-20 15:55:19.174root 11241100x8000000000000000757520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807def1a757406d52021-12-20 15:55:19.175root 11241100x8000000000000000757521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b721991efb5589b2021-12-20 15:55:19.175root 11241100x8000000000000000757522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125dd1054c277de52021-12-20 15:55:19.175root 11241100x8000000000000000757523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753285873de932bb2021-12-20 15:55:19.175root 11241100x8000000000000000757524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f453b3dce9447652021-12-20 15:55:19.175root 11241100x8000000000000000757525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e32bfcfc2edffd2021-12-20 15:55:19.175root 11241100x8000000000000000757526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2005cf33a40fb84e2021-12-20 15:55:19.175root 11241100x8000000000000000757527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a277db43563b3ab2021-12-20 15:55:19.176root 11241100x8000000000000000757528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9ca220bcd9536e2021-12-20 15:55:19.176root 11241100x8000000000000000757529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597abec793075c052021-12-20 15:55:19.176root 11241100x8000000000000000757530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1498fd2e19007d82021-12-20 15:55:19.177root 11241100x8000000000000000757531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08ea5c206f3ac662021-12-20 15:55:19.177root 11241100x8000000000000000757532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8802c5a27989d9152021-12-20 15:55:19.177root 11241100x8000000000000000757533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40072fadad99e062021-12-20 15:55:19.177root 11241100x8000000000000000757534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f5a4cb46691b0d2021-12-20 15:55:19.177root 11241100x8000000000000000757535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b48a6683e613dd2021-12-20 15:55:19.177root 11241100x8000000000000000757536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ddcab9a6317cfa2021-12-20 15:55:19.177root 11241100x8000000000000000757537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd336c3cb3ccca662021-12-20 15:55:19.177root 11241100x8000000000000000757538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bda89b954cbd632021-12-20 15:55:19.177root 11241100x8000000000000000757539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b827cfd337f037332021-12-20 15:55:19.177root 11241100x8000000000000000757540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a048d54114f64b2021-12-20 15:55:19.177root 11241100x8000000000000000757541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3681be9c2f7e5e52021-12-20 15:55:19.177root 11241100x8000000000000000757542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182f2e09b15881b92021-12-20 15:55:19.177root 11241100x8000000000000000757543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da177f66df16dce62021-12-20 15:55:19.177root 11241100x8000000000000000757544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43862a63b44b73f2021-12-20 15:55:19.177root 11241100x8000000000000000757545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2467c5f29687736e2021-12-20 15:55:19.178root 11241100x8000000000000000757546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1033cbf4e84a812021-12-20 15:55:19.178root 11241100x8000000000000000757547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e8fc7e230586b72021-12-20 15:55:19.178root 11241100x8000000000000000757548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f927dbc06e02208b2021-12-20 15:55:19.178root 11241100x8000000000000000757549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8ffe551259f6fe2021-12-20 15:55:19.178root 11241100x8000000000000000757550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5548f0d66191bb2021-12-20 15:55:19.674root 11241100x8000000000000000757551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a79a72603172122021-12-20 15:55:19.674root 11241100x8000000000000000757552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fd92bb32bde3442021-12-20 15:55:19.674root 11241100x8000000000000000757553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d697b58aec03a242021-12-20 15:55:19.675root 11241100x8000000000000000757554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e4162782b3befe2021-12-20 15:55:19.675root 11241100x8000000000000000757555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348767c365c23ab02021-12-20 15:55:19.675root 11241100x8000000000000000757556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2147047c049ff0772021-12-20 15:55:19.675root 11241100x8000000000000000757557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de397c972fca2cb92021-12-20 15:55:19.675root 11241100x8000000000000000757558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014481cb35ad535a2021-12-20 15:55:19.676root 11241100x8000000000000000757559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078fc17690dbff682021-12-20 15:55:19.676root 11241100x8000000000000000757560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269dd566a73252612021-12-20 15:55:19.676root 11241100x8000000000000000757561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482cbc31738e68202021-12-20 15:55:19.676root 11241100x8000000000000000757562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dacbbee2ac921812021-12-20 15:55:19.676root 11241100x8000000000000000757563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3533605b5b5f1e042021-12-20 15:55:19.676root 11241100x8000000000000000757564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b75d68284f5981c2021-12-20 15:55:19.676root 11241100x8000000000000000757565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878483a0573618eb2021-12-20 15:55:19.676root 11241100x8000000000000000757566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee19072c90580122021-12-20 15:55:19.676root 11241100x8000000000000000757567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e811a12ec5551292021-12-20 15:55:19.677root 11241100x8000000000000000757568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d31faddcab83f002021-12-20 15:55:19.677root 11241100x8000000000000000757569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f97f116e7211cc2021-12-20 15:55:19.677root 11241100x8000000000000000757570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a94a8d6a489ae692021-12-20 15:55:19.677root 11241100x8000000000000000757571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62299cc89988de072021-12-20 15:55:19.677root 11241100x8000000000000000757572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d314be511dd04932021-12-20 15:55:19.677root 11241100x8000000000000000757573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662184f64ebac9172021-12-20 15:55:19.677root 11241100x8000000000000000757574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060c0e448b956fae2021-12-20 15:55:19.677root 11241100x8000000000000000757575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f5dec815236d12021-12-20 15:55:19.677root 11241100x8000000000000000757576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0264a0864eb4a302021-12-20 15:55:19.677root 354300x8000000000000000757577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.038{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46076-false10.0.1.12-8089- 11241100x8000000000000000757578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.038{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79945734742f57362021-12-20 15:55:20.038root 11241100x8000000000000000757579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf301af122e9e2d92021-12-20 15:55:20.039root 11241100x8000000000000000757580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa3642ac3a0794b2021-12-20 15:55:20.039root 11241100x8000000000000000757581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248231e81cc8c3c42021-12-20 15:55:20.039root 11241100x8000000000000000757582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.039{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181148bbb551d50c2021-12-20 15:55:20.039root 11241100x8000000000000000757583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.040{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9203fe17382903382021-12-20 15:55:20.040root 11241100x8000000000000000757584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.040{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cabb5ef0bee74f2021-12-20 15:55:20.040root 11241100x8000000000000000757585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.040{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff08dae35b69d412021-12-20 15:55:20.040root 11241100x8000000000000000757586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.040{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9818c775b94240362021-12-20 15:55:20.040root 11241100x8000000000000000757587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.040{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac13a299d98b9ae02021-12-20 15:55:20.040root 11241100x8000000000000000757588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.040{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd691e587a54cef2021-12-20 15:55:20.040root 11241100x8000000000000000757589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.040{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282ac76d853046242021-12-20 15:55:20.040root 11241100x8000000000000000757590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abab84ddf2d6a5b2021-12-20 15:55:20.041root 11241100x8000000000000000757591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7a8e37cf53a5c62021-12-20 15:55:20.041root 11241100x8000000000000000757592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ceb976fcd2e7792021-12-20 15:55:20.041root 11241100x8000000000000000757593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.041{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2881aeb9d6b26c6f2021-12-20 15:55:20.041root 11241100x8000000000000000757594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e9101bef4aa9bb2021-12-20 15:55:20.042root 11241100x8000000000000000757595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1176827fb7c75f662021-12-20 15:55:20.042root 11241100x8000000000000000757596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ffa63f08b1877f2021-12-20 15:55:20.042root 11241100x8000000000000000757597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e3178b34f8ac272021-12-20 15:55:20.042root 11241100x8000000000000000757598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29db047a99e82522021-12-20 15:55:20.042root 11241100x8000000000000000757599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f01064aac4c24d2021-12-20 15:55:20.042root 11241100x8000000000000000757600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363ea94e268c90122021-12-20 15:55:20.042root 11241100x8000000000000000757601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e165e1907cf86a0a2021-12-20 15:55:20.042root 11241100x8000000000000000757602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d98952c078fe5a2021-12-20 15:55:20.043root 11241100x8000000000000000757603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dcb98424ca303d2021-12-20 15:55:20.043root 11241100x8000000000000000757604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68eb2fe45dc02712021-12-20 15:55:20.043root 11241100x8000000000000000757605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c239663791a241f2021-12-20 15:55:20.044root 11241100x8000000000000000757606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac20207f13ae71422021-12-20 15:55:20.044root 11241100x8000000000000000757607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ac7ab98cbbc2182021-12-20 15:55:20.044root 11241100x8000000000000000757608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bad467178ce2632021-12-20 15:55:20.044root 11241100x8000000000000000757609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e4eb398cb06c8f2021-12-20 15:55:20.044root 11241100x8000000000000000757610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cbfdf2563e66b72021-12-20 15:55:20.044root 11241100x8000000000000000757611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202aa13d5277549a2021-12-20 15:55:20.045root 11241100x8000000000000000757612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabd3cc87497cb7d2021-12-20 15:55:20.045root 11241100x8000000000000000757613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1fdfb60b23583b2021-12-20 15:55:20.045root 11241100x8000000000000000757614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc85be7da091c3a2021-12-20 15:55:20.045root 11241100x8000000000000000757615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ebae877b7fd4422021-12-20 15:55:20.045root 11241100x8000000000000000757616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dece6baa716df22021-12-20 15:55:20.045root 11241100x8000000000000000757617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812a402b3871ab6b2021-12-20 15:55:20.045root 11241100x8000000000000000757618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042956a22290eb7d2021-12-20 15:55:20.045root 11241100x8000000000000000757619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2df4343e63f0d942021-12-20 15:55:20.045root 11241100x8000000000000000757620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.046{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928a1f4b5aa1ee042021-12-20 15:55:20.046root 11241100x8000000000000000757621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.046{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322e806d1a019ca42021-12-20 15:55:20.046root 11241100x8000000000000000757622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.046{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc667f25736b7b032021-12-20 15:55:20.046root 11241100x8000000000000000757623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.046{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4409d81bc4c4982021-12-20 15:55:20.046root 11241100x8000000000000000757624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.046{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f244b3ff82c38b2021-12-20 15:55:20.046root 11241100x8000000000000000757625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0038da28f5b8028a2021-12-20 15:55:20.047root 11241100x8000000000000000757626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482d5274a5c7df102021-12-20 15:55:20.047root 11241100x8000000000000000757627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdc646b1733de452021-12-20 15:55:20.047root 11241100x8000000000000000757628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dfe367b0a5e06b2021-12-20 15:55:20.047root 11241100x8000000000000000757629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7741b6f04865db2021-12-20 15:55:20.047root 11241100x8000000000000000757630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a87e895e79ef9722021-12-20 15:55:20.047root 11241100x8000000000000000757631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf14dee8f7c73de12021-12-20 15:55:20.424root 11241100x8000000000000000757632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e95faa2ca3a8f12021-12-20 15:55:20.424root 11241100x8000000000000000757633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0ea5ea93c51e1b2021-12-20 15:55:20.424root 11241100x8000000000000000757634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228a60cf0a124ca22021-12-20 15:55:20.425root 11241100x8000000000000000757635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36430267ea3219402021-12-20 15:55:20.425root 11241100x8000000000000000757636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cd378679c317862021-12-20 15:55:20.425root 11241100x8000000000000000757637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865f5cf2a57961cd2021-12-20 15:55:20.425root 11241100x8000000000000000757638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521ff3d5bc67facc2021-12-20 15:55:20.425root 11241100x8000000000000000757639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2307a77985f547722021-12-20 15:55:20.425root 11241100x8000000000000000757640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbc275b0a4e2d282021-12-20 15:55:20.425root 11241100x8000000000000000757641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f26e1335864c5d2021-12-20 15:55:20.425root 11241100x8000000000000000757642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443224185535abb42021-12-20 15:55:20.425root 11241100x8000000000000000757643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f829b7607f08bb2021-12-20 15:55:20.425root 11241100x8000000000000000757644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3ad7ec72ca99032021-12-20 15:55:20.426root 11241100x8000000000000000757645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799386c38f4fa0e22021-12-20 15:55:20.426root 11241100x8000000000000000757646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8b839dce058d302021-12-20 15:55:20.426root 11241100x8000000000000000757647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4290c2bdc27b528f2021-12-20 15:55:20.426root 11241100x8000000000000000757648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0228ed911872342021-12-20 15:55:20.426root 11241100x8000000000000000757649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508af894129c0ca42021-12-20 15:55:20.426root 11241100x8000000000000000757650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4134064172713d192021-12-20 15:55:20.426root 11241100x8000000000000000757651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b5e8d964b5fd052021-12-20 15:55:20.426root 11241100x8000000000000000757652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4cfeb23f3917ec2021-12-20 15:55:20.427root 11241100x8000000000000000757653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f23b2d73efae91e2021-12-20 15:55:20.427root 11241100x8000000000000000757654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8de25cb2ca7cad72021-12-20 15:55:20.427root 11241100x8000000000000000757655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e64174fc250fa12021-12-20 15:55:20.427root 11241100x8000000000000000757656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef4a29e293de75e2021-12-20 15:55:20.427root 11241100x8000000000000000757657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb17c8888ee6d9c2021-12-20 15:55:20.924root 11241100x8000000000000000757658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60905fab5aa4b9452021-12-20 15:55:20.924root 11241100x8000000000000000757659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed073d0fb3177082021-12-20 15:55:20.925root 11241100x8000000000000000757660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584a2d6358f5ca672021-12-20 15:55:20.925root 11241100x8000000000000000757661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e3c9e5a747b7422021-12-20 15:55:20.925root 11241100x8000000000000000757662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b020a5cde687cfbd2021-12-20 15:55:20.925root 11241100x8000000000000000757663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331ba88f17273a702021-12-20 15:55:20.925root 11241100x8000000000000000757664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b45ffe962e0dd952021-12-20 15:55:20.925root 11241100x8000000000000000757665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9793722a4fb6ac2021-12-20 15:55:20.925root 11241100x8000000000000000757666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45697cf93649b092021-12-20 15:55:20.926root 11241100x8000000000000000757667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4b63782116c3a12021-12-20 15:55:20.926root 11241100x8000000000000000757668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23678fe1c8af2bc02021-12-20 15:55:20.926root 11241100x8000000000000000757669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb69e30fbcfd0122021-12-20 15:55:20.926root 11241100x8000000000000000757670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0df4723977def12021-12-20 15:55:20.926root 11241100x8000000000000000757671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2524147b1a14de1e2021-12-20 15:55:20.926root 11241100x8000000000000000757672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90d3ce66d6b42c12021-12-20 15:55:20.926root 11241100x8000000000000000757673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0868ac4d08949b5a2021-12-20 15:55:20.927root 11241100x8000000000000000757674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbc344207a364b72021-12-20 15:55:20.927root 11241100x8000000000000000757675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97510604a3b60e522021-12-20 15:55:20.927root 11241100x8000000000000000757676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfef8b9c717dfe732021-12-20 15:55:20.927root 11241100x8000000000000000757677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164f78db58715a402021-12-20 15:55:20.927root 11241100x8000000000000000757678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84b816a18eaeef42021-12-20 15:55:20.927root 11241100x8000000000000000757679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d94d452240012892021-12-20 15:55:20.928root 11241100x8000000000000000757680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4436af0c66576f522021-12-20 15:55:20.928root 11241100x8000000000000000757681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aacd2b23df131f02021-12-20 15:55:20.928root 11241100x8000000000000000757682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bcdf8290d58aff2021-12-20 15:55:20.928root 11241100x8000000000000000757683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4eb3c627d976b72021-12-20 15:55:21.424root 11241100x8000000000000000757684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed970f967c948ba2021-12-20 15:55:21.425root 11241100x8000000000000000757685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3810b1ee3d99269f2021-12-20 15:55:21.425root 11241100x8000000000000000757686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666bd692ca4034402021-12-20 15:55:21.426root 11241100x8000000000000000757687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53999a86b4365efc2021-12-20 15:55:21.426root 11241100x8000000000000000757688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5938fb8b3ce55c2021-12-20 15:55:21.426root 11241100x8000000000000000757689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206830e3ebf1c8cc2021-12-20 15:55:21.427root 11241100x8000000000000000757690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27f9b26323d356d2021-12-20 15:55:21.427root 11241100x8000000000000000757691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb1bb3683843c712021-12-20 15:55:21.427root 11241100x8000000000000000757692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b63d7862dd253ff2021-12-20 15:55:21.427root 11241100x8000000000000000757693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4958e7e6b93e6e1e2021-12-20 15:55:21.427root 11241100x8000000000000000757694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f193baf027011d2021-12-20 15:55:21.427root 11241100x8000000000000000757695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a300f01b329f3ea82021-12-20 15:55:21.427root 11241100x8000000000000000757696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e843c6ad80ec2722021-12-20 15:55:21.427root 11241100x8000000000000000757697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bd36856699fe3d2021-12-20 15:55:21.427root 11241100x8000000000000000757698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4c9ae593489cda2021-12-20 15:55:21.427root 11241100x8000000000000000757699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2f75449ea493762021-12-20 15:55:21.428root 11241100x8000000000000000757700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25c6b6de531a00b2021-12-20 15:55:21.428root 11241100x8000000000000000757701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9165601b1974fe242021-12-20 15:55:21.428root 11241100x8000000000000000757702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39cc86ffd1c6cb42021-12-20 15:55:21.428root 11241100x8000000000000000757703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080f8c3a735cd4292021-12-20 15:55:21.428root 11241100x8000000000000000757704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bef56edf5ce8302021-12-20 15:55:21.429root 11241100x8000000000000000757705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fabb929288e019c2021-12-20 15:55:21.429root 11241100x8000000000000000757706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8037f056c86d2952021-12-20 15:55:21.429root 11241100x8000000000000000757707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcc9424a8f325ac2021-12-20 15:55:21.429root 11241100x8000000000000000757708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fe8bf6c1819b602021-12-20 15:55:21.429root 11241100x8000000000000000757709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44a362e9254e3af2021-12-20 15:55:21.429root 11241100x8000000000000000757710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162632500f7668a52021-12-20 15:55:21.924root 11241100x8000000000000000757711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b273f261e3ebd102021-12-20 15:55:21.924root 11241100x8000000000000000757712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ada851ff595b1f2021-12-20 15:55:21.925root 11241100x8000000000000000757713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9932fad64484d7f22021-12-20 15:55:21.925root 11241100x8000000000000000757714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e61bf95f9d670af2021-12-20 15:55:21.925root 11241100x8000000000000000757715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df948cb971248092021-12-20 15:55:21.925root 11241100x8000000000000000757716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cbe2bc824926e32021-12-20 15:55:21.925root 11241100x8000000000000000757717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6545f75d4c078e122021-12-20 15:55:21.925root 11241100x8000000000000000757718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9e462cd9f8ac6c2021-12-20 15:55:21.926root 11241100x8000000000000000757719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea98f8bdfb273c12021-12-20 15:55:21.926root 11241100x8000000000000000757720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dd074abaea62fb2021-12-20 15:55:21.926root 11241100x8000000000000000757721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3573ea3af1185b2c2021-12-20 15:55:21.926root 11241100x8000000000000000757722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0bf5236b1229c12021-12-20 15:55:21.926root 11241100x8000000000000000757723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f777f007762278062021-12-20 15:55:21.926root 11241100x8000000000000000757724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a49eafcceab0a22021-12-20 15:55:21.926root 11241100x8000000000000000757725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fbdee75635d33c2021-12-20 15:55:21.926root 11241100x8000000000000000757726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0da6ec4369f6022021-12-20 15:55:21.926root 11241100x8000000000000000757727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8d4051f73e7ac02021-12-20 15:55:21.927root 11241100x8000000000000000757728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96e3ee3f8824cfa2021-12-20 15:55:21.927root 11241100x8000000000000000757729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47f0ea18787c2062021-12-20 15:55:21.927root 11241100x8000000000000000757730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770fe936a72051b52021-12-20 15:55:21.927root 11241100x8000000000000000757731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da6e6b975a99cb32021-12-20 15:55:21.927root 11241100x8000000000000000757732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548a53ccdee097772021-12-20 15:55:21.929root 11241100x8000000000000000757733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c013058982a7b3992021-12-20 15:55:21.929root 11241100x8000000000000000757734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2915bbd2fbdff5a12021-12-20 15:55:21.929root 11241100x8000000000000000757735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:21.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60db89a4997fc5642021-12-20 15:55:21.934root 354300x8000000000000000757736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.172{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51376-false10.0.1.12-8000- 11241100x8000000000000000757737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e701ded6beb09e2021-12-20 15:55:22.424root 11241100x8000000000000000757738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e20a5baa7d2028b2021-12-20 15:55:22.424root 11241100x8000000000000000757739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5117c369867f76492021-12-20 15:55:22.424root 11241100x8000000000000000757740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401fd714fb185ca92021-12-20 15:55:22.424root 11241100x8000000000000000757741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541c9b224c7608942021-12-20 15:55:22.424root 11241100x8000000000000000757742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a2567146a1114c2021-12-20 15:55:22.424root 11241100x8000000000000000757743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def18590f409e5dd2021-12-20 15:55:22.425root 11241100x8000000000000000757744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b5b0cee8c687012021-12-20 15:55:22.425root 11241100x8000000000000000757745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e47bf35671101f2021-12-20 15:55:22.425root 11241100x8000000000000000757746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3c7f431f06e6ad2021-12-20 15:55:22.426root 11241100x8000000000000000757747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49452173f9c65af2021-12-20 15:55:22.426root 11241100x8000000000000000757748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd2653480f875572021-12-20 15:55:22.426root 11241100x8000000000000000757749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a258a66fae6cb9992021-12-20 15:55:22.426root 11241100x8000000000000000757750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649d25310af8fc282021-12-20 15:55:22.426root 11241100x8000000000000000757751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e39c28848bff252021-12-20 15:55:22.426root 11241100x8000000000000000757752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3dc6fdbc57668b2021-12-20 15:55:22.427root 11241100x8000000000000000757753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458833ce7bdf77ce2021-12-20 15:55:22.427root 11241100x8000000000000000757754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8997d3168095bd052021-12-20 15:55:22.427root 11241100x8000000000000000757755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd9b0a82b57c7342021-12-20 15:55:22.427root 11241100x8000000000000000757756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617b9ed4c2eabea92021-12-20 15:55:22.427root 11241100x8000000000000000757757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0929995b40ca66b2021-12-20 15:55:22.427root 11241100x8000000000000000757758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21507cf5645428c2021-12-20 15:55:22.427root 11241100x8000000000000000757759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82aa012fe8e112a62021-12-20 15:55:22.428root 11241100x8000000000000000757760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22f2d4e07ac7a3c2021-12-20 15:55:22.428root 11241100x8000000000000000757761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07594f4c1374bcb52021-12-20 15:55:22.428root 11241100x8000000000000000757762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8477e1e84d1d882021-12-20 15:55:22.428root 11241100x8000000000000000757763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37483fc89ab7f2d32021-12-20 15:55:22.428root 11241100x8000000000000000757764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f64762411dc5b432021-12-20 15:55:22.428root 11241100x8000000000000000757765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e448dbe28a8e17782021-12-20 15:55:22.430root 11241100x8000000000000000757766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bd6bf79202ab1a2021-12-20 15:55:22.430root 11241100x8000000000000000757767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a31a50eeb6d34022021-12-20 15:55:22.430root 11241100x8000000000000000757768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4d7ada464078b22021-12-20 15:55:22.430root 11241100x8000000000000000757769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6364c137b888b3812021-12-20 15:55:22.430root 11241100x8000000000000000757770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c41930a173ce5f2021-12-20 15:55:22.430root 11241100x8000000000000000757771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd53364465193d02021-12-20 15:55:22.924root 11241100x8000000000000000757772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e2e1c4ecd053d02021-12-20 15:55:22.924root 11241100x8000000000000000757773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f882cd698e8b277d2021-12-20 15:55:22.924root 11241100x8000000000000000757774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e378ffa1dfbb5ba2021-12-20 15:55:22.924root 11241100x8000000000000000757775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834f53c02cb337312021-12-20 15:55:22.925root 11241100x8000000000000000757776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b46073563dbfe02021-12-20 15:55:22.925root 11241100x8000000000000000757777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862d952198e20b262021-12-20 15:55:22.925root 11241100x8000000000000000757778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462d8df41684f4192021-12-20 15:55:22.925root 11241100x8000000000000000757779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5787770b3770582d2021-12-20 15:55:22.925root 11241100x8000000000000000757780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7493cde156f98fa52021-12-20 15:55:22.925root 11241100x8000000000000000757781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4e48f059a16e7f2021-12-20 15:55:22.925root 11241100x8000000000000000757782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127e05475d2ca2372021-12-20 15:55:22.925root 11241100x8000000000000000757783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11712273d539bfc82021-12-20 15:55:22.925root 11241100x8000000000000000757784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d777271a7826de2021-12-20 15:55:22.925root 11241100x8000000000000000757785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db27a7cde799487c2021-12-20 15:55:22.925root 11241100x8000000000000000757786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b62bd4832f70262021-12-20 15:55:22.925root 11241100x8000000000000000757787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9b42b12dacd5162021-12-20 15:55:22.926root 11241100x8000000000000000757788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd783345841366d2021-12-20 15:55:22.926root 11241100x8000000000000000757789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d9f7c8ea66dffe2021-12-20 15:55:22.926root 11241100x8000000000000000757790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c632b28bb9fdcb422021-12-20 15:55:22.926root 11241100x8000000000000000757791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674eb8dd14cf23112021-12-20 15:55:22.926root 11241100x8000000000000000757792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c144d5a896f9ce02021-12-20 15:55:22.926root 11241100x8000000000000000757793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c39f8bc75ad0852021-12-20 15:55:22.926root 11241100x8000000000000000757794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c28c11d03cc5402021-12-20 15:55:22.926root 11241100x8000000000000000757795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983a476650a069342021-12-20 15:55:22.926root 11241100x8000000000000000757796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c7770379fcbccf2021-12-20 15:55:22.926root 11241100x8000000000000000757797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f35556579328d92021-12-20 15:55:22.926root 11241100x8000000000000000757798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d92282d9e2a2ccd2021-12-20 15:55:22.926root 11241100x8000000000000000757799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13596560c20b46a12021-12-20 15:55:22.926root 11241100x8000000000000000757800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17debe304192371e2021-12-20 15:55:22.926root 11241100x8000000000000000757801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bad0bc4a4d52cd2021-12-20 15:55:22.926root 11241100x8000000000000000757802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355353658a1443c02021-12-20 15:55:23.424root 11241100x8000000000000000757803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f876829fc4fa1ee2021-12-20 15:55:23.424root 11241100x8000000000000000757804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9c0d6d44066bef2021-12-20 15:55:23.424root 11241100x8000000000000000757805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba1c586ef3c065e2021-12-20 15:55:23.424root 11241100x8000000000000000757806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17097e30385e6862021-12-20 15:55:23.424root 11241100x8000000000000000757807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3e7f137ca2c28b2021-12-20 15:55:23.425root 11241100x8000000000000000757808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b72905d55edf972021-12-20 15:55:23.425root 11241100x8000000000000000757809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6168710bf0861b12021-12-20 15:55:23.425root 11241100x8000000000000000757810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6714d7fcd4b204602021-12-20 15:55:23.425root 11241100x8000000000000000757811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ea8289f5129ec22021-12-20 15:55:23.425root 11241100x8000000000000000757812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c622d76dc2335cb92021-12-20 15:55:23.425root 11241100x8000000000000000757813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5f2c21bae98cf32021-12-20 15:55:23.425root 11241100x8000000000000000757814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2e48f6501f167d2021-12-20 15:55:23.425root 11241100x8000000000000000757815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f188390d6be7a8f82021-12-20 15:55:23.425root 11241100x8000000000000000757816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8a44d2b87a6f062021-12-20 15:55:23.425root 11241100x8000000000000000757817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5246dfa09be375542021-12-20 15:55:23.425root 11241100x8000000000000000757818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2fbf75703efa3b2021-12-20 15:55:23.425root 11241100x8000000000000000757819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57dc68785c9d8572021-12-20 15:55:23.425root 11241100x8000000000000000757820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8936f953e845c12021-12-20 15:55:23.425root 11241100x8000000000000000757821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96516182ad231dae2021-12-20 15:55:23.425root 11241100x8000000000000000757822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b254134bf36c44be2021-12-20 15:55:23.426root 11241100x8000000000000000757823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ddcd1d34aa476a2021-12-20 15:55:23.426root 11241100x8000000000000000757824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9361958d3b4617d2021-12-20 15:55:23.426root 11241100x8000000000000000757825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c52bd582d92e7c82021-12-20 15:55:23.426root 11241100x8000000000000000757826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b7bc1e9fd48eae2021-12-20 15:55:23.426root 11241100x8000000000000000757827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd50c4248dea6b062021-12-20 15:55:23.426root 11241100x8000000000000000757828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0236ec348897092d2021-12-20 15:55:23.426root 11241100x8000000000000000757829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5e54dbf612164b2021-12-20 15:55:23.426root 11241100x8000000000000000757830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1716cddac43bc3da2021-12-20 15:55:23.426root 11241100x8000000000000000757831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e31e317d18279e42021-12-20 15:55:23.426root 11241100x8000000000000000757832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9be06d0cfa2b182021-12-20 15:55:23.426root 11241100x8000000000000000757833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e490e78f8cb98bb02021-12-20 15:55:23.426root 11241100x8000000000000000757834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a6adad91cfdb772021-12-20 15:55:23.426root 11241100x8000000000000000757835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e5c8fe4bbfe64f2021-12-20 15:55:23.426root 11241100x8000000000000000757836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f466d55ca2e28a2021-12-20 15:55:23.426root 11241100x8000000000000000757837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6944f5e37864a8a62021-12-20 15:55:23.924root 11241100x8000000000000000757838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dec77fe42b47a912021-12-20 15:55:23.924root 11241100x8000000000000000757839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9fdb8d8da665782021-12-20 15:55:23.925root 11241100x8000000000000000757840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009a96137242d2322021-12-20 15:55:23.925root 11241100x8000000000000000757841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ced0a1c5c41f1e2021-12-20 15:55:23.925root 11241100x8000000000000000757842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85ea1199dd128212021-12-20 15:55:23.925root 11241100x8000000000000000757843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01f6aca612ec5e32021-12-20 15:55:23.925root 11241100x8000000000000000757844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81249ed7099087c62021-12-20 15:55:23.925root 11241100x8000000000000000757845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a76cc955b885782021-12-20 15:55:23.926root 11241100x8000000000000000757846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41ece35e2304d172021-12-20 15:55:23.926root 11241100x8000000000000000757847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4a2f2db89a157b2021-12-20 15:55:23.926root 11241100x8000000000000000757848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1dc9f543b8d5d72021-12-20 15:55:23.926root 11241100x8000000000000000757849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64466068eab14e9a2021-12-20 15:55:23.926root 11241100x8000000000000000757850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8fd1d2baee29762021-12-20 15:55:23.927root 11241100x8000000000000000757851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4d699ea916de512021-12-20 15:55:23.927root 11241100x8000000000000000757852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce618a765157acec2021-12-20 15:55:23.927root 11241100x8000000000000000757853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54660b73a289b62c2021-12-20 15:55:23.927root 11241100x8000000000000000757854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd042cad1cbb3cf72021-12-20 15:55:23.928root 11241100x8000000000000000757855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b18de0ffa7e60dd2021-12-20 15:55:23.928root 11241100x8000000000000000757856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4661714bd48f7d2021-12-20 15:55:23.928root 11241100x8000000000000000757857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a860d4bf8caa7402021-12-20 15:55:23.932root 11241100x8000000000000000757858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874a38353bddd3f32021-12-20 15:55:23.932root 11241100x8000000000000000757859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfad6d91ac3bdda02021-12-20 15:55:23.933root 11241100x8000000000000000757860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f6fbe1f6e359992021-12-20 15:55:23.933root 11241100x8000000000000000757861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac80d3c32a68f9572021-12-20 15:55:23.933root 11241100x8000000000000000757862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c20e4bd82e19642021-12-20 15:55:23.933root 11241100x8000000000000000757863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c20a5508273d29c2021-12-20 15:55:23.934root 11241100x8000000000000000757864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878b69065ab5ce472021-12-20 15:55:24.424root 11241100x8000000000000000757865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca06bdb6a828979c2021-12-20 15:55:24.424root 11241100x8000000000000000757866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fdf4e0e7818d6c2021-12-20 15:55:24.425root 11241100x8000000000000000757867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaf80be663bc0d52021-12-20 15:55:24.425root 11241100x8000000000000000757868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038a04f12d1ae24a2021-12-20 15:55:24.425root 11241100x8000000000000000757869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e0507651e6d3282021-12-20 15:55:24.425root 11241100x8000000000000000757870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44a9698091d14d32021-12-20 15:55:24.426root 11241100x8000000000000000757871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7f3e46d33aabf02021-12-20 15:55:24.426root 11241100x8000000000000000757872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae8109c7acf2c552021-12-20 15:55:24.426root 11241100x8000000000000000757873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc417f4491c547ef2021-12-20 15:55:24.427root 11241100x8000000000000000757874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3685877d0edc0fe42021-12-20 15:55:24.427root 11241100x8000000000000000757875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bdf551217ff7aa2021-12-20 15:55:24.427root 11241100x8000000000000000757876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b637bf4f0d38ae2021-12-20 15:55:24.427root 11241100x8000000000000000757877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3963ac1b880e8ff2021-12-20 15:55:24.427root 11241100x8000000000000000757878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916e3eaf8e9ad2372021-12-20 15:55:24.427root 11241100x8000000000000000757879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef2ef7b35a733dc2021-12-20 15:55:24.427root 11241100x8000000000000000757880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4cfdfb518ab05c2021-12-20 15:55:24.428root 11241100x8000000000000000757881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82804fa66a2e63e02021-12-20 15:55:24.428root 11241100x8000000000000000757882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b0f7784ededada2021-12-20 15:55:24.428root 11241100x8000000000000000757883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c80a6a7ba99c602021-12-20 15:55:24.428root 11241100x8000000000000000757884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4fac41f7b2f7362021-12-20 15:55:24.428root 11241100x8000000000000000757885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4426d1cb268b6d992021-12-20 15:55:24.428root 11241100x8000000000000000757886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab92c4b0d3bf2482021-12-20 15:55:24.428root 11241100x8000000000000000757887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08509e2e24ce689c2021-12-20 15:55:24.428root 11241100x8000000000000000757888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084f103cadf723772021-12-20 15:55:24.428root 11241100x8000000000000000757889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd36a42ae046b5a52021-12-20 15:55:24.429root 11241100x8000000000000000757890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dec5042923c59e32021-12-20 15:55:24.429root 11241100x8000000000000000757891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa17da4b3bfe1bc12021-12-20 15:55:24.924root 11241100x8000000000000000757892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440d10082c5900642021-12-20 15:55:24.924root 11241100x8000000000000000757893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9306cbb9eb274c9a2021-12-20 15:55:24.924root 11241100x8000000000000000757894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70429b523297b1212021-12-20 15:55:24.924root 11241100x8000000000000000757895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faca95ecf6ab2722021-12-20 15:55:24.925root 11241100x8000000000000000757896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c94eb9194f0754a2021-12-20 15:55:24.925root 11241100x8000000000000000757897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2389967bf9bca752021-12-20 15:55:24.925root 11241100x8000000000000000757898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7b23ddfc05c5d92021-12-20 15:55:24.925root 11241100x8000000000000000757899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6486a9686d3a0ef2021-12-20 15:55:24.925root 11241100x8000000000000000757900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b381ee61dd1e7def2021-12-20 15:55:24.925root 11241100x8000000000000000757901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f21ca676a096692021-12-20 15:55:24.925root 11241100x8000000000000000757902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213a3248cb84ca422021-12-20 15:55:24.925root 11241100x8000000000000000757903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a2a78b9cb4f3962021-12-20 15:55:24.925root 11241100x8000000000000000757904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f753b5363a6d80b52021-12-20 15:55:24.925root 11241100x8000000000000000757905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bf5f4997adf5332021-12-20 15:55:24.925root 11241100x8000000000000000757906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4662f34ddd544fd42021-12-20 15:55:24.926root 11241100x8000000000000000757907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144c6cd7a6d14c042021-12-20 15:55:24.926root 11241100x8000000000000000757908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a17d819537093cc2021-12-20 15:55:24.926root 11241100x8000000000000000757909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7648a2f7ba294e6e2021-12-20 15:55:24.926root 11241100x8000000000000000757910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5864c4b2eba2dc1e2021-12-20 15:55:24.926root 11241100x8000000000000000757911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36aa9ead6bd18c842021-12-20 15:55:24.926root 11241100x8000000000000000757912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c521fb6839a8dc572021-12-20 15:55:24.926root 11241100x8000000000000000757913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b865f977f5bf460f2021-12-20 15:55:24.926root 11241100x8000000000000000757914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e54d8044676d8582021-12-20 15:55:24.926root 11241100x8000000000000000757915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6e39797ceaea942021-12-20 15:55:24.927root 11241100x8000000000000000757916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5b4342b531cb642021-12-20 15:55:24.927root 11241100x8000000000000000757917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aac1d23a57cd902021-12-20 15:55:24.927root 11241100x8000000000000000757918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa5bc64ae91a0b12021-12-20 15:55:24.927root 11241100x8000000000000000757919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06c95392514744b2021-12-20 15:55:25.424root 11241100x8000000000000000757920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cd117a961cce902021-12-20 15:55:25.424root 11241100x8000000000000000757921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cfbeda22fcc5cf2021-12-20 15:55:25.424root 11241100x8000000000000000757922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bff0a9284cb7912021-12-20 15:55:25.424root 11241100x8000000000000000757923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f4b914e03cde242021-12-20 15:55:25.425root 11241100x8000000000000000757924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb68ccfa62333e112021-12-20 15:55:25.425root 11241100x8000000000000000757925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8f222e7d335a382021-12-20 15:55:25.425root 11241100x8000000000000000757926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f229d23389fb3892021-12-20 15:55:25.425root 11241100x8000000000000000757927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f73a9a33eae16302021-12-20 15:55:25.425root 11241100x8000000000000000757928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2c9ba09b011cb52021-12-20 15:55:25.426root 11241100x8000000000000000757929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6ec73bcfc2aa1b2021-12-20 15:55:25.426root 11241100x8000000000000000757930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ab0906de18a01d2021-12-20 15:55:25.426root 11241100x8000000000000000757931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b13852dd991ca22021-12-20 15:55:25.426root 11241100x8000000000000000757932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa1d7cd16b095be2021-12-20 15:55:25.427root 11241100x8000000000000000757933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863cbccf0ff6557f2021-12-20 15:55:25.427root 11241100x8000000000000000757934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b274d768e39961692021-12-20 15:55:25.427root 11241100x8000000000000000757935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1be55f52f383e52021-12-20 15:55:25.427root 11241100x8000000000000000757936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b82b800cf76d2552021-12-20 15:55:25.427root 11241100x8000000000000000757937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad39801192a433692021-12-20 15:55:25.428root 11241100x8000000000000000757938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dacb7ad0f222132021-12-20 15:55:25.428root 11241100x8000000000000000757939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b770e3ef99af202021-12-20 15:55:25.428root 11241100x8000000000000000757940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772301e58f6a38842021-12-20 15:55:25.428root 11241100x8000000000000000757941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17127343950818b32021-12-20 15:55:25.428root 11241100x8000000000000000757942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b8eb4c4e4de5652021-12-20 15:55:25.429root 11241100x8000000000000000757943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a8e7830f051fa22021-12-20 15:55:25.429root 11241100x8000000000000000757944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2237aec6010192be2021-12-20 15:55:25.429root 11241100x8000000000000000757945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8ee40bad1007502021-12-20 15:55:25.429root 11241100x8000000000000000757946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943e91f8ddf5f0b82021-12-20 15:55:25.429root 11241100x8000000000000000757947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdcfd0196a90c3e2021-12-20 15:55:25.924root 11241100x8000000000000000757948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168580c8f7366f062021-12-20 15:55:25.924root 11241100x8000000000000000757949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602f82199fa99b4e2021-12-20 15:55:25.925root 11241100x8000000000000000757950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c7252c038d13ed2021-12-20 15:55:25.925root 11241100x8000000000000000757951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d46eae7a417b4a2021-12-20 15:55:25.925root 11241100x8000000000000000757952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b49097fb07d8d332021-12-20 15:55:25.925root 11241100x8000000000000000757953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75333cf0da5beff2021-12-20 15:55:25.926root 11241100x8000000000000000757954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb22aa4bf7a0af062021-12-20 15:55:25.926root 11241100x8000000000000000757955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3e206b7844f0722021-12-20 15:55:25.926root 11241100x8000000000000000757956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cba66f46888ca42021-12-20 15:55:25.926root 11241100x8000000000000000757957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eebdae782be2f912021-12-20 15:55:25.926root 11241100x8000000000000000757958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61c2875874fea092021-12-20 15:55:25.926root 11241100x8000000000000000757959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca362b9a943a30a2021-12-20 15:55:25.928root 11241100x8000000000000000757960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fedc8305e318d2d2021-12-20 15:55:25.928root 11241100x8000000000000000757961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5e7be9235a03de2021-12-20 15:55:25.928root 11241100x8000000000000000757962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc0685f05b625e92021-12-20 15:55:25.928root 11241100x8000000000000000757963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71910432b86d3f842021-12-20 15:55:25.928root 11241100x8000000000000000757964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4438a88087e40e6c2021-12-20 15:55:25.929root 11241100x8000000000000000757965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1895ef439cb531f12021-12-20 15:55:25.929root 11241100x8000000000000000757966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d045dba83f0e2242021-12-20 15:55:25.929root 11241100x8000000000000000757967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e753987370916ed72021-12-20 15:55:25.929root 11241100x8000000000000000757968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675a13207e28fac52021-12-20 15:55:25.929root 11241100x8000000000000000757969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b939e50900bfe92021-12-20 15:55:25.929root 11241100x8000000000000000757970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d62af369a88d44f2021-12-20 15:55:25.929root 11241100x8000000000000000757971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55853e5ad31bf5152021-12-20 15:55:25.929root 11241100x8000000000000000757972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d496c53012afb302021-12-20 15:55:25.930root 11241100x8000000000000000757973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b1c36a53772162021-12-20 15:55:25.930root 11241100x8000000000000000757974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90a649e8dba8fea2021-12-20 15:55:25.930root 11241100x8000000000000000757975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea610d7a31bb2112021-12-20 15:55:25.930root 11241100x8000000000000000757976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddd4f1a842609732021-12-20 15:55:26.424root 11241100x8000000000000000757977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01386f644df788d92021-12-20 15:55:26.424root 11241100x8000000000000000757978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d23064d11638de2021-12-20 15:55:26.424root 11241100x8000000000000000757979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f188bc6c0f6e782021-12-20 15:55:26.424root 11241100x8000000000000000757980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fa2f3165c06a9a2021-12-20 15:55:26.425root 11241100x8000000000000000757981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8547bcce5b4a75a72021-12-20 15:55:26.425root 11241100x8000000000000000757982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636fe0799e71e8bf2021-12-20 15:55:26.425root 11241100x8000000000000000757983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428f738e1be395812021-12-20 15:55:26.425root 11241100x8000000000000000757984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33d00c117a537cd2021-12-20 15:55:26.425root 11241100x8000000000000000757985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab2b389c604af712021-12-20 15:55:26.425root 11241100x8000000000000000757986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b68754a8367ea72021-12-20 15:55:26.425root 11241100x8000000000000000757987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d7b4b07532eacc2021-12-20 15:55:26.426root 11241100x8000000000000000757988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a368e5e73be3832021-12-20 15:55:26.426root 11241100x8000000000000000757989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76751b26447ff452021-12-20 15:55:26.426root 11241100x8000000000000000757990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202d67860b3dea272021-12-20 15:55:26.426root 11241100x8000000000000000757991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c37dbd27a66fed2021-12-20 15:55:26.426root 11241100x8000000000000000757992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e38c6100b7ae6532021-12-20 15:55:26.426root 11241100x8000000000000000757993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a0f83f199cd2142021-12-20 15:55:26.427root 11241100x8000000000000000757994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc93d5393e465c782021-12-20 15:55:26.427root 11241100x8000000000000000757995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3c1fc836fccd682021-12-20 15:55:26.428root 11241100x8000000000000000757996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754fbb573ef341f32021-12-20 15:55:26.428root 11241100x8000000000000000757997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89a23ddcb58ba282021-12-20 15:55:26.428root 11241100x8000000000000000757998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b73d272c38e8662021-12-20 15:55:26.428root 11241100x8000000000000000757999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d564b91fa47232c2021-12-20 15:55:26.428root 11241100x8000000000000000758000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f958ee2826de02692021-12-20 15:55:26.428root 11241100x8000000000000000758001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a436ef02a05fc1d62021-12-20 15:55:26.428root 11241100x8000000000000000758002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222ab24706e115982021-12-20 15:55:26.428root 11241100x8000000000000000758003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf759c700472d322021-12-20 15:55:26.428root 11241100x8000000000000000758004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d253db91f3a84e2021-12-20 15:55:26.429root 11241100x8000000000000000758005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf63759f008c63c62021-12-20 15:55:26.429root 11241100x8000000000000000758006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb50d93d40fbea1e2021-12-20 15:55:26.429root 11241100x8000000000000000758007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89a5d81d65a5f522021-12-20 15:55:26.924root 11241100x8000000000000000758008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786865e7035d69f12021-12-20 15:55:26.924root 11241100x8000000000000000758009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc975b07e7cc15092021-12-20 15:55:26.924root 11241100x8000000000000000758010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f8fa07b0b62c242021-12-20 15:55:26.925root 11241100x8000000000000000758011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6defbb7d61dbbfbc2021-12-20 15:55:26.925root 11241100x8000000000000000758012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f49df0e925c5bf2021-12-20 15:55:26.925root 11241100x8000000000000000758013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809dcdadee8b8e4d2021-12-20 15:55:26.925root 11241100x8000000000000000758014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3be5e4c0476f562021-12-20 15:55:26.925root 11241100x8000000000000000758015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae93e445d6cc63e2021-12-20 15:55:26.925root 11241100x8000000000000000758016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcc4288c54dc8332021-12-20 15:55:26.925root 11241100x8000000000000000758017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee2b58a4248543e2021-12-20 15:55:26.925root 11241100x8000000000000000758018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dce35031122e672021-12-20 15:55:26.925root 11241100x8000000000000000758019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4908f6c56ee96f72021-12-20 15:55:26.926root 11241100x8000000000000000758020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a64501d7f2d93be2021-12-20 15:55:26.926root 11241100x8000000000000000758021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3049462a31a4e622021-12-20 15:55:26.926root 11241100x8000000000000000758022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50ce4fa08686c652021-12-20 15:55:26.926root 11241100x8000000000000000758023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c46198be2b707b22021-12-20 15:55:26.926root 11241100x8000000000000000758024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6a411c72064bba2021-12-20 15:55:26.926root 11241100x8000000000000000758025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a3817ef37123292021-12-20 15:55:26.926root 11241100x8000000000000000758026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1246161b921b17862021-12-20 15:55:26.927root 11241100x8000000000000000758027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91aa6d65157397052021-12-20 15:55:26.927root 11241100x8000000000000000758028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3855f035e51c2eb12021-12-20 15:55:26.927root 11241100x8000000000000000758029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177f171079879f212021-12-20 15:55:26.927root 11241100x8000000000000000758030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c943d0ed2496ec622021-12-20 15:55:26.927root 11241100x8000000000000000758031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71e590457b93a612021-12-20 15:55:26.927root 11241100x8000000000000000758032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994b95059923379d2021-12-20 15:55:26.927root 11241100x8000000000000000758033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:26.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a4323dd0b844d52021-12-20 15:55:26.928root 11241100x8000000000000000758034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163a709d03ba3dd72021-12-20 15:55:27.424root 11241100x8000000000000000758035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d36271253822a4c2021-12-20 15:55:27.424root 11241100x8000000000000000758036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57122680ef8a1592021-12-20 15:55:27.424root 11241100x8000000000000000758037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3ce61fbdfe93bc2021-12-20 15:55:27.424root 11241100x8000000000000000758038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3b1c7c8f0a84852021-12-20 15:55:27.424root 11241100x8000000000000000758039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f574dc101055fc2021-12-20 15:55:27.425root 11241100x8000000000000000758040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6da6665897de6b2021-12-20 15:55:27.425root 11241100x8000000000000000758041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f44e13de4064af82021-12-20 15:55:27.425root 11241100x8000000000000000758042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927c6163b1bc2ba12021-12-20 15:55:27.425root 11241100x8000000000000000758043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9200ac1c65df5be22021-12-20 15:55:27.425root 11241100x8000000000000000758044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c071483a83654e422021-12-20 15:55:27.425root 11241100x8000000000000000758045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a27ee93d0187322021-12-20 15:55:27.425root 11241100x8000000000000000758046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a6994267b0a4922021-12-20 15:55:27.426root 11241100x8000000000000000758047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1856611ebd47462021-12-20 15:55:27.426root 11241100x8000000000000000758048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ad45d5741dedf12021-12-20 15:55:27.426root 11241100x8000000000000000758049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6271e26b58ff472021-12-20 15:55:27.426root 11241100x8000000000000000758050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bd304d5f56f5642021-12-20 15:55:27.426root 11241100x8000000000000000758051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db405a9bd779d9c62021-12-20 15:55:27.426root 11241100x8000000000000000758052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a8b86dee2797fc2021-12-20 15:55:27.426root 11241100x8000000000000000758053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38efe041464fdfa2021-12-20 15:55:27.426root 11241100x8000000000000000758054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c6ca3543c847f72021-12-20 15:55:27.427root 11241100x8000000000000000758055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c1f96ad606b6bc2021-12-20 15:55:27.427root 11241100x8000000000000000758056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c238b9e7d5feb26d2021-12-20 15:55:27.427root 11241100x8000000000000000758057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc2d0b47bc680182021-12-20 15:55:27.427root 11241100x8000000000000000758058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7fc0fd747c83dc2021-12-20 15:55:27.427root 11241100x8000000000000000758059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9266c1cefd7e33c2021-12-20 15:55:27.427root 11241100x8000000000000000758060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19a1c8e5850cf702021-12-20 15:55:27.427root 11241100x8000000000000000758061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d7583d960c1ee42021-12-20 15:55:27.428root 11241100x8000000000000000758062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b568663eef941c702021-12-20 15:55:27.428root 11241100x8000000000000000758063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4178f0486bdd90702021-12-20 15:55:27.428root 11241100x8000000000000000758064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6e9fecd3b260042021-12-20 15:55:27.428root 11241100x8000000000000000758065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c01443d94ffe532021-12-20 15:55:27.429root 11241100x8000000000000000758066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e50ed4420bdae52021-12-20 15:55:27.431root 11241100x8000000000000000758067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7377a1946a1765972021-12-20 15:55:27.431root 11241100x8000000000000000758068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18442d0346235e592021-12-20 15:55:27.431root 11241100x8000000000000000758069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a111a91abfd10ffe2021-12-20 15:55:27.431root 11241100x8000000000000000758070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58593369c8cb1fdf2021-12-20 15:55:27.431root 11241100x8000000000000000758071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8338a66cbfe96d072021-12-20 15:55:27.431root 11241100x8000000000000000758072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.444{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d627d14cc557d6682021-12-20 15:55:27.444root 11241100x8000000000000000758073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ece0b3b757cad372021-12-20 15:55:27.924root 11241100x8000000000000000758074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d081cdc38a75042021-12-20 15:55:27.925root 11241100x8000000000000000758075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e65bfa8d308fbba2021-12-20 15:55:27.925root 11241100x8000000000000000758076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc9ce84ae40bb212021-12-20 15:55:27.925root 11241100x8000000000000000758077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3385e9729a076d082021-12-20 15:55:27.925root 11241100x8000000000000000758078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642dc201d30a5d232021-12-20 15:55:27.925root 11241100x8000000000000000758079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02dda43eb212e52021-12-20 15:55:27.926root 11241100x8000000000000000758080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2fc301278f5a202021-12-20 15:55:27.926root 11241100x8000000000000000758081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9902e7758609692021-12-20 15:55:27.926root 11241100x8000000000000000758082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82036e87c37a6bc2021-12-20 15:55:27.926root 11241100x8000000000000000758083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9bbdbb773a8ba62021-12-20 15:55:27.927root 11241100x8000000000000000758084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784613af06b19e702021-12-20 15:55:27.927root 11241100x8000000000000000758085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023beb8e4b84ec1f2021-12-20 15:55:27.927root 11241100x8000000000000000758086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfff479e5cf30f212021-12-20 15:55:27.927root 11241100x8000000000000000758087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28eb2cbd648139a32021-12-20 15:55:27.928root 11241100x8000000000000000758088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6979e1db0393c42021-12-20 15:55:27.928root 11241100x8000000000000000758089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190308f87d34535c2021-12-20 15:55:27.928root 11241100x8000000000000000758090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ee3579856284932021-12-20 15:55:27.928root 11241100x8000000000000000758091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054ac16e95aa610b2021-12-20 15:55:27.928root 11241100x8000000000000000758092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b5b22cbe75b31f2021-12-20 15:55:27.929root 11241100x8000000000000000758093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd96e59731798f1b2021-12-20 15:55:27.929root 11241100x8000000000000000758094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505c99235d47b21d2021-12-20 15:55:27.929root 11241100x8000000000000000758095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f430bd3102140c52021-12-20 15:55:27.930root 11241100x8000000000000000758096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18a1125334d0a802021-12-20 15:55:27.930root 11241100x8000000000000000758097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c100aba57098532021-12-20 15:55:27.930root 11241100x8000000000000000758098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41cd46aca4240fa2021-12-20 15:55:27.930root 11241100x8000000000000000758099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cc5f2b8b1f00a62021-12-20 15:55:27.930root 354300x8000000000000000758100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.160{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51378-false10.0.1.12-8000- 11241100x8000000000000000758101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad1a73f62e92f422021-12-20 15:55:28.424root 11241100x8000000000000000758102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8bdf5b5df9cc192021-12-20 15:55:28.424root 11241100x8000000000000000758103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dd0ff0ca1812b22021-12-20 15:55:28.424root 11241100x8000000000000000758104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbd03a67e0b5e392021-12-20 15:55:28.424root 11241100x8000000000000000758105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a4c7dc3b5b86342021-12-20 15:55:28.424root 11241100x8000000000000000758106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014ba29bcd5d05ff2021-12-20 15:55:28.425root 11241100x8000000000000000758107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a738aad9e6757862021-12-20 15:55:28.425root 11241100x8000000000000000758108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d7b3d80fd1ca3c2021-12-20 15:55:28.425root 11241100x8000000000000000758109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd5bd6d2947ee372021-12-20 15:55:28.425root 11241100x8000000000000000758110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b34d8d4b3c17c92021-12-20 15:55:28.425root 11241100x8000000000000000758111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e3bf5658d7456b2021-12-20 15:55:28.426root 11241100x8000000000000000758112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30a8435a30cb9f72021-12-20 15:55:28.426root 11241100x8000000000000000758113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484b5d5a0b99893c2021-12-20 15:55:28.428root 11241100x8000000000000000758114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176345a4556feb2d2021-12-20 15:55:28.428root 11241100x8000000000000000758115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1ef5ca4f873b512021-12-20 15:55:28.428root 11241100x8000000000000000758116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9876bb2b436ce242021-12-20 15:55:28.428root 11241100x8000000000000000758117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cb3e1073a3f79f2021-12-20 15:55:28.428root 11241100x8000000000000000758118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcd34a5612b0cda2021-12-20 15:55:28.428root 11241100x8000000000000000758119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f3df4dd4a4e24a2021-12-20 15:55:28.429root 11241100x8000000000000000758120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fee26a15e961a002021-12-20 15:55:28.429root 11241100x8000000000000000758121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a377a6534badeb2021-12-20 15:55:28.429root 11241100x8000000000000000758122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8eb66f8e583f1a2021-12-20 15:55:28.429root 11241100x8000000000000000758123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63413b40d7eb4bb22021-12-20 15:55:28.429root 11241100x8000000000000000758124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92c81739a416d892021-12-20 15:55:28.429root 11241100x8000000000000000758125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05ae684797b37b82021-12-20 15:55:28.429root 11241100x8000000000000000758126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b554dacb0c9314a82021-12-20 15:55:28.429root 11241100x8000000000000000758127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5dd2afc7fd30a92021-12-20 15:55:28.429root 11241100x8000000000000000758128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f5b187dd62dd882021-12-20 15:55:28.429root 11241100x8000000000000000758129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a623df80b46ca9c2021-12-20 15:55:28.429root 11241100x8000000000000000758130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9465c6087fc4b72021-12-20 15:55:28.429root 11241100x8000000000000000758131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c651b2ce478aa9c2021-12-20 15:55:28.429root 11241100x8000000000000000758132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f456e9488ba59f82021-12-20 15:55:28.430root 11241100x8000000000000000758133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85626ad54b4696f22021-12-20 15:55:28.430root 11241100x8000000000000000758134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dbbb9d03aa5eaa2021-12-20 15:55:28.430root 11241100x8000000000000000758135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458c8a0c25ced2f22021-12-20 15:55:28.430root 11241100x8000000000000000758136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e38c0a2a7f1ae52021-12-20 15:55:28.924root 11241100x8000000000000000758137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bba1d6847ea0f622021-12-20 15:55:28.924root 11241100x8000000000000000758138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9121d8956f78edf82021-12-20 15:55:28.924root 11241100x8000000000000000758139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eea922d721209312021-12-20 15:55:28.925root 11241100x8000000000000000758140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d449e26bb860142021-12-20 15:55:28.925root 11241100x8000000000000000758141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae2e4ca730e82352021-12-20 15:55:28.925root 11241100x8000000000000000758142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635cbf65cc5c64e32021-12-20 15:55:28.925root 11241100x8000000000000000758143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb02b4771059a2d32021-12-20 15:55:28.925root 11241100x8000000000000000758144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dade3043602b96a2021-12-20 15:55:28.925root 11241100x8000000000000000758145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5d9ccad29f0e072021-12-20 15:55:28.925root 11241100x8000000000000000758146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229d24970434c3732021-12-20 15:55:28.925root 11241100x8000000000000000758147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062bd1d2c005fc9d2021-12-20 15:55:28.925root 11241100x8000000000000000758148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147e02579d38668e2021-12-20 15:55:28.925root 11241100x8000000000000000758149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a901d73b3b3635ca2021-12-20 15:55:28.926root 11241100x8000000000000000758150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530cd8205e3049da2021-12-20 15:55:28.926root 11241100x8000000000000000758151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94319ab738f2d4002021-12-20 15:55:28.926root 11241100x8000000000000000758152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6d98e6416aebdc2021-12-20 15:55:28.926root 11241100x8000000000000000758153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104eb21bfd0dfbfb2021-12-20 15:55:28.926root 11241100x8000000000000000758154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ea2d8fee56623c2021-12-20 15:55:28.926root 11241100x8000000000000000758155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49be05a77dac0382021-12-20 15:55:28.926root 11241100x8000000000000000758156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53896e51e2b6f17e2021-12-20 15:55:28.926root 11241100x8000000000000000758157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0577409a0cee88b72021-12-20 15:55:28.926root 11241100x8000000000000000758158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c861859f1621227c2021-12-20 15:55:28.927root 11241100x8000000000000000758159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968c49ab2318e0d92021-12-20 15:55:28.927root 11241100x8000000000000000758160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b9b90f7f5dfc702021-12-20 15:55:28.927root 11241100x8000000000000000758161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fb1f7878f5a03d2021-12-20 15:55:28.927root 11241100x8000000000000000758162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76605cc55bda7ed2021-12-20 15:55:28.927root 11241100x8000000000000000758163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fcac514c9082292021-12-20 15:55:28.927root 11241100x8000000000000000758164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f71747055a6731b2021-12-20 15:55:28.927root 11241100x8000000000000000758165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74928bc6bceeecf2021-12-20 15:55:28.927root 11241100x8000000000000000758166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294ff350af538d4f2021-12-20 15:55:28.927root 11241100x8000000000000000758167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a0833dc68dc4432021-12-20 15:55:28.927root 11241100x8000000000000000758168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087479365b7eff8d2021-12-20 15:55:28.927root 11241100x8000000000000000758169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee29d5eb835d75f2021-12-20 15:55:28.927root 11241100x8000000000000000758170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0780b7bd9399252021-12-20 15:55:28.928root 11241100x8000000000000000758171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5c3e6e5ff978412021-12-20 15:55:28.928root 11241100x8000000000000000758172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79772da7aba44df32021-12-20 15:55:28.928root 11241100x8000000000000000758173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b108778207538a2021-12-20 15:55:28.928root 11241100x8000000000000000758174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1340d097352ac4e52021-12-20 15:55:29.424root 11241100x8000000000000000758175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c705ff5da080e7852021-12-20 15:55:29.424root 11241100x8000000000000000758176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e779d3cd895cca192021-12-20 15:55:29.424root 11241100x8000000000000000758177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898a3f0a5a33a70d2021-12-20 15:55:29.424root 11241100x8000000000000000758178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef0b6ffacf6e54f2021-12-20 15:55:29.424root 11241100x8000000000000000758179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d6e9468a2b12a52021-12-20 15:55:29.425root 11241100x8000000000000000758180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f14e354a50f9a252021-12-20 15:55:29.425root 11241100x8000000000000000758181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92778c83db157f842021-12-20 15:55:29.425root 11241100x8000000000000000758182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f50f96d24220042021-12-20 15:55:29.425root 11241100x8000000000000000758183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4840871ed093112021-12-20 15:55:29.425root 11241100x8000000000000000758184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbdf2ffc18726df2021-12-20 15:55:29.425root 11241100x8000000000000000758185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98db7916635ee4cd2021-12-20 15:55:29.425root 11241100x8000000000000000758186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8490b75119c946212021-12-20 15:55:29.425root 11241100x8000000000000000758187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c174ef8ff2ec57d52021-12-20 15:55:29.425root 11241100x8000000000000000758188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc65bb7bbe04a7802021-12-20 15:55:29.425root 11241100x8000000000000000758189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9818ce47ae0033112021-12-20 15:55:29.425root 11241100x8000000000000000758190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e198e5a6b8b7cb692021-12-20 15:55:29.425root 11241100x8000000000000000758191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1ea7a0ea43783e2021-12-20 15:55:29.426root 11241100x8000000000000000758192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015a50a515b9c1562021-12-20 15:55:29.426root 11241100x8000000000000000758193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69801dbfde5c8e2c2021-12-20 15:55:29.426root 11241100x8000000000000000758194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63837da3bcf10c022021-12-20 15:55:29.426root 11241100x8000000000000000758195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee99ffc396caea272021-12-20 15:55:29.426root 11241100x8000000000000000758196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700c61457f736cba2021-12-20 15:55:29.426root 11241100x8000000000000000758197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f44df27a17356e2021-12-20 15:55:29.426root 11241100x8000000000000000758198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dc5b7fcce737e52021-12-20 15:55:29.426root 11241100x8000000000000000758199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0db04762244bbc2021-12-20 15:55:29.426root 11241100x8000000000000000758200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc3408f6e9d27ca2021-12-20 15:55:29.426root 11241100x8000000000000000758201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f283638d693342a72021-12-20 15:55:29.426root 11241100x8000000000000000758202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a47f29d58b79cee2021-12-20 15:55:29.427root 11241100x8000000000000000758203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bb79a93800c4e32021-12-20 15:55:29.427root 11241100x8000000000000000758204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77cf82f7f56cda52021-12-20 15:55:29.924root 11241100x8000000000000000758205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9527470e52cf972021-12-20 15:55:29.924root 11241100x8000000000000000758206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12fc478330edd382021-12-20 15:55:29.924root 11241100x8000000000000000758207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a08860625c2721c2021-12-20 15:55:29.924root 11241100x8000000000000000758208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c703c094651b38702021-12-20 15:55:29.925root 11241100x8000000000000000758209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f56eb8852059502021-12-20 15:55:29.925root 11241100x8000000000000000758210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5778edfe8fa104d02021-12-20 15:55:29.925root 11241100x8000000000000000758211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a0ac927a8b3ba62021-12-20 15:55:29.925root 11241100x8000000000000000758212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119d58e8ba7ee6e62021-12-20 15:55:29.925root 11241100x8000000000000000758213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c67814b2dfdcc112021-12-20 15:55:29.925root 11241100x8000000000000000758214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec70245e92ce0802021-12-20 15:55:29.925root 11241100x8000000000000000758215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be964ef93d2c5982021-12-20 15:55:29.925root 11241100x8000000000000000758216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4323c688164339d2021-12-20 15:55:29.925root 11241100x8000000000000000758217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f7d309b0ee7e0c2021-12-20 15:55:29.925root 11241100x8000000000000000758218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05641338a31fe4622021-12-20 15:55:29.925root 11241100x8000000000000000758219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e359c5cccef3fe72021-12-20 15:55:29.925root 11241100x8000000000000000758220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fca67aadcd545c62021-12-20 15:55:29.926root 11241100x8000000000000000758221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d695cb1d3e15c8a82021-12-20 15:55:29.926root 11241100x8000000000000000758222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91ab2cfd9971ca2021-12-20 15:55:29.926root 11241100x8000000000000000758223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e37bb75c7bca862021-12-20 15:55:29.926root 11241100x8000000000000000758224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482c45407d909b062021-12-20 15:55:29.926root 11241100x8000000000000000758225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581051b3484f59732021-12-20 15:55:29.926root 11241100x8000000000000000758226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cea008003fe18ae2021-12-20 15:55:29.926root 11241100x8000000000000000758227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f4c1e09e30a2272021-12-20 15:55:29.926root 11241100x8000000000000000758228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ff58f162730a2d2021-12-20 15:55:29.926root 11241100x8000000000000000758229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8638674ca21a63372021-12-20 15:55:29.926root 11241100x8000000000000000758230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1681ae234f2d172021-12-20 15:55:29.926root 11241100x8000000000000000758231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f058619aca898132021-12-20 15:55:29.927root 11241100x8000000000000000758232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30a045017429c0e2021-12-20 15:55:30.424root 11241100x8000000000000000758233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218099cec80928f72021-12-20 15:55:30.424root 11241100x8000000000000000758234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7af6b7f68448a3c2021-12-20 15:55:30.424root 11241100x8000000000000000758235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87b9cebdc7836752021-12-20 15:55:30.424root 11241100x8000000000000000758236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8a339f75f8da6a2021-12-20 15:55:30.425root 11241100x8000000000000000758237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4755a688436273502021-12-20 15:55:30.425root 11241100x8000000000000000758238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efa70df962048872021-12-20 15:55:30.425root 11241100x8000000000000000758239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ee0c0198ff963a2021-12-20 15:55:30.425root 11241100x8000000000000000758240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8236b5d505a4ad2021-12-20 15:55:30.425root 11241100x8000000000000000758241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acbeb6ca2ac368e2021-12-20 15:55:30.425root 11241100x8000000000000000758242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7846046824a364342021-12-20 15:55:30.425root 11241100x8000000000000000758243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1528dc9dc07988b72021-12-20 15:55:30.425root 11241100x8000000000000000758244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3797f37444a5692021-12-20 15:55:30.425root 11241100x8000000000000000758245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542f9f53d66ee7bc2021-12-20 15:55:30.425root 11241100x8000000000000000758246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8be682d2e18c242021-12-20 15:55:30.425root 11241100x8000000000000000758247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fd64e04fbda0652021-12-20 15:55:30.426root 11241100x8000000000000000758248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4347609363ab18b2021-12-20 15:55:30.426root 11241100x8000000000000000758249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c920d894d4f1022021-12-20 15:55:30.426root 11241100x8000000000000000758250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1366cd5aab256a2021-12-20 15:55:30.426root 11241100x8000000000000000758251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e094cc2ece2d3c892021-12-20 15:55:30.426root 11241100x8000000000000000758252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f22623cbe0de9192021-12-20 15:55:30.426root 11241100x8000000000000000758253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c53f49cf1b532802021-12-20 15:55:30.426root 11241100x8000000000000000758254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ea9d7c45ee12812021-12-20 15:55:30.426root 11241100x8000000000000000758255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb7cc76f5fa01582021-12-20 15:55:30.426root 11241100x8000000000000000758256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02a26032813f5ea2021-12-20 15:55:30.426root 11241100x8000000000000000758257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1351fb01019dead2021-12-20 15:55:30.427root 11241100x8000000000000000758258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75ef6ab9ee76aff2021-12-20 15:55:30.427root 11241100x8000000000000000758259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eba5b8a69e15902021-12-20 15:55:30.427root 11241100x8000000000000000758260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d66eaef057716d42021-12-20 15:55:30.924root 11241100x8000000000000000758261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66af6bb7bbcaaef2021-12-20 15:55:30.924root 11241100x8000000000000000758262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74945a48aac9f432021-12-20 15:55:30.924root 11241100x8000000000000000758263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92d6251b22722422021-12-20 15:55:30.924root 11241100x8000000000000000758264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69237bacfa0891662021-12-20 15:55:30.925root 11241100x8000000000000000758265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4ae000070e389b2021-12-20 15:55:30.925root 11241100x8000000000000000758266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f5dafb095b34522021-12-20 15:55:30.925root 11241100x8000000000000000758267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9521002d0fab782021-12-20 15:55:30.925root 11241100x8000000000000000758268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9e623690590fca2021-12-20 15:55:30.925root 11241100x8000000000000000758269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf6d0d98f00746e2021-12-20 15:55:30.925root 11241100x8000000000000000758270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90de19517a5d62082021-12-20 15:55:30.925root 11241100x8000000000000000758271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ec79481135f8e62021-12-20 15:55:30.925root 11241100x8000000000000000758272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582fc3d62fffa6da2021-12-20 15:55:30.925root 11241100x8000000000000000758273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d76953554622b72021-12-20 15:55:30.925root 11241100x8000000000000000758274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73340cea70c55c2021-12-20 15:55:30.926root 11241100x8000000000000000758275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43da635b693f5bf2021-12-20 15:55:30.926root 11241100x8000000000000000758276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036fa03193a87cf02021-12-20 15:55:30.926root 11241100x8000000000000000758277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47af30cfd1585752021-12-20 15:55:30.926root 11241100x8000000000000000758278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909a3ff3a2680d682021-12-20 15:55:30.926root 11241100x8000000000000000758279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0656947584188ddb2021-12-20 15:55:30.926root 11241100x8000000000000000758280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9749566a2c40dd02021-12-20 15:55:30.926root 11241100x8000000000000000758281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c106a302b3f19e2021-12-20 15:55:30.926root 11241100x8000000000000000758282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fcc35180a6773b2021-12-20 15:55:30.926root 11241100x8000000000000000758283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f32dfdaf8abb6af2021-12-20 15:55:30.926root 11241100x8000000000000000758284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955c87865e6093502021-12-20 15:55:30.926root 11241100x8000000000000000758285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adefb92b0fc234b02021-12-20 15:55:30.927root 11241100x8000000000000000758286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0a7429e5a4423c2021-12-20 15:55:30.927root 11241100x8000000000000000758287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240a26a4a38558ac2021-12-20 15:55:30.927root 11241100x8000000000000000758288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e12ced3c9d11e02021-12-20 15:55:31.424root 11241100x8000000000000000758289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0282afcdf35ecf162021-12-20 15:55:31.424root 11241100x8000000000000000758290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ee802fd70b200a2021-12-20 15:55:31.424root 11241100x8000000000000000758291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bca4987a8ae43282021-12-20 15:55:31.424root 11241100x8000000000000000758292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b26399d5688f3eb2021-12-20 15:55:31.425root 11241100x8000000000000000758293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea3767d5bab11522021-12-20 15:55:31.425root 11241100x8000000000000000758294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab51cda4cc5e59952021-12-20 15:55:31.425root 11241100x8000000000000000758295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71b6623449579c72021-12-20 15:55:31.425root 11241100x8000000000000000758296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66180b144f4959ee2021-12-20 15:55:31.425root 11241100x8000000000000000758297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db41feb6cf1e9fd52021-12-20 15:55:31.425root 11241100x8000000000000000758298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8de3188571d75ee2021-12-20 15:55:31.425root 11241100x8000000000000000758299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e8f6e12f5e2d0a2021-12-20 15:55:31.425root 11241100x8000000000000000758300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c3f9a4e8c9f9202021-12-20 15:55:31.425root 11241100x8000000000000000758301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463661af236848bd2021-12-20 15:55:31.425root 11241100x8000000000000000758302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfa8ce97a909dff2021-12-20 15:55:31.426root 11241100x8000000000000000758303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2270c1700daa698a2021-12-20 15:55:31.426root 11241100x8000000000000000758304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf8dfb55868fac12021-12-20 15:55:31.426root 11241100x8000000000000000758305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bf81196274404f2021-12-20 15:55:31.426root 11241100x8000000000000000758306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e003f6838b291a2021-12-20 15:55:31.426root 11241100x8000000000000000758307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c1a9ff6cb4129c2021-12-20 15:55:31.426root 11241100x8000000000000000758308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6a963a86f680612021-12-20 15:55:31.426root 11241100x8000000000000000758309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b57c9b50b5df9ba2021-12-20 15:55:31.426root 11241100x8000000000000000758310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb773a20d237e4db2021-12-20 15:55:31.426root 11241100x8000000000000000758311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc55b6720482ac62021-12-20 15:55:31.426root 11241100x8000000000000000758312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e383b598724b33cc2021-12-20 15:55:31.426root 11241100x8000000000000000758313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ab97d76c8b2e3c2021-12-20 15:55:31.427root 11241100x8000000000000000758314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353ab7e44b8e56a62021-12-20 15:55:31.427root 11241100x8000000000000000758315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1f2939019312de2021-12-20 15:55:31.427root 11241100x8000000000000000758316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b188137c4eee96d12021-12-20 15:55:31.427root 11241100x8000000000000000758317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032bac5a58b293a72021-12-20 15:55:31.427root 11241100x8000000000000000758318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a038fb2d601ba622021-12-20 15:55:31.427root 11241100x8000000000000000758319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa9d7c7f776d68c2021-12-20 15:55:31.427root 11241100x8000000000000000758320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ec8b7a5c2136882021-12-20 15:55:31.427root 11241100x8000000000000000758321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ddcb7d9a64551c2021-12-20 15:55:31.924root 11241100x8000000000000000758322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e133371d3677be2021-12-20 15:55:31.924root 11241100x8000000000000000758323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b55b0948296cb22021-12-20 15:55:31.924root 11241100x8000000000000000758324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fa8c7426a2b45e2021-12-20 15:55:31.924root 11241100x8000000000000000758325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b758840cb6ded0ee2021-12-20 15:55:31.924root 11241100x8000000000000000758326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d338cb612d570572021-12-20 15:55:31.925root 11241100x8000000000000000758327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfbe334abe77dae2021-12-20 15:55:31.925root 11241100x8000000000000000758328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc857a26c3786bd2021-12-20 15:55:31.925root 11241100x8000000000000000758329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46136c23255acb7f2021-12-20 15:55:31.925root 11241100x8000000000000000758330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0664ccf89d75ee22021-12-20 15:55:31.925root 11241100x8000000000000000758331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8bc756037fa6ce2021-12-20 15:55:31.925root 11241100x8000000000000000758332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33c9ac4d7904e462021-12-20 15:55:31.925root 11241100x8000000000000000758333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb91e8426149f4c32021-12-20 15:55:31.925root 11241100x8000000000000000758334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6be23a92e555c42021-12-20 15:55:31.925root 11241100x8000000000000000758335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37afd239fba8953a2021-12-20 15:55:31.926root 11241100x8000000000000000758336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84de7d25084b5ffc2021-12-20 15:55:31.926root 11241100x8000000000000000758337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c6eef076de21e92021-12-20 15:55:31.926root 11241100x8000000000000000758338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78717e5643bcdad62021-12-20 15:55:31.926root 11241100x8000000000000000758339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3960ee7853800832021-12-20 15:55:31.926root 11241100x8000000000000000758340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a832008d06ff89f92021-12-20 15:55:31.926root 11241100x8000000000000000758341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e90e9ba9696d562021-12-20 15:55:31.926root 11241100x8000000000000000758342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b944b2425ce2d12021-12-20 15:55:31.926root 11241100x8000000000000000758343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4419019a9b97acb52021-12-20 15:55:31.927root 11241100x8000000000000000758344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f22aaa228ef6652021-12-20 15:55:31.927root 11241100x8000000000000000758345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944080b2be2c49022021-12-20 15:55:31.927root 11241100x8000000000000000758346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d595a8a0fb10a4a22021-12-20 15:55:31.927root 11241100x8000000000000000758347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5141d4a1e20064292021-12-20 15:55:31.927root 11241100x8000000000000000758348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:31.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b891565398a500dc2021-12-20 15:55:31.927root 11241100x8000000000000000758349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987d284ba69a28632021-12-20 15:55:32.424root 11241100x8000000000000000758350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327b7a34100bb3e42021-12-20 15:55:32.424root 11241100x8000000000000000758351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cd9e35872da3222021-12-20 15:55:32.424root 11241100x8000000000000000758352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059d045810b316f92021-12-20 15:55:32.424root 11241100x8000000000000000758353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58e084913e8c8d72021-12-20 15:55:32.424root 11241100x8000000000000000758354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4625c5ce49f75a532021-12-20 15:55:32.424root 11241100x8000000000000000758355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b294568fb33ff32021-12-20 15:55:32.424root 11241100x8000000000000000758356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484436cbfbbf211c2021-12-20 15:55:32.425root 11241100x8000000000000000758357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a81ebd76bf87a5e2021-12-20 15:55:32.425root 11241100x8000000000000000758358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d244d3be20a8d32021-12-20 15:55:32.425root 11241100x8000000000000000758359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606783b070ae3a412021-12-20 15:55:32.425root 11241100x8000000000000000758360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959fc7e31a0939372021-12-20 15:55:32.425root 11241100x8000000000000000758361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24df221b550a4ac2021-12-20 15:55:32.426root 11241100x8000000000000000758362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c00490fd4034f232021-12-20 15:55:32.426root 11241100x8000000000000000758363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387e4be6aac416042021-12-20 15:55:32.426root 11241100x8000000000000000758364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51e42cdc5e323082021-12-20 15:55:32.426root 11241100x8000000000000000758365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e906eae953af57cb2021-12-20 15:55:32.426root 11241100x8000000000000000758366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9462c448b2ed3d5f2021-12-20 15:55:32.426root 11241100x8000000000000000758367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd49f875c780e9d32021-12-20 15:55:32.426root 11241100x8000000000000000758368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493cc1c6e12a8a642021-12-20 15:55:32.427root 11241100x8000000000000000758369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f94b47bdafddb642021-12-20 15:55:32.427root 11241100x8000000000000000758370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c66d1eebf791eb2021-12-20 15:55:32.427root 11241100x8000000000000000758371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666684ae4e0293ee2021-12-20 15:55:32.427root 11241100x8000000000000000758372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9396445d951cd82021-12-20 15:55:32.427root 11241100x8000000000000000758373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b167c6654101d92021-12-20 15:55:32.427root 11241100x8000000000000000758374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebb2a1a619350fa2021-12-20 15:55:32.427root 11241100x8000000000000000758375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b176bb4cce16732021-12-20 15:55:32.427root 11241100x8000000000000000758376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e2d84f356faa522021-12-20 15:55:32.427root 11241100x8000000000000000758377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a091679181a7bfc2021-12-20 15:55:32.427root 11241100x8000000000000000758378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaaa5931ae79eb12021-12-20 15:55:32.925root 11241100x8000000000000000758379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e90db6cf5d3bc002021-12-20 15:55:32.925root 11241100x8000000000000000758380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b5c87aa1ee08ba2021-12-20 15:55:32.925root 11241100x8000000000000000758381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1992cb7a06ee0f542021-12-20 15:55:32.925root 11241100x8000000000000000758382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0a4554a3f8ee422021-12-20 15:55:32.925root 11241100x8000000000000000758383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2135df25bce410c2021-12-20 15:55:32.925root 11241100x8000000000000000758384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32735a71620bd19a2021-12-20 15:55:32.925root 11241100x8000000000000000758385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c877d772b2df882021-12-20 15:55:32.925root 11241100x8000000000000000758386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c8b3446c2ef3612021-12-20 15:55:32.925root 11241100x8000000000000000758387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5861976bf200782021-12-20 15:55:32.925root 11241100x8000000000000000758388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9c363bd11343b82021-12-20 15:55:32.925root 11241100x8000000000000000758389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed26c74bb68ae4f12021-12-20 15:55:32.925root 11241100x8000000000000000758390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642bc1d56366a0b72021-12-20 15:55:32.925root 11241100x8000000000000000758391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c16f2a19d884bec2021-12-20 15:55:32.925root 11241100x8000000000000000758392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0bc62c5d8b01662021-12-20 15:55:32.926root 11241100x8000000000000000758393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f138666ccab9616d2021-12-20 15:55:32.926root 11241100x8000000000000000758394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce99aec8d118d3e2021-12-20 15:55:32.926root 11241100x8000000000000000758395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddcf3f96be0ebd52021-12-20 15:55:32.926root 11241100x8000000000000000758396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5deb909ad0061d2021-12-20 15:55:32.926root 11241100x8000000000000000758397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d0639776b0f40c2021-12-20 15:55:32.926root 11241100x8000000000000000758398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f372469a5090cde02021-12-20 15:55:32.926root 11241100x8000000000000000758399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead34c88633f9d52021-12-20 15:55:32.926root 11241100x8000000000000000758400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1df7c948bf07022021-12-20 15:55:32.926root 11241100x8000000000000000758401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c879a587ccf23b2021-12-20 15:55:32.926root 11241100x8000000000000000758402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622faa1884d34adb2021-12-20 15:55:32.927root 11241100x8000000000000000758403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879a3021468a68002021-12-20 15:55:32.927root 11241100x8000000000000000758404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bd454169df403b2021-12-20 15:55:32.927root 11241100x8000000000000000758405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695b9013462852032021-12-20 15:55:32.927root 11241100x8000000000000000758406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646b15017f36d7c92021-12-20 15:55:33.424root 11241100x8000000000000000758407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37af6c1d4bb10a9c2021-12-20 15:55:33.425root 11241100x8000000000000000758408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c45c9909a84a162021-12-20 15:55:33.425root 11241100x8000000000000000758409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5e2216aa03a44c2021-12-20 15:55:33.426root 11241100x8000000000000000758410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5dd292e43d230d2021-12-20 15:55:33.426root 11241100x8000000000000000758411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217355c201029cd52021-12-20 15:55:33.426root 11241100x8000000000000000758412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2599246d18fcdf4b2021-12-20 15:55:33.426root 11241100x8000000000000000758413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790e1e99c65a47ff2021-12-20 15:55:33.426root 11241100x8000000000000000758414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7561e2f6cf6558e2021-12-20 15:55:33.426root 11241100x8000000000000000758415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fd9638ac110a1a2021-12-20 15:55:33.427root 11241100x8000000000000000758416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcaf14db891510b2021-12-20 15:55:33.427root 11241100x8000000000000000758417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d284b58cfc1981c2021-12-20 15:55:33.427root 11241100x8000000000000000758418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe88fff88f8cfb82021-12-20 15:55:33.427root 11241100x8000000000000000758419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f19c3ca5312895c2021-12-20 15:55:33.428root 11241100x8000000000000000758420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26208350f1fcf6122021-12-20 15:55:33.428root 11241100x8000000000000000758421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d22b769a34e58b2021-12-20 15:55:33.428root 11241100x8000000000000000758422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebda08c706f5bdfe2021-12-20 15:55:33.429root 11241100x8000000000000000758423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b8b2578fc36de22021-12-20 15:55:33.430root 11241100x8000000000000000758424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701372b1d8c117462021-12-20 15:55:33.430root 11241100x8000000000000000758425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4045b73a86c3b8c72021-12-20 15:55:33.430root 11241100x8000000000000000758426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8528df0da15b652021-12-20 15:55:33.430root 11241100x8000000000000000758427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e5895853098f912021-12-20 15:55:33.430root 11241100x8000000000000000758428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6086e9588a1cf59a2021-12-20 15:55:33.430root 11241100x8000000000000000758429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f26f4d61ee0f7002021-12-20 15:55:33.430root 11241100x8000000000000000758430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f7aa82ce86583a2021-12-20 15:55:33.431root 11241100x8000000000000000758431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3b7f06d75aea032021-12-20 15:55:33.431root 11241100x8000000000000000758432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88011d92c65b06c62021-12-20 15:55:33.432root 11241100x8000000000000000758433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e358869d41e8c552021-12-20 15:55:33.432root 11241100x8000000000000000758434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8149a34a77198d2021-12-20 15:55:33.924root 11241100x8000000000000000758435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e096b100ea485e2021-12-20 15:55:33.924root 11241100x8000000000000000758436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a60b63ec471c562021-12-20 15:55:33.925root 11241100x8000000000000000758437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797c86b7bf3f48b92021-12-20 15:55:33.925root 11241100x8000000000000000758438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f096389218c286a52021-12-20 15:55:33.925root 11241100x8000000000000000758439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4543fddb02ff8422021-12-20 15:55:33.925root 11241100x8000000000000000758440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82e9bfe8dd6d1222021-12-20 15:55:33.925root 11241100x8000000000000000758441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c3e31626ea82632021-12-20 15:55:33.925root 11241100x8000000000000000758442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bfab38cd7a01d82021-12-20 15:55:33.925root 11241100x8000000000000000758443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28d2302e4f079b52021-12-20 15:55:33.925root 11241100x8000000000000000758444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c48b3f6e4f03a342021-12-20 15:55:33.925root 11241100x8000000000000000758445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709c8b2f70df71132021-12-20 15:55:33.925root 11241100x8000000000000000758446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd29cc174fafa612021-12-20 15:55:33.925root 11241100x8000000000000000758447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d70c8387724dd12021-12-20 15:55:33.925root 11241100x8000000000000000758448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faa5c6d667151462021-12-20 15:55:33.925root 11241100x8000000000000000758449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be835880dfd1ca812021-12-20 15:55:33.925root 11241100x8000000000000000758450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265e22df1590940b2021-12-20 15:55:33.926root 11241100x8000000000000000758451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e466d7ba5a8e7f132021-12-20 15:55:33.926root 11241100x8000000000000000758452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9155953890bc47a52021-12-20 15:55:33.926root 11241100x8000000000000000758453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0699766c7f45c922021-12-20 15:55:33.926root 11241100x8000000000000000758454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afeaee8498c313a2021-12-20 15:55:33.926root 11241100x8000000000000000758455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1b497099b03e5d2021-12-20 15:55:33.926root 11241100x8000000000000000758456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e741cd72c21afd32021-12-20 15:55:33.926root 11241100x8000000000000000758457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecb1349e9a164ef2021-12-20 15:55:33.926root 11241100x8000000000000000758458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415d8c29d1d60f462021-12-20 15:55:33.926root 11241100x8000000000000000758459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf383406efeca1152021-12-20 15:55:33.926root 11241100x8000000000000000758460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e694198a70885f12021-12-20 15:55:33.926root 11241100x8000000000000000758461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700c65637283b2d42021-12-20 15:55:33.926root 11241100x8000000000000000758462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e88580d22a28212021-12-20 15:55:33.926root 354300x8000000000000000758463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.123{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51380-false10.0.1.12-8000- 11241100x8000000000000000758464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0792aa837786b4e52021-12-20 15:55:34.424root 11241100x8000000000000000758465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9087e33ba2c0aed92021-12-20 15:55:34.424root 11241100x8000000000000000758466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae90ad0e493966382021-12-20 15:55:34.424root 11241100x8000000000000000758467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f170e40d4d99902021-12-20 15:55:34.424root 11241100x8000000000000000758468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077bcc2253664d1b2021-12-20 15:55:34.425root 11241100x8000000000000000758469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca89f142de4fa5902021-12-20 15:55:34.425root 11241100x8000000000000000758470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34300f34af55b8d52021-12-20 15:55:34.425root 11241100x8000000000000000758471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc2c53d936b9ecc2021-12-20 15:55:34.425root 11241100x8000000000000000758472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b412e0ed10b0a0b62021-12-20 15:55:34.425root 11241100x8000000000000000758473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acf28a181151a1f2021-12-20 15:55:34.425root 11241100x8000000000000000758474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af59289d2587ed732021-12-20 15:55:34.425root 11241100x8000000000000000758475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0208282edc2aa78c2021-12-20 15:55:34.425root 11241100x8000000000000000758476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2743ff02d96cacfd2021-12-20 15:55:34.426root 11241100x8000000000000000758477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9078468f20ae74772021-12-20 15:55:34.426root 11241100x8000000000000000758478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4232e668aecd2db02021-12-20 15:55:34.426root 11241100x8000000000000000758479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c5a98c839b856e2021-12-20 15:55:34.426root 11241100x8000000000000000758480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4cc6f3397c32d12021-12-20 15:55:34.426root 11241100x8000000000000000758481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792d995a56ebbef62021-12-20 15:55:34.426root 11241100x8000000000000000758482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bab2cbc0e1730082021-12-20 15:55:34.426root 11241100x8000000000000000758483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854e8291a37b78902021-12-20 15:55:34.426root 11241100x8000000000000000758484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582454eba2f6fb102021-12-20 15:55:34.426root 11241100x8000000000000000758485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103bf6a0eea4c9582021-12-20 15:55:34.426root 11241100x8000000000000000758486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1b770c12dc4bde2021-12-20 15:55:34.427root 11241100x8000000000000000758487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bdd2b377d5de232021-12-20 15:55:34.427root 11241100x8000000000000000758488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ea706baab1bf572021-12-20 15:55:34.427root 11241100x8000000000000000758489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c7a8d9c6f57a2c2021-12-20 15:55:34.427root 11241100x8000000000000000758490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6246cbbc49e11d292021-12-20 15:55:34.427root 11241100x8000000000000000758491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5879378012830fb2021-12-20 15:55:34.427root 11241100x8000000000000000758492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4beac2a95db1d9ec2021-12-20 15:55:34.427root 11241100x8000000000000000758493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cb5bcf15e155ac2021-12-20 15:55:34.427root 11241100x8000000000000000758494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e16a724dd4a00822021-12-20 15:55:34.924root 11241100x8000000000000000758495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2418f554439ff5202021-12-20 15:55:34.924root 11241100x8000000000000000758496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6f8edf3447cfcd2021-12-20 15:55:34.924root 11241100x8000000000000000758497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d5c04b5b90e7802021-12-20 15:55:34.924root 11241100x8000000000000000758498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f140348d4da0c82021-12-20 15:55:34.925root 11241100x8000000000000000758499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54fe59848561c122021-12-20 15:55:34.925root 11241100x8000000000000000758500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8950ca78859efa2021-12-20 15:55:34.925root 11241100x8000000000000000758501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d9bdf9495e39202021-12-20 15:55:34.925root 11241100x8000000000000000758502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9567b118446193fe2021-12-20 15:55:34.925root 11241100x8000000000000000758503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2a0ae26478c8be2021-12-20 15:55:34.926root 11241100x8000000000000000758504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c0c2e3079b36092021-12-20 15:55:34.926root 11241100x8000000000000000758505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64860be59523b0eb2021-12-20 15:55:34.926root 11241100x8000000000000000758506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11ad114ade0875b2021-12-20 15:55:34.926root 11241100x8000000000000000758507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f6ce4c68fb61912021-12-20 15:55:34.926root 11241100x8000000000000000758508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa037aaba1142e7a2021-12-20 15:55:34.926root 11241100x8000000000000000758509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61a134279183ced2021-12-20 15:55:34.927root 11241100x8000000000000000758510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f9be6b485511f72021-12-20 15:55:34.927root 11241100x8000000000000000758511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d724eefee31989092021-12-20 15:55:34.927root 11241100x8000000000000000758512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8de79850bb5dd562021-12-20 15:55:34.927root 11241100x8000000000000000758513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae774603ac3a5cb2021-12-20 15:55:34.927root 11241100x8000000000000000758514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020e0f25a839e8322021-12-20 15:55:34.928root 11241100x8000000000000000758515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826fd845975ab84e2021-12-20 15:55:34.928root 11241100x8000000000000000758516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e556b9f80c7b2d02021-12-20 15:55:34.928root 11241100x8000000000000000758517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b679fa0175fd62882021-12-20 15:55:34.928root 11241100x8000000000000000758518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1515de2eb4935a5c2021-12-20 15:55:34.928root 11241100x8000000000000000758519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d833fc7ccd8e362021-12-20 15:55:34.929root 11241100x8000000000000000758520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d244542a8f9336c2021-12-20 15:55:34.929root 11241100x8000000000000000758521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bd3efcbac040da2021-12-20 15:55:34.929root 11241100x8000000000000000758522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0b785cea4e8b882021-12-20 15:55:34.929root 11241100x8000000000000000758523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9325432bf9de92602021-12-20 15:55:34.929root 11241100x8000000000000000758524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce9deaf6f7db7982021-12-20 15:55:34.929root 11241100x8000000000000000758525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380fdb82849d96cd2021-12-20 15:55:34.929root 11241100x8000000000000000758526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:34.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d0f9454be121c62021-12-20 15:55:34.930root 11241100x8000000000000000758527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c811e8af96146a2021-12-20 15:55:35.424root 11241100x8000000000000000758528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf6bffa7f90ec832021-12-20 15:55:35.424root 11241100x8000000000000000758529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4292d47279784c692021-12-20 15:55:35.424root 11241100x8000000000000000758530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee521e68001de72e2021-12-20 15:55:35.425root 11241100x8000000000000000758531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96b5ad52ce5fcfe2021-12-20 15:55:35.425root 11241100x8000000000000000758532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02b00b8ea1593b62021-12-20 15:55:35.425root 11241100x8000000000000000758533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a85d771dc185e212021-12-20 15:55:35.425root 11241100x8000000000000000758534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed92cbdb42c335002021-12-20 15:55:35.425root 11241100x8000000000000000758535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c1f370952698622021-12-20 15:55:35.426root 11241100x8000000000000000758536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfde2fef360039c2021-12-20 15:55:35.426root 11241100x8000000000000000758537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be974cf427d4b192021-12-20 15:55:35.426root 11241100x8000000000000000758538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae98bc9bb6e91fbf2021-12-20 15:55:35.426root 11241100x8000000000000000758539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c357f6f5b22498932021-12-20 15:55:35.426root 11241100x8000000000000000758540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf2e84c715734352021-12-20 15:55:35.426root 11241100x8000000000000000758541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34208b8d117d2ddc2021-12-20 15:55:35.427root 11241100x8000000000000000758542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c92d1e25939c54c2021-12-20 15:55:35.427root 11241100x8000000000000000758543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08da65e10f16dd1e2021-12-20 15:55:35.427root 11241100x8000000000000000758544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fded66f9ca3f7272021-12-20 15:55:35.427root 11241100x8000000000000000758545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9552d2511c2e7c802021-12-20 15:55:35.427root 11241100x8000000000000000758546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0857ba8adda8c512021-12-20 15:55:35.427root 11241100x8000000000000000758547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24ae35c98caee622021-12-20 15:55:35.428root 11241100x8000000000000000758548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78917f924386c792021-12-20 15:55:35.428root 11241100x8000000000000000758549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca3c03497ede59b2021-12-20 15:55:35.428root 11241100x8000000000000000758550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c767246c430951f72021-12-20 15:55:35.429root 11241100x8000000000000000758551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a821b758e738042021-12-20 15:55:35.429root 11241100x8000000000000000758552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de1c343e7ceff6b2021-12-20 15:55:35.429root 11241100x8000000000000000758553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ea08ecb32a61b32021-12-20 15:55:35.430root 11241100x8000000000000000758554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1eb772933f51072021-12-20 15:55:35.430root 11241100x8000000000000000758555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57cfd3cd4e548422021-12-20 15:55:35.430root 11241100x8000000000000000758556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2fc6b46934d1df2021-12-20 15:55:35.430root 11241100x8000000000000000758557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248d8ede1bb2a48b2021-12-20 15:55:35.430root 11241100x8000000000000000758558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e56e6467bbe14b42021-12-20 15:55:35.430root 11241100x8000000000000000758559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806d1db6e17ce9a42021-12-20 15:55:35.430root 11241100x8000000000000000758560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66016246692b5cad2021-12-20 15:55:35.431root 11241100x8000000000000000758561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2605cd1f9701bd9f2021-12-20 15:55:35.431root 11241100x8000000000000000758562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0ed2e6316175c32021-12-20 15:55:35.431root 11241100x8000000000000000758563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7906aed741c396192021-12-20 15:55:35.431root 11241100x8000000000000000758564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8369a8683f554fac2021-12-20 15:55:35.431root 11241100x8000000000000000758565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fe3764b5e22e9e2021-12-20 15:55:35.924root 11241100x8000000000000000758566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0de563ae1b26332021-12-20 15:55:35.924root 11241100x8000000000000000758567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a51520b8aa94be2021-12-20 15:55:35.924root 11241100x8000000000000000758568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e8ebf6cab198762021-12-20 15:55:35.925root 11241100x8000000000000000758569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d7ae913ca25b782021-12-20 15:55:35.925root 11241100x8000000000000000758570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3de83417b5914182021-12-20 15:55:35.925root 11241100x8000000000000000758571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c41d438cb127f12021-12-20 15:55:35.925root 11241100x8000000000000000758572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52b8756e94d74462021-12-20 15:55:35.925root 11241100x8000000000000000758573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e42eacb2e2436782021-12-20 15:55:35.925root 11241100x8000000000000000758574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6b4a798e7b6c1b2021-12-20 15:55:35.925root 11241100x8000000000000000758575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8dafa3f7a78b442021-12-20 15:55:35.926root 11241100x8000000000000000758576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b4bd534b2177de2021-12-20 15:55:35.926root 11241100x8000000000000000758577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a671c2882fc4800c2021-12-20 15:55:35.926root 11241100x8000000000000000758578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f74ebc3efe7c2e72021-12-20 15:55:35.926root 11241100x8000000000000000758579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42d8b933954f3212021-12-20 15:55:35.926root 11241100x8000000000000000758580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c385fbb8f0e39192021-12-20 15:55:35.926root 11241100x8000000000000000758581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470e0afcb105ef222021-12-20 15:55:35.926root 11241100x8000000000000000758582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf23e5121338b262021-12-20 15:55:35.927root 11241100x8000000000000000758583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c25404ca6d68f8b2021-12-20 15:55:35.927root 11241100x8000000000000000758584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bdbad617baa3f02021-12-20 15:55:35.927root 11241100x8000000000000000758585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8fd255ffb7571c2021-12-20 15:55:35.927root 11241100x8000000000000000758586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3e088fc85ccb162021-12-20 15:55:35.927root 11241100x8000000000000000758587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef9633395e4b9aa2021-12-20 15:55:35.927root 11241100x8000000000000000758588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f2164622f3ff792021-12-20 15:55:35.927root 11241100x8000000000000000758589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6001d53919791fc42021-12-20 15:55:35.928root 11241100x8000000000000000758590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc06cdb580f3b57c2021-12-20 15:55:35.928root 11241100x8000000000000000758591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0619948fb5e8c65b2021-12-20 15:55:35.928root 11241100x8000000000000000758592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0161f370973d1e2021-12-20 15:55:35.928root 11241100x8000000000000000758593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cafc7536c1f88fd2021-12-20 15:55:35.929root 11241100x8000000000000000758594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e5bfb900bd74652021-12-20 15:55:35.929root 11241100x8000000000000000758595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2652ee3b07df592021-12-20 15:55:35.929root 11241100x8000000000000000758596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6af0400813afc152021-12-20 15:55:35.929root 11241100x8000000000000000758597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd63c685f3be52b92021-12-20 15:55:35.929root 11241100x8000000000000000758598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014ea1ae39b48e092021-12-20 15:55:35.930root 11241100x8000000000000000758599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ba700518cf56be2021-12-20 15:55:35.930root 11241100x8000000000000000758600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10595a6ab36a4c82021-12-20 15:55:35.930root 11241100x8000000000000000758601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4291f48380abfd2021-12-20 15:55:35.930root 11241100x8000000000000000758602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f00884a887147672021-12-20 15:55:35.930root 11241100x8000000000000000758603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefec3bcc75030472021-12-20 15:55:35.931root 11241100x8000000000000000758604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43c8a6c7759846b2021-12-20 15:55:35.931root 11241100x8000000000000000758605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9186bc3fc73ba60a2021-12-20 15:55:35.931root 11241100x8000000000000000758606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa85d11e0f434bf12021-12-20 15:55:35.931root 11241100x8000000000000000758607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a277eb6ca3de5e2021-12-20 15:55:35.931root 11241100x8000000000000000758608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebf52d29785931f2021-12-20 15:55:35.931root 11241100x8000000000000000758609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053e22ff3166d0f12021-12-20 15:55:35.931root 11241100x8000000000000000758610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291c9d22e6193ea92021-12-20 15:55:35.932root 11241100x8000000000000000758611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40c4b5512caba3e2021-12-20 15:55:35.932root 11241100x8000000000000000758612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71df0f76e9f8ab92021-12-20 15:55:35.932root 11241100x8000000000000000758613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5c382ce530a8402021-12-20 15:55:35.932root 11241100x8000000000000000758614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3012cd9220190ed52021-12-20 15:55:35.932root 11241100x8000000000000000758615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e4516c131a792b2021-12-20 15:55:35.932root 11241100x8000000000000000758616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44c71aa0aa0f3602021-12-20 15:55:35.933root 11241100x8000000000000000758617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e46685b3ec4ac82021-12-20 15:55:35.933root 11241100x8000000000000000758618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf3ee5c9650b52a2021-12-20 15:55:35.933root 11241100x8000000000000000758619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19efaecbd271d6102021-12-20 15:55:35.933root 11241100x8000000000000000758620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:35.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9eadd9f8ca4d6d2021-12-20 15:55:35.933root 11241100x8000000000000000758621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:55:36.068root 11241100x8000000000000000758622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3c58412815ad822021-12-20 15:55:36.424root 11241100x8000000000000000758623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afc693531bd87d62021-12-20 15:55:36.424root 11241100x8000000000000000758624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1348219b107546d2021-12-20 15:55:36.424root 11241100x8000000000000000758625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62e6d91195ae5ae2021-12-20 15:55:36.424root 11241100x8000000000000000758626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4999f3da1812be3b2021-12-20 15:55:36.425root 11241100x8000000000000000758627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6ef2b194d9100a2021-12-20 15:55:36.425root 11241100x8000000000000000758628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295a87b8a9b0fec72021-12-20 15:55:36.425root 11241100x8000000000000000758629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aafce480a40cd392021-12-20 15:55:36.425root 11241100x8000000000000000758630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92372607c285a5bb2021-12-20 15:55:36.425root 11241100x8000000000000000758631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34adf05faf406eea2021-12-20 15:55:36.425root 11241100x8000000000000000758632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cb724c121859e32021-12-20 15:55:36.425root 11241100x8000000000000000758633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddc1642c694ee252021-12-20 15:55:36.426root 11241100x8000000000000000758634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf0baab2ffc182e2021-12-20 15:55:36.426root 11241100x8000000000000000758635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd945c5eaec19c82021-12-20 15:55:36.426root 11241100x8000000000000000758636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff95e7ff140ff002021-12-20 15:55:36.426root 11241100x8000000000000000758637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628a7339aa2577572021-12-20 15:55:36.426root 11241100x8000000000000000758638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb51b2d4fb5fe8a92021-12-20 15:55:36.426root 11241100x8000000000000000758639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b48ef58c44a87592021-12-20 15:55:36.427root 11241100x8000000000000000758640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a40091d513c55d72021-12-20 15:55:36.427root 11241100x8000000000000000758641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e6b83c8e5bf7d62021-12-20 15:55:36.427root 11241100x8000000000000000758642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56628f5c92a08e942021-12-20 15:55:36.427root 11241100x8000000000000000758643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e13433cfed2c9b2021-12-20 15:55:36.427root 11241100x8000000000000000758644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee020e9d25dddd6e2021-12-20 15:55:36.427root 11241100x8000000000000000758645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba05973fa4fe1d702021-12-20 15:55:36.427root 11241100x8000000000000000758646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352e5d5e10305ec62021-12-20 15:55:36.428root 11241100x8000000000000000758647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307995a261443f872021-12-20 15:55:36.429root 11241100x8000000000000000758648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a0109b47ede2902021-12-20 15:55:36.429root 11241100x8000000000000000758649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6207a37b940b737f2021-12-20 15:55:36.429root 11241100x8000000000000000758650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d005d4f05772d1632021-12-20 15:55:36.429root 11241100x8000000000000000758651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2774895858476a2021-12-20 15:55:36.429root 11241100x8000000000000000758652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f6e8aa68ee5a432021-12-20 15:55:36.429root 11241100x8000000000000000758653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aaaca5bf424f13e2021-12-20 15:55:36.430root 11241100x8000000000000000758654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eb0b8c1fcdad0e2021-12-20 15:55:36.430root 11241100x8000000000000000758655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9800852f9624392021-12-20 15:55:36.430root 11241100x8000000000000000758656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad6e6f8626b6e322021-12-20 15:55:36.430root 11241100x8000000000000000758657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af50fe728d2877322021-12-20 15:55:36.430root 11241100x8000000000000000758658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd1742356263f9c2021-12-20 15:55:36.430root 11241100x8000000000000000758659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585dcfb5c57551082021-12-20 15:55:36.431root 11241100x8000000000000000758660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d2ee2c4bd52cc92021-12-20 15:55:36.432root 11241100x8000000000000000758661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b0be7251d1fd792021-12-20 15:55:36.432root 11241100x8000000000000000758662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148828ebcbbeeea82021-12-20 15:55:36.432root 11241100x8000000000000000758663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca879f8d53b074c62021-12-20 15:55:36.432root 11241100x8000000000000000758664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55088f20e606e542021-12-20 15:55:36.924root 11241100x8000000000000000758665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c7aca389d618522021-12-20 15:55:36.924root 11241100x8000000000000000758666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d890ec4486489362021-12-20 15:55:36.924root 11241100x8000000000000000758667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90e43ecce8da5cd2021-12-20 15:55:36.924root 11241100x8000000000000000758668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc87732733f367fe2021-12-20 15:55:36.925root 11241100x8000000000000000758669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fe69fec0e413eb2021-12-20 15:55:36.925root 11241100x8000000000000000758670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8422b61ae27dbea82021-12-20 15:55:36.925root 11241100x8000000000000000758671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b3553a1c5ae2012021-12-20 15:55:36.925root 11241100x8000000000000000758672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3760657e665f0e5f2021-12-20 15:55:36.925root 11241100x8000000000000000758673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1156babd43c70db2021-12-20 15:55:36.925root 11241100x8000000000000000758674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd0c36fce199f7a2021-12-20 15:55:36.925root 11241100x8000000000000000758675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a328468c13ba5f72021-12-20 15:55:36.925root 11241100x8000000000000000758676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb7f45d7d9f64a02021-12-20 15:55:36.925root 11241100x8000000000000000758677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e815e794a288e5522021-12-20 15:55:36.925root 11241100x8000000000000000758678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd51097573ac9502021-12-20 15:55:36.925root 11241100x8000000000000000758679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7088c3f18f329c412021-12-20 15:55:36.925root 11241100x8000000000000000758680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4590aff370afa32021-12-20 15:55:36.925root 11241100x8000000000000000758681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5ef9e053aa4d2b2021-12-20 15:55:36.925root 11241100x8000000000000000758682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388c14c8505b95b22021-12-20 15:55:36.926root 11241100x8000000000000000758683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9505d6e336d2b3482021-12-20 15:55:36.926root 11241100x8000000000000000758684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598fb7f013c4820f2021-12-20 15:55:36.926root 11241100x8000000000000000758685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafb2c2dc01701c92021-12-20 15:55:36.926root 11241100x8000000000000000758686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bed3ec9de199a82021-12-20 15:55:36.926root 11241100x8000000000000000758687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e94be696c3bc4592021-12-20 15:55:36.926root 11241100x8000000000000000758688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f0df9dbb5048042021-12-20 15:55:36.926root 11241100x8000000000000000758689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a927a478bc437432021-12-20 15:55:36.926root 11241100x8000000000000000758690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4143f9ac4f45eb2021-12-20 15:55:36.926root 11241100x8000000000000000758691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ad5323310c397a2021-12-20 15:55:36.926root 11241100x8000000000000000758692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c43a5699e586ab2021-12-20 15:55:36.926root 11241100x8000000000000000758693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df251d591be4ec82021-12-20 15:55:36.927root 11241100x8000000000000000758694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf35eab7d1510dc2021-12-20 15:55:36.927root 11241100x8000000000000000758695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b02684e816a98c62021-12-20 15:55:36.927root 11241100x8000000000000000758696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83af8f94180f6c22021-12-20 15:55:36.927root 11241100x8000000000000000758697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980590987e8788712021-12-20 15:55:36.927root 11241100x8000000000000000758698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c237d1c7e8498b372021-12-20 15:55:37.424root 11241100x8000000000000000758699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dbb3b54a0a202f2021-12-20 15:55:37.424root 11241100x8000000000000000758700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e43601320d469372021-12-20 15:55:37.424root 11241100x8000000000000000758701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f21a418f22e0652021-12-20 15:55:37.425root 11241100x8000000000000000758702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840dc4f642fdda4c2021-12-20 15:55:37.425root 11241100x8000000000000000758703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff83ed346f2d7bb2021-12-20 15:55:37.425root 11241100x8000000000000000758704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f810195863b55d2021-12-20 15:55:37.425root 11241100x8000000000000000758705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ada7fa4f6960ef2021-12-20 15:55:37.425root 11241100x8000000000000000758706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8315a033beb5a92021-12-20 15:55:37.425root 11241100x8000000000000000758707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa9dbd2b5cdfa772021-12-20 15:55:37.425root 11241100x8000000000000000758708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330f446adb61b1e72021-12-20 15:55:37.426root 11241100x8000000000000000758709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87914ee5e1a2ef62021-12-20 15:55:37.426root 11241100x8000000000000000758710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed135369d42101342021-12-20 15:55:37.426root 11241100x8000000000000000758711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54d4418c811ca852021-12-20 15:55:37.426root 11241100x8000000000000000758712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c65e57ad95bfc2021-12-20 15:55:37.426root 11241100x8000000000000000758713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa5d92e4faf99d82021-12-20 15:55:37.426root 11241100x8000000000000000758714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be02ea2f09e40592021-12-20 15:55:37.426root 11241100x8000000000000000758715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503e3ad3ad849c412021-12-20 15:55:37.427root 11241100x8000000000000000758716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2e4e324ae3f95f2021-12-20 15:55:37.427root 11241100x8000000000000000758717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a794f3e9419c8e872021-12-20 15:55:37.427root 11241100x8000000000000000758718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5070e4252d2618052021-12-20 15:55:37.427root 11241100x8000000000000000758719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc90d2e36af7b77b2021-12-20 15:55:37.427root 11241100x8000000000000000758720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3ca27445a8d0b32021-12-20 15:55:37.428root 11241100x8000000000000000758721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45dcd380231778b2021-12-20 15:55:37.428root 11241100x8000000000000000758722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cef0257b495cd8f2021-12-20 15:55:37.428root 11241100x8000000000000000758723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949cb321d1cf40d32021-12-20 15:55:37.428root 11241100x8000000000000000758724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dec9490618f3b222021-12-20 15:55:37.429root 11241100x8000000000000000758725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed84dcb59d2477482021-12-20 15:55:37.429root 11241100x8000000000000000758726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b36dc541a365b02021-12-20 15:55:37.429root 11241100x8000000000000000758727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada7cc4663120afd2021-12-20 15:55:37.429root 11241100x8000000000000000758728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff55f02fc1df2c742021-12-20 15:55:37.429root 11241100x8000000000000000758729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b1d3b26691b7cc2021-12-20 15:55:37.429root 11241100x8000000000000000758730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43da833144f481fd2021-12-20 15:55:37.429root 11241100x8000000000000000758731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e3cf24155ef3b42021-12-20 15:55:37.430root 11241100x8000000000000000758732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03535a3fc2f7a3fc2021-12-20 15:55:37.430root 11241100x8000000000000000758733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a548530365d342a2021-12-20 15:55:37.924root 11241100x8000000000000000758734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835f9258825fa9702021-12-20 15:55:37.924root 11241100x8000000000000000758735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46001dacb8f3c89d2021-12-20 15:55:37.924root 11241100x8000000000000000758736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0637163b5222b0e2021-12-20 15:55:37.924root 11241100x8000000000000000758737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd369eb345ed56952021-12-20 15:55:37.925root 11241100x8000000000000000758738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0189361d483f9c2021-12-20 15:55:37.925root 11241100x8000000000000000758739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1b28a37ec4310c2021-12-20 15:55:37.925root 11241100x8000000000000000758740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b100a3594f2599ee2021-12-20 15:55:37.925root 11241100x8000000000000000758741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6f7c53251a45a52021-12-20 15:55:37.925root 11241100x8000000000000000758742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9247b922fc7d13af2021-12-20 15:55:37.925root 11241100x8000000000000000758743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfe4917e3bdfd082021-12-20 15:55:37.925root 11241100x8000000000000000758744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4062507dacf4aef12021-12-20 15:55:37.925root 11241100x8000000000000000758745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dc0eae1b73c8532021-12-20 15:55:37.925root 11241100x8000000000000000758746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c304c6356ddf90582021-12-20 15:55:37.925root 11241100x8000000000000000758747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f64aaf364422ac32021-12-20 15:55:37.925root 11241100x8000000000000000758748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e261199881226892021-12-20 15:55:37.925root 11241100x8000000000000000758749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f3c49fb7ee58ec2021-12-20 15:55:37.926root 11241100x8000000000000000758750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63c4cfb4bfe3d122021-12-20 15:55:37.926root 11241100x8000000000000000758751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb8266934c06c012021-12-20 15:55:37.926root 11241100x8000000000000000758752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e0e9122d2307da2021-12-20 15:55:37.926root 11241100x8000000000000000758753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b620e618c187906d2021-12-20 15:55:37.926root 11241100x8000000000000000758754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d070972534a37b22021-12-20 15:55:37.926root 11241100x8000000000000000758755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03606da4d6c3ddb2021-12-20 15:55:37.926root 11241100x8000000000000000758756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b05fe3cacf46362021-12-20 15:55:37.926root 11241100x8000000000000000758757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d308af425260dd2021-12-20 15:55:37.926root 11241100x8000000000000000758758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5125ca748b82df252021-12-20 15:55:37.926root 11241100x8000000000000000758759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027808c41271df052021-12-20 15:55:37.926root 11241100x8000000000000000758760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac7b5152172c3be2021-12-20 15:55:37.927root 11241100x8000000000000000758761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217b13e1ace3e2dd2021-12-20 15:55:37.927root 11241100x8000000000000000758762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f4012f3069f2852021-12-20 15:55:37.927root 11241100x8000000000000000758763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4d6d4efa602f462021-12-20 15:55:38.424root 11241100x8000000000000000758764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76275aa8e572fcd92021-12-20 15:55:38.424root 11241100x8000000000000000758765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6fab43a17108be2021-12-20 15:55:38.424root 11241100x8000000000000000758766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b9131de5d47df82021-12-20 15:55:38.424root 11241100x8000000000000000758767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6794fdb33ba01592021-12-20 15:55:38.424root 11241100x8000000000000000758768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6630756a25e5602021-12-20 15:55:38.425root 11241100x8000000000000000758769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e7d088c6cae5cd2021-12-20 15:55:38.425root 11241100x8000000000000000758770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d83ac42957bd7972021-12-20 15:55:38.425root 11241100x8000000000000000758771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f38da8d4fb69b802021-12-20 15:55:38.425root 11241100x8000000000000000758772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02b517e0a9193192021-12-20 15:55:38.425root 11241100x8000000000000000758773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98063f86cac0a3b2021-12-20 15:55:38.425root 11241100x8000000000000000758774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c4be664120b1be2021-12-20 15:55:38.425root 11241100x8000000000000000758775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4774634a3fd185e62021-12-20 15:55:38.426root 11241100x8000000000000000758776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f420e68aadde8f2021-12-20 15:55:38.426root 11241100x8000000000000000758777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82069c5ac87ce3de2021-12-20 15:55:38.426root 11241100x8000000000000000758778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4697109dc69619ca2021-12-20 15:55:38.426root 11241100x8000000000000000758779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02f029995d2f4802021-12-20 15:55:38.426root 11241100x8000000000000000758780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3c56faea84a2572021-12-20 15:55:38.426root 11241100x8000000000000000758781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7757318cd06f45742021-12-20 15:55:38.427root 11241100x8000000000000000758782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf9212f6eec800c2021-12-20 15:55:38.427root 11241100x8000000000000000758783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4890c3ccaf8966002021-12-20 15:55:38.427root 11241100x8000000000000000758784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8dbcc1f90a3fb02021-12-20 15:55:38.427root 11241100x8000000000000000758785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13673069e12222492021-12-20 15:55:38.427root 11241100x8000000000000000758786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075fba782ed2253f2021-12-20 15:55:38.427root 11241100x8000000000000000758787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5955297bcf0f482021-12-20 15:55:38.427root 11241100x8000000000000000758788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b26d5d8feec73c2021-12-20 15:55:38.427root 11241100x8000000000000000758789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f43845ab7cc15382021-12-20 15:55:38.427root 11241100x8000000000000000758790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6b9b3b9894ddc42021-12-20 15:55:38.428root 11241100x8000000000000000758791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dfe0ac9cfe9e0a2021-12-20 15:55:38.428root 11241100x8000000000000000758792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6381008affc017282021-12-20 15:55:38.428root 11241100x8000000000000000758793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7b6618d494e0072021-12-20 15:55:38.428root 11241100x8000000000000000758794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b9e2216d7a287e2021-12-20 15:55:38.924root 11241100x8000000000000000758795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180ad59bd03e88192021-12-20 15:55:38.925root 11241100x8000000000000000758796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f462bfe77be56b6f2021-12-20 15:55:38.925root 11241100x8000000000000000758797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e8e5c5d2ce63fb2021-12-20 15:55:38.925root 11241100x8000000000000000758798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0a9fd51bf351052021-12-20 15:55:38.925root 11241100x8000000000000000758799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc1427a2c25baa32021-12-20 15:55:38.925root 11241100x8000000000000000758800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdd0b5db5c1353f2021-12-20 15:55:38.925root 11241100x8000000000000000758801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2c9536926175172021-12-20 15:55:38.925root 11241100x8000000000000000758802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a691c48f6e9cea042021-12-20 15:55:38.926root 11241100x8000000000000000758803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe58fd03f97e27b2021-12-20 15:55:38.926root 11241100x8000000000000000758804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61518ef57822cd712021-12-20 15:55:38.926root 11241100x8000000000000000758805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc183ac5d0aaede2021-12-20 15:55:38.926root 11241100x8000000000000000758806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce5c5322e7782922021-12-20 15:55:38.926root 11241100x8000000000000000758807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4880d32ac15035af2021-12-20 15:55:38.926root 11241100x8000000000000000758808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3780c696147c24dc2021-12-20 15:55:38.926root 11241100x8000000000000000758809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14985ef7f1537812021-12-20 15:55:38.926root 11241100x8000000000000000758810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fdaa82e3c8578d2021-12-20 15:55:38.926root 11241100x8000000000000000758811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0ae8c546cdbd7e2021-12-20 15:55:38.926root 11241100x8000000000000000758812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310abc35f4610c7f2021-12-20 15:55:38.926root 11241100x8000000000000000758813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d14c054a9a5088a2021-12-20 15:55:38.926root 11241100x8000000000000000758814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad797b7f540a9982021-12-20 15:55:38.926root 11241100x8000000000000000758815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09048a47cf0fb4c52021-12-20 15:55:38.926root 11241100x8000000000000000758816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f233ef9e997cc2b2021-12-20 15:55:38.926root 11241100x8000000000000000758817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde1374bad8a7f5c2021-12-20 15:55:38.927root 11241100x8000000000000000758818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5622cb6ec62125592021-12-20 15:55:38.927root 11241100x8000000000000000758819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e665b577386a06372021-12-20 15:55:38.927root 11241100x8000000000000000758820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2393f7a34860c0932021-12-20 15:55:38.927root 11241100x8000000000000000758821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094753bb20e5ff622021-12-20 15:55:38.927root 11241100x8000000000000000758822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cfe22db56a43fc2021-12-20 15:55:38.927root 11241100x8000000000000000758823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c88cd6ba6a51a52021-12-20 15:55:38.927root 23542300x8000000000000000758824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000758825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927ffc863fef55532021-12-20 15:55:39.424root 11241100x8000000000000000758826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113e5231480253e02021-12-20 15:55:39.424root 11241100x8000000000000000758827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293b0deb378b08842021-12-20 15:55:39.425root 11241100x8000000000000000758828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cfce98ee0d0b492021-12-20 15:55:39.425root 11241100x8000000000000000758829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4a0ac1f39ed3a32021-12-20 15:55:39.425root 11241100x8000000000000000758830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43b19ccc41e17352021-12-20 15:55:39.425root 11241100x8000000000000000758831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39d46fc80a271852021-12-20 15:55:39.425root 11241100x8000000000000000758832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fba1159b9cb96f2021-12-20 15:55:39.426root 11241100x8000000000000000758833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2487e8b918367a2021-12-20 15:55:39.426root 11241100x8000000000000000758834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a910c77efec704502021-12-20 15:55:39.426root 11241100x8000000000000000758835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b958c24201c12812021-12-20 15:55:39.426root 11241100x8000000000000000758836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789e8aa1d8e3fb052021-12-20 15:55:39.426root 11241100x8000000000000000758837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185abcb68dbc73652021-12-20 15:55:39.426root 11241100x8000000000000000758838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a71acde9be357582021-12-20 15:55:39.427root 11241100x8000000000000000758839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878d56e970ac0b2f2021-12-20 15:55:39.427root 11241100x8000000000000000758840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f358a3d3d951aa2021-12-20 15:55:39.427root 11241100x8000000000000000758841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9c5dc1d49485612021-12-20 15:55:39.427root 11241100x8000000000000000758842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5678dc15a1ca722021-12-20 15:55:39.427root 11241100x8000000000000000758843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c162cd135b850d2021-12-20 15:55:39.427root 11241100x8000000000000000758844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39c41a759f9f8122021-12-20 15:55:39.427root 11241100x8000000000000000758845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1598cca1dec63732021-12-20 15:55:39.428root 11241100x8000000000000000758846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c4b232fea633592021-12-20 15:55:39.428root 11241100x8000000000000000758847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d02c3194f3a8162021-12-20 15:55:39.428root 11241100x8000000000000000758848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c4136f38f171b62021-12-20 15:55:39.428root 11241100x8000000000000000758849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f4d31ff851d34d2021-12-20 15:55:39.428root 11241100x8000000000000000758850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e651ead585c20a2021-12-20 15:55:39.429root 11241100x8000000000000000758851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bb6090a2cc17df2021-12-20 15:55:39.429root 11241100x8000000000000000758852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a5058511929ed52021-12-20 15:55:39.429root 11241100x8000000000000000758853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4818e01b1b487672021-12-20 15:55:39.429root 11241100x8000000000000000758854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75df18a63093ada52021-12-20 15:55:39.429root 11241100x8000000000000000758855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cdd5c19e6505392021-12-20 15:55:39.430root 11241100x8000000000000000758856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e033a68321f530712021-12-20 15:55:39.430root 11241100x8000000000000000758857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb0b545efe533172021-12-20 15:55:39.924root 11241100x8000000000000000758858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e48cb4178ad77682021-12-20 15:55:39.924root 11241100x8000000000000000758859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11510e4c458eea5b2021-12-20 15:55:39.924root 11241100x8000000000000000758860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24bc670179d15092021-12-20 15:55:39.924root 11241100x8000000000000000758861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e46c61beaf2ad2e2021-12-20 15:55:39.925root 11241100x8000000000000000758862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37e13788038defd2021-12-20 15:55:39.925root 11241100x8000000000000000758863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0214a5b8d36eeb9a2021-12-20 15:55:39.925root 11241100x8000000000000000758864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dc24746d87eb5b2021-12-20 15:55:39.925root 11241100x8000000000000000758865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb3020bcffa308a2021-12-20 15:55:39.925root 11241100x8000000000000000758866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c671bd74e8202a92021-12-20 15:55:39.925root 11241100x8000000000000000758867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd69fbb8da6473e12021-12-20 15:55:39.925root 11241100x8000000000000000758868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997f02e4d45b9fc72021-12-20 15:55:39.925root 11241100x8000000000000000758869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110b78ae7675b1de2021-12-20 15:55:39.925root 11241100x8000000000000000758870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b4664c819f430b2021-12-20 15:55:39.925root 11241100x8000000000000000758871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f7d966a8f9dccc2021-12-20 15:55:39.925root 11241100x8000000000000000758872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3153ac3ef666102021-12-20 15:55:39.926root 11241100x8000000000000000758873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29716f9271705a732021-12-20 15:55:39.926root 11241100x8000000000000000758874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f058fdaddbe5d12021-12-20 15:55:39.926root 11241100x8000000000000000758875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f115dbcca2795252021-12-20 15:55:39.926root 11241100x8000000000000000758876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca637e2ff6b5f9d22021-12-20 15:55:39.926root 11241100x8000000000000000758877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65326956c86951df2021-12-20 15:55:39.926root 11241100x8000000000000000758878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f8e0326156960c2021-12-20 15:55:39.926root 11241100x8000000000000000758879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4deff811c976d15c2021-12-20 15:55:39.926root 11241100x8000000000000000758880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4412d31a6f2698b62021-12-20 15:55:39.926root 11241100x8000000000000000758881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea410f0a40422482021-12-20 15:55:39.926root 11241100x8000000000000000758882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e70755cb958428d2021-12-20 15:55:39.926root 11241100x8000000000000000758883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311c2bbbccb6b3042021-12-20 15:55:39.927root 11241100x8000000000000000758884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ee6cdfabd3e7072021-12-20 15:55:39.927root 11241100x8000000000000000758885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc2ff71df856d742021-12-20 15:55:39.927root 11241100x8000000000000000758886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faca77035aca2b692021-12-20 15:55:39.927root 11241100x8000000000000000758887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6540035692eb3c2021-12-20 15:55:39.927root 11241100x8000000000000000758888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369b8a75486a0f182021-12-20 15:55:39.927root 11241100x8000000000000000758889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637c0689ff89f1a92021-12-20 15:55:39.927root 11241100x8000000000000000758890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be04736d9d2bb9f52021-12-20 15:55:39.927root 11241100x8000000000000000758891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696e61f24e0596842021-12-20 15:55:39.927root 11241100x8000000000000000758892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e76bb49aec3ac92021-12-20 15:55:39.927root 11241100x8000000000000000758893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07c1d15a274f4cb2021-12-20 15:55:39.927root 11241100x8000000000000000758894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95a283c03e87fd92021-12-20 15:55:39.928root 354300x8000000000000000758895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.088{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51382-false10.0.1.12-8000- 11241100x8000000000000000758896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4293db0b9cd976922021-12-20 15:55:40.424root 11241100x8000000000000000758897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7940c7fddd9bcd02021-12-20 15:55:40.424root 11241100x8000000000000000758898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c187ce7995cbb9e32021-12-20 15:55:40.424root 11241100x8000000000000000758899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed935b00a80893d2021-12-20 15:55:40.424root 11241100x8000000000000000758900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d9e8ec0e443a772021-12-20 15:55:40.425root 11241100x8000000000000000758901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6628da84777e3ef42021-12-20 15:55:40.425root 11241100x8000000000000000758902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5751a13292be53862021-12-20 15:55:40.425root 11241100x8000000000000000758903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ec65de2c04fc242021-12-20 15:55:40.425root 11241100x8000000000000000758904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea3e221ac153e2f2021-12-20 15:55:40.425root 11241100x8000000000000000758905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e307cb5ada5db2092021-12-20 15:55:40.425root 11241100x8000000000000000758906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cfa308eb10f8222021-12-20 15:55:40.426root 11241100x8000000000000000758907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b53427a48b495e2021-12-20 15:55:40.426root 11241100x8000000000000000758908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32668977a5aab4e52021-12-20 15:55:40.426root 11241100x8000000000000000758909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1b7a305a62c13a2021-12-20 15:55:40.426root 11241100x8000000000000000758910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087fef7dff4316442021-12-20 15:55:40.426root 11241100x8000000000000000758911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04469404b97c13ee2021-12-20 15:55:40.426root 11241100x8000000000000000758912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510847a2feaec65b2021-12-20 15:55:40.426root 11241100x8000000000000000758913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe48c5d270172332021-12-20 15:55:40.426root 11241100x8000000000000000758914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ad268461ddb6f42021-12-20 15:55:40.426root 11241100x8000000000000000758915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a355bb7e83a4b1c2021-12-20 15:55:40.427root 11241100x8000000000000000758916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3211e17dfcb9d6832021-12-20 15:55:40.427root 11241100x8000000000000000758917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c361c8703a0dec932021-12-20 15:55:40.427root 11241100x8000000000000000758918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa06b791c7c07ae62021-12-20 15:55:40.427root 11241100x8000000000000000758919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5a7fb8f6e876e32021-12-20 15:55:40.427root 11241100x8000000000000000758920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c35f36ecc44f4942021-12-20 15:55:40.427root 11241100x8000000000000000758921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033c983851de43df2021-12-20 15:55:40.427root 11241100x8000000000000000758922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da3e3aa8011c0f62021-12-20 15:55:40.428root 11241100x8000000000000000758923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee38f5c85f9f4492021-12-20 15:55:40.428root 11241100x8000000000000000758924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f93d76e5c708842021-12-20 15:55:40.428root 11241100x8000000000000000758925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936205f9ded1c2912021-12-20 15:55:40.428root 11241100x8000000000000000758926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391457a78bbaab4e2021-12-20 15:55:40.428root 11241100x8000000000000000758927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1c7f5e3bf148dd2021-12-20 15:55:40.428root 11241100x8000000000000000758928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c2c861b75d5aad2021-12-20 15:55:40.429root 11241100x8000000000000000758929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a760156bc926502021-12-20 15:55:40.429root 11241100x8000000000000000758930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde8ac83928cf7062021-12-20 15:55:40.429root 11241100x8000000000000000758931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eab8e49c03f8b412021-12-20 15:55:40.924root 11241100x8000000000000000758932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2440ccf1ff9ceed32021-12-20 15:55:40.924root 11241100x8000000000000000758933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e02aed3d2a8b7882021-12-20 15:55:40.925root 11241100x8000000000000000758934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34abadc44c3b0c3f2021-12-20 15:55:40.925root 11241100x8000000000000000758935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e598addee9ea4a2021-12-20 15:55:40.925root 11241100x8000000000000000758936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b587bd8d260e462021-12-20 15:55:40.925root 11241100x8000000000000000758937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337e217573259b2a2021-12-20 15:55:40.925root 11241100x8000000000000000758938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36055e885e0f9ee32021-12-20 15:55:40.925root 11241100x8000000000000000758939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd39e19e2102d5212021-12-20 15:55:40.925root 11241100x8000000000000000758940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccb7196fb57e9da2021-12-20 15:55:40.925root 11241100x8000000000000000758941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea29a54c94e051c2021-12-20 15:55:40.925root 11241100x8000000000000000758942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3e13d2e7b69f132021-12-20 15:55:40.925root 11241100x8000000000000000758943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bdd7b66c1dddae2021-12-20 15:55:40.925root 11241100x8000000000000000758944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b447be9e2d633c22021-12-20 15:55:40.926root 11241100x8000000000000000758945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af564f451df418a2021-12-20 15:55:40.926root 11241100x8000000000000000758946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80aaf0f0ba70a11e2021-12-20 15:55:40.926root 11241100x8000000000000000758947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188348733bd544d22021-12-20 15:55:40.926root 11241100x8000000000000000758948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488c0c2f72062b282021-12-20 15:55:40.926root 11241100x8000000000000000758949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e00690a258ef5a82021-12-20 15:55:40.926root 11241100x8000000000000000758950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d3ae3b31e0a3742021-12-20 15:55:40.926root 11241100x8000000000000000758951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec5be801444f6ca2021-12-20 15:55:40.926root 11241100x8000000000000000758952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0044c9a38f3d3992021-12-20 15:55:40.926root 11241100x8000000000000000758953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0ceac9dc093a9c2021-12-20 15:55:40.926root 11241100x8000000000000000758954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c1dbbbfb8228af2021-12-20 15:55:40.926root 11241100x8000000000000000758955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f72582b6f2c47d2021-12-20 15:55:40.927root 11241100x8000000000000000758956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d25ae1e5cc4faa2021-12-20 15:55:40.927root 11241100x8000000000000000758957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c546291832e2b7672021-12-20 15:55:40.927root 11241100x8000000000000000758958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b556845cafd20d2021-12-20 15:55:40.927root 11241100x8000000000000000758959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facb4b10d1d45e622021-12-20 15:55:40.927root 11241100x8000000000000000758960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4407c8d73f6bb8852021-12-20 15:55:40.927root 11241100x8000000000000000758961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf14d02a574b7f032021-12-20 15:55:40.927root 11241100x8000000000000000758962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb2de859edcb6562021-12-20 15:55:40.927root 11241100x8000000000000000758963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe77688676a1580d2021-12-20 15:55:40.927root 11241100x8000000000000000758964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7658c14c759e0d2021-12-20 15:55:40.927root 11241100x8000000000000000758965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e0a30963a7a9e72021-12-20 15:55:40.927root 11241100x8000000000000000758966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3781d6f3b1062d412021-12-20 15:55:40.928root 11241100x8000000000000000758967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4329419e9a85ff72021-12-20 15:55:40.928root 11241100x8000000000000000758968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bcc72f748e3a972021-12-20 15:55:40.928root 11241100x8000000000000000758969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d53d95c94a86712021-12-20 15:55:40.928root 11241100x8000000000000000758970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2318108c6f19fa82021-12-20 15:55:40.928root 11241100x8000000000000000758971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b715749613335bc2021-12-20 15:55:40.928root 11241100x8000000000000000758972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd202f8ea48c15632021-12-20 15:55:40.928root 11241100x8000000000000000758973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c048dd78b745463f2021-12-20 15:55:40.928root 11241100x8000000000000000758974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a412f16eb8bece2021-12-20 15:55:41.424root 11241100x8000000000000000758975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc717c7293f20ca42021-12-20 15:55:41.424root 11241100x8000000000000000758976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32933e41d6ba70d82021-12-20 15:55:41.425root 11241100x8000000000000000758977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79bf6fac10d9d0e2021-12-20 15:55:41.425root 11241100x8000000000000000758978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128cb21b425f5c042021-12-20 15:55:41.425root 11241100x8000000000000000758979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebced78ad85a449b2021-12-20 15:55:41.425root 11241100x8000000000000000758980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8029e6e4961330f62021-12-20 15:55:41.425root 11241100x8000000000000000758981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96f1b3effad38d42021-12-20 15:55:41.425root 11241100x8000000000000000758982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c3049f64df59a82021-12-20 15:55:41.426root 11241100x8000000000000000758983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f0ab790b880bc42021-12-20 15:55:41.426root 11241100x8000000000000000758984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a5493635d46dff2021-12-20 15:55:41.426root 11241100x8000000000000000758985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eb61da47a93cf52021-12-20 15:55:41.426root 11241100x8000000000000000758986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8784d40f2f622fb62021-12-20 15:55:41.426root 11241100x8000000000000000758987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63d91ed900758be2021-12-20 15:55:41.426root 11241100x8000000000000000758988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b35a17c35d543742021-12-20 15:55:41.426root 11241100x8000000000000000758989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885c7e0099e68a512021-12-20 15:55:41.426root 11241100x8000000000000000758990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cc3dc2e9cd33f42021-12-20 15:55:41.426root 11241100x8000000000000000758991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20e82b28363d8002021-12-20 15:55:41.426root 11241100x8000000000000000758992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181e751366ba2f0b2021-12-20 15:55:41.426root 11241100x8000000000000000758993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29672e39cdfe77d2021-12-20 15:55:41.427root 11241100x8000000000000000758994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1dc56d76c084a72021-12-20 15:55:41.427root 11241100x8000000000000000758995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a7cbc411a684f62021-12-20 15:55:41.427root 11241100x8000000000000000758996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b80bd46f956a102021-12-20 15:55:41.427root 11241100x8000000000000000758997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e65951f9b65f5312021-12-20 15:55:41.427root 11241100x8000000000000000758998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f6d195eba5e2b92021-12-20 15:55:41.427root 11241100x8000000000000000758999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf08f12bf2bb4b22021-12-20 15:55:41.428root 11241100x8000000000000000759000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf3f6b4de58ddf92021-12-20 15:55:41.428root 11241100x8000000000000000759001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2c42294d8a9d482021-12-20 15:55:41.428root 11241100x8000000000000000759002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f91e0d0f5734e192021-12-20 15:55:41.428root 11241100x8000000000000000759003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279bff114dac51982021-12-20 15:55:41.428root 11241100x8000000000000000759004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c92fddedc2a70e2021-12-20 15:55:41.429root 11241100x8000000000000000759005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0e9d0f35c2f5de2021-12-20 15:55:41.429root 11241100x8000000000000000759006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4e6b5553592cce2021-12-20 15:55:41.429root 11241100x8000000000000000759007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac7084ca3073cc02021-12-20 15:55:41.429root 11241100x8000000000000000759008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685d30d555b275272021-12-20 15:55:41.924root 11241100x8000000000000000759009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3861d2db0df82ac22021-12-20 15:55:41.924root 11241100x8000000000000000759010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3ef06576a410e32021-12-20 15:55:41.925root 11241100x8000000000000000759011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5867fc8338ce13a2021-12-20 15:55:41.925root 11241100x8000000000000000759012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf384b6f77a234852021-12-20 15:55:41.925root 11241100x8000000000000000759013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268efa5eae10286b2021-12-20 15:55:41.925root 11241100x8000000000000000759014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d8c2aa33bc3f7f2021-12-20 15:55:41.925root 11241100x8000000000000000759015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9b31b98eadc42e2021-12-20 15:55:41.925root 11241100x8000000000000000759016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a857414b67e13792021-12-20 15:55:41.926root 11241100x8000000000000000759017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b41027043c76222021-12-20 15:55:41.926root 11241100x8000000000000000759018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28c721f5b9f28022021-12-20 15:55:41.926root 11241100x8000000000000000759019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de47a2665cedc29e2021-12-20 15:55:41.926root 11241100x8000000000000000759020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26630ace0bd50fd22021-12-20 15:55:41.926root 11241100x8000000000000000759021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d828990e362954502021-12-20 15:55:41.926root 11241100x8000000000000000759022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7612b241918c88412021-12-20 15:55:41.926root 11241100x8000000000000000759023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3596e2d50312ceae2021-12-20 15:55:41.926root 11241100x8000000000000000759024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e682c8fd861ef932021-12-20 15:55:41.927root 11241100x8000000000000000759025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da4e5a52e7603462021-12-20 15:55:41.927root 11241100x8000000000000000759026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d8b6be27dc32012021-12-20 15:55:41.927root 11241100x8000000000000000759027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a127d0f443264ef2021-12-20 15:55:41.927root 11241100x8000000000000000759028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5a77640c6f832b2021-12-20 15:55:41.927root 11241100x8000000000000000759029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd001a76e1b7f79c2021-12-20 15:55:41.927root 11241100x8000000000000000759030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a16b3efda402a122021-12-20 15:55:41.927root 11241100x8000000000000000759031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444f2e2df56d91b02021-12-20 15:55:41.928root 11241100x8000000000000000759032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaedd26d29ded2b2021-12-20 15:55:41.928root 11241100x8000000000000000759033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c22a244da5058f72021-12-20 15:55:41.928root 11241100x8000000000000000759034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bbcdf0347ae2552021-12-20 15:55:41.929root 11241100x8000000000000000759035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01a76e296bb30112021-12-20 15:55:41.929root 11241100x8000000000000000759036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee88590ff28256ce2021-12-20 15:55:41.929root 11241100x8000000000000000759037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ee831383b7ad102021-12-20 15:55:41.929root 11241100x8000000000000000759038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee377e9b80dfeb52021-12-20 15:55:41.929root 11241100x8000000000000000759039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2af54a96de2ad192021-12-20 15:55:41.929root 11241100x8000000000000000759040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2be09c9273151fe2021-12-20 15:55:41.929root 11241100x8000000000000000759041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94829f428945a8682021-12-20 15:55:41.929root 11241100x8000000000000000759042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c9d4e8dcf9e6b72021-12-20 15:55:42.424root 11241100x8000000000000000759043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42532339787e47b32021-12-20 15:55:42.424root 11241100x8000000000000000759044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0230cda4b84d8e722021-12-20 15:55:42.424root 11241100x8000000000000000759045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5e27ad43300d7b2021-12-20 15:55:42.424root 11241100x8000000000000000759046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04241edda0018892021-12-20 15:55:42.424root 11241100x8000000000000000759047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00884d4a0b0622e12021-12-20 15:55:42.425root 11241100x8000000000000000759048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3d31686c982b562021-12-20 15:55:42.425root 11241100x8000000000000000759049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813d31f9d523efb12021-12-20 15:55:42.425root 11241100x8000000000000000759050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b0a7cb2b40f75d2021-12-20 15:55:42.425root 11241100x8000000000000000759051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad75c06e905cb0d32021-12-20 15:55:42.425root 11241100x8000000000000000759052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9f562be61b16a72021-12-20 15:55:42.425root 11241100x8000000000000000759053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc3be57ad016bc42021-12-20 15:55:42.425root 11241100x8000000000000000759054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1731591b335f9c2021-12-20 15:55:42.426root 11241100x8000000000000000759055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64136371f34eaef12021-12-20 15:55:42.426root 11241100x8000000000000000759056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38581b2d1b3ca98e2021-12-20 15:55:42.426root 11241100x8000000000000000759057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c96488d542f0892021-12-20 15:55:42.426root 11241100x8000000000000000759058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10af67ddafb1f2932021-12-20 15:55:42.426root 11241100x8000000000000000759059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85d7ce44d2504712021-12-20 15:55:42.426root 11241100x8000000000000000759060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e67787b5692795f2021-12-20 15:55:42.426root 11241100x8000000000000000759061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8879647047667ad92021-12-20 15:55:42.427root 11241100x8000000000000000759062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f782e18afb0c68e22021-12-20 15:55:42.427root 11241100x8000000000000000759063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1e4ecbb2af832f2021-12-20 15:55:42.427root 11241100x8000000000000000759064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595cce292c9cf3a82021-12-20 15:55:42.427root 11241100x8000000000000000759065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b174df6268b49a3b2021-12-20 15:55:42.427root 11241100x8000000000000000759066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0a89cd0a2bb10b2021-12-20 15:55:42.427root 11241100x8000000000000000759067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53435aebd5c5af32021-12-20 15:55:42.427root 11241100x8000000000000000759068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b4c6fe1c71fa322021-12-20 15:55:42.427root 11241100x8000000000000000759069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61e6a3a45e9a0602021-12-20 15:55:42.427root 11241100x8000000000000000759070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c6197eb71546572021-12-20 15:55:42.427root 11241100x8000000000000000759071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49542931a6f8c6a82021-12-20 15:55:42.427root 11241100x8000000000000000759072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9045fd266ee3d20e2021-12-20 15:55:42.428root 11241100x8000000000000000759073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6853c97f9705a72021-12-20 15:55:42.428root 11241100x8000000000000000759074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba08ed4389907dc22021-12-20 15:55:42.428root 11241100x8000000000000000759075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcfe42897c2ec8b2021-12-20 15:55:42.428root 11241100x8000000000000000759076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb569f9494731ad2021-12-20 15:55:42.428root 11241100x8000000000000000759077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9edc157eb1e79852021-12-20 15:55:42.428root 11241100x8000000000000000759078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e084a7d5868232a22021-12-20 15:55:42.428root 11241100x8000000000000000759079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dc4f9aed93d7ed2021-12-20 15:55:42.428root 11241100x8000000000000000759080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f9948e17afe8ba2021-12-20 15:55:42.428root 11241100x8000000000000000759081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831743c8b60250c22021-12-20 15:55:42.428root 11241100x8000000000000000759082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1736eeac026fa32021-12-20 15:55:42.428root 11241100x8000000000000000759083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67afc61eabe37a522021-12-20 15:55:42.428root 11241100x8000000000000000759084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2eaaafc56356362021-12-20 15:55:42.429root 11241100x8000000000000000759085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4cf789386241482021-12-20 15:55:42.429root 11241100x8000000000000000759086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bdda72fcd0c63a2021-12-20 15:55:42.429root 11241100x8000000000000000759087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2902bb348db68f412021-12-20 15:55:42.429root 11241100x8000000000000000759088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce87456f43589082021-12-20 15:55:42.429root 11241100x8000000000000000759089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a66401fd8242962021-12-20 15:55:42.429root 11241100x8000000000000000759090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c859ab7c910a1e2021-12-20 15:55:42.429root 11241100x8000000000000000759091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59686c01ac5a5c9b2021-12-20 15:55:42.429root 11241100x8000000000000000759092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e05e88578f4ecf62021-12-20 15:55:42.429root 11241100x8000000000000000759093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da49cfbcd13fee762021-12-20 15:55:42.429root 11241100x8000000000000000759094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3637dc2a6d15598f2021-12-20 15:55:42.924root 11241100x8000000000000000759095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f6c4d28ad5b5262021-12-20 15:55:42.924root 11241100x8000000000000000759096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e5e2b937ee13db2021-12-20 15:55:42.924root 11241100x8000000000000000759097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9d76efe6fa7f712021-12-20 15:55:42.924root 11241100x8000000000000000759098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73bf4f66339fa3b2021-12-20 15:55:42.924root 11241100x8000000000000000759099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a2674aed6c3dc22021-12-20 15:55:42.925root 11241100x8000000000000000759100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708afcefd3a1b1df2021-12-20 15:55:42.925root 11241100x8000000000000000759101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa506f92a9760db2021-12-20 15:55:42.925root 11241100x8000000000000000759102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63328e6aae3daee72021-12-20 15:55:42.925root 11241100x8000000000000000759103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48048b3a36b73dec2021-12-20 15:55:42.925root 11241100x8000000000000000759104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddc02aec5a7c3f02021-12-20 15:55:42.925root 11241100x8000000000000000759105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114cbda9c68d92922021-12-20 15:55:42.925root 11241100x8000000000000000759106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb911ad30fb486ea2021-12-20 15:55:42.925root 11241100x8000000000000000759107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e038bc4a53f00022021-12-20 15:55:42.925root 11241100x8000000000000000759108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cdcf7135778e662021-12-20 15:55:42.926root 11241100x8000000000000000759109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b02050d6bb92af22021-12-20 15:55:42.926root 11241100x8000000000000000759110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5672a91d4ed09bd2021-12-20 15:55:42.926root 11241100x8000000000000000759111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424af07a92e115792021-12-20 15:55:42.926root 11241100x8000000000000000759112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004e33874cf61f002021-12-20 15:55:42.926root 11241100x8000000000000000759113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed68a467142ece672021-12-20 15:55:42.926root 11241100x8000000000000000759114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb32b26d8852fb22021-12-20 15:55:42.927root 11241100x8000000000000000759115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12af0645502822042021-12-20 15:55:42.927root 11241100x8000000000000000759116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b41ee279305a4f2021-12-20 15:55:42.927root 11241100x8000000000000000759117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcc7088dfd7bf3f2021-12-20 15:55:42.927root 11241100x8000000000000000759118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baea6fb830a529582021-12-20 15:55:42.927root 11241100x8000000000000000759119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f51304e7358a21d2021-12-20 15:55:42.927root 11241100x8000000000000000759120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b07fd3672f95a02021-12-20 15:55:42.927root 11241100x8000000000000000759121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67bcefada2270a62021-12-20 15:55:42.927root 11241100x8000000000000000759122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4cc3e3bbbc25892021-12-20 15:55:42.928root 11241100x8000000000000000759123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0a730403f4c1502021-12-20 15:55:42.928root 11241100x8000000000000000759124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8903c783787fe29d2021-12-20 15:55:42.928root 11241100x8000000000000000759125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0fd54604ac2f732021-12-20 15:55:42.928root 11241100x8000000000000000759126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aec789226055eb2021-12-20 15:55:42.928root 11241100x8000000000000000759127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96c09e65eef563d2021-12-20 15:55:42.928root 11241100x8000000000000000759128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c51bcbb27294c7c2021-12-20 15:55:42.928root 11241100x8000000000000000759129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b95e5f3311f1e822021-12-20 15:55:42.928root 11241100x8000000000000000759130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81e596cfb88a5b22021-12-20 15:55:42.929root 11241100x8000000000000000759131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe47c70b28c566c2021-12-20 15:55:42.929root 11241100x8000000000000000759132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b347c2b33393eb002021-12-20 15:55:42.929root 11241100x8000000000000000759133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384d34bab2e560d12021-12-20 15:55:42.930root 11241100x8000000000000000759134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa8a1a60c6a52c62021-12-20 15:55:42.930root 11241100x8000000000000000759135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623b0f5c36ee877b2021-12-20 15:55:42.930root 11241100x8000000000000000759136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee059cdeb952f852021-12-20 15:55:42.930root 11241100x8000000000000000759137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9270d5a2beec3f2021-12-20 15:55:42.930root 11241100x8000000000000000759138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6946986555ff6a092021-12-20 15:55:42.930root 11241100x8000000000000000759139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5893a6a8c29a10a2021-12-20 15:55:42.930root 11241100x8000000000000000759140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9babeb8414568f792021-12-20 15:55:43.424root 11241100x8000000000000000759141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b52bb9f3fb1ed82021-12-20 15:55:43.424root 11241100x8000000000000000759142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d09a1bd188a4452021-12-20 15:55:43.424root 11241100x8000000000000000759143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341a7e6acbe0a5702021-12-20 15:55:43.424root 11241100x8000000000000000759144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a5c9c59ce8c7ec2021-12-20 15:55:43.424root 11241100x8000000000000000759145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f366bca30243c9512021-12-20 15:55:43.424root 11241100x8000000000000000759146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe12063717c4f492021-12-20 15:55:43.425root 11241100x8000000000000000759147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7d53726c8c93c22021-12-20 15:55:43.425root 11241100x8000000000000000759148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c1c3a11bd7e1b12021-12-20 15:55:43.425root 11241100x8000000000000000759149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d367cafb725d2c2021-12-20 15:55:43.425root 11241100x8000000000000000759150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b2146297416e6e2021-12-20 15:55:43.425root 11241100x8000000000000000759151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69301748c1eb5d1a2021-12-20 15:55:43.425root 11241100x8000000000000000759152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa4d9f557c468612021-12-20 15:55:43.425root 11241100x8000000000000000759153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad4aaf6b42c68832021-12-20 15:55:43.425root 11241100x8000000000000000759154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a24cf2caf3c1372021-12-20 15:55:43.425root 11241100x8000000000000000759155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce29a152864f81c62021-12-20 15:55:43.426root 11241100x8000000000000000759156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92957dab462f8db2021-12-20 15:55:43.426root 11241100x8000000000000000759157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3c8b198e4c5cd62021-12-20 15:55:43.426root 11241100x8000000000000000759158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a944c5614a9954b2021-12-20 15:55:43.426root 11241100x8000000000000000759159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a5ccdd5df768ad2021-12-20 15:55:43.426root 11241100x8000000000000000759160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97304099c74e1aea2021-12-20 15:55:43.426root 11241100x8000000000000000759161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5a6811396594012021-12-20 15:55:43.426root 11241100x8000000000000000759162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36bfbcfb320b3bd2021-12-20 15:55:43.426root 11241100x8000000000000000759163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ad894a026f2e822021-12-20 15:55:43.427root 11241100x8000000000000000759164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1afe3c6b738ffe2021-12-20 15:55:43.427root 11241100x8000000000000000759165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd5122d723ab0762021-12-20 15:55:43.427root 11241100x8000000000000000759166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1319f74bf1ee13b82021-12-20 15:55:43.427root 11241100x8000000000000000759167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb49053fbd62512a2021-12-20 15:55:43.427root 11241100x8000000000000000759168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e98ac04ddd88b72021-12-20 15:55:43.428root 11241100x8000000000000000759169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a778e27431a369d2021-12-20 15:55:43.428root 11241100x8000000000000000759170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec7dbd116d892be2021-12-20 15:55:43.428root 11241100x8000000000000000759171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0219c49ff2c73b12021-12-20 15:55:43.428root 11241100x8000000000000000759172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8a24299f76df1d2021-12-20 15:55:43.428root 11241100x8000000000000000759173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909a3a2fde5b0af92021-12-20 15:55:43.429root 11241100x8000000000000000759174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404239e5d08493842021-12-20 15:55:43.429root 11241100x8000000000000000759175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90595c47dc14f9632021-12-20 15:55:43.429root 11241100x8000000000000000759176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88927694ecb998fa2021-12-20 15:55:43.429root 11241100x8000000000000000759177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69a2d4cc9382f212021-12-20 15:55:43.429root 11241100x8000000000000000759178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdbe1df14b1913f2021-12-20 15:55:43.429root 11241100x8000000000000000759179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcb664213667db82021-12-20 15:55:43.429root 11241100x8000000000000000759180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7f7d4c858d456d2021-12-20 15:55:43.429root 11241100x8000000000000000759181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49c6c4132ecbda32021-12-20 15:55:43.430root 11241100x8000000000000000759182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b027009d7631fc62021-12-20 15:55:43.430root 11241100x8000000000000000759183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4fbd85bc7be61d2021-12-20 15:55:43.430root 11241100x8000000000000000759184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5250c642b27119622021-12-20 15:55:43.430root 11241100x8000000000000000759185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5663e5ee353d612021-12-20 15:55:43.430root 11241100x8000000000000000759186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed914715065c18f2021-12-20 15:55:43.924root 11241100x8000000000000000759187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eda45b46da647992021-12-20 15:55:43.924root 11241100x8000000000000000759188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eaf9f52f94b1af2021-12-20 15:55:43.924root 11241100x8000000000000000759189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb993f5c7efec472021-12-20 15:55:43.925root 11241100x8000000000000000759190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478a90f3f545927c2021-12-20 15:55:43.925root 11241100x8000000000000000759191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3000df22e28126922021-12-20 15:55:43.925root 11241100x8000000000000000759192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f0c414a3b53fa22021-12-20 15:55:43.925root 11241100x8000000000000000759193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326496bd8e0767532021-12-20 15:55:43.925root 11241100x8000000000000000759194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f43e787184f6ff2021-12-20 15:55:43.925root 11241100x8000000000000000759195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f542f92011b9dc92021-12-20 15:55:43.925root 11241100x8000000000000000759196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5cb2d5e067db5f2021-12-20 15:55:43.925root 11241100x8000000000000000759197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103f99434d4482382021-12-20 15:55:43.925root 11241100x8000000000000000759198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33af0a2ad43d00172021-12-20 15:55:43.926root 11241100x8000000000000000759199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7b8900548d70992021-12-20 15:55:43.926root 11241100x8000000000000000759200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f7ad7e695f61e2021-12-20 15:55:43.926root 11241100x8000000000000000759201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff450aaae6b8b22b2021-12-20 15:55:43.926root 11241100x8000000000000000759202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c0ebf2e4ae9f7d2021-12-20 15:55:43.926root 11241100x8000000000000000759203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0d629d4d3539e12021-12-20 15:55:43.926root 11241100x8000000000000000759204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c68524e6496861f2021-12-20 15:55:43.927root 11241100x8000000000000000759205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1563b135264bcb322021-12-20 15:55:43.927root 11241100x8000000000000000759206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2a841d01a1f6532021-12-20 15:55:43.927root 11241100x8000000000000000759207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37487590179350e22021-12-20 15:55:43.927root 11241100x8000000000000000759208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4964c5f83eecbdbc2021-12-20 15:55:43.927root 11241100x8000000000000000759209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d602c1c85b2109f2021-12-20 15:55:43.927root 11241100x8000000000000000759210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d327965a46af42021-12-20 15:55:43.927root 11241100x8000000000000000759211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ca54a78bc9bbeb2021-12-20 15:55:43.927root 11241100x8000000000000000759212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43215c5240c45c262021-12-20 15:55:43.927root 11241100x8000000000000000759213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2315db50c0cd60b2021-12-20 15:55:43.927root 11241100x8000000000000000759214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d80d6e002253812021-12-20 15:55:43.928root 11241100x8000000000000000759215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44be5ef8819e3ed82021-12-20 15:55:43.928root 11241100x8000000000000000759216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c59fe403a76e4f02021-12-20 15:55:43.928root 11241100x8000000000000000759217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760460d4c88d812c2021-12-20 15:55:43.928root 11241100x8000000000000000759218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff960a0ee2a78942021-12-20 15:55:43.928root 11241100x8000000000000000759219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e64d9ca58fd3e32021-12-20 15:55:43.928root 11241100x8000000000000000759220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8778fdfafd2b4452021-12-20 15:55:43.928root 11241100x8000000000000000759221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fdd0d7f26b58582021-12-20 15:55:43.928root 11241100x8000000000000000759222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646af469d35f2c752021-12-20 15:55:43.928root 11241100x8000000000000000759223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963df38f2eef9a2b2021-12-20 15:55:43.928root 11241100x8000000000000000759224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a692d95f856d202021-12-20 15:55:43.928root 11241100x8000000000000000759225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bb85f4053be90c2021-12-20 15:55:43.928root 11241100x8000000000000000759226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586ca8cc41912df02021-12-20 15:55:43.929root 11241100x8000000000000000759227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9067401b17bc5212021-12-20 15:55:44.424root 11241100x8000000000000000759228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cac811e16ed1622021-12-20 15:55:44.424root 11241100x8000000000000000759229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fb9d810c36fafa2021-12-20 15:55:44.424root 11241100x8000000000000000759230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3667cc8dc0a1b7da2021-12-20 15:55:44.425root 11241100x8000000000000000759231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3e6a9a19a5ccd32021-12-20 15:55:44.425root 11241100x8000000000000000759232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78d811125b28c552021-12-20 15:55:44.425root 11241100x8000000000000000759233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eb58c901d8425d2021-12-20 15:55:44.425root 11241100x8000000000000000759234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a018f27570035182021-12-20 15:55:44.425root 11241100x8000000000000000759235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8ffcc57d7957f72021-12-20 15:55:44.425root 11241100x8000000000000000759236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8c4380a3fb4ddc2021-12-20 15:55:44.425root 11241100x8000000000000000759237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476656ec0fc910892021-12-20 15:55:44.425root 11241100x8000000000000000759238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb5d029b02e080f2021-12-20 15:55:44.425root 11241100x8000000000000000759239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9539f7b8796a9602021-12-20 15:55:44.425root 11241100x8000000000000000759240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582a5fa985ca24d82021-12-20 15:55:44.425root 11241100x8000000000000000759241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89096c7605098b162021-12-20 15:55:44.426root 11241100x8000000000000000759242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d69d6b3971bf022021-12-20 15:55:44.426root 11241100x8000000000000000759243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4eeb2454d7ea262021-12-20 15:55:44.426root 11241100x8000000000000000759244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4f0a878d3ef6cf2021-12-20 15:55:44.426root 11241100x8000000000000000759245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14653dada03a0222021-12-20 15:55:44.426root 11241100x8000000000000000759246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16563e631ef6febb2021-12-20 15:55:44.427root 11241100x8000000000000000759247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45917fef223fbba2021-12-20 15:55:44.427root 11241100x8000000000000000759248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ef0a891ec756a62021-12-20 15:55:44.427root 11241100x8000000000000000759249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cf85cc9b57dadc2021-12-20 15:55:44.427root 11241100x8000000000000000759250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21bbb401a45b1cf2021-12-20 15:55:44.427root 11241100x8000000000000000759251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee0b5e56b168cae2021-12-20 15:55:44.427root 11241100x8000000000000000759252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44638174e86d061f2021-12-20 15:55:44.427root 11241100x8000000000000000759253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03f954d17eae3a82021-12-20 15:55:44.427root 11241100x8000000000000000759254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced50a4500ad922a2021-12-20 15:55:44.427root 11241100x8000000000000000759255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a63be53eac4ab62021-12-20 15:55:44.427root 11241100x8000000000000000759256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6911ecc0904698572021-12-20 15:55:44.428root 11241100x8000000000000000759257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faff121f259dcc0a2021-12-20 15:55:44.428root 11241100x8000000000000000759258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceb6e8a41b3da072021-12-20 15:55:44.428root 11241100x8000000000000000759259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c2ddbd6a08d3732021-12-20 15:55:44.924root 11241100x8000000000000000759260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfc9f23e2be92d02021-12-20 15:55:44.924root 11241100x8000000000000000759261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4edb29e2d47f7a42021-12-20 15:55:44.924root 11241100x8000000000000000759262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ce48f57a6de6cc2021-12-20 15:55:44.925root 11241100x8000000000000000759263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d29babd2e7ecff2021-12-20 15:55:44.925root 11241100x8000000000000000759264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5824bd6299d5a62021-12-20 15:55:44.925root 11241100x8000000000000000759265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18a6a15382f9b062021-12-20 15:55:44.925root 11241100x8000000000000000759266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efffc410e1a71de72021-12-20 15:55:44.925root 11241100x8000000000000000759267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521b146ca90ba9402021-12-20 15:55:44.925root 11241100x8000000000000000759268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec30637d1beb7912021-12-20 15:55:44.925root 11241100x8000000000000000759269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418319bce6f8ef1b2021-12-20 15:55:44.925root 11241100x8000000000000000759270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f4f31c2732e8d22021-12-20 15:55:44.925root 11241100x8000000000000000759271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ccb953d41dbbc62021-12-20 15:55:44.926root 11241100x8000000000000000759272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5609acba3a38ae02021-12-20 15:55:44.926root 11241100x8000000000000000759273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e371237df6ae26d2021-12-20 15:55:44.926root 11241100x8000000000000000759274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cf3f30a43888e62021-12-20 15:55:44.926root 11241100x8000000000000000759275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2b6a3274ebff282021-12-20 15:55:44.926root 11241100x8000000000000000759276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ad1a2de1485e3c2021-12-20 15:55:44.926root 11241100x8000000000000000759277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cf19b19fcc08162021-12-20 15:55:44.926root 11241100x8000000000000000759278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497631dc7ee67f962021-12-20 15:55:44.926root 11241100x8000000000000000759279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4f2e86bb210a102021-12-20 15:55:44.927root 11241100x8000000000000000759280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b9a72e17d3bbc32021-12-20 15:55:44.927root 11241100x8000000000000000759281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b9951284e24b032021-12-20 15:55:44.927root 11241100x8000000000000000759282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf44e7df4b3f3ec2021-12-20 15:55:44.927root 11241100x8000000000000000759283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96b4dee67532ee42021-12-20 15:55:44.927root 11241100x8000000000000000759284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd377077dadcc592021-12-20 15:55:44.927root 11241100x8000000000000000759285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f2c369431cafa52021-12-20 15:55:44.927root 11241100x8000000000000000759286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae34ddaec172e9582021-12-20 15:55:44.928root 11241100x8000000000000000759287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea799385cb0a1cfe2021-12-20 15:55:44.928root 11241100x8000000000000000759288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5fd95d6a7876a72021-12-20 15:55:44.928root 11241100x8000000000000000759289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9064f2269c7b752021-12-20 15:55:44.928root 11241100x8000000000000000759290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefe3ad32cdab5602021-12-20 15:55:44.928root 11241100x8000000000000000759291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd56e180723f3792021-12-20 15:55:44.929root 11241100x8000000000000000759292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:44.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9e67ff598a903d2021-12-20 15:55:44.929root 354300x8000000000000000759293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.102{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51384-false10.0.1.12-8000- 11241100x8000000000000000759294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dffed1d3b7d77582021-12-20 15:55:45.424root 11241100x8000000000000000759295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185f605996e58e762021-12-20 15:55:45.425root 11241100x8000000000000000759296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c9223509e86ecc2021-12-20 15:55:45.425root 11241100x8000000000000000759297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90eab9adf4a78b4d2021-12-20 15:55:45.425root 11241100x8000000000000000759298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178311baa1e5a4922021-12-20 15:55:45.425root 11241100x8000000000000000759299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111cda6b3274507a2021-12-20 15:55:45.425root 11241100x8000000000000000759300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e3fda1bdafd3e92021-12-20 15:55:45.426root 11241100x8000000000000000759301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13461869839a9622021-12-20 15:55:45.426root 11241100x8000000000000000759302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286e22ed1f9bdd062021-12-20 15:55:45.426root 11241100x8000000000000000759303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1dbd5bf6b4f6cd2021-12-20 15:55:45.426root 11241100x8000000000000000759304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6178e992e0d7c8932021-12-20 15:55:45.427root 11241100x8000000000000000759305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1e2b5d6a7738162021-12-20 15:55:45.427root 11241100x8000000000000000759306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13090283742b05d22021-12-20 15:55:45.427root 11241100x8000000000000000759307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236adc07291118c82021-12-20 15:55:45.427root 11241100x8000000000000000759308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdb813edb1c33082021-12-20 15:55:45.427root 11241100x8000000000000000759309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d0352f21474cfc2021-12-20 15:55:45.427root 11241100x8000000000000000759310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a699225167da652021-12-20 15:55:45.427root 11241100x8000000000000000759311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231aa81a8f9aa5b42021-12-20 15:55:45.427root 11241100x8000000000000000759312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ae7bde921421622021-12-20 15:55:45.428root 11241100x8000000000000000759313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45c9e780f45f652021-12-20 15:55:45.428root 11241100x8000000000000000759314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb8d598dcad7d1b2021-12-20 15:55:45.428root 11241100x8000000000000000759315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a1dd9fbeb072e42021-12-20 15:55:45.428root 11241100x8000000000000000759316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a258833281e6ef52021-12-20 15:55:45.428root 11241100x8000000000000000759317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5485c8c276fb6bbb2021-12-20 15:55:45.428root 11241100x8000000000000000759318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf6af0792474ba12021-12-20 15:55:45.428root 11241100x8000000000000000759319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b6e1248d9b4e0e2021-12-20 15:55:45.429root 11241100x8000000000000000759320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e749ec59ace924752021-12-20 15:55:45.429root 11241100x8000000000000000759321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfe628393eed3302021-12-20 15:55:45.429root 11241100x8000000000000000759322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c0b8169e566a9b2021-12-20 15:55:45.430root 11241100x8000000000000000759323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae406b9f9d509402021-12-20 15:55:45.430root 11241100x8000000000000000759324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297e53f7925ebc3c2021-12-20 15:55:45.430root 11241100x8000000000000000759325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8776497cb22b5c842021-12-20 15:55:45.430root 11241100x8000000000000000759326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16668726fc9426022021-12-20 15:55:45.430root 11241100x8000000000000000759327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4840b7f91c5e56962021-12-20 15:55:45.430root 11241100x8000000000000000759328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9429d9fcceecaa112021-12-20 15:55:45.431root 11241100x8000000000000000759329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b92844b0e42a892021-12-20 15:55:45.431root 11241100x8000000000000000759330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf16cc5ae2a60382021-12-20 15:55:45.431root 11241100x8000000000000000759331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c8f97f906d7ea22021-12-20 15:55:45.432root 11241100x8000000000000000759332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c351b9ed91134df2021-12-20 15:55:45.432root 11241100x8000000000000000759333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ca3b75ecee53d72021-12-20 15:55:45.432root 11241100x8000000000000000759334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a6e0b32b514cc02021-12-20 15:55:45.432root 11241100x8000000000000000759335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319d392f974efc552021-12-20 15:55:45.433root 11241100x8000000000000000759336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec9b8c1eaf86b972021-12-20 15:55:45.433root 11241100x8000000000000000759337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e43c52a6eccd5062021-12-20 15:55:45.434root 11241100x8000000000000000759338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266791c04b20c5722021-12-20 15:55:45.434root 11241100x8000000000000000759339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e49321f76eba482021-12-20 15:55:45.434root 11241100x8000000000000000759340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4e186f6103737a2021-12-20 15:55:45.434root 11241100x8000000000000000759341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f7378c1722563b2021-12-20 15:55:45.434root 11241100x8000000000000000759342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bd893089566eef2021-12-20 15:55:45.435root 11241100x8000000000000000759343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf6c9ae27981f332021-12-20 15:55:45.435root 11241100x8000000000000000759344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8221d24f7ed463852021-12-20 15:55:45.435root 11241100x8000000000000000759345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23d8aa714437e142021-12-20 15:55:45.435root 11241100x8000000000000000759346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d554ae76c4514a5a2021-12-20 15:55:45.436root 11241100x8000000000000000759347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabbfd386a23918f2021-12-20 15:55:45.436root 11241100x8000000000000000759348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76480ea03da003b22021-12-20 15:55:45.436root 11241100x8000000000000000759349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60384a2bed4a4e892021-12-20 15:55:45.436root 11241100x8000000000000000759350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26f0de0ea7449dc2021-12-20 15:55:45.436root 11241100x8000000000000000759351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9499a43e781357282021-12-20 15:55:45.436root 11241100x8000000000000000759352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b904b2b511482692021-12-20 15:55:45.436root 11241100x8000000000000000759353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cd129e2e0db3872021-12-20 15:55:45.436root 11241100x8000000000000000759354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4600b51d77db58e2021-12-20 15:55:45.437root 11241100x8000000000000000759355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59675a8d9cd2e4e02021-12-20 15:55:45.437root 11241100x8000000000000000759356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5540e3ebc2a2412021-12-20 15:55:45.437root 11241100x8000000000000000759357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b970b672dcbee9e2021-12-20 15:55:45.924root 11241100x8000000000000000759358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5ffd4e401e06bd2021-12-20 15:55:45.924root 11241100x8000000000000000759359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e7b3284ef9d4192021-12-20 15:55:45.924root 11241100x8000000000000000759360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99286423c5728202021-12-20 15:55:45.925root 11241100x8000000000000000759361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cfe5fde9674ef82021-12-20 15:55:45.925root 11241100x8000000000000000759362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df548d1b72e8fc4d2021-12-20 15:55:45.925root 11241100x8000000000000000759363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b695328c17e2cf292021-12-20 15:55:45.925root 11241100x8000000000000000759364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb37acbe8c381a0f2021-12-20 15:55:45.925root 11241100x8000000000000000759365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97176cfa784abf52021-12-20 15:55:45.925root 11241100x8000000000000000759366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27227db86d2877f92021-12-20 15:55:45.925root 11241100x8000000000000000759367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98194f3311216d6a2021-12-20 15:55:45.925root 11241100x8000000000000000759368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d97c7192cc0e812021-12-20 15:55:45.925root 11241100x8000000000000000759369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cebbdc1f6bedda72021-12-20 15:55:45.926root 11241100x8000000000000000759370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886b20d7aa0defb72021-12-20 15:55:45.926root 11241100x8000000000000000759371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9451a49a97b722502021-12-20 15:55:45.926root 11241100x8000000000000000759372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61a069244cd32f22021-12-20 15:55:45.926root 11241100x8000000000000000759373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77000fcea0b7cb42021-12-20 15:55:45.926root 11241100x8000000000000000759374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba415de671d6cb12021-12-20 15:55:45.926root 11241100x8000000000000000759375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16442d7fef95c1ca2021-12-20 15:55:45.926root 11241100x8000000000000000759376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5887da21942301b2021-12-20 15:55:45.927root 11241100x8000000000000000759377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed437d1618d44652021-12-20 15:55:45.927root 11241100x8000000000000000759378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16ccc42b64e9bee2021-12-20 15:55:45.928root 11241100x8000000000000000759379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32912bbd32fbd672021-12-20 15:55:45.928root 11241100x8000000000000000759380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2eeba4f92145e02021-12-20 15:55:45.928root 11241100x8000000000000000759381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae105ba0b9476562021-12-20 15:55:45.928root 11241100x8000000000000000759382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e3c35e41edb7612021-12-20 15:55:45.929root 11241100x8000000000000000759383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20afc170b824c262021-12-20 15:55:45.929root 11241100x8000000000000000759384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290d0300df3314342021-12-20 15:55:45.929root 11241100x8000000000000000759385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5da7c8684856572021-12-20 15:55:45.929root 11241100x8000000000000000759386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1e0930a4c16c452021-12-20 15:55:45.929root 11241100x8000000000000000759387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838db6521a8c954f2021-12-20 15:55:45.929root 11241100x8000000000000000759388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6417727756029a2021-12-20 15:55:45.930root 11241100x8000000000000000759389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf5def0c9418e62021-12-20 15:55:45.931root 11241100x8000000000000000759390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab86cb7d2bab2a092021-12-20 15:55:45.931root 11241100x8000000000000000759391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa200e6a62ff3dc2021-12-20 15:55:45.931root 11241100x8000000000000000759392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a41e04691e873a2021-12-20 15:55:45.931root 11241100x8000000000000000759393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef15f22feb28d5f2021-12-20 15:55:45.931root 11241100x8000000000000000759394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed27a81f7f1f0ff2021-12-20 15:55:45.932root 11241100x8000000000000000759395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7df237072fdebdc2021-12-20 15:55:45.932root 11241100x8000000000000000759396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f459883724cf70442021-12-20 15:55:45.932root 11241100x8000000000000000759397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2230e5befb3e2ff32021-12-20 15:55:45.932root 11241100x8000000000000000759398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e42b972441052e62021-12-20 15:55:45.932root 11241100x8000000000000000759399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dac60ad6a7afd112021-12-20 15:55:45.932root 11241100x8000000000000000759400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:45.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7991a001b54dae9a2021-12-20 15:55:45.933root 11241100x8000000000000000759401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80ff9feed24c61e2021-12-20 15:55:46.424root 11241100x8000000000000000759402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95456b9ad0c0b482021-12-20 15:55:46.424root 11241100x8000000000000000759403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e08f4cf2d3d57012021-12-20 15:55:46.424root 11241100x8000000000000000759404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33df665ad8db29632021-12-20 15:55:46.424root 11241100x8000000000000000759405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12962e59ac4676222021-12-20 15:55:46.425root 11241100x8000000000000000759406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3711d40d5b913f962021-12-20 15:55:46.425root 11241100x8000000000000000759407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcb481b9aaa5d622021-12-20 15:55:46.425root 11241100x8000000000000000759408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465f584c97bde8f02021-12-20 15:55:46.425root 11241100x8000000000000000759409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4579ccb54a28bb2021-12-20 15:55:46.425root 11241100x8000000000000000759410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014288d9992c33382021-12-20 15:55:46.425root 11241100x8000000000000000759411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab79c33f804744d52021-12-20 15:55:46.426root 11241100x8000000000000000759412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a950406e939663ed2021-12-20 15:55:46.426root 11241100x8000000000000000759413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedfb1e9c5e149f32021-12-20 15:55:46.427root 11241100x8000000000000000759414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4805c400c9a3b64f2021-12-20 15:55:46.428root 11241100x8000000000000000759415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a23f3d5c47f1fa2021-12-20 15:55:46.428root 11241100x8000000000000000759416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88655660d283cf812021-12-20 15:55:46.428root 11241100x8000000000000000759417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d390c795a5bf152021-12-20 15:55:46.428root 11241100x8000000000000000759418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a15ff8b35f26fa2021-12-20 15:55:46.428root 11241100x8000000000000000759419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffc4d260db6c0342021-12-20 15:55:46.428root 11241100x8000000000000000759420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2730f0879a40e12021-12-20 15:55:46.429root 11241100x8000000000000000759421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304a1cee8faa94e72021-12-20 15:55:46.429root 11241100x8000000000000000759422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24825e712ad1d29d2021-12-20 15:55:46.429root 11241100x8000000000000000759423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20e42d07ae88a912021-12-20 15:55:46.429root 11241100x8000000000000000759424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e8b24e322513b82021-12-20 15:55:46.429root 11241100x8000000000000000759425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146eb2be646e66482021-12-20 15:55:46.429root 11241100x8000000000000000759426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110943f5404b9a8b2021-12-20 15:55:46.429root 11241100x8000000000000000759427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d31f832c84bfd32021-12-20 15:55:46.429root 11241100x8000000000000000759428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56caedfe01d5d8c32021-12-20 15:55:46.429root 11241100x8000000000000000759429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2234063153f6eca52021-12-20 15:55:46.430root 11241100x8000000000000000759430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08234522a39302192021-12-20 15:55:46.430root 11241100x8000000000000000759431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833d83179aa7e73d2021-12-20 15:55:46.430root 11241100x8000000000000000759432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd601615392fd8592021-12-20 15:55:46.430root 11241100x8000000000000000759433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2462027d4df356b92021-12-20 15:55:46.430root 11241100x8000000000000000759434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42671d86d5f7cb992021-12-20 15:55:46.430root 11241100x8000000000000000759435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14bd4d3c9b01f422021-12-20 15:55:46.430root 11241100x8000000000000000759436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1245ba7cf8208f32021-12-20 15:55:46.430root 11241100x8000000000000000759437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2792a6eccf001b0e2021-12-20 15:55:46.430root 11241100x8000000000000000759438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708d08bd100f84802021-12-20 15:55:46.924root 11241100x8000000000000000759439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1e5e0ebef892582021-12-20 15:55:46.924root 11241100x8000000000000000759440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e555c36b07695392021-12-20 15:55:46.924root 11241100x8000000000000000759441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c69493d4a5f80e32021-12-20 15:55:46.925root 11241100x8000000000000000759442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025e29f39c005e162021-12-20 15:55:46.925root 11241100x8000000000000000759443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13fbd0ffd52d18f2021-12-20 15:55:46.925root 11241100x8000000000000000759444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fa6b8838dd02322021-12-20 15:55:46.925root 11241100x8000000000000000759445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4da03992d870f52021-12-20 15:55:46.925root 11241100x8000000000000000759446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f1f69501f3f63d2021-12-20 15:55:46.925root 11241100x8000000000000000759447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7eef29f722ca1a2021-12-20 15:55:46.925root 11241100x8000000000000000759448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa067f3e9896d8052021-12-20 15:55:46.925root 11241100x8000000000000000759449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7205f4a05ed2602021-12-20 15:55:46.926root 11241100x8000000000000000759450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f90556974294a82021-12-20 15:55:46.926root 11241100x8000000000000000759451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed3ccfa8d9212c72021-12-20 15:55:46.926root 11241100x8000000000000000759452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0cd272f4510f352021-12-20 15:55:46.926root 11241100x8000000000000000759453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42372e30829e8fd92021-12-20 15:55:46.926root 11241100x8000000000000000759454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7185b07cad0306d22021-12-20 15:55:46.926root 11241100x8000000000000000759455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6335e12240612f2f2021-12-20 15:55:46.926root 11241100x8000000000000000759456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba16e1fdc73312732021-12-20 15:55:46.926root 11241100x8000000000000000759457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d032b46b765c25fd2021-12-20 15:55:46.927root 11241100x8000000000000000759458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62284a2d9c13a162021-12-20 15:55:46.927root 11241100x8000000000000000759459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051bef6672ad5ecf2021-12-20 15:55:46.927root 11241100x8000000000000000759460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d968762b5bc99ff2021-12-20 15:55:46.927root 11241100x8000000000000000759461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fbdcdae992afd92021-12-20 15:55:46.927root 11241100x8000000000000000759462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025abef73dfbf8782021-12-20 15:55:46.927root 11241100x8000000000000000759463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad94aeb2defd1f52021-12-20 15:55:46.928root 11241100x8000000000000000759464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480154efa11081002021-12-20 15:55:46.928root 11241100x8000000000000000759465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7adcbdca7a43d32021-12-20 15:55:46.928root 11241100x8000000000000000759466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259cf80bce0b176a2021-12-20 15:55:46.929root 11241100x8000000000000000759467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9ae5b2fc2b3c562021-12-20 15:55:46.929root 11241100x8000000000000000759468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8206440a0e6c722021-12-20 15:55:46.929root 11241100x8000000000000000759469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8757cf8664168ad52021-12-20 15:55:46.929root 11241100x8000000000000000759470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fbefd1994711ec2021-12-20 15:55:46.929root 11241100x8000000000000000759471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f77f8cbbecad94c2021-12-20 15:55:46.929root 11241100x8000000000000000759472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5aeecb4c468e382021-12-20 15:55:46.929root 11241100x8000000000000000759473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc567bad4f736da2021-12-20 15:55:46.929root 11241100x8000000000000000759474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c117285f61f017472021-12-20 15:55:46.929root 11241100x8000000000000000759475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9839b2f9752d402021-12-20 15:55:46.929root 11241100x8000000000000000759476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44be6c9e79e71a22021-12-20 15:55:46.930root 11241100x8000000000000000759477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15708accec14fe0d2021-12-20 15:55:46.930root 11241100x8000000000000000759478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b29a40d89f48622021-12-20 15:55:46.930root 11241100x8000000000000000759479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:46.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cf5e5bc4517d2f2021-12-20 15:55:46.930root 11241100x8000000000000000759480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e0b01c04e42aed2021-12-20 15:55:47.424root 11241100x8000000000000000759481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d37790f77174e4f2021-12-20 15:55:47.424root 11241100x8000000000000000759482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d37c4db2c805b142021-12-20 15:55:47.424root 11241100x8000000000000000759483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2571507115d5f2492021-12-20 15:55:47.424root 11241100x8000000000000000759484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373b4c6285382ae52021-12-20 15:55:47.424root 11241100x8000000000000000759485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026401b160b0af432021-12-20 15:55:47.425root 11241100x8000000000000000759486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fcf973677e14e52021-12-20 15:55:47.425root 11241100x8000000000000000759487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fb11e970ed0a232021-12-20 15:55:47.425root 11241100x8000000000000000759488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bcd48b926b4efd2021-12-20 15:55:47.425root 11241100x8000000000000000759489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e24318ead3fbb872021-12-20 15:55:47.425root 11241100x8000000000000000759490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec72a35d885e42c2021-12-20 15:55:47.425root 11241100x8000000000000000759491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102d01293ac8d41d2021-12-20 15:55:47.425root 11241100x8000000000000000759492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7c4c1ebecc2ff52021-12-20 15:55:47.425root 11241100x8000000000000000759493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1219d2a272e5ad6c2021-12-20 15:55:47.425root 11241100x8000000000000000759494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab32de1c97f0e8f42021-12-20 15:55:47.426root 11241100x8000000000000000759495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036e05da1b199f842021-12-20 15:55:47.426root 11241100x8000000000000000759496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dc1757f3243b2a2021-12-20 15:55:47.426root 11241100x8000000000000000759497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915eaf2aea1675462021-12-20 15:55:47.426root 11241100x8000000000000000759498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6100526d19940f92021-12-20 15:55:47.426root 11241100x8000000000000000759499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995c0b8b5f2662ea2021-12-20 15:55:47.426root 11241100x8000000000000000759500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bf388bc10c94d62021-12-20 15:55:47.426root 11241100x8000000000000000759501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27423a7a853cf2772021-12-20 15:55:47.427root 11241100x8000000000000000759502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b9d7f77f53bf922021-12-20 15:55:47.427root 11241100x8000000000000000759503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb48bca18524e8c2021-12-20 15:55:47.427root 11241100x8000000000000000759504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0255e6a9b67ba4b2021-12-20 15:55:47.427root 11241100x8000000000000000759505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fbc0e70de2709c2021-12-20 15:55:47.427root 11241100x8000000000000000759506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c49cd3bf70915c82021-12-20 15:55:47.427root 11241100x8000000000000000759507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f6a1d1d0ee842f2021-12-20 15:55:47.428root 11241100x8000000000000000759508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff2272998e8216c2021-12-20 15:55:47.428root 11241100x8000000000000000759509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96650c24457b36e02021-12-20 15:55:47.428root 11241100x8000000000000000759510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4acd3b0c1050052021-12-20 15:55:47.428root 11241100x8000000000000000759511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc463b831eed8672021-12-20 15:55:47.428root 11241100x8000000000000000759512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664544e43220e66e2021-12-20 15:55:47.428root 11241100x8000000000000000759513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f4ae70663f6a952021-12-20 15:55:47.428root 11241100x8000000000000000759514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37840c0950463ac82021-12-20 15:55:47.428root 11241100x8000000000000000759515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830aa6290d7c6c9c2021-12-20 15:55:47.429root 11241100x8000000000000000759516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39488b2fd3253ab32021-12-20 15:55:47.429root 11241100x8000000000000000759517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a09101751f499b2021-12-20 15:55:47.429root 11241100x8000000000000000759518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85b4d8db8460f782021-12-20 15:55:47.429root 11241100x8000000000000000759519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236c2f3e485f03fd2021-12-20 15:55:47.429root 11241100x8000000000000000759520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f143d1b6a1bc5972021-12-20 15:55:47.924root 11241100x8000000000000000759521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc1df0f33fcdbe92021-12-20 15:55:47.924root 11241100x8000000000000000759522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447c606d5815b4552021-12-20 15:55:47.924root 11241100x8000000000000000759523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536bc69b192aba622021-12-20 15:55:47.925root 11241100x8000000000000000759524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d074b5583994f2021-12-20 15:55:47.925root 11241100x8000000000000000759525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46e8997fe3a3c172021-12-20 15:55:47.925root 11241100x8000000000000000759526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f9b4be22bcdccc2021-12-20 15:55:47.925root 11241100x8000000000000000759527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1525ced62b6edd102021-12-20 15:55:47.925root 11241100x8000000000000000759528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce5c367577b14042021-12-20 15:55:47.925root 11241100x8000000000000000759529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b9b5c50732ae182021-12-20 15:55:47.925root 11241100x8000000000000000759530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c385b778abfeb10e2021-12-20 15:55:47.926root 11241100x8000000000000000759531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341ce7fa64a6d81a2021-12-20 15:55:47.926root 11241100x8000000000000000759532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5f431d3bb21fd22021-12-20 15:55:47.926root 11241100x8000000000000000759533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9804c1957728f04a2021-12-20 15:55:47.926root 11241100x8000000000000000759534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3d4e56007a3e232021-12-20 15:55:47.926root 11241100x8000000000000000759535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0c3a1711a737f62021-12-20 15:55:47.926root 11241100x8000000000000000759536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54941141f1828b5f2021-12-20 15:55:47.926root 11241100x8000000000000000759537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b2a7e2b48441cd2021-12-20 15:55:47.927root 11241100x8000000000000000759538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb4e2e23b0d4be52021-12-20 15:55:47.927root 11241100x8000000000000000759539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fbde2e490db1b72021-12-20 15:55:47.927root 11241100x8000000000000000759540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66982e72d1b326752021-12-20 15:55:47.927root 11241100x8000000000000000759541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fc26591446d7bf2021-12-20 15:55:47.927root 11241100x8000000000000000759542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e08eaa00b6ad0b2021-12-20 15:55:47.927root 11241100x8000000000000000759543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063aed10d1d990762021-12-20 15:55:47.928root 11241100x8000000000000000759544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0337d20c94c05c132021-12-20 15:55:47.928root 11241100x8000000000000000759545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a5e43c36697f162021-12-20 15:55:47.928root 11241100x8000000000000000759546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c3946b00bef9a42021-12-20 15:55:47.928root 11241100x8000000000000000759547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae79f3b07b9dcaf22021-12-20 15:55:47.928root 11241100x8000000000000000759548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1116d760a3fc78052021-12-20 15:55:47.928root 11241100x8000000000000000759549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9126325dce1d822021-12-20 15:55:47.928root 11241100x8000000000000000759550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3466f924721f9d22021-12-20 15:55:47.929root 11241100x8000000000000000759551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8ed829ea13e51a2021-12-20 15:55:47.929root 11241100x8000000000000000759552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48304250780798af2021-12-20 15:55:47.929root 11241100x8000000000000000759553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dfc5004837fa862021-12-20 15:55:47.929root 11241100x8000000000000000759554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84211724e31538c2021-12-20 15:55:47.929root 11241100x8000000000000000759555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337c3d0de406fb3b2021-12-20 15:55:47.929root 11241100x8000000000000000759556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc54f585ee7ca2a82021-12-20 15:55:47.929root 11241100x8000000000000000759557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453e8f9d932897b62021-12-20 15:55:47.929root 11241100x8000000000000000759558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9948b31082103a062021-12-20 15:55:47.929root 11241100x8000000000000000759559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f7623417b774582021-12-20 15:55:47.929root 11241100x8000000000000000759560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b302135cca5f50d2021-12-20 15:55:47.930root 11241100x8000000000000000759561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1503f06e3f54d7d22021-12-20 15:55:47.930root 11241100x8000000000000000759562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9061edb53f9ad342021-12-20 15:55:47.932root 11241100x8000000000000000759563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69383c8ea83ccd1a2021-12-20 15:55:47.932root 11241100x8000000000000000759564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e415bf3048f024eb2021-12-20 15:55:47.932root 11241100x8000000000000000759565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff50c263b1a982e2021-12-20 15:55:47.932root 11241100x8000000000000000759566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a17f01594022f182021-12-20 15:55:47.933root 11241100x8000000000000000759567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:47.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3cab38c86225232021-12-20 15:55:47.933root 11241100x8000000000000000759568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8ebaef974d87022021-12-20 15:55:48.424root 11241100x8000000000000000759569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a91ca1b746dfd32021-12-20 15:55:48.424root 11241100x8000000000000000759570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9add0c49b9bdde332021-12-20 15:55:48.424root 11241100x8000000000000000759571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6599368d3cd51762021-12-20 15:55:48.425root 11241100x8000000000000000759572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4295ca1a3b0e22fa2021-12-20 15:55:48.425root 11241100x8000000000000000759573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f84323b5e361042021-12-20 15:55:48.425root 11241100x8000000000000000759574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5454ad49391b65382021-12-20 15:55:48.425root 11241100x8000000000000000759575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c911ecbae3a507a2021-12-20 15:55:48.425root 11241100x8000000000000000759576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e62e43c4311ca2b2021-12-20 15:55:48.425root 11241100x8000000000000000759577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e500d457b5ac2b2021-12-20 15:55:48.426root 11241100x8000000000000000759578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f62a473f9f95a352021-12-20 15:55:48.426root 11241100x8000000000000000759579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e580be67c6bf63732021-12-20 15:55:48.426root 11241100x8000000000000000759580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8bd2c43079dddd2021-12-20 15:55:48.426root 11241100x8000000000000000759581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac8f3b3a7894b8f2021-12-20 15:55:48.426root 11241100x8000000000000000759582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8827a536d6df832021-12-20 15:55:48.426root 11241100x8000000000000000759583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf755af15301ba02021-12-20 15:55:48.426root 11241100x8000000000000000759584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f538385c59e5c1892021-12-20 15:55:48.427root 11241100x8000000000000000759585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e4316f0e48c18f2021-12-20 15:55:48.427root 11241100x8000000000000000759586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3292a28ef92851ea2021-12-20 15:55:48.427root 11241100x8000000000000000759587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6aee322cb88c0282021-12-20 15:55:48.427root 11241100x8000000000000000759588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087517b5650046182021-12-20 15:55:48.427root 11241100x8000000000000000759589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047122eb46e0b69c2021-12-20 15:55:48.427root 11241100x8000000000000000759590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7844888e8b046d642021-12-20 15:55:48.428root 11241100x8000000000000000759591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c3424d81fcfe6e2021-12-20 15:55:48.428root 11241100x8000000000000000759592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3effe390582577202021-12-20 15:55:48.428root 11241100x8000000000000000759593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bfb8a4e9bf0c952021-12-20 15:55:48.429root 11241100x8000000000000000759594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612e7007620473bf2021-12-20 15:55:48.429root 11241100x8000000000000000759595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a16c18461e1aa542021-12-20 15:55:48.429root 11241100x8000000000000000759596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7f88b800c18e722021-12-20 15:55:48.429root 11241100x8000000000000000759597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a2decff02ede5d2021-12-20 15:55:48.430root 11241100x8000000000000000759598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80f8be914e9f1be2021-12-20 15:55:48.430root 11241100x8000000000000000759599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf6760cdee0a2362021-12-20 15:55:48.430root 11241100x8000000000000000759600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c38eb89bf6122d2021-12-20 15:55:48.430root 11241100x8000000000000000759601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ad754257025c9e2021-12-20 15:55:48.430root 11241100x8000000000000000759602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d506ff6c91117bb2021-12-20 15:55:48.430root 11241100x8000000000000000759603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf84fe742918e692021-12-20 15:55:48.431root 11241100x8000000000000000759604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1fbd30b6a25ae62021-12-20 15:55:48.431root 11241100x8000000000000000759605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dec160405005c2b2021-12-20 15:55:48.431root 11241100x8000000000000000759606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ecd00b6278cbb22021-12-20 15:55:48.924root 11241100x8000000000000000759607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3406cf5e436b27f2021-12-20 15:55:48.924root 11241100x8000000000000000759608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270974f8581229c82021-12-20 15:55:48.925root 11241100x8000000000000000759609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37673d533ac1533d2021-12-20 15:55:48.925root 11241100x8000000000000000759610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57032ff4b9ff2edc2021-12-20 15:55:48.925root 11241100x8000000000000000759611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a4de2dd947a90c2021-12-20 15:55:48.925root 11241100x8000000000000000759612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823597e2c9a296402021-12-20 15:55:48.925root 11241100x8000000000000000759613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f99ecbdf53e33c2021-12-20 15:55:48.925root 11241100x8000000000000000759614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1caad52a8ed17d2021-12-20 15:55:48.925root 11241100x8000000000000000759615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76280b123c60ad32021-12-20 15:55:48.925root 11241100x8000000000000000759616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a77a7e6be67ff42021-12-20 15:55:48.925root 11241100x8000000000000000759617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6d3b43c969ab522021-12-20 15:55:48.925root 11241100x8000000000000000759618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c6dc42fd13623f2021-12-20 15:55:48.926root 11241100x8000000000000000759619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3a6b2ae29f3e042021-12-20 15:55:48.926root 11241100x8000000000000000759620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90b0b98bca57bd62021-12-20 15:55:48.926root 11241100x8000000000000000759621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0053e0a3a5d11ed32021-12-20 15:55:48.926root 11241100x8000000000000000759622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781493b22e9206c52021-12-20 15:55:48.926root 11241100x8000000000000000759623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2741fdbd0cb65c62021-12-20 15:55:48.926root 11241100x8000000000000000759624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2780a1277f13f1dd2021-12-20 15:55:48.926root 11241100x8000000000000000759625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab7acb948d2f2782021-12-20 15:55:48.926root 11241100x8000000000000000759626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfcb614984b08062021-12-20 15:55:48.926root 11241100x8000000000000000759627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d972a42618f96102021-12-20 15:55:48.926root 11241100x8000000000000000759628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99a334f4756b3182021-12-20 15:55:48.926root 11241100x8000000000000000759629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20197f744339d7912021-12-20 15:55:48.927root 11241100x8000000000000000759630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e3f670c1d1ab0d2021-12-20 15:55:48.927root 11241100x8000000000000000759631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed35252d481ba0072021-12-20 15:55:48.927root 11241100x8000000000000000759632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cd8e3bee1eda262021-12-20 15:55:48.927root 11241100x8000000000000000759633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62023059b794aaa2021-12-20 15:55:48.927root 11241100x8000000000000000759634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5960726388f5badb2021-12-20 15:55:48.927root 11241100x8000000000000000759635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcf7ca0214cf68e2021-12-20 15:55:48.927root 11241100x8000000000000000759636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb3606a4aff52112021-12-20 15:55:48.927root 11241100x8000000000000000759637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd0ffe5ed0eeb052021-12-20 15:55:48.927root 11241100x8000000000000000759638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24c9a13668cfa652021-12-20 15:55:48.927root 11241100x8000000000000000759639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f16987a35475352021-12-20 15:55:48.928root 11241100x8000000000000000759640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba3bebb47e6353c2021-12-20 15:55:48.928root 11241100x8000000000000000759641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e087c24e06e01412021-12-20 15:55:48.928root 11241100x8000000000000000759642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6d305f0399fe872021-12-20 15:55:49.424root 11241100x8000000000000000759643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c7ecfa50b8b5442021-12-20 15:55:49.425root 11241100x8000000000000000759644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5828f654454a0c622021-12-20 15:55:49.425root 11241100x8000000000000000759645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d56b8d803c067fd2021-12-20 15:55:49.425root 11241100x8000000000000000759646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6895f675d831185c2021-12-20 15:55:49.425root 11241100x8000000000000000759647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8e3e1e70e871b62021-12-20 15:55:49.425root 11241100x8000000000000000759648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd2db4a4b75e3b82021-12-20 15:55:49.425root 11241100x8000000000000000759649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af31aa8e2074c8502021-12-20 15:55:49.425root 11241100x8000000000000000759650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94664ec69f194a02021-12-20 15:55:49.426root 11241100x8000000000000000759651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b14ec1dfa7761ec2021-12-20 15:55:49.426root 11241100x8000000000000000759652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31abae838f14b55a2021-12-20 15:55:49.426root 11241100x8000000000000000759653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6d77332503bab82021-12-20 15:55:49.426root 11241100x8000000000000000759654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d784816ce7f342d2021-12-20 15:55:49.426root 11241100x8000000000000000759655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdb139cb3a6f41b2021-12-20 15:55:49.426root 11241100x8000000000000000759656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ee18bdb0ac7e612021-12-20 15:55:49.426root 11241100x8000000000000000759657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ba4ceb9599e0d52021-12-20 15:55:49.427root 11241100x8000000000000000759658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad821c0c220f2942021-12-20 15:55:49.427root 11241100x8000000000000000759659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea7a49cd7f88a082021-12-20 15:55:49.430root 11241100x8000000000000000759660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00911fd72d2ebd002021-12-20 15:55:49.430root 11241100x8000000000000000759661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a95ca00755915f2021-12-20 15:55:49.430root 11241100x8000000000000000759662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88babd4e01f33feb2021-12-20 15:55:49.431root 11241100x8000000000000000759663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2114f480d31491f2021-12-20 15:55:49.431root 11241100x8000000000000000759664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b4a42c8354416e2021-12-20 15:55:49.431root 11241100x8000000000000000759665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b45a277d3a2af072021-12-20 15:55:49.431root 11241100x8000000000000000759666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cad1a3a848d2b852021-12-20 15:55:49.432root 11241100x8000000000000000759667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5b5c55510222672021-12-20 15:55:49.432root 11241100x8000000000000000759668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e79b774b1746732021-12-20 15:55:49.433root 11241100x8000000000000000759669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebfe8653c6e42602021-12-20 15:55:49.434root 11241100x8000000000000000759670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f7b5d980cb21a02021-12-20 15:55:49.434root 11241100x8000000000000000759671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da3524988264b632021-12-20 15:55:49.434root 11241100x8000000000000000759672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9643b57d11a6e0d32021-12-20 15:55:49.434root 11241100x8000000000000000759673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd5af2956a144d52021-12-20 15:55:49.435root 11241100x8000000000000000759674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1e35ac31eb3a682021-12-20 15:55:49.436root 11241100x8000000000000000759675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50822da5fea480672021-12-20 15:55:49.436root 11241100x8000000000000000759676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4f7aedc5f8837f2021-12-20 15:55:49.436root 11241100x8000000000000000759677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05abb0ca6d3501d62021-12-20 15:55:49.436root 11241100x8000000000000000759678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dbe47d345f94892021-12-20 15:55:49.438root 11241100x8000000000000000759679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2641e24bf7644d922021-12-20 15:55:49.438root 11241100x8000000000000000759680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5dfda2a46d352e2021-12-20 15:55:49.439root 11241100x8000000000000000759681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1cb54ed42f617f2021-12-20 15:55:49.439root 11241100x8000000000000000759682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcbac81cc4f4f4d2021-12-20 15:55:49.439root 11241100x8000000000000000759683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cf02c169db7f4d2021-12-20 15:55:49.439root 11241100x8000000000000000759684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4c5c809306a8c02021-12-20 15:55:49.439root 11241100x8000000000000000759685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c191b54f664227b2021-12-20 15:55:49.441root 11241100x8000000000000000759686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffbbfb5b38eca1a2021-12-20 15:55:49.441root 11241100x8000000000000000759687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82b24c25633bcf02021-12-20 15:55:49.924root 11241100x8000000000000000759688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d636dc2de64c8422021-12-20 15:55:49.924root 11241100x8000000000000000759689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60d1f1589e17def2021-12-20 15:55:49.925root 11241100x8000000000000000759690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d0ff089f97fc162021-12-20 15:55:49.925root 11241100x8000000000000000759691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0fcdfc3ee4026b2021-12-20 15:55:49.925root 11241100x8000000000000000759692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef1aa1b8ae7f9672021-12-20 15:55:49.925root 11241100x8000000000000000759693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13d27d94f2595ae2021-12-20 15:55:49.925root 11241100x8000000000000000759694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50929cd98116c29a2021-12-20 15:55:49.926root 11241100x8000000000000000759695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2993ae98c948a4d02021-12-20 15:55:49.926root 11241100x8000000000000000759696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318fd9a9188083e52021-12-20 15:55:49.926root 11241100x8000000000000000759697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d9ec3c96048feb2021-12-20 15:55:49.926root 11241100x8000000000000000759698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d3e0a7d806ab0c2021-12-20 15:55:49.926root 11241100x8000000000000000759699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52f66e1fd824db32021-12-20 15:55:49.926root 11241100x8000000000000000759700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021ea5235f9a26072021-12-20 15:55:49.927root 11241100x8000000000000000759701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c574e4c590e4d32021-12-20 15:55:49.927root 11241100x8000000000000000759702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a36707b949f3fe42021-12-20 15:55:49.927root 11241100x8000000000000000759703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f245760afeef392021-12-20 15:55:49.927root 11241100x8000000000000000759704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025753358e8bcd112021-12-20 15:55:49.927root 11241100x8000000000000000759705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e8ec250e24893b2021-12-20 15:55:49.928root 11241100x8000000000000000759706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462b035d06fa5e092021-12-20 15:55:49.928root 11241100x8000000000000000759707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66de3cbb998b627c2021-12-20 15:55:49.929root 11241100x8000000000000000759708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573609d4438ee06a2021-12-20 15:55:49.929root 11241100x8000000000000000759709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3023429b4140bf402021-12-20 15:55:49.930root 11241100x8000000000000000759710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893bdd09b9eccf2b2021-12-20 15:55:49.930root 11241100x8000000000000000759711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e15e6919abe10f2021-12-20 15:55:49.930root 11241100x8000000000000000759712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2983d1171c49852a2021-12-20 15:55:49.931root 11241100x8000000000000000759713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd2e6487f11fad02021-12-20 15:55:49.931root 11241100x8000000000000000759714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d7182dde4df69b2021-12-20 15:55:49.932root 11241100x8000000000000000759715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdecc0650ed919ea2021-12-20 15:55:49.932root 11241100x8000000000000000759716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9352e9c0270c822021-12-20 15:55:49.932root 11241100x8000000000000000759717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfa65f64ac3fd672021-12-20 15:55:49.933root 11241100x8000000000000000759718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf55a0dbec23d942021-12-20 15:55:49.933root 11241100x8000000000000000759719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cfda58e54add522021-12-20 15:55:49.934root 11241100x8000000000000000759720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:49.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a0d43ac06d25902021-12-20 15:55:49.934root 11241100x8000000000000000759721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf46f5777c1fe3d92021-12-20 15:55:50.424root 11241100x8000000000000000759722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2768966991c5f9b72021-12-20 15:55:50.424root 11241100x8000000000000000759723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2a74e02e1712f72021-12-20 15:55:50.425root 11241100x8000000000000000759724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba09974175d28882021-12-20 15:55:50.425root 11241100x8000000000000000759725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311f6842dc0572242021-12-20 15:55:50.425root 11241100x8000000000000000759726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026904b5842325f32021-12-20 15:55:50.425root 11241100x8000000000000000759727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ec52008e3408ae2021-12-20 15:55:50.425root 11241100x8000000000000000759728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fb38dddb143e082021-12-20 15:55:50.425root 11241100x8000000000000000759729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5abbfe31942d5f02021-12-20 15:55:50.425root 11241100x8000000000000000759730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f47d7995a4fa522021-12-20 15:55:50.426root 11241100x8000000000000000759731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5cd602cfe6e6be2021-12-20 15:55:50.426root 11241100x8000000000000000759732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40fc88186e003962021-12-20 15:55:50.426root 11241100x8000000000000000759733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d3f01e7a67585a2021-12-20 15:55:50.426root 11241100x8000000000000000759734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ffc4cbe230b6842021-12-20 15:55:50.426root 11241100x8000000000000000759735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd059d15d67b7c902021-12-20 15:55:50.427root 11241100x8000000000000000759736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58efa5eb40150e5b2021-12-20 15:55:50.427root 11241100x8000000000000000759737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388d84840cdcb7852021-12-20 15:55:50.427root 11241100x8000000000000000759738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a844377180a46bd2021-12-20 15:55:50.427root 11241100x8000000000000000759739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9009c64e5f43af4c2021-12-20 15:55:50.427root 11241100x8000000000000000759740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e8255a46bdf28d2021-12-20 15:55:50.428root 11241100x8000000000000000759741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70de2b8e08876fb82021-12-20 15:55:50.429root 11241100x8000000000000000759742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8eb6fa70c390562021-12-20 15:55:50.429root 11241100x8000000000000000759743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaf89ddabae5cb12021-12-20 15:55:50.429root 11241100x8000000000000000759744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24ca13b93fbd10b2021-12-20 15:55:50.429root 11241100x8000000000000000759745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58621b88794848072021-12-20 15:55:50.429root 11241100x8000000000000000759746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383abcaf424594b82021-12-20 15:55:50.430root 11241100x8000000000000000759747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a6d6393fb044152021-12-20 15:55:50.431root 11241100x8000000000000000759748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa0037276c1163d2021-12-20 15:55:50.431root 11241100x8000000000000000759749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325b875742883cdc2021-12-20 15:55:50.431root 11241100x8000000000000000759750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc933520b1d09ee2021-12-20 15:55:50.431root 11241100x8000000000000000759751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f70dfb1128ce2422021-12-20 15:55:50.431root 11241100x8000000000000000759752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed95247ea6909f332021-12-20 15:55:50.431root 11241100x8000000000000000759753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12107978826bb852021-12-20 15:55:50.431root 11241100x8000000000000000759754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f6c20dc16e61ea2021-12-20 15:55:50.432root 11241100x8000000000000000759755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dc06d7a3a55e0c2021-12-20 15:55:50.432root 11241100x8000000000000000759756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bc28c8d97094dc2021-12-20 15:55:50.433root 11241100x8000000000000000759757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066303e7c86dcc922021-12-20 15:55:50.924root 11241100x8000000000000000759758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cf2666c7d8ce692021-12-20 15:55:50.924root 11241100x8000000000000000759759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c61e0ac1f839b02021-12-20 15:55:50.924root 11241100x8000000000000000759760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7633bc54db4930d02021-12-20 15:55:50.924root 11241100x8000000000000000759761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a7f135db8e23652021-12-20 15:55:50.924root 11241100x8000000000000000759762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497188f387cbd7e02021-12-20 15:55:50.924root 11241100x8000000000000000759763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a74ad129eb101e2021-12-20 15:55:50.924root 11241100x8000000000000000759764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ab5c342800487c2021-12-20 15:55:50.924root 11241100x8000000000000000759765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5f15508ade494d2021-12-20 15:55:50.925root 11241100x8000000000000000759766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3c2865530fc0522021-12-20 15:55:50.925root 11241100x8000000000000000759767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a9296bbbe22ce42021-12-20 15:55:50.925root 11241100x8000000000000000759768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c152a62fd2582eeb2021-12-20 15:55:50.925root 11241100x8000000000000000759769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb474486660d6c392021-12-20 15:55:50.925root 11241100x8000000000000000759770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1beb77ef8a7a6cb2021-12-20 15:55:50.926root 11241100x8000000000000000759771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3dbd0bd8af17ef2021-12-20 15:55:50.926root 11241100x8000000000000000759772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccd1324d00c647e2021-12-20 15:55:50.926root 11241100x8000000000000000759773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bdec3408cc14e82021-12-20 15:55:50.926root 11241100x8000000000000000759774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fa692acd87aab92021-12-20 15:55:50.927root 11241100x8000000000000000759775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf553d22dba1fce2021-12-20 15:55:50.927root 11241100x8000000000000000759776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1031271bd13e1972021-12-20 15:55:50.927root 11241100x8000000000000000759777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115f17555aeb3b192021-12-20 15:55:50.927root 11241100x8000000000000000759778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a801927292697d2021-12-20 15:55:50.927root 11241100x8000000000000000759779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2235275606b0ec172021-12-20 15:55:50.927root 11241100x8000000000000000759780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576f25db1f15411f2021-12-20 15:55:50.927root 11241100x8000000000000000759781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb4f14743475b0d2021-12-20 15:55:50.927root 11241100x8000000000000000759782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c9ef67787356492021-12-20 15:55:50.927root 11241100x8000000000000000759783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3142c47e9db69a2021-12-20 15:55:50.928root 11241100x8000000000000000759784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e114df5038c26a02021-12-20 15:55:50.928root 11241100x8000000000000000759785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fda5855ebd2840b2021-12-20 15:55:50.928root 11241100x8000000000000000759786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb1353e3811edf42021-12-20 15:55:50.928root 11241100x8000000000000000759787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c067e026586dd1682021-12-20 15:55:50.928root 11241100x8000000000000000759788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c40bb0b08c8a0c62021-12-20 15:55:50.928root 11241100x8000000000000000759789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0755b27f9be67912021-12-20 15:55:50.928root 11241100x8000000000000000759790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cba0ce7cd0a7ab2021-12-20 15:55:50.929root 11241100x8000000000000000759791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63b7ffcd80e87d32021-12-20 15:55:50.929root 11241100x8000000000000000759792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d900680174d9e9a2021-12-20 15:55:50.929root 11241100x8000000000000000759793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2166645115f7ca2021-12-20 15:55:50.929root 11241100x8000000000000000759794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f51a05582aeb0f2021-12-20 15:55:50.929root 11241100x8000000000000000759795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972e10cd53207bf02021-12-20 15:55:50.929root 11241100x8000000000000000759796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e12c42654c6236a2021-12-20 15:55:50.929root 11241100x8000000000000000759797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2918fedcf6a4a652021-12-20 15:55:50.929root 11241100x8000000000000000759798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52123cc0fa015b5e2021-12-20 15:55:50.929root 11241100x8000000000000000759799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a57d6039849da682021-12-20 15:55:50.929root 11241100x8000000000000000759800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ed1c3143426d3a2021-12-20 15:55:50.929root 11241100x8000000000000000759801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53892ee3a993eec2021-12-20 15:55:50.929root 11241100x8000000000000000759802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450106300de5c7532021-12-20 15:55:50.930root 11241100x8000000000000000759803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ffdee3e495333b2021-12-20 15:55:50.930root 11241100x8000000000000000759804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a171889c01fa732021-12-20 15:55:50.930root 11241100x8000000000000000759805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:50.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9835b371ec0035962021-12-20 15:55:50.930root 354300x8000000000000000759806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.094{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51386-false10.0.1.12-8000- 11241100x8000000000000000759807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b689bd6d3bc5b9fe2021-12-20 15:55:51.424root 11241100x8000000000000000759808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe621fb84b2489a2021-12-20 15:55:51.424root 11241100x8000000000000000759809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad2b58de6f50b412021-12-20 15:55:51.425root 11241100x8000000000000000759810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c23fd2dada31cc12021-12-20 15:55:51.425root 11241100x8000000000000000759811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d677151dc4547d32021-12-20 15:55:51.425root 11241100x8000000000000000759812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccefeda47558def2021-12-20 15:55:51.425root 11241100x8000000000000000759813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bf55673d1882542021-12-20 15:55:51.425root 11241100x8000000000000000759814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727d3fd07142b74c2021-12-20 15:55:51.425root 11241100x8000000000000000759815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c7df22a98eb4142021-12-20 15:55:51.426root 11241100x8000000000000000759816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a087ac6aec015a3c2021-12-20 15:55:51.426root 11241100x8000000000000000759817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d58b0da29a04f62021-12-20 15:55:51.426root 11241100x8000000000000000759818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f982642e7999b82021-12-20 15:55:51.426root 11241100x8000000000000000759819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e2f01193e008022021-12-20 15:55:51.426root 11241100x8000000000000000759820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ab804ce27b64dc2021-12-20 15:55:51.426root 11241100x8000000000000000759821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27a2c54d310d3392021-12-20 15:55:51.426root 11241100x8000000000000000759822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2308128d6cf1762021-12-20 15:55:51.426root 11241100x8000000000000000759823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff81d1c425732992021-12-20 15:55:51.426root 11241100x8000000000000000759824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0be67ecd9afe122021-12-20 15:55:51.426root 11241100x8000000000000000759825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaed30c06c380dd72021-12-20 15:55:51.426root 11241100x8000000000000000759826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8518ce1136410efe2021-12-20 15:55:51.426root 11241100x8000000000000000759827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b616bf21b5d1ea002021-12-20 15:55:51.426root 11241100x8000000000000000759828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9dca2f35485aa22021-12-20 15:55:51.426root 11241100x8000000000000000759829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cac37a142bab1c02021-12-20 15:55:51.426root 11241100x8000000000000000759830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7455214a269625e2021-12-20 15:55:51.426root 11241100x8000000000000000759831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b39c9b3300de1c2021-12-20 15:55:51.427root 11241100x8000000000000000759832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813ef0307d6c2bca2021-12-20 15:55:51.427root 11241100x8000000000000000759833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afaf133788a56cf2021-12-20 15:55:51.427root 11241100x8000000000000000759834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1f71f897fc6a122021-12-20 15:55:51.427root 11241100x8000000000000000759835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af094f67c33d2e32021-12-20 15:55:51.427root 11241100x8000000000000000759836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164bcd73095f5b912021-12-20 15:55:51.427root 11241100x8000000000000000759837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5082544b247e07f12021-12-20 15:55:51.427root 11241100x8000000000000000759838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0192dbbf28b9ea392021-12-20 15:55:51.427root 11241100x8000000000000000759839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8a8394012c01b52021-12-20 15:55:51.427root 11241100x8000000000000000759840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65080b795cd1e8342021-12-20 15:55:51.427root 11241100x8000000000000000759841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6b87918f58c26e2021-12-20 15:55:51.427root 11241100x8000000000000000759842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a86be246f23eed2021-12-20 15:55:51.427root 11241100x8000000000000000759843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f135f2bfcff9777c2021-12-20 15:55:51.427root 11241100x8000000000000000759844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da7c7aa15d370992021-12-20 15:55:51.427root 11241100x8000000000000000759845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538a09c50f9949812021-12-20 15:55:51.427root 11241100x8000000000000000759846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89a73431acb60792021-12-20 15:55:51.427root 11241100x8000000000000000759847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecf068bf49fc3ad2021-12-20 15:55:51.428root 11241100x8000000000000000759848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ff9d81bbd5c2822021-12-20 15:55:51.428root 11241100x8000000000000000759849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d4c19288edac312021-12-20 15:55:51.428root 11241100x8000000000000000759850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a94bfdeaf0d5d02021-12-20 15:55:51.429root 11241100x8000000000000000759851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12538b7ccd41bd72021-12-20 15:55:51.429root 11241100x8000000000000000759852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125d136a35e176cb2021-12-20 15:55:51.429root 11241100x8000000000000000759853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fac6da07053a5252021-12-20 15:55:51.429root 11241100x8000000000000000759854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa7e17d2a53d6522021-12-20 15:55:51.429root 11241100x8000000000000000759855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc4d84cb9dff5a12021-12-20 15:55:51.429root 11241100x8000000000000000759856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0028f9a0207e37e32021-12-20 15:55:51.429root 11241100x8000000000000000759857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54162206561f6e22021-12-20 15:55:51.429root 11241100x8000000000000000759858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff25d53a4916b072021-12-20 15:55:51.429root 11241100x8000000000000000759859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b6e2e3ca31ae692021-12-20 15:55:51.429root 11241100x8000000000000000759860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632f42be2cf8d7e62021-12-20 15:55:51.429root 11241100x8000000000000000759861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3a8e913816d0bd2021-12-20 15:55:51.429root 11241100x8000000000000000759862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fa0da5292576ac2021-12-20 15:55:51.429root 11241100x8000000000000000759863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c94c12572ab478f2021-12-20 15:55:51.429root 11241100x8000000000000000759864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d895b1877fe5f92021-12-20 15:55:51.430root 11241100x8000000000000000759865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1626d1c4e7eeb22021-12-20 15:55:51.430root 11241100x8000000000000000759866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6782d0622871612021-12-20 15:55:51.430root 11241100x8000000000000000759867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70148060cc4f88cf2021-12-20 15:55:51.430root 11241100x8000000000000000759868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e850941ba328b62021-12-20 15:55:51.430root 11241100x8000000000000000759869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00523de085922cc2021-12-20 15:55:51.430root 11241100x8000000000000000759870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71139fb0c1311182021-12-20 15:55:51.430root 11241100x8000000000000000759871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69c76c1a2a5cde62021-12-20 15:55:51.430root 11241100x8000000000000000759872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b865d19ac1aeade82021-12-20 15:55:51.430root 11241100x8000000000000000759873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8acb0262719e5b2021-12-20 15:55:51.430root 11241100x8000000000000000759874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47243020f5143122021-12-20 15:55:51.430root 11241100x8000000000000000759875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce6f1b74b96a5f92021-12-20 15:55:51.430root 11241100x8000000000000000759876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53470fa4648ecae52021-12-20 15:55:51.430root 11241100x8000000000000000759877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f182b5e3c9dab06e2021-12-20 15:55:51.924root 11241100x8000000000000000759878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fcb956c686ac072021-12-20 15:55:51.924root 11241100x8000000000000000759879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e100a38e37484a112021-12-20 15:55:51.924root 11241100x8000000000000000759880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b014adf6477c38b52021-12-20 15:55:51.924root 11241100x8000000000000000759881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed14d71c6fa6b292021-12-20 15:55:51.925root 11241100x8000000000000000759882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47706d1906f23302021-12-20 15:55:51.925root 11241100x8000000000000000759883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7291056f453d33b72021-12-20 15:55:51.925root 11241100x8000000000000000759884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82c4684e0a9d8992021-12-20 15:55:51.925root 11241100x8000000000000000759885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c873dd1ca2a87dd2021-12-20 15:55:51.925root 11241100x8000000000000000759886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fcec870a24854c2021-12-20 15:55:51.925root 11241100x8000000000000000759887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5340172e048b332021-12-20 15:55:51.926root 11241100x8000000000000000759888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5456746516383d2021-12-20 15:55:51.926root 11241100x8000000000000000759889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3af6130af7faf302021-12-20 15:55:51.926root 11241100x8000000000000000759890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5fd2f6e890db902021-12-20 15:55:51.926root 11241100x8000000000000000759891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f556ba77cbb82d372021-12-20 15:55:51.926root 11241100x8000000000000000759892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ae78568bcacb482021-12-20 15:55:51.926root 11241100x8000000000000000759893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05072d0af008e2d92021-12-20 15:55:51.926root 11241100x8000000000000000759894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cec7a786b6d04d2021-12-20 15:55:51.926root 11241100x8000000000000000759895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058b99ab065d4e242021-12-20 15:55:51.926root 11241100x8000000000000000759896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b9e4e9fca577282021-12-20 15:55:51.926root 11241100x8000000000000000759897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dcc150237b88982021-12-20 15:55:51.926root 11241100x8000000000000000759898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23cb3c8e6efc4c62021-12-20 15:55:51.926root 11241100x8000000000000000759899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a4c274d6672ff12021-12-20 15:55:51.926root 11241100x8000000000000000759900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e704a37839f3889d2021-12-20 15:55:51.927root 11241100x8000000000000000759901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620c8ac6f2533a652021-12-20 15:55:51.927root 11241100x8000000000000000759902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a5bca88fc016f92021-12-20 15:55:51.927root 11241100x8000000000000000759903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fccf0b229e527372021-12-20 15:55:51.927root 11241100x8000000000000000759904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c85f13f262e2dba2021-12-20 15:55:51.927root 11241100x8000000000000000759905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4acfc06a6dbecb82021-12-20 15:55:51.927root 11241100x8000000000000000759906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8187985348362d5b2021-12-20 15:55:51.927root 11241100x8000000000000000759907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2792de52e678722021-12-20 15:55:51.927root 11241100x8000000000000000759908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7138bc417ac4f9d2021-12-20 15:55:51.927root 11241100x8000000000000000759909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d9c17e46e0ee592021-12-20 15:55:51.927root 11241100x8000000000000000759910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7006f44ef986c5b12021-12-20 15:55:51.928root 11241100x8000000000000000759911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64e4817173f561c2021-12-20 15:55:51.928root 11241100x8000000000000000759912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efee8f14277b84222021-12-20 15:55:51.928root 11241100x8000000000000000759913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4293dbf245de7f2021-12-20 15:55:51.928root 11241100x8000000000000000759914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f275a9f32a3a90f2021-12-20 15:55:51.928root 11241100x8000000000000000759915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56213a81632d91ec2021-12-20 15:55:51.928root 11241100x8000000000000000759916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bf0799b69d12172021-12-20 15:55:51.928root 11241100x8000000000000000759917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50308afa88ccd1162021-12-20 15:55:51.928root 11241100x8000000000000000759918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2cb803ae6e3cb12021-12-20 15:55:51.928root 11241100x8000000000000000759919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12f6a44f32fa6a42021-12-20 15:55:51.928root 11241100x8000000000000000759920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d9e0bc03ed16972021-12-20 15:55:51.929root 11241100x8000000000000000759921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5725d4a364a95ea72021-12-20 15:55:51.929root 11241100x8000000000000000759922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bef3a6ee313ea4f2021-12-20 15:55:51.929root 11241100x8000000000000000759923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cb3533a97926b22021-12-20 15:55:51.929root 11241100x8000000000000000759924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419f06164e6c4c332021-12-20 15:55:51.929root 11241100x8000000000000000759925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a2ccbd39e62e52021-12-20 15:55:51.929root 11241100x8000000000000000759926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0267888e9bcb839d2021-12-20 15:55:51.929root 11241100x8000000000000000759927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dabf1a50bdca692021-12-20 15:55:51.929root 11241100x8000000000000000759928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5537e1690c685e2021-12-20 15:55:51.929root 11241100x8000000000000000759929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8717de9156cdde22021-12-20 15:55:51.929root 11241100x8000000000000000759930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4229b7b6ec43482021-12-20 15:55:51.930root 11241100x8000000000000000759931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d31996137bb2c92021-12-20 15:55:51.930root 11241100x8000000000000000759932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a1d4b7bb4ad1402021-12-20 15:55:51.930root 11241100x8000000000000000759933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74076cd4f1a54f462021-12-20 15:55:51.930root 11241100x8000000000000000759934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417e7fe65d8a52c02021-12-20 15:55:51.930root 11241100x8000000000000000759935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a855356281b9cb42021-12-20 15:55:51.930root 11241100x8000000000000000759936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b720dad5419088ee2021-12-20 15:55:51.930root 11241100x8000000000000000759937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f39544d37aa6562021-12-20 15:55:51.930root 11241100x8000000000000000759938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80831f10bfeae49e2021-12-20 15:55:51.930root 11241100x8000000000000000759939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de1d6afc9438f552021-12-20 15:55:51.930root 11241100x8000000000000000759940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0ca7568f8e15a52021-12-20 15:55:51.930root 11241100x8000000000000000759941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1730deb55396487b2021-12-20 15:55:51.930root 11241100x8000000000000000759942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075a610f64295ee22021-12-20 15:55:51.931root 11241100x8000000000000000759943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e1abb6d5c889b42021-12-20 15:55:51.931root 11241100x8000000000000000759944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c45b6ba01ec5142021-12-20 15:55:51.931root 11241100x8000000000000000759945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3539dcc70418dbc02021-12-20 15:55:51.931root 11241100x8000000000000000759946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c05b7d522a85a02021-12-20 15:55:51.931root 11241100x8000000000000000759947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52d86cd79733d542021-12-20 15:55:51.931root 11241100x8000000000000000759948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0ae9e096ea36d72021-12-20 15:55:51.931root 11241100x8000000000000000759949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b1e14da04677b72021-12-20 15:55:51.931root 11241100x8000000000000000759950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faff8e249f2beb022021-12-20 15:55:51.931root 11241100x8000000000000000759951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b11fa9e3f4627d2021-12-20 15:55:51.931root 11241100x8000000000000000759952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6b2c4821a216002021-12-20 15:55:51.932root 11241100x8000000000000000759953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cc871c42f0edc72021-12-20 15:55:51.932root 11241100x8000000000000000759954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865317b7ee494f7b2021-12-20 15:55:51.932root 11241100x8000000000000000759955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33678ab94298d242021-12-20 15:55:51.932root 11241100x8000000000000000759956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e98e5925f811b82021-12-20 15:55:51.932root 11241100x8000000000000000759957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e41b82cdccaf972021-12-20 15:55:51.932root 11241100x8000000000000000759958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c003d5ddb863322021-12-20 15:55:51.933root 11241100x8000000000000000759959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84c6e73607c77692021-12-20 15:55:51.933root 11241100x8000000000000000759960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e93632420c250342021-12-20 15:55:51.933root 11241100x8000000000000000759961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00096a97ad93bfe2021-12-20 15:55:51.933root 11241100x8000000000000000759962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91def8bd0b8c616c2021-12-20 15:55:51.933root 11241100x8000000000000000759963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dfd59197fb5e362021-12-20 15:55:51.933root 11241100x8000000000000000759964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e40a02bdb74f712021-12-20 15:55:51.933root 11241100x8000000000000000759965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054c8cfea1449e432021-12-20 15:55:51.934root 11241100x8000000000000000759966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fceaefb7aad8bea2021-12-20 15:55:51.934root 11241100x8000000000000000759967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f37884903e5a282021-12-20 15:55:51.934root 11241100x8000000000000000759968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591ebde82ace397f2021-12-20 15:55:51.934root 11241100x8000000000000000759969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21489f260efee8212021-12-20 15:55:51.934root 11241100x8000000000000000759970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da115f9c0e0a05382021-12-20 15:55:51.934root 11241100x8000000000000000759971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4aa4a585a7802e2021-12-20 15:55:51.934root 11241100x8000000000000000759972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9a7f8f3b15b52c2021-12-20 15:55:51.934root 11241100x8000000000000000759973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c48c9b91194d0d2021-12-20 15:55:51.935root 11241100x8000000000000000759974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82937f84e13490d92021-12-20 15:55:51.935root 11241100x8000000000000000759975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198765532aaf3b2e2021-12-20 15:55:51.935root 11241100x8000000000000000759976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bcc678658ff4cc2021-12-20 15:55:51.935root 11241100x8000000000000000759977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0c8e0cfac801902021-12-20 15:55:51.936root 11241100x8000000000000000759978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b0607c6cdc34be2021-12-20 15:55:51.936root 11241100x8000000000000000759979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a467abdd99503c2021-12-20 15:55:51.936root 11241100x8000000000000000759980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c06d0f85ab217532021-12-20 15:55:51.936root 11241100x8000000000000000759981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de58638101f91922021-12-20 15:55:51.936root 11241100x8000000000000000759982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34fdf2193a759062021-12-20 15:55:51.937root 11241100x8000000000000000759983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223d72a36c9aba722021-12-20 15:55:51.937root 11241100x8000000000000000759984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fcb14607db90362021-12-20 15:55:51.937root 11241100x8000000000000000759985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b997387df44714162021-12-20 15:55:51.937root 11241100x8000000000000000759986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2896395d20b3b32a2021-12-20 15:55:51.937root 11241100x8000000000000000759987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be62f9496f3e03e2021-12-20 15:55:51.937root 11241100x8000000000000000759988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bc36bb3110de9e2021-12-20 15:55:51.937root 11241100x8000000000000000759989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8da96666a88f7bd2021-12-20 15:55:51.938root 11241100x8000000000000000759990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133cc195981a3ea32021-12-20 15:55:51.938root 11241100x8000000000000000759991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3937e2fdc805532021-12-20 15:55:51.938root 11241100x8000000000000000759992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2f61ff2449087b2021-12-20 15:55:51.938root 11241100x8000000000000000759993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057cd9e0b7fdaf032021-12-20 15:55:51.939root 11241100x8000000000000000759994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747e0c2ae1dc2c472021-12-20 15:55:51.939root 11241100x8000000000000000759995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be8c6cef3dc41382021-12-20 15:55:51.939root 11241100x8000000000000000759996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd762a36a5b16452021-12-20 15:55:51.939root 11241100x8000000000000000759997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeedb093dc112f12021-12-20 15:55:51.940root 11241100x8000000000000000759998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b951e065df075642021-12-20 15:55:51.940root 11241100x8000000000000000759999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15aaaa599d118c3a2021-12-20 15:55:51.940root 11241100x8000000000000000760000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:51.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e9c0e49038033d2021-12-20 15:55:51.941root 11241100x8000000000000000760001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3fef5c30645e422021-12-20 15:55:52.424root 11241100x8000000000000000760002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fa09d73253b9802021-12-20 15:55:52.424root 11241100x8000000000000000760003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4154465f8815247d2021-12-20 15:55:52.424root 11241100x8000000000000000760004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b21d56b6bb87e802021-12-20 15:55:52.424root 11241100x8000000000000000760005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8a93c855b7d2ec2021-12-20 15:55:52.424root 11241100x8000000000000000760006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da36052829f4a762021-12-20 15:55:52.425root 11241100x8000000000000000760007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fc7e4fb159b4452021-12-20 15:55:52.425root 11241100x8000000000000000760008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d6690b22e68de32021-12-20 15:55:52.425root 11241100x8000000000000000760009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0782c246f8a5cd9a2021-12-20 15:55:52.425root 11241100x8000000000000000760010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1362e1c35bc784422021-12-20 15:55:52.425root 11241100x8000000000000000760011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c86ada7f1d3da12021-12-20 15:55:52.425root 11241100x8000000000000000760012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370cab056005c6952021-12-20 15:55:52.425root 11241100x8000000000000000760013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80365fd112359a862021-12-20 15:55:52.426root 11241100x8000000000000000760014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bf4392721300c22021-12-20 15:55:52.426root 11241100x8000000000000000760015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ece478abbac442c2021-12-20 15:55:52.426root 11241100x8000000000000000760016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bb7ddc7be055372021-12-20 15:55:52.426root 11241100x8000000000000000760017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd7423ceeb94ef52021-12-20 15:55:52.426root 11241100x8000000000000000760018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d18f89f9e7327742021-12-20 15:55:52.426root 11241100x8000000000000000760019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4767f4c4ce992b2021-12-20 15:55:52.426root 11241100x8000000000000000760020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c713bda34e0b402021-12-20 15:55:52.426root 11241100x8000000000000000760021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db041e635ac793842021-12-20 15:55:52.426root 11241100x8000000000000000760022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546af29131c7a01b2021-12-20 15:55:52.426root 11241100x8000000000000000760023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f6eaa5aa6090ad2021-12-20 15:55:52.427root 11241100x8000000000000000760024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35befac33327ab892021-12-20 15:55:52.427root 11241100x8000000000000000760025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b189b31336c4c0962021-12-20 15:55:52.427root 11241100x8000000000000000760026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75abd99a28340b62021-12-20 15:55:52.427root 11241100x8000000000000000760027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e9c653740589ec2021-12-20 15:55:52.427root 11241100x8000000000000000760028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9db4a1dc6041e32021-12-20 15:55:52.427root 11241100x8000000000000000760029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1eee34eb06d67db2021-12-20 15:55:52.427root 11241100x8000000000000000760030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435f82f604f7ccd62021-12-20 15:55:52.427root 11241100x8000000000000000760031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2832a0549d8f4e2021-12-20 15:55:52.427root 11241100x8000000000000000760032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74114b7955de41c82021-12-20 15:55:52.427root 11241100x8000000000000000760033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae07f0e3423baf0b2021-12-20 15:55:52.428root 11241100x8000000000000000760034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4184ff29c122da2021-12-20 15:55:52.428root 11241100x8000000000000000760035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e2194c797bf5d32021-12-20 15:55:52.428root 11241100x8000000000000000760036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46494347060126732021-12-20 15:55:52.428root 11241100x8000000000000000760037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc0281e32f8ad412021-12-20 15:55:52.428root 11241100x8000000000000000760038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d25a6fad4dde402021-12-20 15:55:52.428root 11241100x8000000000000000760039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014ac3cbd409546c2021-12-20 15:55:52.428root 11241100x8000000000000000760040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5789cc56caf575272021-12-20 15:55:52.428root 11241100x8000000000000000760041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e6bb2267bd07382021-12-20 15:55:52.429root 11241100x8000000000000000760042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a751fd2cf946c9372021-12-20 15:55:52.429root 11241100x8000000000000000760043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a633b0375e51a66c2021-12-20 15:55:52.924root 11241100x8000000000000000760044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadaf18c0ea18dcd2021-12-20 15:55:52.924root 11241100x8000000000000000760045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0c5220747bc10c2021-12-20 15:55:52.925root 11241100x8000000000000000760046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7157f475184d33612021-12-20 15:55:52.925root 11241100x8000000000000000760047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cb31b21725e8172021-12-20 15:55:52.926root 11241100x8000000000000000760048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d260651d96834b2021-12-20 15:55:52.926root 11241100x8000000000000000760049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc2814449b39ed42021-12-20 15:55:52.926root 11241100x8000000000000000760050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e64b6bcdbd9f782021-12-20 15:55:52.926root 11241100x8000000000000000760051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaf0e4c04271f5a2021-12-20 15:55:52.926root 11241100x8000000000000000760052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d14001143c7f282021-12-20 15:55:52.926root 11241100x8000000000000000760053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9c831370cd2f512021-12-20 15:55:52.926root 11241100x8000000000000000760054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e9bb7692400aa62021-12-20 15:55:52.926root 11241100x8000000000000000760055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0463585d89c99a52021-12-20 15:55:52.926root 11241100x8000000000000000760056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807674da9c962a532021-12-20 15:55:52.927root 11241100x8000000000000000760057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9b0be8fa5e1b952021-12-20 15:55:52.927root 11241100x8000000000000000760058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fca7d0ed3665ffe2021-12-20 15:55:52.927root 11241100x8000000000000000760059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4980cccd7a640beb2021-12-20 15:55:52.927root 11241100x8000000000000000760060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68c9987391e8b362021-12-20 15:55:52.927root 11241100x8000000000000000760061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26597fafcd7a20e2021-12-20 15:55:52.927root 11241100x8000000000000000760062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23963f19dc88f6652021-12-20 15:55:52.927root 11241100x8000000000000000760063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb424b55118d5b52021-12-20 15:55:52.927root 11241100x8000000000000000760064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8002f8d14f4e62e2021-12-20 15:55:52.927root 11241100x8000000000000000760065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee446d539e236e02021-12-20 15:55:52.928root 11241100x8000000000000000760066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba666d071972faf12021-12-20 15:55:52.928root 11241100x8000000000000000760067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c527418be1841e9f2021-12-20 15:55:52.928root 11241100x8000000000000000760068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1b7ac678a9ff8c2021-12-20 15:55:52.928root 11241100x8000000000000000760069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c9eb1e8f6e9a642021-12-20 15:55:52.928root 11241100x8000000000000000760070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439cacb195e9d25a2021-12-20 15:55:52.928root 11241100x8000000000000000760071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6be4f4806cf6c172021-12-20 15:55:52.928root 11241100x8000000000000000760072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9a9b932e89bb4f2021-12-20 15:55:52.929root 11241100x8000000000000000760073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c624007a561e8d222021-12-20 15:55:52.929root 11241100x8000000000000000760074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659ef927b6895fe22021-12-20 15:55:52.929root 11241100x8000000000000000760075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107e78f6b1031fd82021-12-20 15:55:52.929root 11241100x8000000000000000760076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fee11588bd864d2021-12-20 15:55:52.929root 11241100x8000000000000000760077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3feb5a57e3bcb75b2021-12-20 15:55:52.929root 11241100x8000000000000000760078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b1902d0bbc91fd2021-12-20 15:55:52.929root 11241100x8000000000000000760079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68afb35a8e226422021-12-20 15:55:53.424root 11241100x8000000000000000760080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffd5d25727e00fa2021-12-20 15:55:53.424root 11241100x8000000000000000760081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639a97039daa02ee2021-12-20 15:55:53.424root 11241100x8000000000000000760082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b9ce7b3aab313d2021-12-20 15:55:53.424root 11241100x8000000000000000760083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209dbb4e98d75f292021-12-20 15:55:53.425root 11241100x8000000000000000760084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1751958fe63146b72021-12-20 15:55:53.425root 11241100x8000000000000000760085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4472b0b54cc963982021-12-20 15:55:53.425root 11241100x8000000000000000760086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48df6a3b5523ff12021-12-20 15:55:53.425root 11241100x8000000000000000760087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d1548fe2c88a722021-12-20 15:55:53.425root 11241100x8000000000000000760088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86324dcde31c98772021-12-20 15:55:53.425root 11241100x8000000000000000760089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d4dd5aaaa28df32021-12-20 15:55:53.425root 11241100x8000000000000000760090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5530b968bd9f34542021-12-20 15:55:53.425root 11241100x8000000000000000760091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d177bbd9051e02021-12-20 15:55:53.426root 11241100x8000000000000000760092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b9882cfae4027c2021-12-20 15:55:53.426root 11241100x8000000000000000760093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d40ebf655fe6bc2021-12-20 15:55:53.426root 11241100x8000000000000000760094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615d91eb04a4b3902021-12-20 15:55:53.426root 11241100x8000000000000000760095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3dd923e366b7ae2021-12-20 15:55:53.426root 11241100x8000000000000000760096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6696ef30edb978e42021-12-20 15:55:53.426root 11241100x8000000000000000760097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910290cccbf1e01b2021-12-20 15:55:53.426root 11241100x8000000000000000760098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13782e1849f7b0b52021-12-20 15:55:53.426root 11241100x8000000000000000760099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4108003c05fb1e362021-12-20 15:55:53.426root 11241100x8000000000000000760100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd31dcce7c1c3232021-12-20 15:55:53.427root 11241100x8000000000000000760101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71601c944750b2202021-12-20 15:55:53.427root 11241100x8000000000000000760102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f88add98470b3f72021-12-20 15:55:53.427root 11241100x8000000000000000760103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e99c3c10e5ebcba2021-12-20 15:55:53.427root 11241100x8000000000000000760104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccd60359a2539102021-12-20 15:55:53.427root 11241100x8000000000000000760105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d5699d6e0ea28c2021-12-20 15:55:53.427root 11241100x8000000000000000760106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6134486688daaf2021-12-20 15:55:53.427root 11241100x8000000000000000760107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c66e2f3fadf735f2021-12-20 15:55:53.427root 11241100x8000000000000000760108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2455f2cc1627c32021-12-20 15:55:53.427root 11241100x8000000000000000760109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649922409f19ba222021-12-20 15:55:53.427root 11241100x8000000000000000760110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cd481d44fbfc082021-12-20 15:55:53.427root 11241100x8000000000000000760111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede3e00e8edb12652021-12-20 15:55:53.427root 11241100x8000000000000000760112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f902e846b79f59612021-12-20 15:55:53.428root 11241100x8000000000000000760113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a16c3f374308be32021-12-20 15:55:53.428root 11241100x8000000000000000760114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72df4e84cc9770a2021-12-20 15:55:53.428root 11241100x8000000000000000760115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2540e269217f502021-12-20 15:55:53.428root 11241100x8000000000000000760116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278f484d08fe3b842021-12-20 15:55:53.428root 11241100x8000000000000000760117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41c7bd890f5ced32021-12-20 15:55:53.924root 11241100x8000000000000000760118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3e4b4d5285b2d72021-12-20 15:55:53.924root 11241100x8000000000000000760119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561ece23246c5d262021-12-20 15:55:53.924root 11241100x8000000000000000760120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c395f80265f2d322021-12-20 15:55:53.924root 11241100x8000000000000000760121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30308b23e87029f92021-12-20 15:55:53.925root 11241100x8000000000000000760122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0881b0f414396db2021-12-20 15:55:53.925root 11241100x8000000000000000760123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203bebe4bfce80372021-12-20 15:55:53.925root 11241100x8000000000000000760124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837e6aa98fcfee942021-12-20 15:55:53.925root 11241100x8000000000000000760125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f1c9c622eae1392021-12-20 15:55:53.925root 11241100x8000000000000000760126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204cc8f08e8f41e82021-12-20 15:55:53.925root 11241100x8000000000000000760127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f461a8ca58848b2021-12-20 15:55:53.925root 11241100x8000000000000000760128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7b8f25e9f2ddd82021-12-20 15:55:53.925root 11241100x8000000000000000760129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a56f12efeaeb162021-12-20 15:55:53.926root 11241100x8000000000000000760130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d83e5387113ac02021-12-20 15:55:53.926root 11241100x8000000000000000760131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b149de21be08801b2021-12-20 15:55:53.926root 11241100x8000000000000000760132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ab866a233663042021-12-20 15:55:53.926root 11241100x8000000000000000760133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b23cca0765d3bd2021-12-20 15:55:53.926root 11241100x8000000000000000760134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb6fd36e3029c112021-12-20 15:55:53.926root 11241100x8000000000000000760135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b252284e357c4dfa2021-12-20 15:55:53.926root 11241100x8000000000000000760136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2edd2e9cb423522021-12-20 15:55:53.927root 11241100x8000000000000000760137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42764ece56ab68542021-12-20 15:55:53.927root 11241100x8000000000000000760138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb34555187977a772021-12-20 15:55:53.927root 11241100x8000000000000000760139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb0df0d9d03942c2021-12-20 15:55:53.927root 11241100x8000000000000000760140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bfa8b732e1aa972021-12-20 15:55:53.927root 11241100x8000000000000000760141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0e2f866634dc122021-12-20 15:55:53.927root 11241100x8000000000000000760142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7415223dff04502021-12-20 15:55:53.927root 11241100x8000000000000000760143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961b1bec06c1c7cb2021-12-20 15:55:53.928root 11241100x8000000000000000760144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b52687d9a888c72021-12-20 15:55:53.928root 11241100x8000000000000000760145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e06c38216146f82021-12-20 15:55:53.928root 11241100x8000000000000000760146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2ad832c55f8ec02021-12-20 15:55:53.928root 11241100x8000000000000000760147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c1722edb58caa32021-12-20 15:55:53.928root 11241100x8000000000000000760148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0660237cf4d3f3d02021-12-20 15:55:53.928root 11241100x8000000000000000760149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bedddc48775d592021-12-20 15:55:53.928root 11241100x8000000000000000760150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d62c66d435b49c2021-12-20 15:55:53.929root 11241100x8000000000000000760151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc645e061ea287e2021-12-20 15:55:53.929root 11241100x8000000000000000760152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf428ecfe7f07df02021-12-20 15:55:53.929root 11241100x8000000000000000760153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b9427dc01fcc072021-12-20 15:55:53.929root 11241100x8000000000000000760154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9eaa7367a542092021-12-20 15:55:53.929root 11241100x8000000000000000760155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f975ab5dda76662021-12-20 15:55:53.929root 11241100x8000000000000000760156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c29e6f8c9ff8b0d2021-12-20 15:55:53.929root 11241100x8000000000000000760157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12dccd5596f19992021-12-20 15:55:53.930root 11241100x8000000000000000760158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1af20e8ba7bc3ba2021-12-20 15:55:53.930root 11241100x8000000000000000760159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:53.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dae6c116a61de842021-12-20 15:55:53.933root 11241100x8000000000000000760160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaa7a888024a5b32021-12-20 15:55:54.424root 11241100x8000000000000000760161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabe7bcffb84dfa32021-12-20 15:55:54.424root 11241100x8000000000000000760162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458995eb35bbf34d2021-12-20 15:55:54.424root 11241100x8000000000000000760163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba126b5bbda016842021-12-20 15:55:54.424root 11241100x8000000000000000760164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34142c84ba0e5df2021-12-20 15:55:54.424root 11241100x8000000000000000760165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0805d2396b7fd292021-12-20 15:55:54.424root 11241100x8000000000000000760166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf1ee3d68084ed32021-12-20 15:55:54.424root 11241100x8000000000000000760167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a507609e9f8b4c052021-12-20 15:55:54.424root 11241100x8000000000000000760168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3dc13bc6a436602021-12-20 15:55:54.424root 11241100x8000000000000000760169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7b938661c8b3ac2021-12-20 15:55:54.424root 11241100x8000000000000000760170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3736fd84998d1c2021-12-20 15:55:54.424root 11241100x8000000000000000760171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758cd6371108f1e82021-12-20 15:55:54.425root 11241100x8000000000000000760172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037dbd1a3a9f9b102021-12-20 15:55:54.425root 11241100x8000000000000000760173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf65987bc9f082352021-12-20 15:55:54.425root 11241100x8000000000000000760174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb13640b95a509132021-12-20 15:55:54.425root 11241100x8000000000000000760175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15126ba0e5b80172021-12-20 15:55:54.426root 11241100x8000000000000000760176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63c457a4c39e1152021-12-20 15:55:54.426root 11241100x8000000000000000760177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256538b201695a662021-12-20 15:55:54.426root 11241100x8000000000000000760178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956544612613a0f42021-12-20 15:55:54.426root 11241100x8000000000000000760179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbeba3004cc5dfb2021-12-20 15:55:54.426root 11241100x8000000000000000760180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d6c3fb3fb068352021-12-20 15:55:54.426root 11241100x8000000000000000760181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bbefb556c3f5892021-12-20 15:55:54.426root 11241100x8000000000000000760182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5925ab45273e442021-12-20 15:55:54.426root 11241100x8000000000000000760183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8877674d878860272021-12-20 15:55:54.426root 11241100x8000000000000000760184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd77f35ed10d1e182021-12-20 15:55:54.426root 11241100x8000000000000000760185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72dbcc7a9869e782021-12-20 15:55:54.426root 11241100x8000000000000000760186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9117b97d2b5150f52021-12-20 15:55:54.427root 11241100x8000000000000000760187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c90351b9bdbcdd92021-12-20 15:55:54.427root 11241100x8000000000000000760188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c0d000a64b3e242021-12-20 15:55:54.427root 11241100x8000000000000000760189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb392614c65eb292021-12-20 15:55:54.427root 11241100x8000000000000000760190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b9ec554363b2b72021-12-20 15:55:54.427root 11241100x8000000000000000760191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659ec87d3489a5562021-12-20 15:55:54.427root 11241100x8000000000000000760192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f60979e0eafbbf2021-12-20 15:55:54.427root 11241100x8000000000000000760193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37589f42f4b9de02021-12-20 15:55:54.427root 11241100x8000000000000000760194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72fa8ccdbbed7882021-12-20 15:55:54.427root 11241100x8000000000000000760195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bfad8f3686b8cd2021-12-20 15:55:54.427root 11241100x8000000000000000760196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ea9c7aa7c589142021-12-20 15:55:54.428root 11241100x8000000000000000760197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2773de2e37ab3da2021-12-20 15:55:54.428root 11241100x8000000000000000760198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ea1f81803cfc212021-12-20 15:55:54.428root 11241100x8000000000000000760199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8a8432cf5e26ec2021-12-20 15:55:54.428root 11241100x8000000000000000760200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf67ac1160523ac2021-12-20 15:55:54.428root 11241100x8000000000000000760201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e6851f41d7b3802021-12-20 15:55:54.428root 11241100x8000000000000000760202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea59510d7532bd0e2021-12-20 15:55:54.428root 11241100x8000000000000000760203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69614385103220d2021-12-20 15:55:54.429root 11241100x8000000000000000760204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb800cc56eaa5272021-12-20 15:55:54.429root 11241100x8000000000000000760205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119885058ee954e32021-12-20 15:55:54.924root 11241100x8000000000000000760206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f660b043d6ce08a2021-12-20 15:55:54.924root 11241100x8000000000000000760207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb84df030a341a82021-12-20 15:55:54.924root 11241100x8000000000000000760208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b54f020ec5ec65a2021-12-20 15:55:54.924root 11241100x8000000000000000760209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3117f7289a22a51b2021-12-20 15:55:54.925root 11241100x8000000000000000760210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149f96f72b2cc9e42021-12-20 15:55:54.925root 11241100x8000000000000000760211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343b14b8f05578ef2021-12-20 15:55:54.925root 11241100x8000000000000000760212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06a33553ae6e5b52021-12-20 15:55:54.925root 11241100x8000000000000000760213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0776ca008c424a3e2021-12-20 15:55:54.925root 11241100x8000000000000000760214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241c0bdcf70666b52021-12-20 15:55:54.925root 11241100x8000000000000000760215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd83093a5b2943ff2021-12-20 15:55:54.925root 11241100x8000000000000000760216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1460eb987edcc80a2021-12-20 15:55:54.925root 11241100x8000000000000000760217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5ba1faaa02f6432021-12-20 15:55:54.925root 11241100x8000000000000000760218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd28a84885bf3732021-12-20 15:55:54.926root 11241100x8000000000000000760219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40224477002353d42021-12-20 15:55:54.926root 11241100x8000000000000000760220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024c8a53b014f60e2021-12-20 15:55:54.926root 11241100x8000000000000000760221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b224171db1237552021-12-20 15:55:54.926root 11241100x8000000000000000760222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e68ebe592827b0d2021-12-20 15:55:54.926root 11241100x8000000000000000760223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18664ca655e388112021-12-20 15:55:54.926root 11241100x8000000000000000760224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0168214b1549924c2021-12-20 15:55:54.926root 11241100x8000000000000000760225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21e2ed1698edc842021-12-20 15:55:54.926root 11241100x8000000000000000760226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae83fdf675c7c1e2021-12-20 15:55:54.926root 11241100x8000000000000000760227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98154ecc0b832bd2021-12-20 15:55:54.927root 11241100x8000000000000000760228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6e97882ce43b702021-12-20 15:55:54.927root 11241100x8000000000000000760229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac26852d4adbd8772021-12-20 15:55:54.927root 11241100x8000000000000000760230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d143a4e314c3f2021-12-20 15:55:54.927root 11241100x8000000000000000760231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c170249675ab2f9b2021-12-20 15:55:54.927root 11241100x8000000000000000760232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a52c8f1d8ea8ed2021-12-20 15:55:54.927root 11241100x8000000000000000760233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5435dc769d2d0122021-12-20 15:55:54.927root 11241100x8000000000000000760234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e4d55d11b0f1392021-12-20 15:55:54.927root 11241100x8000000000000000760235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f39d5561f4058b2021-12-20 15:55:54.927root 11241100x8000000000000000760236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0fe168dc73f7c22021-12-20 15:55:54.927root 11241100x8000000000000000760237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cbd89c677f0fa22021-12-20 15:55:54.928root 11241100x8000000000000000760238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:54.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d6cda9a28be9e62021-12-20 15:55:54.928root 11241100x8000000000000000760239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3f24a44aa765d62021-12-20 15:55:55.424root 11241100x8000000000000000760240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b95c5796ccab862021-12-20 15:55:55.424root 11241100x8000000000000000760241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24519d8bc75ba5222021-12-20 15:55:55.424root 11241100x8000000000000000760242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a113588162a2f32021-12-20 15:55:55.424root 11241100x8000000000000000760243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd5bcf172ee1af82021-12-20 15:55:55.425root 11241100x8000000000000000760244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e4a1d95fb95dd32021-12-20 15:55:55.425root 11241100x8000000000000000760245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12acd58e7dcffd82021-12-20 15:55:55.425root 11241100x8000000000000000760246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41466f61c3cd89312021-12-20 15:55:55.425root 11241100x8000000000000000760247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a572716938009e152021-12-20 15:55:55.425root 11241100x8000000000000000760248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd55b114aa145622021-12-20 15:55:55.425root 11241100x8000000000000000760249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805a3606612e6a9f2021-12-20 15:55:55.425root 11241100x8000000000000000760250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b14e8220b7232e32021-12-20 15:55:55.425root 11241100x8000000000000000760251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca666072e5cae92d2021-12-20 15:55:55.425root 11241100x8000000000000000760252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e7caa7a952148d2021-12-20 15:55:55.425root 11241100x8000000000000000760253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aeb3ce1f27ad9782021-12-20 15:55:55.425root 11241100x8000000000000000760254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b266146c950dbf9d2021-12-20 15:55:55.426root 11241100x8000000000000000760255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712b83cfe40d55a52021-12-20 15:55:55.426root 11241100x8000000000000000760256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0029922e445d642021-12-20 15:55:55.426root 11241100x8000000000000000760257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c3219dfd6781872021-12-20 15:55:55.426root 11241100x8000000000000000760258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0186e2496eb7be2021-12-20 15:55:55.426root 11241100x8000000000000000760259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afae2a45376ad4302021-12-20 15:55:55.426root 11241100x8000000000000000760260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a452e9fa4b145b2021-12-20 15:55:55.426root 11241100x8000000000000000760261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aebacbddcb316f32021-12-20 15:55:55.426root 11241100x8000000000000000760262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a7d91b9ccecfbf2021-12-20 15:55:55.426root 11241100x8000000000000000760263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdc3e1934c4b0622021-12-20 15:55:55.426root 11241100x8000000000000000760264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d93d2e9976ea7f2021-12-20 15:55:55.427root 11241100x8000000000000000760265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283b5c050a668aa92021-12-20 15:55:55.427root 11241100x8000000000000000760266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e509d519b9b4e86c2021-12-20 15:55:55.427root 11241100x8000000000000000760267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c90e44c086fc922021-12-20 15:55:55.427root 11241100x8000000000000000760268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e05228e13c8d0522021-12-20 15:55:55.427root 11241100x8000000000000000760269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee2f6dc20fa1d6d2021-12-20 15:55:55.428root 11241100x8000000000000000760270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7bed8a39d87d392021-12-20 15:55:55.428root 11241100x8000000000000000760271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b72a2c2630bc1e2021-12-20 15:55:55.429root 11241100x8000000000000000760272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340d8d1bf4f19bb22021-12-20 15:55:55.429root 11241100x8000000000000000760273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bd11425ed441f62021-12-20 15:55:55.429root 11241100x8000000000000000760274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8b78b3f63d4fd32021-12-20 15:55:55.429root 11241100x8000000000000000760275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8891351f865e7f652021-12-20 15:55:55.429root 11241100x8000000000000000760276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a89c836d06fe5b2021-12-20 15:55:55.430root 11241100x8000000000000000760277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4488aedb21297d22021-12-20 15:55:55.430root 11241100x8000000000000000760278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09b794bc365e9812021-12-20 15:55:55.430root 11241100x8000000000000000760279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68eb7e52370e13a2021-12-20 15:55:55.430root 11241100x8000000000000000760280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc7c63964b103d72021-12-20 15:55:55.431root 11241100x8000000000000000760281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f8bfe4b3b971f62021-12-20 15:55:55.432root 11241100x8000000000000000760282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b3f14e49a920122021-12-20 15:55:55.432root 11241100x8000000000000000760283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37949fc586ed5102021-12-20 15:55:55.433root 11241100x8000000000000000760284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e108b92e14f040602021-12-20 15:55:55.433root 11241100x8000000000000000760285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbc40e0c7220a0c2021-12-20 15:55:55.434root 11241100x8000000000000000760286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d921399b5f6b3ec92021-12-20 15:55:55.924root 11241100x8000000000000000760287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4146df3a5fb4cd62021-12-20 15:55:55.925root 11241100x8000000000000000760288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db702b78344076fb2021-12-20 15:55:55.925root 11241100x8000000000000000760289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c081d3f721975a112021-12-20 15:55:55.925root 11241100x8000000000000000760290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d94d2ae3bdb10ea2021-12-20 15:55:55.925root 11241100x8000000000000000760291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeba99e12bbd5fe2021-12-20 15:55:55.925root 11241100x8000000000000000760292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4bdc69f5bcff3f2021-12-20 15:55:55.926root 11241100x8000000000000000760293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd71c0a446552a92021-12-20 15:55:55.926root 11241100x8000000000000000760294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc84ff2ccb218ae12021-12-20 15:55:55.926root 11241100x8000000000000000760295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71984ea4567b7c12021-12-20 15:55:55.926root 11241100x8000000000000000760296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1c2d1d05f30f692021-12-20 15:55:55.926root 11241100x8000000000000000760297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64adc3743c899832021-12-20 15:55:55.926root 11241100x8000000000000000760298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c292195e6894a12021-12-20 15:55:55.926root 11241100x8000000000000000760299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398f2dd7d9658e922021-12-20 15:55:55.926root 11241100x8000000000000000760300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844071cc488ef6a32021-12-20 15:55:55.927root 11241100x8000000000000000760301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a8cb02c176c9782021-12-20 15:55:55.927root 11241100x8000000000000000760302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e7adce770d823f2021-12-20 15:55:55.927root 11241100x8000000000000000760303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c4a5124ffd0bf82021-12-20 15:55:55.927root 11241100x8000000000000000760304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57ede60f6884ddd2021-12-20 15:55:55.927root 11241100x8000000000000000760305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413736b21945a4ab2021-12-20 15:55:55.927root 11241100x8000000000000000760306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dacb9b9ddc6c3b2021-12-20 15:55:55.927root 11241100x8000000000000000760307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5644fbb0b8917ff82021-12-20 15:55:55.927root 11241100x8000000000000000760308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8230390d6e41fe982021-12-20 15:55:55.927root 11241100x8000000000000000760309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27b95c266ba50332021-12-20 15:55:55.927root 11241100x8000000000000000760310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5f21744f33c9fd2021-12-20 15:55:55.928root 11241100x8000000000000000760311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf6e22ff17402842021-12-20 15:55:55.928root 11241100x8000000000000000760312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333997eafb08ccd92021-12-20 15:55:55.928root 11241100x8000000000000000760313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd87e2701c2b9cab2021-12-20 15:55:55.928root 11241100x8000000000000000760314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a2422523a9e85b2021-12-20 15:55:55.928root 11241100x8000000000000000760315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c37474bed9e6fa32021-12-20 15:55:55.928root 11241100x8000000000000000760316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605736ed03ff9e662021-12-20 15:55:55.929root 11241100x8000000000000000760317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c31139ec2531132021-12-20 15:55:55.929root 11241100x8000000000000000760318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0804c3a881ce1a2021-12-20 15:55:55.929root 11241100x8000000000000000760319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46bd7ea9d1c1ef32021-12-20 15:55:55.929root 11241100x8000000000000000760320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f11932ffa34df32021-12-20 15:55:55.929root 11241100x8000000000000000760321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c26cb4ab4d08fff2021-12-20 15:55:55.929root 11241100x8000000000000000760322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:55.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee0f44e6f5762ce2021-12-20 15:55:55.930root 11241100x8000000000000000760323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03498d74f29c41832021-12-20 15:55:56.424root 11241100x8000000000000000760324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b524735bd5161d2021-12-20 15:55:56.424root 11241100x8000000000000000760325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ebffbe4f9165cd2021-12-20 15:55:56.424root 11241100x8000000000000000760326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44584801ef4833ff2021-12-20 15:55:56.424root 11241100x8000000000000000760327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976016b6abf077282021-12-20 15:55:56.424root 11241100x8000000000000000760328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f10b332585eff8f2021-12-20 15:55:56.424root 11241100x8000000000000000760329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb89ecbec970a622021-12-20 15:55:56.424root 11241100x8000000000000000760330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae855bc9abc4e332021-12-20 15:55:56.425root 11241100x8000000000000000760331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c38cb5d8cd33a22021-12-20 15:55:56.425root 11241100x8000000000000000760332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5daaba6e304f40f92021-12-20 15:55:56.425root 11241100x8000000000000000760333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191cc4485dc3b27b2021-12-20 15:55:56.425root 11241100x8000000000000000760334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516a15699bada90a2021-12-20 15:55:56.425root 11241100x8000000000000000760335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18eb185a6a014292021-12-20 15:55:56.425root 11241100x8000000000000000760336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47751cba7e707d5a2021-12-20 15:55:56.425root 11241100x8000000000000000760337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cacfe67c5a0f3f32021-12-20 15:55:56.425root 11241100x8000000000000000760338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c61bf1adcd4e40c2021-12-20 15:55:56.425root 11241100x8000000000000000760339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c5587b7cd4f9a92021-12-20 15:55:56.425root 11241100x8000000000000000760340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd4061ed8177ffc2021-12-20 15:55:56.425root 11241100x8000000000000000760341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d7d54df5605eaa2021-12-20 15:55:56.425root 11241100x8000000000000000760342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80f530e26a05dd22021-12-20 15:55:56.425root 11241100x8000000000000000760343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0e7bb3ef6dd03e2021-12-20 15:55:56.426root 11241100x8000000000000000760344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75ad421503d0b142021-12-20 15:55:56.426root 11241100x8000000000000000760345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4fb3ade31b1cff2021-12-20 15:55:56.426root 11241100x8000000000000000760346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5059fc83db140e2021-12-20 15:55:56.426root 11241100x8000000000000000760347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae2ee8a9c715e552021-12-20 15:55:56.426root 11241100x8000000000000000760348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ee739503f757972021-12-20 15:55:56.426root 11241100x8000000000000000760349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83af2d298554c6d2021-12-20 15:55:56.426root 11241100x8000000000000000760350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27235c8da4b1c062021-12-20 15:55:56.426root 11241100x8000000000000000760351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f21afe40a59bd182021-12-20 15:55:56.426root 11241100x8000000000000000760352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dfaa48af29822a2021-12-20 15:55:56.427root 11241100x8000000000000000760353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d5c14dbbafe3452021-12-20 15:55:56.427root 11241100x8000000000000000760354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed7889fe068e5d2021-12-20 15:55:56.427root 11241100x8000000000000000760355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9454da13d5b2a2e2021-12-20 15:55:56.427root 11241100x8000000000000000760356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b915471489880f2021-12-20 15:55:56.427root 11241100x8000000000000000760357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4229a92132adbba2021-12-20 15:55:56.427root 11241100x8000000000000000760358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fa8699d82107f42021-12-20 15:55:56.427root 11241100x8000000000000000760359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2761394ae4ae8b62021-12-20 15:55:56.427root 11241100x8000000000000000760360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac87c10654981632021-12-20 15:55:56.427root 11241100x8000000000000000760361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4951326c1abb4d2021-12-20 15:55:56.427root 11241100x8000000000000000760362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b08dfc763fb5bc2021-12-20 15:55:56.427root 11241100x8000000000000000760363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a7fc1c359ae8142021-12-20 15:55:56.428root 11241100x8000000000000000760364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23aba587463d64352021-12-20 15:55:56.428root 11241100x8000000000000000760365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c67aa5c71e280432021-12-20 15:55:56.428root 11241100x8000000000000000760366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6176795930bd792021-12-20 15:55:56.428root 11241100x8000000000000000760367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa33c02f9879dbc2021-12-20 15:55:56.428root 11241100x8000000000000000760368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3cb07942b4c08c2021-12-20 15:55:56.924root 11241100x8000000000000000760369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f89e56c6d932b12021-12-20 15:55:56.924root 11241100x8000000000000000760370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed29500e22f053122021-12-20 15:55:56.924root 11241100x8000000000000000760371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad491c2d6cddbceb2021-12-20 15:55:56.925root 11241100x8000000000000000760372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218a2b716c5596ca2021-12-20 15:55:56.925root 11241100x8000000000000000760373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27243c77f1488bf2021-12-20 15:55:56.925root 11241100x8000000000000000760374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea77a0ed430c7342021-12-20 15:55:56.925root 11241100x8000000000000000760375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989c0b1c22ed8b772021-12-20 15:55:56.925root 11241100x8000000000000000760376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f5396c118c5a0a2021-12-20 15:55:56.925root 11241100x8000000000000000760377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960fa3dc747ccb552021-12-20 15:55:56.925root 11241100x8000000000000000760378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9e6055da8b54d52021-12-20 15:55:56.925root 11241100x8000000000000000760379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19004f4541eaf80a2021-12-20 15:55:56.925root 11241100x8000000000000000760380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e681a1cb48f396b52021-12-20 15:55:56.926root 11241100x8000000000000000760381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bb7df6a49fb0872021-12-20 15:55:56.926root 11241100x8000000000000000760382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a14973d1dc7282021-12-20 15:55:56.926root 11241100x8000000000000000760383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542cc58845aeb4692021-12-20 15:55:56.926root 11241100x8000000000000000760384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c4ee35ccf14da62021-12-20 15:55:56.926root 11241100x8000000000000000760385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaf0915b46419942021-12-20 15:55:56.926root 11241100x8000000000000000760386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24e4ae81242c06f2021-12-20 15:55:56.926root 11241100x8000000000000000760387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9362c499c90828b2021-12-20 15:55:56.926root 11241100x8000000000000000760388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fb6b48bb0582992021-12-20 15:55:56.926root 11241100x8000000000000000760389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b34d887e00de4c42021-12-20 15:55:56.926root 11241100x8000000000000000760390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabccb08ad617a502021-12-20 15:55:56.927root 11241100x8000000000000000760391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4197dcd0341f2ade2021-12-20 15:55:56.927root 11241100x8000000000000000760392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b404083b052b802021-12-20 15:55:56.927root 11241100x8000000000000000760393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96099287f1932ac62021-12-20 15:55:56.927root 11241100x8000000000000000760394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2961724eaaffa2c72021-12-20 15:55:56.927root 11241100x8000000000000000760395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e422d7ad40efe19e2021-12-20 15:55:56.927root 11241100x8000000000000000760396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca69370717bd93312021-12-20 15:55:56.927root 11241100x8000000000000000760397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a2c802f6a433fa2021-12-20 15:55:56.927root 11241100x8000000000000000760398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0896a694510fbc5f2021-12-20 15:55:56.928root 11241100x8000000000000000760399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ec034bf9d298c32021-12-20 15:55:56.928root 11241100x8000000000000000760400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f4e78230565e182021-12-20 15:55:56.928root 11241100x8000000000000000760401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f009593ed4d88e932021-12-20 15:55:56.928root 11241100x8000000000000000760402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1c08d0a4067ecc2021-12-20 15:55:56.928root 11241100x8000000000000000760403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d18261f826d72e22021-12-20 15:55:56.928root 11241100x8000000000000000760404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2572b31fffa5d12021-12-20 15:55:56.928root 11241100x8000000000000000760405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:56.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3039c076bb22bd712021-12-20 15:55:56.929root 354300x8000000000000000760406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.067{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51388-false10.0.1.12-8000- 11241100x8000000000000000760407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c25f2d213f156b22021-12-20 15:55:57.424root 11241100x8000000000000000760408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c0c946670c58882021-12-20 15:55:57.424root 11241100x8000000000000000760409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a1658a2d70582b2021-12-20 15:55:57.424root 11241100x8000000000000000760410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553e637609ce03822021-12-20 15:55:57.424root 11241100x8000000000000000760411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30dc359aff68d572021-12-20 15:55:57.425root 11241100x8000000000000000760412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6df5b05e68960be2021-12-20 15:55:57.425root 11241100x8000000000000000760413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cb17c1e32d94532021-12-20 15:55:57.425root 11241100x8000000000000000760414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67b29b3ce05e0fe2021-12-20 15:55:57.425root 11241100x8000000000000000760415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc9bcae303adb392021-12-20 15:55:57.425root 11241100x8000000000000000760416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0440d4b3b53b63a2021-12-20 15:55:57.425root 11241100x8000000000000000760417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f114aded11aeb5c2021-12-20 15:55:57.425root 11241100x8000000000000000760418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333f2f86886d84d52021-12-20 15:55:57.425root 11241100x8000000000000000760419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd55ac70755de1e52021-12-20 15:55:57.425root 11241100x8000000000000000760420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd4e141c8d5c39d2021-12-20 15:55:57.425root 11241100x8000000000000000760421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ed17ccb9a0e4d62021-12-20 15:55:57.425root 11241100x8000000000000000760422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdd10b93e9a09e72021-12-20 15:55:57.425root 11241100x8000000000000000760423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c8267fcf1b972d2021-12-20 15:55:57.425root 11241100x8000000000000000760424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacd763261aebd2c2021-12-20 15:55:57.425root 11241100x8000000000000000760425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7ca10b4dec1cdc2021-12-20 15:55:57.426root 11241100x8000000000000000760426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1958c2005bffe02021-12-20 15:55:57.426root 11241100x8000000000000000760427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0844671fd2fe02bf2021-12-20 15:55:57.426root 11241100x8000000000000000760428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8931254ebf0c1c412021-12-20 15:55:57.426root 11241100x8000000000000000760429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4217d409efa4d3c62021-12-20 15:55:57.426root 11241100x8000000000000000760430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a331db3bf703dba2021-12-20 15:55:57.426root 11241100x8000000000000000760431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb30753473b8f242021-12-20 15:55:57.426root 11241100x8000000000000000760432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3944999c86f908262021-12-20 15:55:57.426root 11241100x8000000000000000760433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af99dd45a25b2a892021-12-20 15:55:57.426root 11241100x8000000000000000760434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1cc3a8474a8d282021-12-20 15:55:57.426root 11241100x8000000000000000760435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd69f519fa3bbe82021-12-20 15:55:57.426root 11241100x8000000000000000760436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d0c6b1013972882021-12-20 15:55:57.426root 11241100x8000000000000000760437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8207fbfb11231c702021-12-20 15:55:57.426root 11241100x8000000000000000760438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cce84cf707e5be02021-12-20 15:55:57.426root 11241100x8000000000000000760439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83199e42584af6d2021-12-20 15:55:57.426root 11241100x8000000000000000760440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accae7ff4b7b33b52021-12-20 15:55:57.427root 11241100x8000000000000000760441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df18bb19aaeb5ed2021-12-20 15:55:57.427root 11241100x8000000000000000760442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a8453ada40e0ae2021-12-20 15:55:57.427root 11241100x8000000000000000760443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76cf39d7d4efa302021-12-20 15:55:57.427root 11241100x8000000000000000760444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e078f7f77926b1b52021-12-20 15:55:57.427root 11241100x8000000000000000760445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdfe39074188ee62021-12-20 15:55:57.427root 11241100x8000000000000000760446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54b90b967b634942021-12-20 15:55:57.427root 11241100x8000000000000000760447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4f2bc9ef742f932021-12-20 15:55:57.427root 11241100x8000000000000000760448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38441de7647e72d42021-12-20 15:55:57.427root 11241100x8000000000000000760449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f3889323dad8d72021-12-20 15:55:57.924root 11241100x8000000000000000760450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2c808a051b62aa2021-12-20 15:55:57.924root 11241100x8000000000000000760451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaad7359ec69744e2021-12-20 15:55:57.924root 11241100x8000000000000000760452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879dd2772ed1e1392021-12-20 15:55:57.925root 11241100x8000000000000000760453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3476a3d2ec88cd782021-12-20 15:55:57.925root 11241100x8000000000000000760454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d413d9ed5b43c6332021-12-20 15:55:57.925root 11241100x8000000000000000760455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84991d5fda59f8df2021-12-20 15:55:57.925root 11241100x8000000000000000760456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593b32b32101f58b2021-12-20 15:55:57.925root 11241100x8000000000000000760457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407ae298259635e12021-12-20 15:55:57.925root 11241100x8000000000000000760458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d38e46a101af6f2021-12-20 15:55:57.926root 11241100x8000000000000000760459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9856119ac4020a32021-12-20 15:55:57.926root 11241100x8000000000000000760460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b254c6bda26f832021-12-20 15:55:57.926root 11241100x8000000000000000760461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d707f9db785a2612021-12-20 15:55:57.926root 11241100x8000000000000000760462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfb9828892f92322021-12-20 15:55:57.926root 11241100x8000000000000000760463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bc27da28c990e32021-12-20 15:55:57.927root 11241100x8000000000000000760464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd6005c18e5ae0b2021-12-20 15:55:57.928root 11241100x8000000000000000760465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e613bc3d289b9ee2021-12-20 15:55:57.928root 11241100x8000000000000000760466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0cbf9d69bf6b292021-12-20 15:55:57.928root 11241100x8000000000000000760467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf1f10dd4b2fac22021-12-20 15:55:57.928root 11241100x8000000000000000760468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d52788c678f5132021-12-20 15:55:57.928root 11241100x8000000000000000760469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4240acf6063c40b2021-12-20 15:55:57.928root 11241100x8000000000000000760470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d393ad09879523082021-12-20 15:55:57.928root 11241100x8000000000000000760471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccec9c70e0144922021-12-20 15:55:57.929root 11241100x8000000000000000760472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53a95b7686b748c2021-12-20 15:55:57.929root 11241100x8000000000000000760473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b67ba5510811c02021-12-20 15:55:57.929root 11241100x8000000000000000760474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aba18b56fb0d3a2021-12-20 15:55:57.929root 11241100x8000000000000000760475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5464b08391cba9082021-12-20 15:55:57.929root 11241100x8000000000000000760476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d0c1fbbfe4cce02021-12-20 15:55:57.929root 11241100x8000000000000000760477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcf19d88708fb902021-12-20 15:55:57.929root 11241100x8000000000000000760478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01ac35287a0ed052021-12-20 15:55:57.930root 11241100x8000000000000000760479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9f9f985330cd852021-12-20 15:55:57.930root 11241100x8000000000000000760480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51da005a88780cce2021-12-20 15:55:57.930root 11241100x8000000000000000760481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6903cab6c29deb3e2021-12-20 15:55:57.930root 11241100x8000000000000000760482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a7073401f1b2b22021-12-20 15:55:57.931root 11241100x8000000000000000760483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2abcd206619604d2021-12-20 15:55:57.931root 11241100x8000000000000000760484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a60ae9ece9c5d92021-12-20 15:55:57.931root 11241100x8000000000000000760485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada7ca7632f2a6cd2021-12-20 15:55:57.931root 11241100x8000000000000000760486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:57.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ada280e7c139c552021-12-20 15:55:57.931root 11241100x8000000000000000760487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a918a8fe36135ee2021-12-20 15:55:58.424root 11241100x8000000000000000760488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ed4d283d26685c2021-12-20 15:55:58.425root 11241100x8000000000000000760489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c92e6a994f71ff12021-12-20 15:55:58.425root 11241100x8000000000000000760490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0fb1ec1c8da9712021-12-20 15:55:58.425root 11241100x8000000000000000760491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3262f3c263f340a82021-12-20 15:55:58.426root 11241100x8000000000000000760492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a39ed096f43e2af2021-12-20 15:55:58.426root 11241100x8000000000000000760493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ce380d623272a42021-12-20 15:55:58.427root 11241100x8000000000000000760494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4353b189fff817192021-12-20 15:55:58.427root 11241100x8000000000000000760495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b3a81405bdd4342021-12-20 15:55:58.427root 11241100x8000000000000000760496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dc3e53f246d3112021-12-20 15:55:58.427root 11241100x8000000000000000760497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1104c2ff0c8fbfa2021-12-20 15:55:58.427root 11241100x8000000000000000760498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6261aba1e8bd542021-12-20 15:55:58.427root 11241100x8000000000000000760499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04cd541d12649ab2021-12-20 15:55:58.427root 11241100x8000000000000000760500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d5e23eb909ab352021-12-20 15:55:58.427root 11241100x8000000000000000760501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090f49504e17fb6a2021-12-20 15:55:58.427root 11241100x8000000000000000760502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f49cbe651869982021-12-20 15:55:58.427root 11241100x8000000000000000760503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25372a3a0203c0922021-12-20 15:55:58.427root 11241100x8000000000000000760504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c1b68d7aa34b722021-12-20 15:55:58.428root 11241100x8000000000000000760505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0199821f310d67202021-12-20 15:55:58.428root 11241100x8000000000000000760506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d316c6ee35bc8fb2021-12-20 15:55:58.428root 11241100x8000000000000000760507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400e822b5f2492a82021-12-20 15:55:58.428root 11241100x8000000000000000760508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f42a6240836cad82021-12-20 15:55:58.428root 11241100x8000000000000000760509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d837fa81d2901b62021-12-20 15:55:58.428root 11241100x8000000000000000760510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8becdf32f2801232021-12-20 15:55:58.428root 11241100x8000000000000000760511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ae5999ddc6e73a2021-12-20 15:55:58.428root 11241100x8000000000000000760512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edb66041b949d762021-12-20 15:55:58.429root 11241100x8000000000000000760513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a976f95a311aa82021-12-20 15:55:58.429root 11241100x8000000000000000760514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d11a59245c6776d2021-12-20 15:55:58.429root 11241100x8000000000000000760515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce09bde23d19adf32021-12-20 15:55:58.429root 11241100x8000000000000000760516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39752d86706fc7992021-12-20 15:55:58.429root 11241100x8000000000000000760517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c089ec77a24d33d02021-12-20 15:55:58.430root 11241100x8000000000000000760518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6644013c0deba62021-12-20 15:55:58.430root 11241100x8000000000000000760519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a439b5f88cd3461a2021-12-20 15:55:58.430root 11241100x8000000000000000760520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350cc3c86dfa7e222021-12-20 15:55:58.431root 11241100x8000000000000000760521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690ac353af7b370c2021-12-20 15:55:58.431root 11241100x8000000000000000760522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c847c976d9e9ae2021-12-20 15:55:58.924root 11241100x8000000000000000760523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74001ccfa2600442021-12-20 15:55:58.924root 11241100x8000000000000000760524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23faace73ca40cb12021-12-20 15:55:58.924root 11241100x8000000000000000760525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35405e2e8addf4272021-12-20 15:55:58.925root 11241100x8000000000000000760526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f3bca93cecff532021-12-20 15:55:58.925root 11241100x8000000000000000760527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07358890485ffcc2021-12-20 15:55:58.925root 11241100x8000000000000000760528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4ab567fa96dbbb2021-12-20 15:55:58.925root 11241100x8000000000000000760529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5740fca952d3ec32021-12-20 15:55:58.925root 11241100x8000000000000000760530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af6e1e31e51b0422021-12-20 15:55:58.925root 11241100x8000000000000000760531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939f41123d6638ce2021-12-20 15:55:58.925root 11241100x8000000000000000760532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4f9e7248af7d102021-12-20 15:55:58.925root 11241100x8000000000000000760533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75343d296716b912021-12-20 15:55:58.925root 11241100x8000000000000000760534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce8d7158806af9e2021-12-20 15:55:58.925root 11241100x8000000000000000760535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83671e468769a9c82021-12-20 15:55:58.926root 11241100x8000000000000000760536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc67844ea5861b952021-12-20 15:55:58.926root 11241100x8000000000000000760537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e0e753f868b7102021-12-20 15:55:58.926root 11241100x8000000000000000760538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6addc8d32c1ce0e2021-12-20 15:55:58.926root 11241100x8000000000000000760539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74114b884563e6c22021-12-20 15:55:58.926root 11241100x8000000000000000760540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfbf8cf234246aa2021-12-20 15:55:58.926root 11241100x8000000000000000760541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f26557bf2e56ba2021-12-20 15:55:58.926root 11241100x8000000000000000760542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b566887bd0c7eaf2021-12-20 15:55:58.926root 11241100x8000000000000000760543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850971f1fa5ecc4b2021-12-20 15:55:58.926root 11241100x8000000000000000760544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66c583c4d32a6592021-12-20 15:55:58.927root 11241100x8000000000000000760545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4f5ccae664ef0e2021-12-20 15:55:58.927root 11241100x8000000000000000760546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c595b8d414c8b63a2021-12-20 15:55:58.927root 11241100x8000000000000000760547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c27cb1981cb88082021-12-20 15:55:58.927root 11241100x8000000000000000760548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc5bbb3a19d5d2e2021-12-20 15:55:58.927root 11241100x8000000000000000760549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9327e0acf52a1a32021-12-20 15:55:58.927root 11241100x8000000000000000760550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd266785cdf1b76d2021-12-20 15:55:58.928root 11241100x8000000000000000760551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de61a1573d7f3232021-12-20 15:55:58.928root 11241100x8000000000000000760552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4735f88afb8fc3c12021-12-20 15:55:58.928root 11241100x8000000000000000760553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff3a46755ead7b12021-12-20 15:55:58.928root 11241100x8000000000000000760554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0a0cf87850a71d2021-12-20 15:55:58.928root 11241100x8000000000000000760555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0ffc01e4d4fba62021-12-20 15:55:58.929root 11241100x8000000000000000760556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d16654aa12009e62021-12-20 15:55:58.929root 11241100x8000000000000000760557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ac6f1ed692f9402021-12-20 15:55:58.929root 11241100x8000000000000000760558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb24caf2693797b2021-12-20 15:55:58.929root 11241100x8000000000000000760559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36a6158bd85fcbe2021-12-20 15:55:58.929root 11241100x8000000000000000760560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afa9aca0fe4900c2021-12-20 15:55:58.931root 11241100x8000000000000000760561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5657c1aeccf82c2021-12-20 15:55:58.932root 11241100x8000000000000000760562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:58.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddc3a65bd5a50d82021-12-20 15:55:58.932root 11241100x8000000000000000760563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0258f94aab2caf412021-12-20 15:55:59.424root 11241100x8000000000000000760564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22a135ce2103d432021-12-20 15:55:59.424root 11241100x8000000000000000760565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201e69fb14acec322021-12-20 15:55:59.424root 11241100x8000000000000000760566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9f87a76687d0752021-12-20 15:55:59.424root 11241100x8000000000000000760567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b712f4038c322b42021-12-20 15:55:59.425root 11241100x8000000000000000760568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b3fbccc01e05b72021-12-20 15:55:59.425root 11241100x8000000000000000760569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91e85c4174b5b2c2021-12-20 15:55:59.425root 11241100x8000000000000000760570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e043d4bd17d33d2021-12-20 15:55:59.425root 11241100x8000000000000000760571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a802cf87735160f72021-12-20 15:55:59.425root 11241100x8000000000000000760572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6809e879675607f2021-12-20 15:55:59.425root 11241100x8000000000000000760573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda00d7818eb0dd72021-12-20 15:55:59.425root 11241100x8000000000000000760574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8893e4b261fbfad42021-12-20 15:55:59.425root 11241100x8000000000000000760575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c6055ae8e8d1252021-12-20 15:55:59.425root 11241100x8000000000000000760576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215c050111a67eb32021-12-20 15:55:59.426root 11241100x8000000000000000760577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35dc7ecfafd37942021-12-20 15:55:59.426root 11241100x8000000000000000760578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d25a715b9ee2f62021-12-20 15:55:59.426root 11241100x8000000000000000760579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c110cbf9cfd13882021-12-20 15:55:59.426root 11241100x8000000000000000760580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39d8d5f01b23d9f2021-12-20 15:55:59.427root 11241100x8000000000000000760581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deddbe7795144aaa2021-12-20 15:55:59.427root 11241100x8000000000000000760582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e83c8a3c19cac112021-12-20 15:55:59.427root 11241100x8000000000000000760583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21279cf24e1fa3522021-12-20 15:55:59.427root 11241100x8000000000000000760584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9544f77547aa34f02021-12-20 15:55:59.427root 11241100x8000000000000000760585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3764c2972258f22021-12-20 15:55:59.427root 11241100x8000000000000000760586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70138d8f4e33a9d22021-12-20 15:55:59.428root 11241100x8000000000000000760587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b76985e992f367b2021-12-20 15:55:59.428root 11241100x8000000000000000760588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8ae4771d9c99dc2021-12-20 15:55:59.428root 11241100x8000000000000000760589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae0831a853fbafd2021-12-20 15:55:59.428root 11241100x8000000000000000760590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f0f495fec192032021-12-20 15:55:59.429root 11241100x8000000000000000760591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd04a84463236622021-12-20 15:55:59.429root 11241100x8000000000000000760592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c4cdd0df57adfd2021-12-20 15:55:59.429root 11241100x8000000000000000760593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b36cf629e9adadf2021-12-20 15:55:59.429root 11241100x8000000000000000760594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74c7f2988c54d572021-12-20 15:55:59.429root 11241100x8000000000000000760595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1e6314740f75602021-12-20 15:55:59.431root 11241100x8000000000000000760596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8393b046df83851b2021-12-20 15:55:59.431root 11241100x8000000000000000760597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad35ff9b5ae29772021-12-20 15:55:59.431root 11241100x8000000000000000760598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3211101a268548f32021-12-20 15:55:59.431root 11241100x8000000000000000760599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb271b0404a733562021-12-20 15:55:59.432root 11241100x8000000000000000760600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecc5d794206adeb2021-12-20 15:55:59.432root 11241100x8000000000000000760601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df08a6a34ff7b502021-12-20 15:55:59.432root 11241100x8000000000000000760602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6664b965821b712021-12-20 15:55:59.924root 11241100x8000000000000000760603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a648de73f9cf1c32021-12-20 15:55:59.924root 11241100x8000000000000000760604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5605233bf7a657932021-12-20 15:55:59.924root 11241100x8000000000000000760605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a559dedb321cf6d2021-12-20 15:55:59.925root 11241100x8000000000000000760606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f192f7bb4de3f32021-12-20 15:55:59.925root 11241100x8000000000000000760607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bff5fe5dde9ef032021-12-20 15:55:59.925root 11241100x8000000000000000760608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b4af176144f6922021-12-20 15:55:59.925root 11241100x8000000000000000760609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583d681347c5d9342021-12-20 15:55:59.925root 11241100x8000000000000000760610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d53603b848dedb22021-12-20 15:55:59.925root 11241100x8000000000000000760611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d53a8f5eb10b272021-12-20 15:55:59.925root 11241100x8000000000000000760612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df18c4e04192cbb2021-12-20 15:55:59.925root 11241100x8000000000000000760613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d745e89a01e91c42021-12-20 15:55:59.925root 11241100x8000000000000000760614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d799b30b489328402021-12-20 15:55:59.925root 11241100x8000000000000000760615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be55c2bb1f9a173a2021-12-20 15:55:59.925root 11241100x8000000000000000760616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20566af88da768b72021-12-20 15:55:59.926root 11241100x8000000000000000760617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e021ff7bebc435ec2021-12-20 15:55:59.926root 11241100x8000000000000000760618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65ca05ceaeb9dc02021-12-20 15:55:59.926root 11241100x8000000000000000760619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4971312e27b96b562021-12-20 15:55:59.926root 11241100x8000000000000000760620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1d3733f0437c8b2021-12-20 15:55:59.926root 11241100x8000000000000000760621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172d86d03e6f6b532021-12-20 15:55:59.926root 11241100x8000000000000000760622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5bf94757eae48e2021-12-20 15:55:59.926root 11241100x8000000000000000760623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb75f538a9833e3b2021-12-20 15:55:59.926root 11241100x8000000000000000760624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b6b89acb8c753a2021-12-20 15:55:59.926root 11241100x8000000000000000760625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d3f68e9f85bc742021-12-20 15:55:59.926root 11241100x8000000000000000760626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735dc17ab38a4c2f2021-12-20 15:55:59.927root 11241100x8000000000000000760627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6837e24d7c89fb22021-12-20 15:55:59.927root 11241100x8000000000000000760628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b32fd0afdc34e82021-12-20 15:55:59.927root 11241100x8000000000000000760629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbae11903bd05012021-12-20 15:55:59.927root 11241100x8000000000000000760630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639f3cb2c60c4f852021-12-20 15:55:59.927root 11241100x8000000000000000760631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81829d4c4336f5c72021-12-20 15:55:59.927root 11241100x8000000000000000760632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee834b8b4345ef72021-12-20 15:55:59.927root 11241100x8000000000000000760633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7629da02b32a91d12021-12-20 15:55:59.928root 11241100x8000000000000000760634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4887d9f1a225f12021-12-20 15:55:59.928root 11241100x8000000000000000760635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4afe9f2d52b6462021-12-20 15:55:59.928root 11241100x8000000000000000760636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6194387e59f7547d2021-12-20 15:55:59.928root 11241100x8000000000000000760637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73773d8c6eee7e132021-12-20 15:55:59.928root 11241100x8000000000000000760638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:55:59.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166637a4db397b4a2021-12-20 15:55:59.928root 11241100x8000000000000000760639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c95e5c6c0e8b482021-12-20 15:56:00.424root 11241100x8000000000000000760640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b517648ce2f4d5262021-12-20 15:56:00.425root 11241100x8000000000000000760641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccdbf725c1c39c02021-12-20 15:56:00.425root 11241100x8000000000000000760642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ca97830dd531b22021-12-20 15:56:00.425root 11241100x8000000000000000760643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4d130eab1d14e32021-12-20 15:56:00.425root 11241100x8000000000000000760644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f07a796c98647d42021-12-20 15:56:00.425root 11241100x8000000000000000760645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd569db674a95efd2021-12-20 15:56:00.426root 11241100x8000000000000000760646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb2835f2eae3b7b2021-12-20 15:56:00.426root 11241100x8000000000000000760647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01f88ccbd48164b2021-12-20 15:56:00.426root 11241100x8000000000000000760648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c12a909260bdafa2021-12-20 15:56:00.426root 11241100x8000000000000000760649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd83f71b60df9522021-12-20 15:56:00.426root 11241100x8000000000000000760650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a4cddac21a0db42021-12-20 15:56:00.426root 11241100x8000000000000000760651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b833db9a57da2d9f2021-12-20 15:56:00.427root 11241100x8000000000000000760652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdca9b27bd1385e02021-12-20 15:56:00.427root 11241100x8000000000000000760653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c1877e27b262092021-12-20 15:56:00.427root 11241100x8000000000000000760654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31294cd2ca53dcb2021-12-20 15:56:00.427root 11241100x8000000000000000760655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956fed3b2ab128ec2021-12-20 15:56:00.427root 11241100x8000000000000000760656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3c3b6ced231af22021-12-20 15:56:00.427root 11241100x8000000000000000760657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483d672cbddc995b2021-12-20 15:56:00.427root 11241100x8000000000000000760658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72ed107755ae0292021-12-20 15:56:00.428root 11241100x8000000000000000760659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38cf86c02c1747c2021-12-20 15:56:00.428root 11241100x8000000000000000760660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011f987e09154ae92021-12-20 15:56:00.428root 11241100x8000000000000000760661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a1392778454d112021-12-20 15:56:00.428root 11241100x8000000000000000760662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc89d31714ad9a22021-12-20 15:56:00.428root 11241100x8000000000000000760663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f6beff0256fe952021-12-20 15:56:00.428root 11241100x8000000000000000760664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeedafec24dc7002021-12-20 15:56:00.429root 11241100x8000000000000000760665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d9b456c2d8ff442021-12-20 15:56:00.429root 11241100x8000000000000000760666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42413ff1e26cfc52021-12-20 15:56:00.429root 11241100x8000000000000000760667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290965e4c91064d02021-12-20 15:56:00.430root 11241100x8000000000000000760668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f08e7aee184f652021-12-20 15:56:00.430root 11241100x8000000000000000760669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb48d6d70ebbbd32021-12-20 15:56:00.430root 11241100x8000000000000000760670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e832a635c4c56822021-12-20 15:56:00.430root 11241100x8000000000000000760671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217d0ac22b01464b2021-12-20 15:56:00.430root 11241100x8000000000000000760672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589bd91b7f68a2d02021-12-20 15:56:00.431root 11241100x8000000000000000760673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a40722a8f4c5d32021-12-20 15:56:00.431root 11241100x8000000000000000760674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eda60a45ea7d46f2021-12-20 15:56:00.431root 11241100x8000000000000000760675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df4435df77560df2021-12-20 15:56:00.431root 11241100x8000000000000000760676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb529d5699ebeec82021-12-20 15:56:00.431root 11241100x8000000000000000760677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d793656cd583e9a32021-12-20 15:56:00.924root 11241100x8000000000000000760678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca69523262e6de2021-12-20 15:56:00.924root 11241100x8000000000000000760679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6666cfd3da1caa62021-12-20 15:56:00.924root 11241100x8000000000000000760680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a245fcbe2fc4d4572021-12-20 15:56:00.925root 11241100x8000000000000000760681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2bcf34d49e3d9d2021-12-20 15:56:00.925root 11241100x8000000000000000760682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a134212c53b0cd1f2021-12-20 15:56:00.925root 11241100x8000000000000000760683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b436dc87a5f4c8e2021-12-20 15:56:00.925root 11241100x8000000000000000760684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9116efe45cb1ef162021-12-20 15:56:00.925root 11241100x8000000000000000760685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c9aa2edba4df0b2021-12-20 15:56:00.925root 11241100x8000000000000000760686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934a7cae0ccd80272021-12-20 15:56:00.925root 11241100x8000000000000000760687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0fad5b90d80e162021-12-20 15:56:00.926root 11241100x8000000000000000760688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6840f3e801ed3fdd2021-12-20 15:56:00.926root 11241100x8000000000000000760689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a8f6b2aaae12042021-12-20 15:56:00.926root 11241100x8000000000000000760690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1981c6ba0bf70d4f2021-12-20 15:56:00.926root 11241100x8000000000000000760691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a994ef48943f0192021-12-20 15:56:00.926root 11241100x8000000000000000760692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7a5fa0697b7b152021-12-20 15:56:00.926root 11241100x8000000000000000760693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4993203a05b8162021-12-20 15:56:00.926root 11241100x8000000000000000760694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00266b1eddc77a332021-12-20 15:56:00.927root 11241100x8000000000000000760695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4a5287840fb0f02021-12-20 15:56:00.927root 11241100x8000000000000000760696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3076fafe3d30112021-12-20 15:56:00.927root 11241100x8000000000000000760697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398d0ebf9a26f0052021-12-20 15:56:00.927root 11241100x8000000000000000760698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce0963dbb2d86d92021-12-20 15:56:00.927root 11241100x8000000000000000760699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8bb5d88419de0e2021-12-20 15:56:00.928root 11241100x8000000000000000760700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01892e3835c473192021-12-20 15:56:00.928root 11241100x8000000000000000760701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9fff5c0359b5602021-12-20 15:56:00.929root 11241100x8000000000000000760702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cbb93862fb92882021-12-20 15:56:00.929root 11241100x8000000000000000760703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391c97390b51f3112021-12-20 15:56:00.929root 11241100x8000000000000000760704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36bdba41b9f4ac82021-12-20 15:56:00.929root 11241100x8000000000000000760705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7021c147e1f734c2021-12-20 15:56:00.929root 11241100x8000000000000000760706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cef78432209a0c2021-12-20 15:56:00.929root 11241100x8000000000000000760707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8859aaefadfdf82021-12-20 15:56:00.930root 11241100x8000000000000000760708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd9fd6693f65dcb2021-12-20 15:56:00.930root 11241100x8000000000000000760709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca91a95208b582c2021-12-20 15:56:00.930root 11241100x8000000000000000760710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0f6d65675da05a2021-12-20 15:56:00.930root 11241100x8000000000000000760711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064a833a26c046eb2021-12-20 15:56:00.930root 11241100x8000000000000000760712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88234ccb395fcb562021-12-20 15:56:00.931root 11241100x8000000000000000760713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de845e4b4cfa6e82021-12-20 15:56:00.931root 11241100x8000000000000000760714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53688a4f5d80f872021-12-20 15:56:00.931root 11241100x8000000000000000760715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:00.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63a92a37ebaeb532021-12-20 15:56:00.931root 11241100x8000000000000000760716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7768fe52177d0a2021-12-20 15:56:01.424root 11241100x8000000000000000760717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ca716609fc81032021-12-20 15:56:01.424root 11241100x8000000000000000760718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489bb0bafaf4c1352021-12-20 15:56:01.424root 11241100x8000000000000000760719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d2d27af5e0acc12021-12-20 15:56:01.424root 11241100x8000000000000000760720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853aed8f4ba32d582021-12-20 15:56:01.424root 11241100x8000000000000000760721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10f99bc16ae33072021-12-20 15:56:01.424root 11241100x8000000000000000760722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac62351fcfde75ab2021-12-20 15:56:01.425root 11241100x8000000000000000760723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9d155ed393e7c92021-12-20 15:56:01.425root 11241100x8000000000000000760724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01de70c4804218bc2021-12-20 15:56:01.425root 11241100x8000000000000000760725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7aeefda89fb14e2021-12-20 15:56:01.425root 11241100x8000000000000000760726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c66bc51d4f22e0c2021-12-20 15:56:01.425root 11241100x8000000000000000760727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba434f63e5503ea72021-12-20 15:56:01.425root 11241100x8000000000000000760728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92559122cd27bb532021-12-20 15:56:01.425root 11241100x8000000000000000760729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34b1859b2f9be7d2021-12-20 15:56:01.425root 11241100x8000000000000000760730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3b1f1d9828e2f82021-12-20 15:56:01.425root 11241100x8000000000000000760731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0008f75a8f4c0962021-12-20 15:56:01.425root 11241100x8000000000000000760732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5c0a63f5ef7b462021-12-20 15:56:01.425root 11241100x8000000000000000760733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6a0a515e9c32ba2021-12-20 15:56:01.425root 11241100x8000000000000000760734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bce38bdb21ca0a42021-12-20 15:56:01.425root 11241100x8000000000000000760735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcebd5ea9bfcf942021-12-20 15:56:01.426root 11241100x8000000000000000760736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a97b895a4d40982021-12-20 15:56:01.426root 11241100x8000000000000000760737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed39afd95bcab232021-12-20 15:56:01.426root 11241100x8000000000000000760738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018bd31ec89da5512021-12-20 15:56:01.426root 11241100x8000000000000000760739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150261367de1bd372021-12-20 15:56:01.426root 11241100x8000000000000000760740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f356bc053671a33d2021-12-20 15:56:01.426root 11241100x8000000000000000760741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278b3fb5b1e5067d2021-12-20 15:56:01.426root 11241100x8000000000000000760742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07080b7db6a037692021-12-20 15:56:01.426root 11241100x8000000000000000760743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be49de717dc128d02021-12-20 15:56:01.427root 11241100x8000000000000000760744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0393b3556402f8d52021-12-20 15:56:01.427root 11241100x8000000000000000760745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158814291b2ed9372021-12-20 15:56:01.427root 11241100x8000000000000000760746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50a3919e2eb0df52021-12-20 15:56:01.427root 11241100x8000000000000000760747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66af06a87d7bd21a2021-12-20 15:56:01.427root 11241100x8000000000000000760748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432d22c562ac841b2021-12-20 15:56:01.427root 11241100x8000000000000000760749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203f2dac82d64c222021-12-20 15:56:01.427root 11241100x8000000000000000760750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24905e403d8115cc2021-12-20 15:56:01.427root 11241100x8000000000000000760751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964c7787e52381bf2021-12-20 15:56:01.427root 11241100x8000000000000000760752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32549e02caec6a82021-12-20 15:56:01.427root 11241100x8000000000000000760753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd1f0d30c7486502021-12-20 15:56:01.427root 11241100x8000000000000000760754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fb31f377bf1bdf2021-12-20 15:56:01.428root 11241100x8000000000000000760755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16399085293d0832021-12-20 15:56:01.428root 11241100x8000000000000000760756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c4a4b0d18e01aa2021-12-20 15:56:01.428root 11241100x8000000000000000760757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fd18c782998d8a2021-12-20 15:56:01.428root 11241100x8000000000000000760758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d83a23ff8ddf7452021-12-20 15:56:01.428root 11241100x8000000000000000760759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79ec840f1555d652021-12-20 15:56:01.428root 11241100x8000000000000000760760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818f506dd058effd2021-12-20 15:56:01.924root 11241100x8000000000000000760761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7236672ad1c7502021-12-20 15:56:01.924root 11241100x8000000000000000760762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bee939f6b82ed12021-12-20 15:56:01.925root 11241100x8000000000000000760763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03f7064051379f42021-12-20 15:56:01.925root 11241100x8000000000000000760764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1409311f126f1d2021-12-20 15:56:01.925root 11241100x8000000000000000760765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135aacf482229c3a2021-12-20 15:56:01.925root 11241100x8000000000000000760766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db62905bbc94721a2021-12-20 15:56:01.925root 11241100x8000000000000000760767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432fcb3eae24c55b2021-12-20 15:56:01.925root 11241100x8000000000000000760768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfd73f7126d01052021-12-20 15:56:01.925root 11241100x8000000000000000760769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2474d9240a65c2fd2021-12-20 15:56:01.926root 11241100x8000000000000000760770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b6cb6391bcff372021-12-20 15:56:01.926root 11241100x8000000000000000760771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9c9986a1020a1f2021-12-20 15:56:01.926root 11241100x8000000000000000760772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d6cbe5e0bccad22021-12-20 15:56:01.926root 11241100x8000000000000000760773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d6f1b9fa4aa7f62021-12-20 15:56:01.926root 11241100x8000000000000000760774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfdae0283e3aab12021-12-20 15:56:01.927root 11241100x8000000000000000760775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d33d0e7944143352021-12-20 15:56:01.927root 11241100x8000000000000000760776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ce8997cb803a9c2021-12-20 15:56:01.927root 11241100x8000000000000000760777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219e9600160c08852021-12-20 15:56:01.927root 11241100x8000000000000000760778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9049fe459f5e944d2021-12-20 15:56:01.927root 11241100x8000000000000000760779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3b43e46a5c7eb22021-12-20 15:56:01.928root 11241100x8000000000000000760780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bff53cd3436a92e2021-12-20 15:56:01.929root 11241100x8000000000000000760781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b5592f51f8ea782021-12-20 15:56:01.929root 11241100x8000000000000000760782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a616d8748dfc6cd92021-12-20 15:56:01.929root 11241100x8000000000000000760783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89f3ebc891df3fe2021-12-20 15:56:01.929root 11241100x8000000000000000760784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104cef5e652736532021-12-20 15:56:01.929root 11241100x8000000000000000760785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8d0c10d2c64dc32021-12-20 15:56:01.930root 11241100x8000000000000000760786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70110204171f77852021-12-20 15:56:01.930root 11241100x8000000000000000760787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7ba65740cf3ef22021-12-20 15:56:01.930root 11241100x8000000000000000760788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c21213ee079c842021-12-20 15:56:01.931root 11241100x8000000000000000760789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaeaa3f5b479c6a2021-12-20 15:56:01.931root 11241100x8000000000000000760790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e0e2792dbfa5bd2021-12-20 15:56:01.931root 11241100x8000000000000000760791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec090b1d61242f382021-12-20 15:56:01.931root 11241100x8000000000000000760792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f64209977484d9c2021-12-20 15:56:01.931root 11241100x8000000000000000760793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dea11350afadd462021-12-20 15:56:01.931root 11241100x8000000000000000760794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e04f254555a5f72021-12-20 15:56:01.931root 11241100x8000000000000000760795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c11bc132b3eaaf2021-12-20 15:56:01.931root 11241100x8000000000000000760796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:01.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d2617cec1508ad2021-12-20 15:56:01.931root 354300x8000000000000000760797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.084{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51390-false10.0.1.12-8000- 11241100x8000000000000000760798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c65a0cdb3bd1c02021-12-20 15:56:02.424root 11241100x8000000000000000760799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ed92a1a43ac0052021-12-20 15:56:02.424root 11241100x8000000000000000760800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9057cda0da7f9b1c2021-12-20 15:56:02.424root 11241100x8000000000000000760801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0389d9b0e6d438c82021-12-20 15:56:02.424root 11241100x8000000000000000760802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b85df38c5cd6f62021-12-20 15:56:02.425root 11241100x8000000000000000760803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2200930ca8775d2021-12-20 15:56:02.425root 11241100x8000000000000000760804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f127f385508e042021-12-20 15:56:02.425root 11241100x8000000000000000760805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d5e6a432a8c23d2021-12-20 15:56:02.425root 11241100x8000000000000000760806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb866665fe71958d2021-12-20 15:56:02.425root 11241100x8000000000000000760807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a84828b0c7d7442021-12-20 15:56:02.425root 11241100x8000000000000000760808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b24d8232d9b7b62021-12-20 15:56:02.425root 11241100x8000000000000000760809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccf769fc3f4e8112021-12-20 15:56:02.425root 11241100x8000000000000000760810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f230174b438510082021-12-20 15:56:02.425root 11241100x8000000000000000760811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c46b1fb4decbd182021-12-20 15:56:02.425root 11241100x8000000000000000760812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2b448038246d4b2021-12-20 15:56:02.425root 11241100x8000000000000000760813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6cb0eb3356f0fb2021-12-20 15:56:02.425root 11241100x8000000000000000760814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053af26ad5e035972021-12-20 15:56:02.425root 11241100x8000000000000000760815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a78757fe51538ca2021-12-20 15:56:02.426root 11241100x8000000000000000760816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b399fd32bdea875b2021-12-20 15:56:02.426root 11241100x8000000000000000760817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae18807a85ad455a2021-12-20 15:56:02.426root 11241100x8000000000000000760818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983c0b3d82b913ec2021-12-20 15:56:02.426root 11241100x8000000000000000760819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d431ba977736f9f02021-12-20 15:56:02.426root 11241100x8000000000000000760820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173b9474bffe57b52021-12-20 15:56:02.426root 11241100x8000000000000000760821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a651b8934c0b25e32021-12-20 15:56:02.426root 11241100x8000000000000000760822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a612dc20e4d0ac2021-12-20 15:56:02.426root 11241100x8000000000000000760823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ba314ba673af392021-12-20 15:56:02.426root 11241100x8000000000000000760824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ade0aa1875626e92021-12-20 15:56:02.426root 11241100x8000000000000000760825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cc9acba4c029622021-12-20 15:56:02.426root 11241100x8000000000000000760826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b77fb029a1f8a12021-12-20 15:56:02.426root 11241100x8000000000000000760827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c5bf0af06f69b32021-12-20 15:56:02.426root 11241100x8000000000000000760828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dde7a89e33da412021-12-20 15:56:02.426root 11241100x8000000000000000760829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36e2c5f632fbac62021-12-20 15:56:02.426root 11241100x8000000000000000760830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9357f327e698972021-12-20 15:56:02.427root 11241100x8000000000000000760831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e12ed14afd3b5d2021-12-20 15:56:02.427root 11241100x8000000000000000760832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f4563976c952752021-12-20 15:56:02.427root 11241100x8000000000000000760833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bca38061aaf34c2021-12-20 15:56:02.427root 11241100x8000000000000000760834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a203521735b11b872021-12-20 15:56:02.427root 11241100x8000000000000000760835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08d07a6c2dbb6b62021-12-20 15:56:02.427root 11241100x8000000000000000760836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef3e61075accbf82021-12-20 15:56:02.924root 11241100x8000000000000000760837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afdd64e28c11b732021-12-20 15:56:02.924root 11241100x8000000000000000760838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab8ce01d02246112021-12-20 15:56:02.924root 11241100x8000000000000000760839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bf6dde1bbded1d2021-12-20 15:56:02.924root 11241100x8000000000000000760840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fb1594377160e02021-12-20 15:56:02.925root 11241100x8000000000000000760841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784d64be0cb46b422021-12-20 15:56:02.925root 11241100x8000000000000000760842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db0a51a907be652021-12-20 15:56:02.925root 11241100x8000000000000000760843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165a8787185de83c2021-12-20 15:56:02.925root 11241100x8000000000000000760844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f937834b124e8352021-12-20 15:56:02.925root 11241100x8000000000000000760845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9268586237579df82021-12-20 15:56:02.925root 11241100x8000000000000000760846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ba43348722db182021-12-20 15:56:02.926root 11241100x8000000000000000760847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d243aea319f500522021-12-20 15:56:02.926root 11241100x8000000000000000760848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daff00850b2ceedd2021-12-20 15:56:02.926root 11241100x8000000000000000760849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71d6ec0421fc0152021-12-20 15:56:02.926root 11241100x8000000000000000760850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a4dc21a5f764782021-12-20 15:56:02.926root 11241100x8000000000000000760851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64f37b297d295ec2021-12-20 15:56:02.926root 11241100x8000000000000000760852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53a5e6bede77f3c2021-12-20 15:56:02.926root 11241100x8000000000000000760853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465fc8cdb369c59b2021-12-20 15:56:02.926root 11241100x8000000000000000760854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cafb1c54663e132021-12-20 15:56:02.926root 11241100x8000000000000000760855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76b8a9a875c9dc32021-12-20 15:56:02.927root 11241100x8000000000000000760856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e421b5492c6aa72021-12-20 15:56:02.927root 11241100x8000000000000000760857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd1c2219ef393422021-12-20 15:56:02.927root 11241100x8000000000000000760858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c98dad500b1379f2021-12-20 15:56:02.927root 11241100x8000000000000000760859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294f8f90d57a7cbd2021-12-20 15:56:02.927root 11241100x8000000000000000760860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9edde669600c312021-12-20 15:56:02.927root 11241100x8000000000000000760861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b860b6419b07ea32021-12-20 15:56:02.928root 11241100x8000000000000000760862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6f6714dc0a9b062021-12-20 15:56:02.928root 11241100x8000000000000000760863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77963760557edd212021-12-20 15:56:02.928root 11241100x8000000000000000760864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ce91d586055f732021-12-20 15:56:02.928root 11241100x8000000000000000760865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed019c4e02936e092021-12-20 15:56:02.928root 11241100x8000000000000000760866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6715584435301e32021-12-20 15:56:02.928root 11241100x8000000000000000760867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab830a188117bda2021-12-20 15:56:02.928root 11241100x8000000000000000760868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1ec03e2db345ad2021-12-20 15:56:02.928root 11241100x8000000000000000760869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cdd78eacb3f1f52021-12-20 15:56:02.929root 11241100x8000000000000000760870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5e1b6ebc253e572021-12-20 15:56:02.929root 11241100x8000000000000000760871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6379921150add582021-12-20 15:56:02.929root 11241100x8000000000000000760872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0122fe77ce4dc362021-12-20 15:56:02.929root 11241100x8000000000000000760873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec484c218aa68eb22021-12-20 15:56:02.929root 11241100x8000000000000000760874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8577463309da76222021-12-20 15:56:02.929root 11241100x8000000000000000760875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea6ff0bc14e97062021-12-20 15:56:02.929root 11241100x8000000000000000760876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac52f9b6ad6af162021-12-20 15:56:02.930root 11241100x8000000000000000760877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d5a987bac6c9fe2021-12-20 15:56:02.930root 11241100x8000000000000000760878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1165f27e805b2202021-12-20 15:56:02.930root 11241100x8000000000000000760879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ce95be2e2bafc12021-12-20 15:56:02.930root 11241100x8000000000000000760880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585aa69fb4bc53a72021-12-20 15:56:02.930root 11241100x8000000000000000760881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cea4e6f64af4ca12021-12-20 15:56:02.931root 11241100x8000000000000000760882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619f73a211ba43812021-12-20 15:56:02.931root 11241100x8000000000000000760883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c76086d02926dc2021-12-20 15:56:02.931root 11241100x8000000000000000760884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573f2d70496a557e2021-12-20 15:56:02.931root 11241100x8000000000000000760885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbeb8583dde8600d2021-12-20 15:56:02.931root 11241100x8000000000000000760886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a469b8028f40e09c2021-12-20 15:56:02.931root 11241100x8000000000000000760887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a09c60d3a5715162021-12-20 15:56:02.931root 11241100x8000000000000000760888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d2ed2733861b6d2021-12-20 15:56:02.931root 11241100x8000000000000000760889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc0f5ac029cd10b2021-12-20 15:56:02.931root 11241100x8000000000000000760890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2683e755b13d0c82021-12-20 15:56:02.932root 11241100x8000000000000000760891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0387e59a525938692021-12-20 15:56:02.932root 11241100x8000000000000000760892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d787d083fc6b122021-12-20 15:56:02.932root 11241100x8000000000000000760893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404130de277b19f52021-12-20 15:56:02.932root 11241100x8000000000000000760894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f5e2d873b2830b2021-12-20 15:56:02.932root 11241100x8000000000000000760895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a221ff8c37b9c3c2021-12-20 15:56:02.933root 11241100x8000000000000000760896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:02.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3c94b3e6f121872021-12-20 15:56:02.933root 11241100x8000000000000000760897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd508d4e10525a72021-12-20 15:56:03.424root 11241100x8000000000000000760898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8bdd4025e2e26d2021-12-20 15:56:03.425root 11241100x8000000000000000760899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97c77f5d85983212021-12-20 15:56:03.426root 11241100x8000000000000000760900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618d8b581967ff202021-12-20 15:56:03.426root 11241100x8000000000000000760901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac8fc5b022d9cc32021-12-20 15:56:03.426root 11241100x8000000000000000760902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36f4a057e56b7ea2021-12-20 15:56:03.426root 11241100x8000000000000000760903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de52ba46d6d7e762021-12-20 15:56:03.426root 11241100x8000000000000000760904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9805cad65b8b721c2021-12-20 15:56:03.426root 11241100x8000000000000000760905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccfca9faa3a8e732021-12-20 15:56:03.426root 11241100x8000000000000000760906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f56c1a3600baefc2021-12-20 15:56:03.426root 11241100x8000000000000000760907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7b29600125ed562021-12-20 15:56:03.426root 11241100x8000000000000000760908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa131226c3e0be1c2021-12-20 15:56:03.426root 11241100x8000000000000000760909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8829f770d2e83b252021-12-20 15:56:03.427root 11241100x8000000000000000760910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4cf9a9534f56fd2021-12-20 15:56:03.427root 11241100x8000000000000000760911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66669ef9d9ca3f62021-12-20 15:56:03.427root 11241100x8000000000000000760912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa046649dbb092f2021-12-20 15:56:03.427root 11241100x8000000000000000760913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c3c78326dd1df82021-12-20 15:56:03.427root 11241100x8000000000000000760914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbacabd8da1d5d4c2021-12-20 15:56:03.427root 11241100x8000000000000000760915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31ecdef7a8d60742021-12-20 15:56:03.427root 11241100x8000000000000000760916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a22f91075a166b62021-12-20 15:56:03.427root 11241100x8000000000000000760917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccea3dda23955052021-12-20 15:56:03.427root 11241100x8000000000000000760918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275aefdc66bcf0a12021-12-20 15:56:03.427root 11241100x8000000000000000760919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eccdc5529044df2021-12-20 15:56:03.428root 11241100x8000000000000000760920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27949ecbf1cad1d82021-12-20 15:56:03.428root 11241100x8000000000000000760921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9994a21c9d7ea232021-12-20 15:56:03.428root 11241100x8000000000000000760922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f739c4ca7f55982021-12-20 15:56:03.428root 11241100x8000000000000000760923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329a2e25c75fa3292021-12-20 15:56:03.428root 11241100x8000000000000000760924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274771b367f1dcff2021-12-20 15:56:03.428root 11241100x8000000000000000760925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bab6f2a880d4c0f2021-12-20 15:56:03.428root 11241100x8000000000000000760926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdddd27b7597778c2021-12-20 15:56:03.429root 11241100x8000000000000000760927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9237124e579e0392021-12-20 15:56:03.429root 11241100x8000000000000000760928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdd8ede7e19f0032021-12-20 15:56:03.429root 11241100x8000000000000000760929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a749cbf31b374bac2021-12-20 15:56:03.429root 11241100x8000000000000000760930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bbab86d02817612021-12-20 15:56:03.429root 11241100x8000000000000000760931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60444fc8c0ab5252021-12-20 15:56:03.429root 11241100x8000000000000000760932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb34fd2a42fd32f2021-12-20 15:56:03.429root 11241100x8000000000000000760933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50914d27f3693ac52021-12-20 15:56:03.429root 11241100x8000000000000000760934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aae3f8503852cf2021-12-20 15:56:03.430root 11241100x8000000000000000760935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277a8ec7e8d4e37f2021-12-20 15:56:03.924root 11241100x8000000000000000760936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5fb989f3463ee92021-12-20 15:56:03.924root 11241100x8000000000000000760937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d71ea811b330d02021-12-20 15:56:03.925root 11241100x8000000000000000760938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4985ad47fb7283b52021-12-20 15:56:03.925root 11241100x8000000000000000760939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c725aeda3e44582021-12-20 15:56:03.925root 11241100x8000000000000000760940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537fffa0c62314612021-12-20 15:56:03.925root 11241100x8000000000000000760941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672f6ba85ed1619c2021-12-20 15:56:03.926root 11241100x8000000000000000760942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e614deb67206d42021-12-20 15:56:03.926root 11241100x8000000000000000760943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d91edb446c146962021-12-20 15:56:03.926root 11241100x8000000000000000760944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f031ca7e467a3a2021-12-20 15:56:03.926root 11241100x8000000000000000760945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e86687c9359cae2021-12-20 15:56:03.926root 11241100x8000000000000000760946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637c79922ad500862021-12-20 15:56:03.927root 11241100x8000000000000000760947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507570c17672e2de2021-12-20 15:56:03.927root 11241100x8000000000000000760948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f33f43ff643f3f42021-12-20 15:56:03.927root 11241100x8000000000000000760949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be60812754617f932021-12-20 15:56:03.927root 11241100x8000000000000000760950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af858677a630e5a2021-12-20 15:56:03.928root 11241100x8000000000000000760951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f820005acbdd4f72021-12-20 15:56:03.928root 11241100x8000000000000000760952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bef488916e6c54c2021-12-20 15:56:03.928root 11241100x8000000000000000760953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09841848af7e3282021-12-20 15:56:03.928root 11241100x8000000000000000760954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb659cb41eeffe102021-12-20 15:56:03.928root 11241100x8000000000000000760955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d674e5dfcf4a83262021-12-20 15:56:03.929root 11241100x8000000000000000760956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1065db0a83497562021-12-20 15:56:03.929root 11241100x8000000000000000760957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061db0a53a64f27b2021-12-20 15:56:03.929root 11241100x8000000000000000760958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13903fdf67cb8fb82021-12-20 15:56:03.929root 11241100x8000000000000000760959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15cc619f513194b2021-12-20 15:56:03.929root 11241100x8000000000000000760960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad04f9ac5c9435712021-12-20 15:56:03.930root 11241100x8000000000000000760961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9789823c2215fd8d2021-12-20 15:56:03.930root 11241100x8000000000000000760962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab504811df3c0842021-12-20 15:56:03.930root 11241100x8000000000000000760963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3ef042b446be572021-12-20 15:56:03.930root 11241100x8000000000000000760964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b3c43f645861512021-12-20 15:56:03.930root 11241100x8000000000000000760965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ce63279787351c2021-12-20 15:56:03.931root 11241100x8000000000000000760966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a150d2d54d33b92021-12-20 15:56:03.931root 11241100x8000000000000000760967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeafee1d03012fda2021-12-20 15:56:03.931root 11241100x8000000000000000760968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061674cd7f33e3b92021-12-20 15:56:03.931root 11241100x8000000000000000760969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416a1b80c93977e12021-12-20 15:56:03.931root 11241100x8000000000000000760970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3dc4efb72ffd0d2021-12-20 15:56:03.931root 11241100x8000000000000000760971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4a94f19ae021ba2021-12-20 15:56:03.932root 11241100x8000000000000000760972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:03.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ab87962c3352842021-12-20 15:56:03.932root 11241100x8000000000000000760973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f7612c5f6d12812021-12-20 15:56:04.425root 11241100x8000000000000000760974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff66c9b5a801bda2021-12-20 15:56:04.425root 11241100x8000000000000000760975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a884c4d8c76b7b1d2021-12-20 15:56:04.425root 11241100x8000000000000000760976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d07bc0048185a42021-12-20 15:56:04.425root 11241100x8000000000000000760977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02578acdbb81cc1e2021-12-20 15:56:04.425root 11241100x8000000000000000760978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7b6ab2322975362021-12-20 15:56:04.426root 11241100x8000000000000000760979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83e364d53a280dd2021-12-20 15:56:04.426root 11241100x8000000000000000760980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c4f66447acd20b2021-12-20 15:56:04.426root 11241100x8000000000000000760981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f54ee1f66cc6cba2021-12-20 15:56:04.426root 11241100x8000000000000000760982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72093f8b7f01cf902021-12-20 15:56:04.426root 11241100x8000000000000000760983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315d71d7689e94172021-12-20 15:56:04.426root 11241100x8000000000000000760984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f528ff418cd10cbc2021-12-20 15:56:04.426root 11241100x8000000000000000760985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4f2f3ea478b4d72021-12-20 15:56:04.426root 11241100x8000000000000000760986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5404a8da6869f95a2021-12-20 15:56:04.426root 11241100x8000000000000000760987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23da6950d1b7f9b2021-12-20 15:56:04.427root 11241100x8000000000000000760988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052525495a0eb1d72021-12-20 15:56:04.427root 11241100x8000000000000000760989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c20e08c7785afa2021-12-20 15:56:04.427root 11241100x8000000000000000760990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9a097c56c78fe52021-12-20 15:56:04.427root 11241100x8000000000000000760991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836f63500f8fa5572021-12-20 15:56:04.427root 11241100x8000000000000000760992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c25e4260ea6e97c2021-12-20 15:56:04.427root 11241100x8000000000000000760993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518045df0e4aeff92021-12-20 15:56:04.427root 11241100x8000000000000000760994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0346ca5ce8f7dda32021-12-20 15:56:04.427root 11241100x8000000000000000760995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214608fbfe6d973f2021-12-20 15:56:04.427root 11241100x8000000000000000760996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f67d5f4d2103c382021-12-20 15:56:04.427root 11241100x8000000000000000760997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081ecf5bab32843c2021-12-20 15:56:04.428root 11241100x8000000000000000760998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea71a3161954821f2021-12-20 15:56:04.428root 11241100x8000000000000000760999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ce3b4f084b128c2021-12-20 15:56:04.428root 11241100x8000000000000000761000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696bf95486a381b62021-12-20 15:56:04.428root 11241100x8000000000000000761001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c706433b21a5712021-12-20 15:56:04.428root 11241100x8000000000000000761002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e93a3dafa74a3a62021-12-20 15:56:04.428root 11241100x8000000000000000761003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc4fc05897fa0e12021-12-20 15:56:04.428root 11241100x8000000000000000761004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75a29e2e6e644572021-12-20 15:56:04.428root 11241100x8000000000000000761005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ef1ee419bdef072021-12-20 15:56:04.428root 11241100x8000000000000000761006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d28ba170bfaf5e2021-12-20 15:56:04.429root 11241100x8000000000000000761007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80004f9fb98ddcf2021-12-20 15:56:04.429root 11241100x8000000000000000761008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9480bea86579d6902021-12-20 15:56:04.429root 11241100x8000000000000000761009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f408be08445df812021-12-20 15:56:04.429root 11241100x8000000000000000761010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336368b7a5fd45742021-12-20 15:56:04.429root 11241100x8000000000000000761011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de516b0505388592021-12-20 15:56:04.429root 11241100x8000000000000000761012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b5cfbcbf87866e2021-12-20 15:56:04.429root 11241100x8000000000000000761013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ee7875830ec24e2021-12-20 15:56:04.429root 11241100x8000000000000000761014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa02b03511e52082021-12-20 15:56:04.924root 11241100x8000000000000000761015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9fba984434df2c2021-12-20 15:56:04.924root 11241100x8000000000000000761016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0620f343bed1e32021-12-20 15:56:04.924root 11241100x8000000000000000761017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e76688e9d00153b2021-12-20 15:56:04.924root 11241100x8000000000000000761018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2e75d8816219372021-12-20 15:56:04.925root 11241100x8000000000000000761019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743e825cbeebee0f2021-12-20 15:56:04.925root 11241100x8000000000000000761020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c226b0cb93cbe2fa2021-12-20 15:56:04.926root 11241100x8000000000000000761021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607b1dda9d2783e72021-12-20 15:56:04.926root 11241100x8000000000000000761022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68272ea52e0270b92021-12-20 15:56:04.926root 11241100x8000000000000000761023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01486103aebd94d2021-12-20 15:56:04.927root 11241100x8000000000000000761024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b2c0042b3975a02021-12-20 15:56:04.927root 11241100x8000000000000000761025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a707aadd1a301e72021-12-20 15:56:04.927root 11241100x8000000000000000761026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb21e360ea1933152021-12-20 15:56:04.927root 11241100x8000000000000000761027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76626a8a931a8362021-12-20 15:56:04.927root 11241100x8000000000000000761028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e2b26cbc962c3b2021-12-20 15:56:04.927root 11241100x8000000000000000761029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967d52b00decb9402021-12-20 15:56:04.927root 11241100x8000000000000000761030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864a7bc93b73ea812021-12-20 15:56:04.927root 11241100x8000000000000000761031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462d8803039279432021-12-20 15:56:04.928root 11241100x8000000000000000761032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba4e0f8962d5c082021-12-20 15:56:04.928root 11241100x8000000000000000761033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32477a40640881f02021-12-20 15:56:04.928root 11241100x8000000000000000761034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43766e85155093ad2021-12-20 15:56:04.928root 11241100x8000000000000000761035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41949ebe9d6a56b2021-12-20 15:56:04.928root 11241100x8000000000000000761036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc71dae9dc9d7102021-12-20 15:56:04.928root 11241100x8000000000000000761037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf76dd7ad4e35342021-12-20 15:56:04.929root 11241100x8000000000000000761038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0493bf1611d15c2021-12-20 15:56:04.929root 11241100x8000000000000000761039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4c7f124b4b588a2021-12-20 15:56:04.929root 11241100x8000000000000000761040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bb09958bdf454a2021-12-20 15:56:04.929root 11241100x8000000000000000761041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e97a30767bb1ee2021-12-20 15:56:04.929root 11241100x8000000000000000761042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1791be3fcd437ab72021-12-20 15:56:04.929root 11241100x8000000000000000761043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb1c20e5b0da9f52021-12-20 15:56:04.929root 11241100x8000000000000000761044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fe05f1227cf3902021-12-20 15:56:04.929root 11241100x8000000000000000761045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cd74f1826c6c732021-12-20 15:56:04.929root 11241100x8000000000000000761046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55eb6eff0fb0074f2021-12-20 15:56:04.930root 11241100x8000000000000000761047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e3f3cc892c66ca2021-12-20 15:56:04.930root 11241100x8000000000000000761048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ad0c2d33523a7d2021-12-20 15:56:04.930root 11241100x8000000000000000761049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7be409a7be49d142021-12-20 15:56:04.930root 11241100x8000000000000000761050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4af8d954a8ddc32021-12-20 15:56:04.930root 11241100x8000000000000000761051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef730073361000b82021-12-20 15:56:04.931root 11241100x8000000000000000761052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893261bdf117fd112021-12-20 15:56:04.931root 11241100x8000000000000000761053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b29ea84453167bf2021-12-20 15:56:04.931root 11241100x8000000000000000761054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e887c8e5f2755df2021-12-20 15:56:04.931root 11241100x8000000000000000761055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa65ad6165299672021-12-20 15:56:04.931root 11241100x8000000000000000761056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ca15ac8fd3ffea2021-12-20 15:56:04.931root 11241100x8000000000000000761057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa3998df4db074f2021-12-20 15:56:04.931root 11241100x8000000000000000761058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c04ab98dec829e12021-12-20 15:56:04.932root 11241100x8000000000000000761059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1725f3b4d3e11da82021-12-20 15:56:04.932root 11241100x8000000000000000761060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92954c5188e54c6e2021-12-20 15:56:04.932root 11241100x8000000000000000761061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc18d0630df97d2021-12-20 15:56:04.932root 11241100x8000000000000000761062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9852e007c4ee219d2021-12-20 15:56:04.932root 11241100x8000000000000000761063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e0445c6d87e4462021-12-20 15:56:04.932root 11241100x8000000000000000761064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c22ae8f92a66d932021-12-20 15:56:04.932root 11241100x8000000000000000761065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595239d94a2137f32021-12-20 15:56:04.932root 11241100x8000000000000000761066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790d900a13c784272021-12-20 15:56:04.932root 11241100x8000000000000000761067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2187624dbb76932021-12-20 15:56:04.933root 11241100x8000000000000000761068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c65fd2fa861fb3f2021-12-20 15:56:04.933root 11241100x8000000000000000761069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b079cc1b10d0917d2021-12-20 15:56:04.933root 11241100x8000000000000000761070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016dcecf1e0949382021-12-20 15:56:04.933root 11241100x8000000000000000761071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d337809488dcb92021-12-20 15:56:04.933root 11241100x8000000000000000761072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1786ccfaf8522c582021-12-20 15:56:04.933root 11241100x8000000000000000761073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:04.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa18f513ff6235d2021-12-20 15:56:04.933root 11241100x8000000000000000761074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4f50be21a121182021-12-20 15:56:05.424root 11241100x8000000000000000761075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9bb127d4bbf6a42021-12-20 15:56:05.424root 11241100x8000000000000000761076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae123625de352442021-12-20 15:56:05.424root 11241100x8000000000000000761077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f7009e426900d52021-12-20 15:56:05.424root 11241100x8000000000000000761078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c5f3031d681d722021-12-20 15:56:05.424root 11241100x8000000000000000761079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253a1bebd4e140d72021-12-20 15:56:05.425root 11241100x8000000000000000761080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857c8dacd9fa55762021-12-20 15:56:05.425root 11241100x8000000000000000761081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e712e27610f0bb7d2021-12-20 15:56:05.425root 11241100x8000000000000000761082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9518e343f140bbfd2021-12-20 15:56:05.425root 11241100x8000000000000000761083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b4505056a6a5622021-12-20 15:56:05.425root 11241100x8000000000000000761084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bbff4e7776cdf82021-12-20 15:56:05.425root 11241100x8000000000000000761085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc12873b846f94ed2021-12-20 15:56:05.425root 11241100x8000000000000000761086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6684167ee4ac192021-12-20 15:56:05.425root 11241100x8000000000000000761087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322cedc438fabedc2021-12-20 15:56:05.425root 11241100x8000000000000000761088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabea65077bb26722021-12-20 15:56:05.426root 11241100x8000000000000000761089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2406d8e957fd3b72021-12-20 15:56:05.426root 11241100x8000000000000000761090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06ecd9a9e22771f2021-12-20 15:56:05.426root 11241100x8000000000000000761091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977741405e5178332021-12-20 15:56:05.426root 11241100x8000000000000000761092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7430639f4132b02021-12-20 15:56:05.426root 11241100x8000000000000000761093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276974ec1c02a60d2021-12-20 15:56:05.426root 11241100x8000000000000000761094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e827e49b4ba93ba2021-12-20 15:56:05.426root 11241100x8000000000000000761095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b74ad28c13ada862021-12-20 15:56:05.426root 11241100x8000000000000000761096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e941cd03f51932532021-12-20 15:56:05.427root 11241100x8000000000000000761097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701e9722836976812021-12-20 15:56:05.427root 11241100x8000000000000000761098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b0fae017499c512021-12-20 15:56:05.427root 11241100x8000000000000000761099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d37fce0244ac4e2021-12-20 15:56:05.427root 11241100x8000000000000000761100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6ecfe9a51ba3452021-12-20 15:56:05.427root 11241100x8000000000000000761101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1bb60c9b4247172021-12-20 15:56:05.428root 11241100x8000000000000000761102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98813ff3fb7a340d2021-12-20 15:56:05.428root 11241100x8000000000000000761103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954eb133a841960d2021-12-20 15:56:05.428root 11241100x8000000000000000761104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87613ab4047dff62021-12-20 15:56:05.428root 11241100x8000000000000000761105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c319c8f8b6a0705b2021-12-20 15:56:05.428root 11241100x8000000000000000761106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9bd04592b7e6d92021-12-20 15:56:05.428root 11241100x8000000000000000761107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85597cea73c9aad12021-12-20 15:56:05.428root 11241100x8000000000000000761108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b3b033487aff0e2021-12-20 15:56:05.428root 11241100x8000000000000000761109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90464354613e6f022021-12-20 15:56:05.428root 11241100x8000000000000000761110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7c0b5f6404718c2021-12-20 15:56:05.429root 11241100x8000000000000000761111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b025abe50fa6e72021-12-20 15:56:05.429root 11241100x8000000000000000761112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec61f1ded8439c72021-12-20 15:56:05.429root 11241100x8000000000000000761113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe894dbb45d48142021-12-20 15:56:05.429root 11241100x8000000000000000761114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcf4bbb36904df22021-12-20 15:56:05.429root 11241100x8000000000000000761115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c7e8e4cf2395cf2021-12-20 15:56:05.429root 11241100x8000000000000000761116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ad3b9650f0ead02021-12-20 15:56:05.429root 11241100x8000000000000000761117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095273e888021ec42021-12-20 15:56:05.429root 11241100x8000000000000000761118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8d1d8560372b352021-12-20 15:56:05.429root 11241100x8000000000000000761119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7be765a2c84e9ff2021-12-20 15:56:05.429root 11241100x8000000000000000761120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d872ad89620c2b992021-12-20 15:56:05.429root 11241100x8000000000000000761121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ad0472df89ef622021-12-20 15:56:05.429root 11241100x8000000000000000761122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ce74e66338a9a32021-12-20 15:56:05.430root 11241100x8000000000000000761123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76800f9f425323542021-12-20 15:56:05.430root 11241100x8000000000000000761124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ce8f451ecc90742021-12-20 15:56:05.430root 11241100x8000000000000000761125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4baea8d8b110798e2021-12-20 15:56:05.430root 11241100x8000000000000000761126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d93714c584b68a72021-12-20 15:56:05.430root 11241100x8000000000000000761127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f81f07a032aa1522021-12-20 15:56:05.430root 11241100x8000000000000000761128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374099a89786a46d2021-12-20 15:56:05.430root 11241100x8000000000000000761129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923854f587679ef82021-12-20 15:56:05.430root 11241100x8000000000000000761130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a87dec379a6eee2021-12-20 15:56:05.430root 11241100x8000000000000000761131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f5fb3f2d3bebfd2021-12-20 15:56:05.430root 11241100x8000000000000000761132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b96405915d88e12021-12-20 15:56:05.430root 11241100x8000000000000000761133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab8a1c9a04666dc2021-12-20 15:56:05.430root 11241100x8000000000000000761134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf36372964e42c82021-12-20 15:56:05.430root 11241100x8000000000000000761135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8f106da83576512021-12-20 15:56:05.431root 11241100x8000000000000000761136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5d841fbfd5e53c2021-12-20 15:56:05.431root 11241100x8000000000000000761137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c26ea992dda3b52021-12-20 15:56:05.431root 11241100x8000000000000000761138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfad0facc1cb6cb2021-12-20 15:56:05.431root 11241100x8000000000000000761139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29ea936ad9cd69a2021-12-20 15:56:05.924root 11241100x8000000000000000761140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f95cfe4de87aee02021-12-20 15:56:05.924root 11241100x8000000000000000761141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c28c90e424bc7892021-12-20 15:56:05.924root 11241100x8000000000000000761142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5abd3a73baacd92021-12-20 15:56:05.924root 11241100x8000000000000000761143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da743864f7c8be9d2021-12-20 15:56:05.925root 11241100x8000000000000000761144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7194b5707aeda3262021-12-20 15:56:05.925root 11241100x8000000000000000761145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f031cd7d9806062021-12-20 15:56:05.925root 11241100x8000000000000000761146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e224522533c83bb2021-12-20 15:56:05.925root 11241100x8000000000000000761147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaa544d534337232021-12-20 15:56:05.925root 11241100x8000000000000000761148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c5475dc5e67c372021-12-20 15:56:05.925root 11241100x8000000000000000761149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd42d9d33a3b7a4f2021-12-20 15:56:05.925root 11241100x8000000000000000761150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d8d02022909ccc2021-12-20 15:56:05.925root 11241100x8000000000000000761151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c48a95fae7570c2021-12-20 15:56:05.925root 11241100x8000000000000000761152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741e119db1e30a7b2021-12-20 15:56:05.925root 11241100x8000000000000000761153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73731e3a3f7fd50a2021-12-20 15:56:05.925root 11241100x8000000000000000761154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09870cc4fd97bd82021-12-20 15:56:05.926root 11241100x8000000000000000761155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd850591a2647acf2021-12-20 15:56:05.926root 11241100x8000000000000000761156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb0c4ebb64501032021-12-20 15:56:05.926root 11241100x8000000000000000761157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f2494db28b69db2021-12-20 15:56:05.926root 11241100x8000000000000000761158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdda793a4411f6712021-12-20 15:56:05.927root 11241100x8000000000000000761159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cc0078c51998d22021-12-20 15:56:05.927root 11241100x8000000000000000761160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6856e675718f50332021-12-20 15:56:05.927root 11241100x8000000000000000761161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8df8ac23e48cf2e2021-12-20 15:56:05.928root 11241100x8000000000000000761162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4a00975b212c4b2021-12-20 15:56:05.929root 11241100x8000000000000000761163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983dff7449ba52a82021-12-20 15:56:05.929root 11241100x8000000000000000761164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aea20ac8f4279d2021-12-20 15:56:05.929root 11241100x8000000000000000761165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24095e4661e67ff52021-12-20 15:56:05.930root 11241100x8000000000000000761166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ecb10bf87f54262021-12-20 15:56:05.930root 11241100x8000000000000000761167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bd2045f23a23352021-12-20 15:56:05.931root 11241100x8000000000000000761168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9cd97976b3933d2021-12-20 15:56:05.931root 11241100x8000000000000000761169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d48853bbb033e3d2021-12-20 15:56:05.931root 11241100x8000000000000000761170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a2a049194b5ed62021-12-20 15:56:05.932root 11241100x8000000000000000761171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1487865453d6dc2021-12-20 15:56:05.932root 11241100x8000000000000000761172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a981e496c533212021-12-20 15:56:05.932root 11241100x8000000000000000761173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d4290fb126d64b2021-12-20 15:56:05.933root 11241100x8000000000000000761174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a6d673ec2d4c902021-12-20 15:56:05.933root 11241100x8000000000000000761175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681a5491407b78922021-12-20 15:56:05.933root 11241100x8000000000000000761176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14414ad2f1c7b322021-12-20 15:56:05.933root 11241100x8000000000000000761177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917b1a596343da992021-12-20 15:56:05.933root 11241100x8000000000000000761178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0640bcb6a63223682021-12-20 15:56:05.933root 11241100x8000000000000000761179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f2e5b1b95292132021-12-20 15:56:05.933root 11241100x8000000000000000761180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65e717e5d5483c92021-12-20 15:56:05.933root 11241100x8000000000000000761181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a255ea37c47978842021-12-20 15:56:05.933root 11241100x8000000000000000761182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e33f5b8793158b12021-12-20 15:56:05.934root 11241100x8000000000000000761183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2f3d3c827a91fd2021-12-20 15:56:05.934root 11241100x8000000000000000761184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ec45ab8abc3ff92021-12-20 15:56:05.934root 11241100x8000000000000000761185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d285905cd9d6462021-12-20 15:56:05.934root 11241100x8000000000000000761186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89caf80a8fd0bab72021-12-20 15:56:05.934root 11241100x8000000000000000761187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198f102c553a94002021-12-20 15:56:05.934root 11241100x8000000000000000761188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f8f998030e20e32021-12-20 15:56:05.934root 11241100x8000000000000000761189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f5e742db03c99d2021-12-20 15:56:05.934root 11241100x8000000000000000761190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cd954e7b48b50d2021-12-20 15:56:05.934root 11241100x8000000000000000761191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:05.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ec548a4b82430b2021-12-20 15:56:05.934root 11241100x8000000000000000761192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:56:06.068root 11241100x8000000000000000761193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b4adf1b04716ca2021-12-20 15:56:06.424root 11241100x8000000000000000761194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0c931cabd56f652021-12-20 15:56:06.425root 11241100x8000000000000000761195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82d3f332cf2b3602021-12-20 15:56:06.425root 11241100x8000000000000000761196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea4cf44a4883b622021-12-20 15:56:06.425root 11241100x8000000000000000761197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43303879b62f35962021-12-20 15:56:06.425root 11241100x8000000000000000761198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578d309e97e1255c2021-12-20 15:56:06.425root 11241100x8000000000000000761199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ba633f5a08d4302021-12-20 15:56:06.425root 11241100x8000000000000000761200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2ff1bb1353e8e82021-12-20 15:56:06.425root 11241100x8000000000000000761201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30083772ae13bef92021-12-20 15:56:06.425root 11241100x8000000000000000761202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5955a84bd280e732021-12-20 15:56:06.425root 11241100x8000000000000000761203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ac5e7cfb4690432021-12-20 15:56:06.425root 11241100x8000000000000000761204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73b46709af14ff62021-12-20 15:56:06.425root 11241100x8000000000000000761205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191b8db624d387fa2021-12-20 15:56:06.425root 11241100x8000000000000000761206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fc62beb19215842021-12-20 15:56:06.425root 11241100x8000000000000000761207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf693c6d131803b42021-12-20 15:56:06.425root 11241100x8000000000000000761208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1105fb192dd3f9822021-12-20 15:56:06.426root 11241100x8000000000000000761209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c5e9a0ce8b2fe42021-12-20 15:56:06.426root 11241100x8000000000000000761210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163361519790c0b62021-12-20 15:56:06.426root 11241100x8000000000000000761211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b13ae59b3d70ef82021-12-20 15:56:06.426root 11241100x8000000000000000761212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaab250904a74452021-12-20 15:56:06.426root 11241100x8000000000000000761213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5b002ae51687f72021-12-20 15:56:06.426root 11241100x8000000000000000761214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67818749aa2469f72021-12-20 15:56:06.426root 11241100x8000000000000000761215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150f2ed4f60141e12021-12-20 15:56:06.426root 11241100x8000000000000000761216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe18fd7726dd1812021-12-20 15:56:06.426root 11241100x8000000000000000761217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147fc3e4bb20f1422021-12-20 15:56:06.426root 11241100x8000000000000000761218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1d4931bb58b5082021-12-20 15:56:06.426root 11241100x8000000000000000761219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f0d99fc1a1e50d2021-12-20 15:56:06.426root 11241100x8000000000000000761220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb3703f1480ed742021-12-20 15:56:06.426root 11241100x8000000000000000761221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b996ddd6731f52d2021-12-20 15:56:06.426root 11241100x8000000000000000761222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41f909a355910992021-12-20 15:56:06.426root 11241100x8000000000000000761223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4a9e52ec02e3282021-12-20 15:56:06.427root 11241100x8000000000000000761224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9406d9d7d52316482021-12-20 15:56:06.427root 11241100x8000000000000000761225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe5a238df4a4feb2021-12-20 15:56:06.427root 11241100x8000000000000000761226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0039e242d70201702021-12-20 15:56:06.427root 11241100x8000000000000000761227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fedfcf238d994442021-12-20 15:56:06.427root 11241100x8000000000000000761228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1aeddbfc41fab3f2021-12-20 15:56:06.427root 11241100x8000000000000000761229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f959f914d62080e2021-12-20 15:56:06.427root 11241100x8000000000000000761230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e527a9f6278bec2021-12-20 15:56:06.427root 11241100x8000000000000000761231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f68f4897ecc49b2021-12-20 15:56:06.427root 11241100x8000000000000000761232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e453fbfe06d608d2021-12-20 15:56:06.427root 11241100x8000000000000000761233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba59ea5117893ee2021-12-20 15:56:06.427root 11241100x8000000000000000761234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379649041d17bee32021-12-20 15:56:06.427root 11241100x8000000000000000761235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32078d55abc7f682021-12-20 15:56:06.427root 11241100x8000000000000000761236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07eb983db8daea2a2021-12-20 15:56:06.428root 11241100x8000000000000000761237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c35d1dfcf04f022021-12-20 15:56:06.428root 11241100x8000000000000000761238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88ce9b22f8d91272021-12-20 15:56:06.428root 11241100x8000000000000000761239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ef0aecb25dcf5e2021-12-20 15:56:06.428root 11241100x8000000000000000761240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1209ac438d56c9c2021-12-20 15:56:06.428root 11241100x8000000000000000761241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca025685d3f12202021-12-20 15:56:06.428root 11241100x8000000000000000761242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bd286bc8fda9c32021-12-20 15:56:06.428root 11241100x8000000000000000761243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c5b3d3a95316112021-12-20 15:56:06.428root 11241100x8000000000000000761244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf5b557163feaf62021-12-20 15:56:06.428root 11241100x8000000000000000761245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bc50efbb0665292021-12-20 15:56:06.428root 11241100x8000000000000000761246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10909723c19ee9e2021-12-20 15:56:06.428root 11241100x8000000000000000761247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffdf7638c2ecad52021-12-20 15:56:06.428root 11241100x8000000000000000761248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a677fef842a1c64f2021-12-20 15:56:06.428root 11241100x8000000000000000761249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68857534859c786f2021-12-20 15:56:06.428root 11241100x8000000000000000761250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6e64960528f8e62021-12-20 15:56:06.429root 11241100x8000000000000000761251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fcdd8d9b11593d2021-12-20 15:56:06.429root 11241100x8000000000000000761252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d553367e9d3c472021-12-20 15:56:06.429root 11241100x8000000000000000761253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9d41e3bcd31de32021-12-20 15:56:06.429root 11241100x8000000000000000761254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeee5207fff631ea2021-12-20 15:56:06.429root 11241100x8000000000000000761255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d64e56f7bc47102021-12-20 15:56:06.432root 11241100x8000000000000000761256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd57749e86a21d5c2021-12-20 15:56:06.432root 11241100x8000000000000000761257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c0734559abac3f2021-12-20 15:56:06.432root 11241100x8000000000000000761258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4df1176e788536d2021-12-20 15:56:06.432root 11241100x8000000000000000761259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba37df58d748b232021-12-20 15:56:06.432root 11241100x8000000000000000761260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c69cd148db07512021-12-20 15:56:06.432root 11241100x8000000000000000761261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953bde1957eaef9f2021-12-20 15:56:06.433root 11241100x8000000000000000761262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740d9deaabfde2412021-12-20 15:56:06.433root 11241100x8000000000000000761263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911e4d555353a7042021-12-20 15:56:06.433root 11241100x8000000000000000761264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6826dcd463fdef0a2021-12-20 15:56:06.433root 11241100x8000000000000000761265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f3bbb76b2d6abd2021-12-20 15:56:06.433root 11241100x8000000000000000761266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd29291116851332021-12-20 15:56:06.433root 11241100x8000000000000000761267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1be24aca43c1f92021-12-20 15:56:06.433root 11241100x8000000000000000761268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b090662fd68f332021-12-20 15:56:06.433root 11241100x8000000000000000761269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9366551b818baf32021-12-20 15:56:06.433root 11241100x8000000000000000761270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec621eafa74df83c2021-12-20 15:56:06.433root 11241100x8000000000000000761271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cfecddd42aa9952021-12-20 15:56:06.433root 11241100x8000000000000000761272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09a02492117983a2021-12-20 15:56:06.434root 11241100x8000000000000000761273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e14d3ff8f44bdf52021-12-20 15:56:06.924root 11241100x8000000000000000761274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f8a86d2ad9ad82021-12-20 15:56:06.924root 11241100x8000000000000000761275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be974ffd9ba90c3b2021-12-20 15:56:06.925root 11241100x8000000000000000761276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97bf96daea438cb2021-12-20 15:56:06.925root 11241100x8000000000000000761277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11663263868ef19f2021-12-20 15:56:06.925root 11241100x8000000000000000761278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239ba987299734552021-12-20 15:56:06.925root 11241100x8000000000000000761279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32539d0766801b2f2021-12-20 15:56:06.925root 11241100x8000000000000000761280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1c8e06d12c174c2021-12-20 15:56:06.925root 11241100x8000000000000000761281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e39bb106fd60c8a2021-12-20 15:56:06.925root 11241100x8000000000000000761282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3f6de3df2471222021-12-20 15:56:06.925root 11241100x8000000000000000761283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a8fde244731bfe2021-12-20 15:56:06.925root 11241100x8000000000000000761284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0fcf7291ce44242021-12-20 15:56:06.925root 11241100x8000000000000000761285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408545cc3277c0d22021-12-20 15:56:06.925root 11241100x8000000000000000761286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9be3b49547d7f332021-12-20 15:56:06.925root 11241100x8000000000000000761287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88c26942fafde2c2021-12-20 15:56:06.925root 11241100x8000000000000000761288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71145f602668d2b2021-12-20 15:56:06.925root 11241100x8000000000000000761289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc4cd5c57a128622021-12-20 15:56:06.925root 11241100x8000000000000000761290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd08f21d59e700c2021-12-20 15:56:06.926root 11241100x8000000000000000761291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f5fc99075b2b0f2021-12-20 15:56:06.926root 11241100x8000000000000000761292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0ba8cd129c5aaf2021-12-20 15:56:06.926root 11241100x8000000000000000761293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae3f2ce1ee0c3882021-12-20 15:56:06.926root 11241100x8000000000000000761294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1297559a4efec82021-12-20 15:56:06.926root 11241100x8000000000000000761295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910971ec461d3f582021-12-20 15:56:06.926root 11241100x8000000000000000761296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ea666b204820322021-12-20 15:56:06.926root 11241100x8000000000000000761297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5791c3f021d51d822021-12-20 15:56:06.926root 11241100x8000000000000000761298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50496af3e0be6d952021-12-20 15:56:06.926root 11241100x8000000000000000761299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6ea6e548d2e9cf2021-12-20 15:56:06.926root 11241100x8000000000000000761300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705e05411e2f00032021-12-20 15:56:06.926root 11241100x8000000000000000761301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f00598e5dc5fbea2021-12-20 15:56:06.926root 11241100x8000000000000000761302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688bc5ae63b86f4e2021-12-20 15:56:06.926root 11241100x8000000000000000761303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1815d62060cd1bff2021-12-20 15:56:06.926root 11241100x8000000000000000761304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ec6ac493f083052021-12-20 15:56:06.926root 11241100x8000000000000000761305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9072bfd3109bded52021-12-20 15:56:06.926root 11241100x8000000000000000761306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214ed0640cb2e2d72021-12-20 15:56:06.927root 11241100x8000000000000000761307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7496d84af85b142021-12-20 15:56:06.927root 11241100x8000000000000000761308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2160092e69778562021-12-20 15:56:06.927root 11241100x8000000000000000761309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0897b987a086842021-12-20 15:56:06.927root 11241100x8000000000000000761310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5d6afca137a44c2021-12-20 15:56:06.927root 11241100x8000000000000000761311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba21216fa37a91182021-12-20 15:56:06.927root 11241100x8000000000000000761312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a8745a3c49b9cd2021-12-20 15:56:06.927root 11241100x8000000000000000761313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cef393f75c364712021-12-20 15:56:06.927root 11241100x8000000000000000761314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93db1e29a78324cd2021-12-20 15:56:06.927root 11241100x8000000000000000761315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc40437988ac4a42021-12-20 15:56:06.927root 11241100x8000000000000000761316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097fc37fa086ed1f2021-12-20 15:56:06.927root 11241100x8000000000000000761317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1736f2ad27626b3e2021-12-20 15:56:06.927root 11241100x8000000000000000761318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019688ceb71605322021-12-20 15:56:06.927root 11241100x8000000000000000761319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec10f1bf26844732021-12-20 15:56:06.927root 11241100x8000000000000000761320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d787511c23e17ac2021-12-20 15:56:07.424root 11241100x8000000000000000761321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa88fb0b6add4ce2021-12-20 15:56:07.424root 11241100x8000000000000000761322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad6f0d5e0be7e8d2021-12-20 15:56:07.424root 11241100x8000000000000000761323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf2ed2c2ecbc65a2021-12-20 15:56:07.424root 11241100x8000000000000000761324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf94b298f5790e232021-12-20 15:56:07.425root 11241100x8000000000000000761325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c838ab959cbe11ac2021-12-20 15:56:07.425root 11241100x8000000000000000761326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f318bf707cb2bd2021-12-20 15:56:07.425root 11241100x8000000000000000761327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b648a57963454e2021-12-20 15:56:07.425root 11241100x8000000000000000761328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b16cc5c2a129b82021-12-20 15:56:07.425root 11241100x8000000000000000761329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8cb150f28c11992021-12-20 15:56:07.425root 11241100x8000000000000000761330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23329d9ce04c63022021-12-20 15:56:07.425root 11241100x8000000000000000761331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a1446bbf67bec12021-12-20 15:56:07.425root 11241100x8000000000000000761332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3accc47c4739d77d2021-12-20 15:56:07.425root 11241100x8000000000000000761333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aa033d39a688d42021-12-20 15:56:07.425root 11241100x8000000000000000761334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe7d3d51f60186f2021-12-20 15:56:07.426root 11241100x8000000000000000761335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510046d3ee6aa3812021-12-20 15:56:07.426root 11241100x8000000000000000761336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea7b3c41c1a32372021-12-20 15:56:07.426root 11241100x8000000000000000761337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca98fed5a7da4e32021-12-20 15:56:07.426root 11241100x8000000000000000761338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb915e6f9d207ca2021-12-20 15:56:07.426root 11241100x8000000000000000761339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ec598ad7b394aa2021-12-20 15:56:07.426root 11241100x8000000000000000761340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e34f7c3914182222021-12-20 15:56:07.426root 11241100x8000000000000000761341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47808c09a489b252021-12-20 15:56:07.427root 11241100x8000000000000000761342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24bbaa2e7e593992021-12-20 15:56:07.427root 11241100x8000000000000000761343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccc05da1cf1d2362021-12-20 15:56:07.427root 11241100x8000000000000000761344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a717bdf48639e95c2021-12-20 15:56:07.427root 11241100x8000000000000000761345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2e8cd5f4df634a2021-12-20 15:56:07.427root 11241100x8000000000000000761346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5e94075afd0cfe2021-12-20 15:56:07.427root 11241100x8000000000000000761347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef13c282566249fa2021-12-20 15:56:07.427root 11241100x8000000000000000761348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53701a8b471c16112021-12-20 15:56:07.428root 11241100x8000000000000000761349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967bbc78587c1c082021-12-20 15:56:07.428root 11241100x8000000000000000761350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e25d54105a8f7c2021-12-20 15:56:07.428root 11241100x8000000000000000761351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe1e1ba63d934f2021-12-20 15:56:07.428root 11241100x8000000000000000761352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a8d07ccb8c46152021-12-20 15:56:07.428root 11241100x8000000000000000761353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b10400f493973982021-12-20 15:56:07.428root 11241100x8000000000000000761354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93605c24cc33965f2021-12-20 15:56:07.428root 11241100x8000000000000000761355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a6bbfacfdd8f092021-12-20 15:56:07.428root 11241100x8000000000000000761356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405131badbd3965d2021-12-20 15:56:07.428root 11241100x8000000000000000761357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f8939269c7bb652021-12-20 15:56:07.428root 11241100x8000000000000000761358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de83d8897409b5d72021-12-20 15:56:07.429root 11241100x8000000000000000761359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88daded6f0a42e392021-12-20 15:56:07.429root 11241100x8000000000000000761360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8984a3eaf4bb0b092021-12-20 15:56:07.429root 11241100x8000000000000000761361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f32cfd8e7de1d722021-12-20 15:56:07.429root 11241100x8000000000000000761362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d5b3bbd96919fe2021-12-20 15:56:07.429root 11241100x8000000000000000761363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80106dc2b10f92f22021-12-20 15:56:07.429root 11241100x8000000000000000761364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805d68796d2139242021-12-20 15:56:07.429root 11241100x8000000000000000761365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e953930c27f0f372021-12-20 15:56:07.429root 11241100x8000000000000000761366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceb74ff1c660aca2021-12-20 15:56:07.429root 11241100x8000000000000000761367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fab331c0a2b6852021-12-20 15:56:07.429root 11241100x8000000000000000761368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98aa2878238c90f2021-12-20 15:56:07.429root 11241100x8000000000000000761369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1f69a6a3d698562021-12-20 15:56:07.430root 11241100x8000000000000000761370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14360d26813db0572021-12-20 15:56:07.430root 11241100x8000000000000000761371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469e751729c032172021-12-20 15:56:07.430root 11241100x8000000000000000761372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15488d29d90cbb12021-12-20 15:56:07.430root 11241100x8000000000000000761373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a8c727d910dbd02021-12-20 15:56:07.430root 11241100x8000000000000000761374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ba2bbdc15200d72021-12-20 15:56:07.430root 11241100x8000000000000000761375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c645a487db21fec92021-12-20 15:56:07.430root 11241100x8000000000000000761376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb15cd1e09723832021-12-20 15:56:07.430root 11241100x8000000000000000761377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e2ab866805e22a2021-12-20 15:56:07.430root 11241100x8000000000000000761378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5775d5719b64e7152021-12-20 15:56:07.430root 11241100x8000000000000000761379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c0a941db730cb22021-12-20 15:56:07.430root 11241100x8000000000000000761380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0e372f845665be2021-12-20 15:56:07.431root 11241100x8000000000000000761381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f2a3d4325138122021-12-20 15:56:07.431root 11241100x8000000000000000761382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6889820e3a9e6ff2021-12-20 15:56:07.431root 11241100x8000000000000000761383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de94e6b171ee2eb2021-12-20 15:56:07.924root 11241100x8000000000000000761384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2652d027936fcead2021-12-20 15:56:07.924root 11241100x8000000000000000761385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a2ac3d2c5279822021-12-20 15:56:07.924root 11241100x8000000000000000761386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80e773502e113d02021-12-20 15:56:07.924root 11241100x8000000000000000761387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855d41f0769fdd782021-12-20 15:56:07.925root 11241100x8000000000000000761388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253a9b238c249a502021-12-20 15:56:07.925root 11241100x8000000000000000761389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d370c40781a8702021-12-20 15:56:07.925root 11241100x8000000000000000761390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c4bd35b37055772021-12-20 15:56:07.925root 11241100x8000000000000000761391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36189a99e46038c52021-12-20 15:56:07.925root 11241100x8000000000000000761392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58b93532b9f6f952021-12-20 15:56:07.925root 11241100x8000000000000000761393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b0c07d1152513b2021-12-20 15:56:07.925root 11241100x8000000000000000761394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab56d6130c6060d2021-12-20 15:56:07.925root 11241100x8000000000000000761395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ed7b82fe11c76b2021-12-20 15:56:07.925root 11241100x8000000000000000761396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3883d0446e2a8c552021-12-20 15:56:07.925root 11241100x8000000000000000761397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45971062236b297b2021-12-20 15:56:07.925root 11241100x8000000000000000761398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b753198fe00fe3542021-12-20 15:56:07.925root 11241100x8000000000000000761399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c16f5d3a5fff772021-12-20 15:56:07.925root 11241100x8000000000000000761400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d8d7653206ecbf2021-12-20 15:56:07.925root 11241100x8000000000000000761401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a75de44d4e2a4a42021-12-20 15:56:07.925root 11241100x8000000000000000761402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d21b11fb6fe26f2021-12-20 15:56:07.926root 11241100x8000000000000000761403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8831dc477a6a4c4c2021-12-20 15:56:07.926root 11241100x8000000000000000761404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b6f6f7ca4f29932021-12-20 15:56:07.926root 11241100x8000000000000000761405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fd6a88a1eb6fc42021-12-20 15:56:07.926root 11241100x8000000000000000761406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb81ddbf8f52a6d2021-12-20 15:56:07.926root 11241100x8000000000000000761407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29133dc5386fda052021-12-20 15:56:07.926root 11241100x8000000000000000761408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb52fea64b82ece2021-12-20 15:56:07.926root 11241100x8000000000000000761409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da0c814b1772c3d2021-12-20 15:56:07.926root 11241100x8000000000000000761410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4699ae7f011942ea2021-12-20 15:56:07.926root 11241100x8000000000000000761411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34730dbae395c7ee2021-12-20 15:56:07.926root 11241100x8000000000000000761412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2283ac819495f1152021-12-20 15:56:07.926root 11241100x8000000000000000761413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f03ab6fe4f60a32021-12-20 15:56:07.926root 11241100x8000000000000000761414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9298d32dece447452021-12-20 15:56:07.926root 11241100x8000000000000000761415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e68d5e7eca45d42021-12-20 15:56:07.926root 11241100x8000000000000000761416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182bfaeb0802e1eb2021-12-20 15:56:07.927root 11241100x8000000000000000761417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ce039ff5cd7b772021-12-20 15:56:07.927root 11241100x8000000000000000761418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41151cf71b510e2c2021-12-20 15:56:07.927root 11241100x8000000000000000761419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97b1fdf8f84cd0d2021-12-20 15:56:07.927root 11241100x8000000000000000761420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e38da207e189d72021-12-20 15:56:07.927root 11241100x8000000000000000761421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdfac22cb5cf9012021-12-20 15:56:07.927root 11241100x8000000000000000761422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7ab8e2dcce76492021-12-20 15:56:07.927root 11241100x8000000000000000761423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e44c4cfbc68f5fd2021-12-20 15:56:07.927root 11241100x8000000000000000761424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6d298d7b717e252021-12-20 15:56:07.927root 11241100x8000000000000000761425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094aec7afa09377a2021-12-20 15:56:07.927root 11241100x8000000000000000761426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70444ef6e44588542021-12-20 15:56:07.927root 11241100x8000000000000000761427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9a827a7da04c972021-12-20 15:56:07.927root 11241100x8000000000000000761428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdde15d72ef8c00f2021-12-20 15:56:07.928root 11241100x8000000000000000761429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde0b4e900799e322021-12-20 15:56:07.928root 11241100x8000000000000000761430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa69a36188cedc22021-12-20 15:56:07.928root 11241100x8000000000000000761431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c229b5ccac2cd22021-12-20 15:56:07.928root 11241100x8000000000000000761432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272c8619948762ae2021-12-20 15:56:07.928root 11241100x8000000000000000761433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428bb3ccd8d376822021-12-20 15:56:07.928root 11241100x8000000000000000761434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f390c3d245b4ebd32021-12-20 15:56:07.929root 11241100x8000000000000000761435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4f9b14d30dd6912021-12-20 15:56:07.929root 11241100x8000000000000000761436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140999b1533f3a332021-12-20 15:56:07.929root 11241100x8000000000000000761437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2adc91b32df95dd2021-12-20 15:56:07.929root 11241100x8000000000000000761438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad52ffd7100f4372021-12-20 15:56:07.929root 11241100x8000000000000000761439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc08244ad3ec9a222021-12-20 15:56:07.929root 11241100x8000000000000000761440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea5288edec7a5102021-12-20 15:56:07.929root 11241100x8000000000000000761441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb93cb4dbf0fb662021-12-20 15:56:07.929root 11241100x8000000000000000761442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3837cbc356cd41372021-12-20 15:56:07.929root 11241100x8000000000000000761443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04699c4d9472d8b2021-12-20 15:56:07.930root 11241100x8000000000000000761444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb537a8aee08a6a02021-12-20 15:56:07.930root 11241100x8000000000000000761445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21398c4e8bdbc3c82021-12-20 15:56:07.930root 11241100x8000000000000000761446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bdd28ad241a3502021-12-20 15:56:07.930root 11241100x8000000000000000761447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6205132c1d736ce2021-12-20 15:56:07.930root 11241100x8000000000000000761448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5089428f6ea2f82021-12-20 15:56:07.930root 11241100x8000000000000000761449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3579c7631a3f6acf2021-12-20 15:56:07.931root 11241100x8000000000000000761450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6823302a856a252021-12-20 15:56:07.931root 11241100x8000000000000000761451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193de07ce421e1172021-12-20 15:56:07.932root 11241100x8000000000000000761452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7081b715180c2f0a2021-12-20 15:56:07.932root 11241100x8000000000000000761453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6289d0ec2ac66c382021-12-20 15:56:07.932root 11241100x8000000000000000761454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff24251246f8e71c2021-12-20 15:56:07.932root 11241100x8000000000000000761455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b49f5633da341d2021-12-20 15:56:07.932root 11241100x8000000000000000761456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d841082f0ef30582021-12-20 15:56:07.932root 11241100x8000000000000000761457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702ad60acf61d8692021-12-20 15:56:07.932root 11241100x8000000000000000761458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd4aecd3fbc8d312021-12-20 15:56:07.932root 11241100x8000000000000000761459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c55512a9d2275182021-12-20 15:56:07.932root 11241100x8000000000000000761460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78334ac23db1f9cd2021-12-20 15:56:07.932root 11241100x8000000000000000761461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2b505ec70a9a32021-12-20 15:56:07.933root 11241100x8000000000000000761462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f699f0629e2664c52021-12-20 15:56:07.933root 11241100x8000000000000000761463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e0b255bcda79982021-12-20 15:56:07.933root 11241100x8000000000000000761464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:07.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3ae00ad0b571522021-12-20 15:56:07.933root 354300x8000000000000000761465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.083{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51392-false10.0.1.12-8000- 11241100x8000000000000000761466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99752a5f2e308952021-12-20 15:56:08.424root 11241100x8000000000000000761467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9c24304b4add452021-12-20 15:56:08.424root 11241100x8000000000000000761468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad9417bc2845ddc2021-12-20 15:56:08.424root 11241100x8000000000000000761469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208c6dd7ffa4f8f52021-12-20 15:56:08.425root 11241100x8000000000000000761470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c8a1e9dd9f18f42021-12-20 15:56:08.425root 11241100x8000000000000000761471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3a74b1a566c3b52021-12-20 15:56:08.425root 11241100x8000000000000000761472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbe0a0efcb221352021-12-20 15:56:08.425root 11241100x8000000000000000761473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f188851c85b67732021-12-20 15:56:08.425root 11241100x8000000000000000761474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09f35ed8c79daa12021-12-20 15:56:08.425root 11241100x8000000000000000761475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a285ddcf30d1f42021-12-20 15:56:08.425root 11241100x8000000000000000761476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8446d45e509f5742021-12-20 15:56:08.425root 11241100x8000000000000000761477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50a76da5c7068c52021-12-20 15:56:08.425root 11241100x8000000000000000761478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb59ec369515eb452021-12-20 15:56:08.425root 11241100x8000000000000000761479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ba01eb23d355222021-12-20 15:56:08.425root 11241100x8000000000000000761480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a18aaa9164f2582021-12-20 15:56:08.426root 11241100x8000000000000000761481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fdf6b36bf4b7c02021-12-20 15:56:08.426root 11241100x8000000000000000761482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2e074fa8d816892021-12-20 15:56:08.426root 11241100x8000000000000000761483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b3ae9bc6e4608c2021-12-20 15:56:08.426root 11241100x8000000000000000761484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f909ddfe9ce9e8732021-12-20 15:56:08.426root 11241100x8000000000000000761485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601f6f70383a09542021-12-20 15:56:08.426root 11241100x8000000000000000761486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5062a061ac93276c2021-12-20 15:56:08.427root 11241100x8000000000000000761487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc38e946ea9f4792021-12-20 15:56:08.427root 11241100x8000000000000000761488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4e7566cf3038a52021-12-20 15:56:08.427root 11241100x8000000000000000761489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bf6c8f68ca3e952021-12-20 15:56:08.427root 11241100x8000000000000000761490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924df198acb432e62021-12-20 15:56:08.427root 11241100x8000000000000000761491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517bcf1ed11e34762021-12-20 15:56:08.427root 11241100x8000000000000000761492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed8108cf84977ba2021-12-20 15:56:08.427root 11241100x8000000000000000761493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17d900d6f46007f2021-12-20 15:56:08.428root 11241100x8000000000000000761494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1786849a059ebac82021-12-20 15:56:08.428root 11241100x8000000000000000761495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5521efd5fa3fd34b2021-12-20 15:56:08.428root 11241100x8000000000000000761496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef292b266c71ba362021-12-20 15:56:08.428root 11241100x8000000000000000761497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e7066b2a8085ed2021-12-20 15:56:08.428root 11241100x8000000000000000761498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8511690d9581f922021-12-20 15:56:08.428root 11241100x8000000000000000761499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939d081ec11cdf642021-12-20 15:56:08.429root 11241100x8000000000000000761500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7fafb45a9ede6b2021-12-20 15:56:08.429root 11241100x8000000000000000761501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994592f5527820b62021-12-20 15:56:08.429root 11241100x8000000000000000761502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64acab811c9c7342021-12-20 15:56:08.430root 11241100x8000000000000000761503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3fc48a1d310f282021-12-20 15:56:08.430root 11241100x8000000000000000761504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f96c8b86a203c752021-12-20 15:56:08.430root 11241100x8000000000000000761505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55aa238a1a36e892021-12-20 15:56:08.431root 11241100x8000000000000000761506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95402bb8e387dcc2021-12-20 15:56:08.431root 11241100x8000000000000000761507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0479b1f358159c22021-12-20 15:56:08.432root 11241100x8000000000000000761508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf19c3c951fae5a2021-12-20 15:56:08.432root 11241100x8000000000000000761509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29af362c1a8988ef2021-12-20 15:56:08.432root 11241100x8000000000000000761510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6400c783a45a9cfb2021-12-20 15:56:08.432root 11241100x8000000000000000761511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54da61335c5bca702021-12-20 15:56:08.432root 11241100x8000000000000000761512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e55f1c4febe7dd22021-12-20 15:56:08.432root 11241100x8000000000000000761513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c071a03650c31cdc2021-12-20 15:56:08.433root 11241100x8000000000000000761514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e960dfceafc86e2021-12-20 15:56:08.433root 11241100x8000000000000000761515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9787fd98b2737902021-12-20 15:56:08.433root 11241100x8000000000000000761516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891d50ac48287c0e2021-12-20 15:56:08.433root 11241100x8000000000000000761517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311b27dc2ae09ff2021-12-20 15:56:08.433root 11241100x8000000000000000761518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f65f50a535114482021-12-20 15:56:08.433root 11241100x8000000000000000761519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc26bbf87d507912021-12-20 15:56:08.433root 11241100x8000000000000000761520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061f45964b98352a2021-12-20 15:56:08.433root 11241100x8000000000000000761521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf28b9b60ee12542021-12-20 15:56:08.434root 11241100x8000000000000000761522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c5611c72232a8f2021-12-20 15:56:08.434root 11241100x8000000000000000761523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a808f5dfe60f0f2021-12-20 15:56:08.434root 11241100x8000000000000000761524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c4071908aadc542021-12-20 15:56:08.434root 11241100x8000000000000000761525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1c4c5dc22572d62021-12-20 15:56:08.434root 11241100x8000000000000000761526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ebe156c1ce1b212021-12-20 15:56:08.924root 11241100x8000000000000000761527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758127a2579b0dec2021-12-20 15:56:08.924root 11241100x8000000000000000761528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a347efb65ef1f1f2021-12-20 15:56:08.924root 11241100x8000000000000000761529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fcdf933a7bb6262021-12-20 15:56:08.924root 11241100x8000000000000000761530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc1e8a97224daec2021-12-20 15:56:08.925root 11241100x8000000000000000761531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c12187ce8cacbf2021-12-20 15:56:08.925root 11241100x8000000000000000761532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb38ea8ec38ad812021-12-20 15:56:08.925root 11241100x8000000000000000761533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e41648f03278b982021-12-20 15:56:08.925root 11241100x8000000000000000761534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c452bfdbb40001c22021-12-20 15:56:08.925root 11241100x8000000000000000761535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b405377404b1c6222021-12-20 15:56:08.925root 11241100x8000000000000000761536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc9459cef65da2d2021-12-20 15:56:08.925root 11241100x8000000000000000761537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f286c2314ef21af22021-12-20 15:56:08.925root 11241100x8000000000000000761538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14f771017636162021-12-20 15:56:08.925root 11241100x8000000000000000761539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09af8935bf6a31c42021-12-20 15:56:08.925root 11241100x8000000000000000761540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394c33c93d871c322021-12-20 15:56:08.925root 11241100x8000000000000000761541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a712faa3c7fc3f02021-12-20 15:56:08.925root 11241100x8000000000000000761542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a9bc60479b6e352021-12-20 15:56:08.925root 11241100x8000000000000000761543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268c7e6d502a79ec2021-12-20 15:56:08.925root 11241100x8000000000000000761544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42db76736583d7122021-12-20 15:56:08.925root 11241100x8000000000000000761545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3874bff53db8332021-12-20 15:56:08.925root 11241100x8000000000000000761546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ccb99cbf2bcdf72021-12-20 15:56:08.926root 11241100x8000000000000000761547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a695831b322d9cee2021-12-20 15:56:08.926root 11241100x8000000000000000761548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bec243d4466b802021-12-20 15:56:08.926root 11241100x8000000000000000761549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed214097e651fbca2021-12-20 15:56:08.926root 11241100x8000000000000000761550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffc8d9f578545572021-12-20 15:56:08.926root 11241100x8000000000000000761551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe83dca0afd069c2021-12-20 15:56:08.926root 11241100x8000000000000000761552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611d8dff7f5c7d7f2021-12-20 15:56:08.926root 11241100x8000000000000000761553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35834bd759fa113a2021-12-20 15:56:08.926root 11241100x8000000000000000761554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ffd42ee5b8ed4f2021-12-20 15:56:08.926root 11241100x8000000000000000761555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972800cba7f2166f2021-12-20 15:56:08.926root 11241100x8000000000000000761556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f119cb04e3b4be962021-12-20 15:56:08.926root 11241100x8000000000000000761557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd05046a250678d2021-12-20 15:56:08.926root 11241100x8000000000000000761558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ee992b356009a12021-12-20 15:56:08.926root 11241100x8000000000000000761559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d75e75f2d72eb032021-12-20 15:56:08.926root 11241100x8000000000000000761560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0cbccd308b53122021-12-20 15:56:08.926root 11241100x8000000000000000761561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28382cf68b986b222021-12-20 15:56:08.926root 11241100x8000000000000000761562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37897d92fa62e2b2021-12-20 15:56:08.927root 11241100x8000000000000000761563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdab7b59339ea112021-12-20 15:56:08.927root 11241100x8000000000000000761564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ec0cc1344e62d02021-12-20 15:56:08.927root 11241100x8000000000000000761565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e036ff633e0acc2021-12-20 15:56:08.927root 11241100x8000000000000000761566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc5c273c164bdbb2021-12-20 15:56:08.927root 11241100x8000000000000000761567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0199a0093818ee2021-12-20 15:56:08.927root 11241100x8000000000000000761568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc92df8f75154782021-12-20 15:56:08.927root 11241100x8000000000000000761569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e75904bb3652472021-12-20 15:56:08.927root 11241100x8000000000000000761570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79533dd358f9a512021-12-20 15:56:08.927root 11241100x8000000000000000761571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fffc0c0c5a38572021-12-20 15:56:08.927root 11241100x8000000000000000761572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c2503463e01e862021-12-20 15:56:08.927root 11241100x8000000000000000761573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ddbbe863fd58de2021-12-20 15:56:08.927root 11241100x8000000000000000761574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d16579d7a3cb3422021-12-20 15:56:08.927root 11241100x8000000000000000761575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53ad473f49d1a8b2021-12-20 15:56:08.927root 11241100x8000000000000000761576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f3232cea3cb6b92021-12-20 15:56:08.927root 11241100x8000000000000000761577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536e334edc60e4912021-12-20 15:56:08.928root 11241100x8000000000000000761578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f408125934f7525a2021-12-20 15:56:08.928root 11241100x8000000000000000761579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc1b57b5d52672c2021-12-20 15:56:08.928root 11241100x8000000000000000761580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef451b5a2ef49c1e2021-12-20 15:56:08.928root 11241100x8000000000000000761581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e9180003a56f9a2021-12-20 15:56:08.928root 11241100x8000000000000000761582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f232b26c61f764a82021-12-20 15:56:08.928root 11241100x8000000000000000761583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80995a6b4efe32ae2021-12-20 15:56:08.928root 11241100x8000000000000000761584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be0acfdc5977cef2021-12-20 15:56:08.928root 11241100x8000000000000000761585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52450d68c1dee6852021-12-20 15:56:08.928root 11241100x8000000000000000761586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ca10e954c3b9432021-12-20 15:56:08.928root 11241100x8000000000000000761587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e4fc16af11e49f2021-12-20 15:56:08.928root 11241100x8000000000000000761588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a771257be4f43b42021-12-20 15:56:08.928root 11241100x8000000000000000761589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc241a135b5e4a6c2021-12-20 15:56:08.928root 11241100x8000000000000000761590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77d1446ee0ffe2a2021-12-20 15:56:08.928root 11241100x8000000000000000761591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e184334a57501042021-12-20 15:56:08.928root 11241100x8000000000000000761592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac67170cb32054a2021-12-20 15:56:08.928root 11241100x8000000000000000761593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd085902b8ebb892021-12-20 15:56:08.929root 11241100x8000000000000000761594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8faccf4d3bcba92021-12-20 15:56:08.929root 11241100x8000000000000000761595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231f1f00c9cd13672021-12-20 15:56:08.938root 11241100x8000000000000000761596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8d4984203ecd7c2021-12-20 15:56:08.938root 11241100x8000000000000000761597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d91f93191ea6432021-12-20 15:56:08.938root 11241100x8000000000000000761598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f602f5dc635a4482021-12-20 15:56:08.938root 11241100x8000000000000000761599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c472e989d9df89532021-12-20 15:56:08.939root 11241100x8000000000000000761600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04897915757c6472021-12-20 15:56:08.939root 11241100x8000000000000000761601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125f7162abc671c72021-12-20 15:56:08.939root 11241100x8000000000000000761602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac34e6925617d932021-12-20 15:56:08.939root 11241100x8000000000000000761603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b3415519ba8b2f2021-12-20 15:56:08.939root 11241100x8000000000000000761604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfd3b535402b1302021-12-20 15:56:08.939root 11241100x8000000000000000761605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95805f412d27a1902021-12-20 15:56:08.939root 11241100x8000000000000000761606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f67765a485f12222021-12-20 15:56:08.939root 11241100x8000000000000000761607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4acb3c6d25687bc2021-12-20 15:56:08.939root 11241100x8000000000000000761608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4300ae6ddb4a01952021-12-20 15:56:08.939root 11241100x8000000000000000761609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e77bddf47d243792021-12-20 15:56:08.939root 11241100x8000000000000000761610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1413abb77b8a8be42021-12-20 15:56:08.940root 11241100x8000000000000000761611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2b94b2452bd5742021-12-20 15:56:08.940root 11241100x8000000000000000761612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d4d2207a7658652021-12-20 15:56:08.940root 11241100x8000000000000000761613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1241386b0bf18a342021-12-20 15:56:08.940root 11241100x8000000000000000761614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20115956a8628bff2021-12-20 15:56:08.940root 11241100x8000000000000000761615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0511e37ff9b5c32021-12-20 15:56:08.940root 11241100x8000000000000000761616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a51063d6f0c61b2021-12-20 15:56:08.940root 11241100x8000000000000000761617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea6d4d60ed21ae32021-12-20 15:56:08.940root 11241100x8000000000000000761618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b282fe811c53c4b02021-12-20 15:56:08.940root 11241100x8000000000000000761619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c32d315726fbb12021-12-20 15:56:08.940root 11241100x8000000000000000761620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9e79d174a8fdac2021-12-20 15:56:08.940root 11241100x8000000000000000761621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09064c4baf4b5c02021-12-20 15:56:08.941root 11241100x8000000000000000761622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c440452a965ffa2021-12-20 15:56:08.941root 11241100x8000000000000000761623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f5e5779cc367362021-12-20 15:56:08.941root 11241100x8000000000000000761624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566e4e00e122a8c42021-12-20 15:56:08.941root 11241100x8000000000000000761625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb08fabbdc7edc572021-12-20 15:56:08.941root 11241100x8000000000000000761626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed09e120fe37de02021-12-20 15:56:08.941root 11241100x8000000000000000761627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dbf6770bbfcc902021-12-20 15:56:08.941root 11241100x8000000000000000761628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195149723a1bb68b2021-12-20 15:56:08.941root 11241100x8000000000000000761629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c680fac1caf14602021-12-20 15:56:08.943root 11241100x8000000000000000761630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfb450db0fe3f522021-12-20 15:56:08.943root 11241100x8000000000000000761631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96251193883401de2021-12-20 15:56:08.943root 11241100x8000000000000000761632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7645940ab79bdcb2021-12-20 15:56:08.943root 11241100x8000000000000000761633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6512ca08f5519e2021-12-20 15:56:08.943root 11241100x8000000000000000761634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4135b0b21ee2b8982021-12-20 15:56:08.943root 11241100x8000000000000000761635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b6221e3af32d5f2021-12-20 15:56:08.944root 11241100x8000000000000000761636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f15455950857492021-12-20 15:56:08.944root 11241100x8000000000000000761637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9d0e3877c877ec2021-12-20 15:56:08.944root 11241100x8000000000000000761638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f4eb83febba1ae2021-12-20 15:56:08.944root 11241100x8000000000000000761639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5854e84d3e40c91f2021-12-20 15:56:08.944root 11241100x8000000000000000761640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155968e67c7509192021-12-20 15:56:08.944root 11241100x8000000000000000761641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7937d1f865aa2dcd2021-12-20 15:56:08.944root 11241100x8000000000000000761642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dde306a00fd0532021-12-20 15:56:08.944root 11241100x8000000000000000761643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bc65b2612e5e382021-12-20 15:56:08.944root 11241100x8000000000000000761644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f4ee7607bc22292021-12-20 15:56:08.945root 11241100x8000000000000000761645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a1d502542565342021-12-20 15:56:08.945root 11241100x8000000000000000761646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7b8678f8a28eb62021-12-20 15:56:08.951root 11241100x8000000000000000761647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4083c6b72593a8012021-12-20 15:56:08.951root 11241100x8000000000000000761648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67a646aaef1e2f42021-12-20 15:56:08.951root 11241100x8000000000000000761649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa6db6f5d9409e72021-12-20 15:56:08.951root 11241100x8000000000000000761650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc3052410dfcc4c2021-12-20 15:56:08.952root 11241100x8000000000000000761651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75631bb55ff8ff752021-12-20 15:56:08.952root 11241100x8000000000000000761652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec0916c29f6aa892021-12-20 15:56:08.952root 11241100x8000000000000000761653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a33cdff8f2907f2021-12-20 15:56:08.952root 11241100x8000000000000000761654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e1bfc9d1cfae462021-12-20 15:56:08.952root 11241100x8000000000000000761655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03e5370a77be4032021-12-20 15:56:08.952root 11241100x8000000000000000761656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71d668bbb3988482021-12-20 15:56:08.952root 11241100x8000000000000000761657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4544e35579ad55a62021-12-20 15:56:08.952root 11241100x8000000000000000761658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed5f56094ac2f552021-12-20 15:56:08.952root 11241100x8000000000000000761659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc77ebeed629d412021-12-20 15:56:08.952root 11241100x8000000000000000761660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d395c591cb6f0e62021-12-20 15:56:08.953root 11241100x8000000000000000761661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc9c4fa957e87682021-12-20 15:56:08.953root 11241100x8000000000000000761662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da57542a92b757112021-12-20 15:56:08.953root 11241100x8000000000000000761663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5003e6ec43be54dc2021-12-20 15:56:08.953root 11241100x8000000000000000761664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626ac51e6d15f3092021-12-20 15:56:08.953root 11241100x8000000000000000761665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd22cdf0c6e32fd2021-12-20 15:56:08.953root 11241100x8000000000000000761666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f5d2762fbf38932021-12-20 15:56:08.953root 11241100x8000000000000000761667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb3f2e6007965cc2021-12-20 15:56:08.953root 11241100x8000000000000000761668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbf77b3deb684a92021-12-20 15:56:08.953root 11241100x8000000000000000761669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782cd04d786b81dc2021-12-20 15:56:08.954root 11241100x8000000000000000761670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2484c9d3e7c1672021-12-20 15:56:08.954root 11241100x8000000000000000761671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d10e2fd16e7d0c2021-12-20 15:56:08.954root 11241100x8000000000000000761672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839b6d5eb71c6a172021-12-20 15:56:08.954root 11241100x8000000000000000761673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535264120ebeb16c2021-12-20 15:56:08.954root 11241100x8000000000000000761674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2996b5f84fb1e72e2021-12-20 15:56:08.954root 11241100x8000000000000000761675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aed8457e580d8a2021-12-20 15:56:08.954root 11241100x8000000000000000761676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54900526cc74b4c2021-12-20 15:56:08.954root 11241100x8000000000000000761677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ead9a3404736792021-12-20 15:56:08.954root 11241100x8000000000000000761678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aca9d8ad8eeb2fe2021-12-20 15:56:08.954root 11241100x8000000000000000761679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:08.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23059ed0ed226e452021-12-20 15:56:08.955root 23542300x8000000000000000761680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.070{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000761681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602b475cc435c2322021-12-20 15:56:09.424root 11241100x8000000000000000761682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387549dba7b6fb3c2021-12-20 15:56:09.424root 11241100x8000000000000000761683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd5782c84154f7c2021-12-20 15:56:09.424root 11241100x8000000000000000761684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b431881486c6712021-12-20 15:56:09.424root 11241100x8000000000000000761685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea66a8b893f14fb2021-12-20 15:56:09.425root 11241100x8000000000000000761686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43e5432df5101d02021-12-20 15:56:09.425root 11241100x8000000000000000761687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3dcb22a8efc2e62021-12-20 15:56:09.425root 11241100x8000000000000000761688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388d7f60b42fd9522021-12-20 15:56:09.425root 11241100x8000000000000000761689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee6c4f03e4cf2372021-12-20 15:56:09.425root 11241100x8000000000000000761690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea18122d3e5e8ea02021-12-20 15:56:09.425root 11241100x8000000000000000761691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18097c10da849b112021-12-20 15:56:09.425root 11241100x8000000000000000761692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bba00464c5e75652021-12-20 15:56:09.425root 11241100x8000000000000000761693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f485763d8874fd2021-12-20 15:56:09.426root 11241100x8000000000000000761694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e8b5357916c7cb2021-12-20 15:56:09.426root 11241100x8000000000000000761695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ada39bc060580a2021-12-20 15:56:09.426root 11241100x8000000000000000761696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a2f32f1f4ddb082021-12-20 15:56:09.426root 11241100x8000000000000000761697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466293118ca2835d2021-12-20 15:56:09.426root 11241100x8000000000000000761698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb30ca257e3d8772021-12-20 15:56:09.426root 11241100x8000000000000000761699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1878e06d8b18c6b02021-12-20 15:56:09.426root 11241100x8000000000000000761700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fc870d9565afd42021-12-20 15:56:09.427root 11241100x8000000000000000761701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12356a116ce4b9e62021-12-20 15:56:09.427root 11241100x8000000000000000761702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63a2ffd3ba0c3842021-12-20 15:56:09.427root 11241100x8000000000000000761703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ab4c9065e7fefd2021-12-20 15:56:09.428root 11241100x8000000000000000761704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d312f146cc21f722021-12-20 15:56:09.428root 11241100x8000000000000000761705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1448f657bbc63cb2021-12-20 15:56:09.428root 11241100x8000000000000000761706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4f44c4b72382eb2021-12-20 15:56:09.428root 11241100x8000000000000000761707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678d2e5e27a32f632021-12-20 15:56:09.428root 11241100x8000000000000000761708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c309cacad31927e02021-12-20 15:56:09.429root 11241100x8000000000000000761709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2d221fac293a3b2021-12-20 15:56:09.429root 11241100x8000000000000000761710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a1ea76ff6fa60c2021-12-20 15:56:09.429root 11241100x8000000000000000761711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed676616bea517d82021-12-20 15:56:09.429root 11241100x8000000000000000761712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a82807383b2a9532021-12-20 15:56:09.430root 11241100x8000000000000000761713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e062ebb6f30a482021-12-20 15:56:09.430root 11241100x8000000000000000761714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04370dc190fb1512021-12-20 15:56:09.430root 11241100x8000000000000000761715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d99a81d0edbd22c2021-12-20 15:56:09.430root 11241100x8000000000000000761716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc45148284b00e42021-12-20 15:56:09.431root 11241100x8000000000000000761717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f175a267bbe64362021-12-20 15:56:09.431root 11241100x8000000000000000761718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e04ecb4feaeb99a2021-12-20 15:56:09.431root 11241100x8000000000000000761719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22065319fa905dfe2021-12-20 15:56:09.431root 11241100x8000000000000000761720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a791b06ee84c9e9a2021-12-20 15:56:09.431root 11241100x8000000000000000761721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6455dbb7bbe479c12021-12-20 15:56:09.431root 11241100x8000000000000000761722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e64b2fb02d4e0ef2021-12-20 15:56:09.431root 11241100x8000000000000000761723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b15be64765fc462021-12-20 15:56:09.432root 11241100x8000000000000000761724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0237258843f41ff2021-12-20 15:56:09.433root 11241100x8000000000000000761725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f18b1fab9e7de32021-12-20 15:56:09.433root 11241100x8000000000000000761726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64be60d47b9ccf72021-12-20 15:56:09.433root 11241100x8000000000000000761727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fa4579cb23edd42021-12-20 15:56:09.433root 11241100x8000000000000000761728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c01b21e47ea9d92021-12-20 15:56:09.433root 11241100x8000000000000000761729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc01bfc6a6bcba452021-12-20 15:56:09.435root 11241100x8000000000000000761730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4297369ee5d3508d2021-12-20 15:56:09.435root 11241100x8000000000000000761731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bd7be5f4fa34062021-12-20 15:56:09.435root 11241100x8000000000000000761732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e0f2a62dd7193b2021-12-20 15:56:09.436root 11241100x8000000000000000761733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84378ba7d14588a2021-12-20 15:56:09.436root 11241100x8000000000000000761734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b6d93c921780692021-12-20 15:56:09.436root 11241100x8000000000000000761735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78490f5b3be2e4af2021-12-20 15:56:09.436root 11241100x8000000000000000761736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60217e0a3aebb6282021-12-20 15:56:09.436root 11241100x8000000000000000761737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445052bc0b477a452021-12-20 15:56:09.436root 11241100x8000000000000000761738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025d4119ec24a2732021-12-20 15:56:09.437root 11241100x8000000000000000761739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108438694bed58952021-12-20 15:56:09.437root 11241100x8000000000000000761740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e0e83bd797daf42021-12-20 15:56:09.437root 11241100x8000000000000000761741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392d4f072fd805592021-12-20 15:56:09.437root 11241100x8000000000000000761742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9714adefd7e32faf2021-12-20 15:56:09.437root 11241100x8000000000000000761743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606a3bd9d4fb26912021-12-20 15:56:09.437root 11241100x8000000000000000761744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad77ba8ec624071f2021-12-20 15:56:09.437root 11241100x8000000000000000761745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88827afd9fe2a36b2021-12-20 15:56:09.437root 11241100x8000000000000000761746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519f9121fedc22882021-12-20 15:56:09.437root 11241100x8000000000000000761747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa47320bd3750cd2021-12-20 15:56:09.437root 11241100x8000000000000000761748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c153307c5716a7c32021-12-20 15:56:09.437root 11241100x8000000000000000761749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879fac23daa212522021-12-20 15:56:09.437root 11241100x8000000000000000761750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb05966523857d12021-12-20 15:56:09.437root 11241100x8000000000000000761751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d3c217b025c25d2021-12-20 15:56:09.438root 11241100x8000000000000000761752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931860495263900e2021-12-20 15:56:09.438root 11241100x8000000000000000761753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a63f65ecf3a38672021-12-20 15:56:09.438root 11241100x8000000000000000761754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72194f9b268593252021-12-20 15:56:09.438root 11241100x8000000000000000761755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a75806354722862021-12-20 15:56:09.438root 11241100x8000000000000000761756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94af48d8f1614c7c2021-12-20 15:56:09.438root 11241100x8000000000000000761757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920273a67fcb075e2021-12-20 15:56:09.438root 11241100x8000000000000000761758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2cddb59efb200d2021-12-20 15:56:09.438root 11241100x8000000000000000761759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe26fa1f82e10c8d2021-12-20 15:56:09.438root 11241100x8000000000000000761760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0920f154b2c71e2021-12-20 15:56:09.438root 11241100x8000000000000000761761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2fdc01e0478aa22021-12-20 15:56:09.439root 11241100x8000000000000000761762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc21ef1b84a81c6c2021-12-20 15:56:09.439root 11241100x8000000000000000761763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353354ccddd731262021-12-20 15:56:09.439root 11241100x8000000000000000761764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca0c38f44b114972021-12-20 15:56:09.439root 11241100x8000000000000000761765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3feb08c10da068dd2021-12-20 15:56:09.924root 11241100x8000000000000000761766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9654b9c4ccf9044e2021-12-20 15:56:09.924root 11241100x8000000000000000761767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8fc4b3a88b70932021-12-20 15:56:09.924root 11241100x8000000000000000761768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70aea4d222954412021-12-20 15:56:09.925root 11241100x8000000000000000761769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b11a200833f7242021-12-20 15:56:09.925root 11241100x8000000000000000761770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb8214b0316c9a12021-12-20 15:56:09.925root 11241100x8000000000000000761771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038ffabf8066c4ec2021-12-20 15:56:09.925root 11241100x8000000000000000761772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878db9fd7d10c2b22021-12-20 15:56:09.925root 11241100x8000000000000000761773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3bd645bf1b7e9d2021-12-20 15:56:09.925root 11241100x8000000000000000761774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411c01ad748f49ef2021-12-20 15:56:09.925root 11241100x8000000000000000761775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60387545591c4232021-12-20 15:56:09.925root 11241100x8000000000000000761776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393c73033fffe8fd2021-12-20 15:56:09.925root 11241100x8000000000000000761777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4601bebb496befe02021-12-20 15:56:09.925root 11241100x8000000000000000761778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35c82d932a1b6152021-12-20 15:56:09.925root 11241100x8000000000000000761779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb2c46ac1ef3b822021-12-20 15:56:09.925root 11241100x8000000000000000761780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6497eb360037bb82021-12-20 15:56:09.925root 11241100x8000000000000000761781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7588f64d82f47702021-12-20 15:56:09.925root 11241100x8000000000000000761782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1d55d80f60be0a2021-12-20 15:56:09.925root 11241100x8000000000000000761783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70b9fb11f8dd2e42021-12-20 15:56:09.926root 11241100x8000000000000000761784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9505ebabc5c01b342021-12-20 15:56:09.926root 11241100x8000000000000000761785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa399decaaaf41122021-12-20 15:56:09.926root 11241100x8000000000000000761786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec35d1dd1b0e0842021-12-20 15:56:09.926root 11241100x8000000000000000761787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ed8c886d6d03de2021-12-20 15:56:09.926root 11241100x8000000000000000761788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9732cd9dfd51f62021-12-20 15:56:09.926root 11241100x8000000000000000761789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fa1f0a0185c6272021-12-20 15:56:09.926root 11241100x8000000000000000761790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db6c3eb5fdb9d0d2021-12-20 15:56:09.926root 11241100x8000000000000000761791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd3860efa8c63362021-12-20 15:56:09.926root 11241100x8000000000000000761792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672c729aca1be4552021-12-20 15:56:09.926root 11241100x8000000000000000761793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666d0c6455d6c70f2021-12-20 15:56:09.927root 11241100x8000000000000000761794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02be0a0c50fe737f2021-12-20 15:56:09.927root 11241100x8000000000000000761795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e843a61a4c73b6402021-12-20 15:56:09.927root 11241100x8000000000000000761796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d2d59afdae48b12021-12-20 15:56:09.927root 11241100x8000000000000000761797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34efecaaf887d28f2021-12-20 15:56:09.927root 11241100x8000000000000000761798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69932fa20d825c4f2021-12-20 15:56:09.927root 11241100x8000000000000000761799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e7c8c52d1b7a822021-12-20 15:56:09.927root 11241100x8000000000000000761800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6f5bad7dbcfde42021-12-20 15:56:09.927root 11241100x8000000000000000761801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619f519285d1b95b2021-12-20 15:56:09.927root 11241100x8000000000000000761802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccd41d51dc53bfe2021-12-20 15:56:09.927root 11241100x8000000000000000761803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a1fec3d2494f382021-12-20 15:56:09.927root 11241100x8000000000000000761804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f680cc773726fdc2021-12-20 15:56:09.927root 11241100x8000000000000000761805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c6f69eb9f2ad962021-12-20 15:56:09.927root 11241100x8000000000000000761806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d2d8a3a0acd5752021-12-20 15:56:09.927root 11241100x8000000000000000761807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cbece8523dd2a92021-12-20 15:56:09.928root 11241100x8000000000000000761808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f07e8d066023212021-12-20 15:56:09.928root 11241100x8000000000000000761809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e9a0d6bea6f1b42021-12-20 15:56:09.928root 11241100x8000000000000000761810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb8b0369b8306682021-12-20 15:56:09.928root 11241100x8000000000000000761811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f305e2ab25cbe4bb2021-12-20 15:56:09.929root 11241100x8000000000000000761812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b649687e16b1e85b2021-12-20 15:56:10.424root 11241100x8000000000000000761813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b4d239a1d844112021-12-20 15:56:10.424root 11241100x8000000000000000761814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eeaa4fe2dbfe39a2021-12-20 15:56:10.424root 11241100x8000000000000000761815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9df84d2957006f2021-12-20 15:56:10.424root 11241100x8000000000000000761816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0f37cce7b56ff32021-12-20 15:56:10.424root 11241100x8000000000000000761817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d70b85f62f50272021-12-20 15:56:10.425root 11241100x8000000000000000761818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268e1325b9ef96ff2021-12-20 15:56:10.425root 11241100x8000000000000000761819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8ecb850609a2362021-12-20 15:56:10.425root 11241100x8000000000000000761820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc492bb86d2560ca2021-12-20 15:56:10.425root 11241100x8000000000000000761821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55fb2d2d4016d942021-12-20 15:56:10.425root 11241100x8000000000000000761822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdf731b182cbd0c2021-12-20 15:56:10.425root 11241100x8000000000000000761823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c0c0ce47d7b9952021-12-20 15:56:10.425root 11241100x8000000000000000761824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de96ca6aa2e4757e2021-12-20 15:56:10.425root 11241100x8000000000000000761825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26cc6bb6bfb983c2021-12-20 15:56:10.425root 11241100x8000000000000000761826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2f88b42d95aa102021-12-20 15:56:10.425root 11241100x8000000000000000761827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00c4c7829f0e7592021-12-20 15:56:10.426root 11241100x8000000000000000761828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b28fd16f57167e2021-12-20 15:56:10.426root 11241100x8000000000000000761829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b1d03eb302b5a12021-12-20 15:56:10.426root 11241100x8000000000000000761830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01226ab1c83cd9932021-12-20 15:56:10.426root 11241100x8000000000000000761831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79372402b9685b092021-12-20 15:56:10.427root 11241100x8000000000000000761832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cb46c46ae58f2f2021-12-20 15:56:10.427root 11241100x8000000000000000761833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d0aaf49a845e232021-12-20 15:56:10.427root 11241100x8000000000000000761834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18db7b25348d94bc2021-12-20 15:56:10.427root 11241100x8000000000000000761835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a5211f1e2cdddc2021-12-20 15:56:10.427root 11241100x8000000000000000761836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0ef1913ea5106b2021-12-20 15:56:10.428root 11241100x8000000000000000761837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d938c89aaba5d89d2021-12-20 15:56:10.428root 11241100x8000000000000000761838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66673dfa30e1101c2021-12-20 15:56:10.428root 11241100x8000000000000000761839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2d5b263327acfe2021-12-20 15:56:10.428root 11241100x8000000000000000761840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12f23b54306f4d82021-12-20 15:56:10.428root 11241100x8000000000000000761841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414b9beec2d517582021-12-20 15:56:10.429root 11241100x8000000000000000761842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9577546eb2fb38872021-12-20 15:56:10.429root 11241100x8000000000000000761843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d7f533fab441982021-12-20 15:56:10.429root 11241100x8000000000000000761844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1c4a0bdddd94e12021-12-20 15:56:10.429root 11241100x8000000000000000761845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093919e8d2475afc2021-12-20 15:56:10.429root 11241100x8000000000000000761846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9116f983976ad20b2021-12-20 15:56:10.429root 11241100x8000000000000000761847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1d477a349a30bb2021-12-20 15:56:10.430root 11241100x8000000000000000761848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39529cc488fbfcdb2021-12-20 15:56:10.430root 11241100x8000000000000000761849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f38c16e97d65ef2021-12-20 15:56:10.430root 11241100x8000000000000000761850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ea17586207ef602021-12-20 15:56:10.430root 11241100x8000000000000000761851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c39f965ff71ee522021-12-20 15:56:10.430root 11241100x8000000000000000761852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44dc614b2d1e33f2021-12-20 15:56:10.430root 11241100x8000000000000000761853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2075fcbb865d2a0d2021-12-20 15:56:10.430root 11241100x8000000000000000761854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5ed4c2be1cff872021-12-20 15:56:10.431root 11241100x8000000000000000761855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a21954531c42eb52021-12-20 15:56:10.431root 11241100x8000000000000000761856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9c4c7a299299372021-12-20 15:56:10.431root 11241100x8000000000000000761857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e079e93d80abe92021-12-20 15:56:10.431root 11241100x8000000000000000761858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dbdbd89ac4a2952021-12-20 15:56:10.431root 11241100x8000000000000000761859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad4b06b21b0e2362021-12-20 15:56:10.431root 11241100x8000000000000000761860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136d7c4efff1c69e2021-12-20 15:56:10.431root 11241100x8000000000000000761861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb29821cb2476402021-12-20 15:56:10.432root 11241100x8000000000000000761862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9206381ed3572e3f2021-12-20 15:56:10.432root 11241100x8000000000000000761863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9fba8f2884a6202021-12-20 15:56:10.432root 11241100x8000000000000000761864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371b948397d00a1a2021-12-20 15:56:10.432root 11241100x8000000000000000761865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af02d80f96a36ba72021-12-20 15:56:10.432root 11241100x8000000000000000761866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6205e100fab2002021-12-20 15:56:10.433root 11241100x8000000000000000761867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60a68a806dde58e2021-12-20 15:56:10.433root 11241100x8000000000000000761868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0dc45be346ce042021-12-20 15:56:10.433root 11241100x8000000000000000761869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf6946b0b6777be2021-12-20 15:56:10.433root 11241100x8000000000000000761870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2516b4894618983d2021-12-20 15:56:10.433root 11241100x8000000000000000761871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1033500de3da83de2021-12-20 15:56:10.433root 11241100x8000000000000000761872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74bff43a004a7d52021-12-20 15:56:10.433root 11241100x8000000000000000761873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0f3f26a5a563822021-12-20 15:56:10.434root 11241100x8000000000000000761874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a109e0796f2f76bc2021-12-20 15:56:10.924root 11241100x8000000000000000761875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5c5a2d92017e1f2021-12-20 15:56:10.924root 11241100x8000000000000000761876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e359578f3107fbf82021-12-20 15:56:10.924root 11241100x8000000000000000761877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610edae0ab0f625f2021-12-20 15:56:10.924root 11241100x8000000000000000761878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63aa22fcb0e860f22021-12-20 15:56:10.925root 11241100x8000000000000000761879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cdb6842b84b0112021-12-20 15:56:10.925root 11241100x8000000000000000761880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b72eca73cdec5b2021-12-20 15:56:10.925root 11241100x8000000000000000761881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da628c9975e5185a2021-12-20 15:56:10.925root 11241100x8000000000000000761882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7b377e5b167aba2021-12-20 15:56:10.925root 11241100x8000000000000000761883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0db80b9552ef9a2021-12-20 15:56:10.925root 11241100x8000000000000000761884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f33e7e7395e5542021-12-20 15:56:10.925root 11241100x8000000000000000761885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec324244cdb22582021-12-20 15:56:10.925root 11241100x8000000000000000761886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f662da35d1ac0d102021-12-20 15:56:10.925root 11241100x8000000000000000761887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915806b63fc297a42021-12-20 15:56:10.925root 11241100x8000000000000000761888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5a7fc6c7a9fcb22021-12-20 15:56:10.925root 11241100x8000000000000000761889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938ee72e321079e22021-12-20 15:56:10.925root 11241100x8000000000000000761890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a983351f56edfe2021-12-20 15:56:10.925root 11241100x8000000000000000761891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68466cb607f61de2021-12-20 15:56:10.925root 11241100x8000000000000000761892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3350e53a8cdfa82021-12-20 15:56:10.926root 11241100x8000000000000000761893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462eb7cd65855c982021-12-20 15:56:10.926root 11241100x8000000000000000761894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9d62c4a929944b2021-12-20 15:56:10.926root 11241100x8000000000000000761895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a416e92eafce0e8a2021-12-20 15:56:10.926root 11241100x8000000000000000761896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78658f79592d33e12021-12-20 15:56:10.926root 11241100x8000000000000000761897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4882f0c2025221b42021-12-20 15:56:10.926root 11241100x8000000000000000761898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131d9ffbbb243adf2021-12-20 15:56:10.926root 11241100x8000000000000000761899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70737de14729ff492021-12-20 15:56:10.926root 11241100x8000000000000000761900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7670273ee3f24d12021-12-20 15:56:10.926root 11241100x8000000000000000761901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5723cb7fe9644a2021-12-20 15:56:10.926root 11241100x8000000000000000761902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a1dcdb30cf622d2021-12-20 15:56:10.926root 11241100x8000000000000000761903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41906ed00be00f32021-12-20 15:56:10.926root 11241100x8000000000000000761904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819bbf5c9b0da2832021-12-20 15:56:10.927root 11241100x8000000000000000761905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d495d2455aefaa8f2021-12-20 15:56:10.927root 11241100x8000000000000000761906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86548da0688ed2342021-12-20 15:56:10.927root 11241100x8000000000000000761907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6f671b45b39d2a2021-12-20 15:56:10.927root 11241100x8000000000000000761908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ab6b08fbb023462021-12-20 15:56:10.927root 11241100x8000000000000000761909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d59c69b97fba292021-12-20 15:56:10.927root 11241100x8000000000000000761910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7600c52490742ed52021-12-20 15:56:10.927root 11241100x8000000000000000761911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1113cb018b7bfb72021-12-20 15:56:10.927root 11241100x8000000000000000761912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14690bd4469185982021-12-20 15:56:10.927root 11241100x8000000000000000761913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b679269a1163ac192021-12-20 15:56:10.927root 11241100x8000000000000000761914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfad4890a2023072021-12-20 15:56:10.927root 11241100x8000000000000000761915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1decd8b96a916ee2021-12-20 15:56:10.927root 11241100x8000000000000000761916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29deef40da69020a2021-12-20 15:56:10.928root 11241100x8000000000000000761917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc111abcec4ccb2c2021-12-20 15:56:10.928root 11241100x8000000000000000761918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58424ca199476ac52021-12-20 15:56:10.928root 11241100x8000000000000000761919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0278095db1b2ed62021-12-20 15:56:10.928root 11241100x8000000000000000761920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb44633cadc760e2021-12-20 15:56:10.928root 11241100x8000000000000000761921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe11da5b8e4afdd42021-12-20 15:56:10.928root 11241100x8000000000000000761922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb18814c443f72102021-12-20 15:56:10.928root 11241100x8000000000000000761923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e091b8c9f0e83212021-12-20 15:56:10.929root 11241100x8000000000000000761924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60dd83ac13a11d72021-12-20 15:56:10.929root 11241100x8000000000000000761925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd35ec3800534bc2021-12-20 15:56:10.929root 11241100x8000000000000000761926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c54311da083b8412021-12-20 15:56:10.929root 11241100x8000000000000000761927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9e7ee48f95805a2021-12-20 15:56:10.929root 11241100x8000000000000000761928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c785cdb924e7f12021-12-20 15:56:10.929root 11241100x8000000000000000761929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167a51dc5cde372c2021-12-20 15:56:10.930root 11241100x8000000000000000761930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce8c74df713f4102021-12-20 15:56:10.930root 11241100x8000000000000000761931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d3ab6863c9a2522021-12-20 15:56:10.930root 11241100x8000000000000000761932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a5ebf281a596fc2021-12-20 15:56:10.930root 11241100x8000000000000000761933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9349eafeee292a22021-12-20 15:56:10.930root 11241100x8000000000000000761934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a98deac4b848252021-12-20 15:56:10.930root 11241100x8000000000000000761935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c4cfaf88bc93a42021-12-20 15:56:10.930root 11241100x8000000000000000761936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73436e0cf50f63722021-12-20 15:56:10.930root 11241100x8000000000000000761937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e27a9cb1b8392592021-12-20 15:56:10.931root 11241100x8000000000000000761938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac639edf71718e32021-12-20 15:56:10.931root 11241100x8000000000000000761939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3713b63c0986aa5b2021-12-20 15:56:10.931root 11241100x8000000000000000761940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19a51c8a44db2f22021-12-20 15:56:10.931root 11241100x8000000000000000761941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300a589a5dff621d2021-12-20 15:56:10.931root 11241100x8000000000000000761942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a0ad198d4f2b692021-12-20 15:56:10.931root 11241100x8000000000000000761943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d541c298ede36102021-12-20 15:56:10.931root 11241100x8000000000000000761944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528118649c7bcbaf2021-12-20 15:56:10.931root 11241100x8000000000000000761945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641af36bd092f57f2021-12-20 15:56:10.931root 11241100x8000000000000000761946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b694885f20f314e2021-12-20 15:56:10.931root 11241100x8000000000000000761947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7041035a7cb142f82021-12-20 15:56:10.931root 11241100x8000000000000000761948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e348c83c0a126ed2021-12-20 15:56:10.931root 11241100x8000000000000000761949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dda522bb2a2593b2021-12-20 15:56:10.931root 11241100x8000000000000000761950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e72def3ffa0eb702021-12-20 15:56:10.931root 11241100x8000000000000000761951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd8927b130e7f982021-12-20 15:56:10.932root 11241100x8000000000000000761952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9868b03a738a86062021-12-20 15:56:10.932root 11241100x8000000000000000761953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc97ab6b48b71c872021-12-20 15:56:10.932root 11241100x8000000000000000761954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e59cd0cf7f522c2021-12-20 15:56:10.932root 11241100x8000000000000000761955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddbdb2d7da675ca2021-12-20 15:56:10.932root 11241100x8000000000000000761956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c853e60c497412c92021-12-20 15:56:10.932root 11241100x8000000000000000761957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51078f7d35198c4e2021-12-20 15:56:10.932root 11241100x8000000000000000761958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef36064ed7fd23802021-12-20 15:56:10.932root 11241100x8000000000000000761959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e407ab73f3ba7742021-12-20 15:56:10.932root 11241100x8000000000000000761960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc09c2ae253456172021-12-20 15:56:10.932root 11241100x8000000000000000761961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ac280f95ae63d62021-12-20 15:56:10.932root 11241100x8000000000000000761962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1d763d402a1f0f2021-12-20 15:56:10.932root 11241100x8000000000000000761963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f11639e109e151f2021-12-20 15:56:10.932root 11241100x8000000000000000761964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5643db6c380967e52021-12-20 15:56:11.424root 11241100x8000000000000000761965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84f989965fa08652021-12-20 15:56:11.424root 11241100x8000000000000000761966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3969f3e87f518e632021-12-20 15:56:11.424root 11241100x8000000000000000761967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f946e573125841f02021-12-20 15:56:11.425root 11241100x8000000000000000761968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee42959c3b01cb32021-12-20 15:56:11.425root 11241100x8000000000000000761969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56c0b5ebb7c792c2021-12-20 15:56:11.425root 11241100x8000000000000000761970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfc1c113d32c3fd2021-12-20 15:56:11.425root 11241100x8000000000000000761971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5759cb32a31f5cc2021-12-20 15:56:11.425root 11241100x8000000000000000761972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8af4ada0ee361d72021-12-20 15:56:11.425root 11241100x8000000000000000761973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ea6548e3b6fa4b2021-12-20 15:56:11.425root 11241100x8000000000000000761974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24a5ce4deeb09f42021-12-20 15:56:11.425root 11241100x8000000000000000761975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d7873100b509692021-12-20 15:56:11.425root 11241100x8000000000000000761976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9e10c5410dacc32021-12-20 15:56:11.425root 11241100x8000000000000000761977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b035a3ce2a3e3dcd2021-12-20 15:56:11.426root 11241100x8000000000000000761978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6d32b911ac1b4a2021-12-20 15:56:11.426root 11241100x8000000000000000761979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504f546f9502d7e12021-12-20 15:56:11.426root 11241100x8000000000000000761980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edea7cccdf14a02c2021-12-20 15:56:11.426root 11241100x8000000000000000761981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d43be2626e269f52021-12-20 15:56:11.426root 11241100x8000000000000000761982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa2004fb3553d612021-12-20 15:56:11.426root 11241100x8000000000000000761983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b381a767c8740c12021-12-20 15:56:11.426root 11241100x8000000000000000761984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1491d71b86cb752021-12-20 15:56:11.426root 11241100x8000000000000000761985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f04620b18b419072021-12-20 15:56:11.426root 11241100x8000000000000000761986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da07223d496baef2021-12-20 15:56:11.426root 11241100x8000000000000000761987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd8ab47589224ed2021-12-20 15:56:11.427root 11241100x8000000000000000761988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc19f7aede31b472021-12-20 15:56:11.427root 11241100x8000000000000000761989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcc4bde7de03b052021-12-20 15:56:11.427root 11241100x8000000000000000761990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b516efe205ea812021-12-20 15:56:11.427root 11241100x8000000000000000761991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1557d49c5bc73b382021-12-20 15:56:11.427root 11241100x8000000000000000761992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93df39dec84706b2021-12-20 15:56:11.427root 11241100x8000000000000000761993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c87e7c625ee6812021-12-20 15:56:11.427root 11241100x8000000000000000761994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7b90a77d6ab1b12021-12-20 15:56:11.429root 11241100x8000000000000000761995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e220fbe7b805ca2021-12-20 15:56:11.429root 11241100x8000000000000000761996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d767f5e9379838562021-12-20 15:56:11.429root 11241100x8000000000000000761997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68267d9022f9e462021-12-20 15:56:11.429root 11241100x8000000000000000761998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dcc36f16c85d0f2021-12-20 15:56:11.430root 11241100x8000000000000000761999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a9e77af97435902021-12-20 15:56:11.430root 11241100x8000000000000000762000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32b0c128c5c9fcf2021-12-20 15:56:11.430root 11241100x8000000000000000762001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b15a93e79725f22021-12-20 15:56:11.431root 11241100x8000000000000000762002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58319d3dea897c132021-12-20 15:56:11.431root 11241100x8000000000000000762003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da4f95dfdcc898e2021-12-20 15:56:11.431root 11241100x8000000000000000762004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57ca7651f7efe7f2021-12-20 15:56:11.431root 11241100x8000000000000000762005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec45fd344711710a2021-12-20 15:56:11.431root 11241100x8000000000000000762006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee76ab0c33f5c43c2021-12-20 15:56:11.431root 11241100x8000000000000000762007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cd71d11ae179352021-12-20 15:56:11.431root 11241100x8000000000000000762008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bca46a4a45366b2021-12-20 15:56:11.431root 11241100x8000000000000000762009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a431c8ef75dc4f02021-12-20 15:56:11.431root 11241100x8000000000000000762010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f978e825efc6d0e2021-12-20 15:56:11.431root 11241100x8000000000000000762011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cc5c9c96fc574f2021-12-20 15:56:11.432root 11241100x8000000000000000762012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27aa46476d51f5082021-12-20 15:56:11.432root 11241100x8000000000000000762013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75c0347c4a6ea112021-12-20 15:56:11.432root 11241100x8000000000000000762014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4880c38a1f6629ba2021-12-20 15:56:11.432root 11241100x8000000000000000762015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfe6ac7961d9ce62021-12-20 15:56:11.432root 11241100x8000000000000000762016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34c1ba73937ae622021-12-20 15:56:11.432root 11241100x8000000000000000762017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823cdb9c630168e92021-12-20 15:56:11.432root 11241100x8000000000000000762018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9c9613676d4b662021-12-20 15:56:11.432root 11241100x8000000000000000762019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9da4b20737999c2021-12-20 15:56:11.432root 11241100x8000000000000000762020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ab53262bae59a32021-12-20 15:56:11.432root 11241100x8000000000000000762021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab3cf10bd995e992021-12-20 15:56:11.433root 11241100x8000000000000000762022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23461ef222f053ba2021-12-20 15:56:11.433root 11241100x8000000000000000762023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe741a016b769342021-12-20 15:56:11.433root 11241100x8000000000000000762024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710acb29fdd16ae52021-12-20 15:56:11.924root 11241100x8000000000000000762025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c0d09ad32a47812021-12-20 15:56:11.924root 11241100x8000000000000000762026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f98ae738d1068922021-12-20 15:56:11.924root 11241100x8000000000000000762027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb2ac3ff209cf3d2021-12-20 15:56:11.924root 11241100x8000000000000000762028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9899fb9221763df2021-12-20 15:56:11.925root 11241100x8000000000000000762029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed01cb1c02b55862021-12-20 15:56:11.925root 11241100x8000000000000000762030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2204749e5758232021-12-20 15:56:11.925root 11241100x8000000000000000762031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af536d9d5ce14f1e2021-12-20 15:56:11.925root 11241100x8000000000000000762032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6bf6e6bad63cf62021-12-20 15:56:11.925root 11241100x8000000000000000762033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17612090945000ed2021-12-20 15:56:11.925root 11241100x8000000000000000762034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23af533de13681ff2021-12-20 15:56:11.925root 11241100x8000000000000000762035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2100c5ae33c0e2712021-12-20 15:56:11.925root 11241100x8000000000000000762036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dad3729a771bbc2021-12-20 15:56:11.925root 11241100x8000000000000000762037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca77676425550d12021-12-20 15:56:11.925root 11241100x8000000000000000762038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc2ba3c6cc2f1bd2021-12-20 15:56:11.925root 11241100x8000000000000000762039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099a5d46d24256762021-12-20 15:56:11.925root 11241100x8000000000000000762040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19aed19eec426b5e2021-12-20 15:56:11.925root 11241100x8000000000000000762041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b83578557a22a482021-12-20 15:56:11.925root 11241100x8000000000000000762042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfd22d1683e3dce2021-12-20 15:56:11.925root 11241100x8000000000000000762043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a7712c6c10f8fc2021-12-20 15:56:11.926root 11241100x8000000000000000762044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0b276c4ddabdc22021-12-20 15:56:11.926root 11241100x8000000000000000762045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35ec81349ed15ea2021-12-20 15:56:11.926root 11241100x8000000000000000762046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3404961581d2f0c2021-12-20 15:56:11.926root 11241100x8000000000000000762047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c209064a44925f62021-12-20 15:56:11.926root 11241100x8000000000000000762048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e5f84bef08bb6c2021-12-20 15:56:11.926root 11241100x8000000000000000762049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c38461bd0e6f1fb2021-12-20 15:56:11.926root 11241100x8000000000000000762050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b57f637036733df2021-12-20 15:56:11.926root 11241100x8000000000000000762051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4594b4c57afb6892021-12-20 15:56:11.926root 11241100x8000000000000000762052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e9236c0456776e2021-12-20 15:56:11.926root 11241100x8000000000000000762053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bfd444c15781ef2021-12-20 15:56:11.926root 11241100x8000000000000000762054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4712e2291d0b2102021-12-20 15:56:11.927root 11241100x8000000000000000762055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3986681b3570d2432021-12-20 15:56:11.927root 11241100x8000000000000000762056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f931c2c38cd20aad2021-12-20 15:56:11.927root 11241100x8000000000000000762057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0df3f756467c37c2021-12-20 15:56:11.927root 11241100x8000000000000000762058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75311f60620fda6e2021-12-20 15:56:11.927root 11241100x8000000000000000762059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a25b93b94babc4b2021-12-20 15:56:11.927root 11241100x8000000000000000762060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f28beb183bb6b42021-12-20 15:56:11.927root 11241100x8000000000000000762061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f21c8c452395ef72021-12-20 15:56:11.927root 11241100x8000000000000000762062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4af186b6657b4e2021-12-20 15:56:11.927root 11241100x8000000000000000762063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31618ef044de853c2021-12-20 15:56:11.927root 11241100x8000000000000000762064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f07febd6697c4a02021-12-20 15:56:11.927root 11241100x8000000000000000762065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9b668feb7f25162021-12-20 15:56:11.928root 11241100x8000000000000000762066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00a426ff5c383152021-12-20 15:56:11.928root 11241100x8000000000000000762067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a90c01cfd5abcdf2021-12-20 15:56:11.928root 11241100x8000000000000000762068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e579055c16e3a3552021-12-20 15:56:11.928root 11241100x8000000000000000762069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbce93229ea3f482021-12-20 15:56:11.928root 11241100x8000000000000000762070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4084f0abf5537262021-12-20 15:56:12.424root 11241100x8000000000000000762071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e2ef191685be712021-12-20 15:56:12.424root 11241100x8000000000000000762072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3bffaa54e3dc282021-12-20 15:56:12.424root 11241100x8000000000000000762073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58475f9e0485be72021-12-20 15:56:12.424root 11241100x8000000000000000762074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff94cb27755ffcc2021-12-20 15:56:12.424root 11241100x8000000000000000762075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce104b95467a82c2021-12-20 15:56:12.424root 11241100x8000000000000000762076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f963232d18a0d7d2021-12-20 15:56:12.424root 11241100x8000000000000000762077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c14b02ad76cccd2021-12-20 15:56:12.425root 11241100x8000000000000000762078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9bd955bf40c5ba2021-12-20 15:56:12.425root 11241100x8000000000000000762079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc5eb6ab2c943762021-12-20 15:56:12.425root 11241100x8000000000000000762080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc881062ffc8c5f2021-12-20 15:56:12.425root 11241100x8000000000000000762081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad885271661a04b2021-12-20 15:56:12.425root 11241100x8000000000000000762082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82cce6efc0710aa2021-12-20 15:56:12.425root 11241100x8000000000000000762083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeba10939ab1c58c2021-12-20 15:56:12.425root 11241100x8000000000000000762084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84ce0e31f8ae1472021-12-20 15:56:12.425root 11241100x8000000000000000762085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef9e2f55d3411c02021-12-20 15:56:12.425root 11241100x8000000000000000762086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8244f1fddce036c2021-12-20 15:56:12.426root 11241100x8000000000000000762087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b51c8947367e53e2021-12-20 15:56:12.426root 11241100x8000000000000000762088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a1553a7a2393242021-12-20 15:56:12.426root 11241100x8000000000000000762089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07303a329bc64a062021-12-20 15:56:12.426root 11241100x8000000000000000762090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8435079f7c4d51f2021-12-20 15:56:12.426root 11241100x8000000000000000762091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c986293f1fe1fe702021-12-20 15:56:12.426root 11241100x8000000000000000762092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfd29d04bbce8fb2021-12-20 15:56:12.426root 11241100x8000000000000000762093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ebb59e26b694fe2021-12-20 15:56:12.426root 11241100x8000000000000000762094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903d7f12a77754af2021-12-20 15:56:12.426root 11241100x8000000000000000762095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3f00e2583f68c12021-12-20 15:56:12.427root 11241100x8000000000000000762096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa359dc2c747aa02021-12-20 15:56:12.427root 11241100x8000000000000000762097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350c1f082a0f04a32021-12-20 15:56:12.427root 11241100x8000000000000000762098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3efc25ba61342e2021-12-20 15:56:12.427root 11241100x8000000000000000762099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfc566a5b48792a2021-12-20 15:56:12.427root 11241100x8000000000000000762100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bc8e15ac50dcba2021-12-20 15:56:12.427root 11241100x8000000000000000762101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a103416e0a2c382021-12-20 15:56:12.427root 11241100x8000000000000000762102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5f215400c6e70e2021-12-20 15:56:12.427root 11241100x8000000000000000762103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3effc2d959cfb9252021-12-20 15:56:12.427root 11241100x8000000000000000762104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4505d70ce72abc82021-12-20 15:56:12.427root 11241100x8000000000000000762105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d762d2e811b7dc5d2021-12-20 15:56:12.428root 11241100x8000000000000000762106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dfa6be570f05012021-12-20 15:56:12.428root 11241100x8000000000000000762107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38879d2efcbd11612021-12-20 15:56:12.428root 11241100x8000000000000000762108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e36859932055632021-12-20 15:56:12.428root 11241100x8000000000000000762109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7120491190924d422021-12-20 15:56:12.428root 11241100x8000000000000000762110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779b449e59513fda2021-12-20 15:56:12.428root 11241100x8000000000000000762111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f5afcacc150b012021-12-20 15:56:12.428root 11241100x8000000000000000762112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae976cde2d1fdd22021-12-20 15:56:12.428root 11241100x8000000000000000762113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0b9089a23e85db2021-12-20 15:56:12.428root 11241100x8000000000000000762114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7395fea69a043ddc2021-12-20 15:56:12.429root 11241100x8000000000000000762115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bb3b2dfbd5911b2021-12-20 15:56:12.924root 11241100x8000000000000000762116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc807565966d1442021-12-20 15:56:12.924root 11241100x8000000000000000762117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8476facb46ded4472021-12-20 15:56:12.924root 11241100x8000000000000000762118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdd4a86a6e50dc02021-12-20 15:56:12.924root 11241100x8000000000000000762119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16851064a73a84062021-12-20 15:56:12.925root 11241100x8000000000000000762120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83938d9de56b66a02021-12-20 15:56:12.925root 11241100x8000000000000000762121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c86a646e2097d42021-12-20 15:56:12.925root 11241100x8000000000000000762122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f051381951ff66b2021-12-20 15:56:12.925root 11241100x8000000000000000762123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa56581866947d02021-12-20 15:56:12.925root 11241100x8000000000000000762124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67079f0ae1dd4692021-12-20 15:56:12.925root 11241100x8000000000000000762125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bda70762c93e8a42021-12-20 15:56:12.925root 11241100x8000000000000000762126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9102df0cc4e7b0b52021-12-20 15:56:12.925root 11241100x8000000000000000762127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242b77b50f3f88f82021-12-20 15:56:12.925root 11241100x8000000000000000762128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a1c1771294675d2021-12-20 15:56:12.925root 11241100x8000000000000000762129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88046fa6666f18be2021-12-20 15:56:12.925root 11241100x8000000000000000762130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c214d05ffc6c602021-12-20 15:56:12.926root 11241100x8000000000000000762131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702f9a8c51ae683a2021-12-20 15:56:12.926root 11241100x8000000000000000762132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18310519f6873c42021-12-20 15:56:12.926root 11241100x8000000000000000762133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0168d6ddd89f1a2021-12-20 15:56:12.926root 11241100x8000000000000000762134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c019b0e7ce8a7872021-12-20 15:56:12.926root 11241100x8000000000000000762135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29372ae4a8804c4a2021-12-20 15:56:12.926root 11241100x8000000000000000762136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223eccd93de4f7232021-12-20 15:56:12.926root 11241100x8000000000000000762137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04a3a24aca90b0d2021-12-20 15:56:12.927root 11241100x8000000000000000762138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261dbfae7ea3592c2021-12-20 15:56:12.927root 11241100x8000000000000000762139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578abc35638a0d6f2021-12-20 15:56:12.927root 11241100x8000000000000000762140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbed369d2e5624762021-12-20 15:56:12.927root 11241100x8000000000000000762141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af8bb197b10f2622021-12-20 15:56:12.927root 11241100x8000000000000000762142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ff0b7de2264ff82021-12-20 15:56:12.927root 11241100x8000000000000000762143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40502b3ae1efd07c2021-12-20 15:56:12.927root 11241100x8000000000000000762144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c73655736979132021-12-20 15:56:12.927root 11241100x8000000000000000762145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf8e424810640242021-12-20 15:56:12.927root 11241100x8000000000000000762146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d617fd3fdaa09892021-12-20 15:56:12.927root 11241100x8000000000000000762147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc43e6fad53a7552021-12-20 15:56:12.928root 11241100x8000000000000000762148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fa96f040938e362021-12-20 15:56:12.928root 11241100x8000000000000000762149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b943fb8a3f17cb2021-12-20 15:56:12.928root 11241100x8000000000000000762150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b059cd4b2fdb972021-12-20 15:56:12.928root 11241100x8000000000000000762151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c580f48f8e19070d2021-12-20 15:56:12.928root 11241100x8000000000000000762152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90832d3488e10a42021-12-20 15:56:12.928root 11241100x8000000000000000762153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b3734a604211052021-12-20 15:56:12.928root 11241100x8000000000000000762154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a01ceb4bb93c94b2021-12-20 15:56:13.424root 11241100x8000000000000000762155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b987ce88574315cb2021-12-20 15:56:13.424root 11241100x8000000000000000762156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500bfd4030e0da672021-12-20 15:56:13.424root 11241100x8000000000000000762157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97238dccb9e30a2c2021-12-20 15:56:13.424root 11241100x8000000000000000762158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c489bb60a98b53ef2021-12-20 15:56:13.425root 11241100x8000000000000000762159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b82c33729332fd2021-12-20 15:56:13.425root 11241100x8000000000000000762160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e7c5ced61536732021-12-20 15:56:13.425root 11241100x8000000000000000762161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ce1c0ac6a630d72021-12-20 15:56:13.425root 11241100x8000000000000000762162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c097483ff6256f9a2021-12-20 15:56:13.425root 11241100x8000000000000000762163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43184b48627872922021-12-20 15:56:13.425root 11241100x8000000000000000762164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865cb735b2ee2a5d2021-12-20 15:56:13.425root 11241100x8000000000000000762165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb76fdb580395ab2021-12-20 15:56:13.425root 11241100x8000000000000000762166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b07643c5547da72021-12-20 15:56:13.425root 11241100x8000000000000000762167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d093f4673aaa7c12021-12-20 15:56:13.425root 11241100x8000000000000000762168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14350da85d9539a42021-12-20 15:56:13.426root 11241100x8000000000000000762169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400af7c02c0ff5542021-12-20 15:56:13.426root 11241100x8000000000000000762170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9df399622d389b2021-12-20 15:56:13.426root 11241100x8000000000000000762171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d636e44661670e42021-12-20 15:56:13.426root 11241100x8000000000000000762172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6a0fb98cbbd0002021-12-20 15:56:13.426root 11241100x8000000000000000762173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3a94db8191dd762021-12-20 15:56:13.426root 11241100x8000000000000000762174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4973ee5cd154d8332021-12-20 15:56:13.426root 11241100x8000000000000000762175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efe8455c179d1f02021-12-20 15:56:13.426root 11241100x8000000000000000762176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373ca2d33963a00c2021-12-20 15:56:13.427root 11241100x8000000000000000762177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b870a1e89ba9282021-12-20 15:56:13.427root 11241100x8000000000000000762178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7954115dc16ad6672021-12-20 15:56:13.427root 11241100x8000000000000000762179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cd8bbe5761a7332021-12-20 15:56:13.427root 11241100x8000000000000000762180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2c4d3a4a3bb67d2021-12-20 15:56:13.427root 11241100x8000000000000000762181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab34297faf31639a2021-12-20 15:56:13.427root 11241100x8000000000000000762182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c441e2f28bc85fb2021-12-20 15:56:13.427root 11241100x8000000000000000762183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f01e455bc6ff2752021-12-20 15:56:13.427root 11241100x8000000000000000762184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b666cb7c5a43b42021-12-20 15:56:13.427root 11241100x8000000000000000762185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75c45ed5fc416822021-12-20 15:56:13.427root 11241100x8000000000000000762186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3613dd5fba4767e12021-12-20 15:56:13.428root 11241100x8000000000000000762187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34123087ffc93c822021-12-20 15:56:13.428root 11241100x8000000000000000762188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c797ce80c3cf1b2021-12-20 15:56:13.428root 11241100x8000000000000000762189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6f75b5fba6491e2021-12-20 15:56:13.428root 11241100x8000000000000000762190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6b6cb25d6f52fa2021-12-20 15:56:13.428root 11241100x8000000000000000762191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47a7a107d71b0ec2021-12-20 15:56:13.429root 11241100x8000000000000000762192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84727db06f4a58e2021-12-20 15:56:13.429root 11241100x8000000000000000762193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669a045283d90dc32021-12-20 15:56:13.429root 11241100x8000000000000000762194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6565f9654bef8cc12021-12-20 15:56:13.429root 11241100x8000000000000000762195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601b3504279f78962021-12-20 15:56:13.429root 11241100x8000000000000000762196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd862b78b67151aa2021-12-20 15:56:13.430root 11241100x8000000000000000762197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63939f0eed0564712021-12-20 15:56:13.430root 11241100x8000000000000000762198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661277f2e7ee07702021-12-20 15:56:13.430root 11241100x8000000000000000762199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb703a4b97f3232021-12-20 15:56:13.430root 11241100x8000000000000000762200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d378df06ee3f51d32021-12-20 15:56:13.924root 11241100x8000000000000000762201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808db9c5a969ca492021-12-20 15:56:13.924root 11241100x8000000000000000762202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3fb9673b45bd862021-12-20 15:56:13.924root 11241100x8000000000000000762203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9323c97950998a2021-12-20 15:56:13.924root 11241100x8000000000000000762204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58540e6e65d4c3b2021-12-20 15:56:13.924root 11241100x8000000000000000762205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f9a0ce36a1b95c2021-12-20 15:56:13.924root 11241100x8000000000000000762206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97da84a4b2c664d2021-12-20 15:56:13.924root 11241100x8000000000000000762207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f6fa3a6fc1e8ea2021-12-20 15:56:13.925root 11241100x8000000000000000762208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d44b4b61a430512021-12-20 15:56:13.925root 11241100x8000000000000000762209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceba53dd5dad6552021-12-20 15:56:13.925root 11241100x8000000000000000762210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7947b55c7d757aac2021-12-20 15:56:13.925root 11241100x8000000000000000762211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853f6352c0aca0662021-12-20 15:56:13.925root 11241100x8000000000000000762212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1540d1dbebb7f08c2021-12-20 15:56:13.925root 11241100x8000000000000000762213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170cb6bbbbd528cc2021-12-20 15:56:13.925root 11241100x8000000000000000762214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cc27f0a1f02bd92021-12-20 15:56:13.925root 11241100x8000000000000000762215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef7ea13b60c1e812021-12-20 15:56:13.925root 11241100x8000000000000000762216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afade431b29eea182021-12-20 15:56:13.925root 11241100x8000000000000000762217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180b2c01d249bbe2021-12-20 15:56:13.925root 11241100x8000000000000000762218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5eeb165bce6e6f2021-12-20 15:56:13.925root 11241100x8000000000000000762219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8c506f9d3da14c2021-12-20 15:56:13.925root 11241100x8000000000000000762220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e14e3d76035a952021-12-20 15:56:13.925root 11241100x8000000000000000762221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a4bb2aa12f748d2021-12-20 15:56:13.925root 11241100x8000000000000000762222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f931b1e3184ebf1c2021-12-20 15:56:13.926root 11241100x8000000000000000762223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07a1ba85d3c6f832021-12-20 15:56:13.926root 11241100x8000000000000000762224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5b1744c32c3b762021-12-20 15:56:13.926root 11241100x8000000000000000762225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f3fd555926540a2021-12-20 15:56:13.926root 11241100x8000000000000000762226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75985ad3a6f8069d2021-12-20 15:56:13.926root 11241100x8000000000000000762227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12f8f6fbd823bc12021-12-20 15:56:13.926root 11241100x8000000000000000762228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82a962d61dd7d092021-12-20 15:56:13.926root 11241100x8000000000000000762229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57872128a22cd2832021-12-20 15:56:13.926root 11241100x8000000000000000762230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d041fdd24038d4082021-12-20 15:56:13.926root 11241100x8000000000000000762231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f5f151a344f05a2021-12-20 15:56:13.926root 11241100x8000000000000000762232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1eb6d277c9219e2021-12-20 15:56:13.926root 11241100x8000000000000000762233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd620574e446bcb2021-12-20 15:56:13.926root 11241100x8000000000000000762234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10777f401d1d254e2021-12-20 15:56:13.926root 11241100x8000000000000000762235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9aa5009c0750272021-12-20 15:56:13.926root 11241100x8000000000000000762236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982b74abac6ccff2021-12-20 15:56:13.926root 11241100x8000000000000000762237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f84fac5ce433fb52021-12-20 15:56:13.927root 11241100x8000000000000000762238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0d1ebfc0a11d372021-12-20 15:56:13.927root 11241100x8000000000000000762239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee284a074f9ef7d2021-12-20 15:56:13.927root 11241100x8000000000000000762240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a23d6052e8c6fa62021-12-20 15:56:13.927root 11241100x8000000000000000762241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd0cd7baa7bd5bd2021-12-20 15:56:13.927root 11241100x8000000000000000762242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccef5eb60e0be95b2021-12-20 15:56:13.927root 11241100x8000000000000000762243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12995b15bcf7c1772021-12-20 15:56:13.927root 11241100x8000000000000000762244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7c9e28781a3b7c2021-12-20 15:56:13.927root 11241100x8000000000000000762245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9697a92e4d64ff4f2021-12-20 15:56:13.927root 11241100x8000000000000000762246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38210883bfd242aa2021-12-20 15:56:13.927root 354300x8000000000000000762247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.063{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51394-false10.0.1.12-8000- 154100x8000000000000000762248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.270{ec2c97d1-a79e-61c0-6824-c9d195550000}10205/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000762249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a656c32d6b4c426c2021-12-20 15:56:14.271root 11241100x8000000000000000762250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8ede607c6371e52021-12-20 15:56:14.271root 11241100x8000000000000000762251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.272{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b697d5806539e732021-12-20 15:56:14.272root 11241100x8000000000000000762252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.272{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869e42c7c1aa41462021-12-20 15:56:14.272root 11241100x8000000000000000762253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.272{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4974f4f5d3dcdfeb2021-12-20 15:56:14.272root 11241100x8000000000000000762254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.272{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c0ec0ca70610982021-12-20 15:56:14.272root 11241100x8000000000000000762255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eee7848490bec72021-12-20 15:56:14.273root 11241100x8000000000000000762256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea289087fe6fd52f2021-12-20 15:56:14.273root 11241100x8000000000000000762257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba10372af7aea8bc2021-12-20 15:56:14.273root 11241100x8000000000000000762258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cde4ad0c14b11f2021-12-20 15:56:14.273root 11241100x8000000000000000762259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3ee174acf5a4ba2021-12-20 15:56:14.273root 11241100x8000000000000000762260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a529703d39ebc5bf2021-12-20 15:56:14.273root 11241100x8000000000000000762261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f11b1cf45412f082021-12-20 15:56:14.273root 11241100x8000000000000000762262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732394c6a1a9f84f2021-12-20 15:56:14.273root 11241100x8000000000000000762263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.274{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688fc8931f81fe6c2021-12-20 15:56:14.274root 11241100x8000000000000000762264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.274{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467bf9988a1594ec2021-12-20 15:56:14.274root 11241100x8000000000000000762265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.274{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac306b4b70edc0932021-12-20 15:56:14.274root 11241100x8000000000000000762266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.274{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5d3052860c2ef82021-12-20 15:56:14.274root 11241100x8000000000000000762267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.274{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a04ec27ba64ecf32021-12-20 15:56:14.274root 11241100x8000000000000000762268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.274{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d503363c4b21d92021-12-20 15:56:14.274root 11241100x8000000000000000762269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.274{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d672a212e03aacf82021-12-20 15:56:14.274root 11241100x8000000000000000762270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.274{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7f62f06aa27ebd2021-12-20 15:56:14.274root 11241100x8000000000000000762271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.275{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91aec4945c4f5c972021-12-20 15:56:14.275root 11241100x8000000000000000762272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.276{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7ab2f91c32573f2021-12-20 15:56:14.276root 11241100x8000000000000000762273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.276{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92ba3241c69f8b12021-12-20 15:56:14.276root 11241100x8000000000000000762274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.276{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e26cc9cf0617e052021-12-20 15:56:14.276root 11241100x8000000000000000762275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.276{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a324b37ae693572021-12-20 15:56:14.276root 11241100x8000000000000000762276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.276{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2796ac196d41c8e2021-12-20 15:56:14.276root 11241100x8000000000000000762277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.276{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edde1a63081ecbd22021-12-20 15:56:14.276root 11241100x8000000000000000762278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.276{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b156d743a5c2fe5f2021-12-20 15:56:14.276root 11241100x8000000000000000762279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.276{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb7e7f890d2a3512021-12-20 15:56:14.276root 11241100x8000000000000000762280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.276{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3629afd38798b902021-12-20 15:56:14.276root 11241100x8000000000000000762281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.277{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a223614ba8cd6f52021-12-20 15:56:14.277root 11241100x8000000000000000762282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.277{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aa940d130c91c82021-12-20 15:56:14.277root 11241100x8000000000000000762283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.277{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89efd4f9c44728222021-12-20 15:56:14.277root 11241100x8000000000000000762284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.277{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c42dd978432ba772021-12-20 15:56:14.277root 11241100x8000000000000000762285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.277{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324e2b536f0c3ca32021-12-20 15:56:14.277root 11241100x8000000000000000762286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.277{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cea372612fcde6c2021-12-20 15:56:14.277root 11241100x8000000000000000762287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.277{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cf70d433600d8b2021-12-20 15:56:14.277root 11241100x8000000000000000762288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.278{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfc871b429ded152021-12-20 15:56:14.278root 11241100x8000000000000000762289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.278{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c14cd65f13c3ad32021-12-20 15:56:14.278root 11241100x8000000000000000762290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.278{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366f7139a1b4c8a42021-12-20 15:56:14.278root 11241100x8000000000000000762291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.279{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e96efb97be148942021-12-20 15:56:14.279root 11241100x8000000000000000762292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.279{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5121c9935dee14ee2021-12-20 15:56:14.279root 11241100x8000000000000000762293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.279{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9dd9e6ce3510562021-12-20 15:56:14.279root 11241100x8000000000000000762294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.279{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db8842b1b9c32862021-12-20 15:56:14.279root 534500x8000000000000000762295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.283{ec2c97d1-a79e-61c0-6824-c9d195550000}10205/bin/psroot 11241100x8000000000000000762296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b01c5b191c03052021-12-20 15:56:14.674root 11241100x8000000000000000762297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675a8b9ca67ee36c2021-12-20 15:56:14.674root 11241100x8000000000000000762298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c585c8203824aeb72021-12-20 15:56:14.674root 11241100x8000000000000000762299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da71bf48893c50fc2021-12-20 15:56:14.674root 11241100x8000000000000000762300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf947229498341b2021-12-20 15:56:14.674root 11241100x8000000000000000762301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18304d8c914c83892021-12-20 15:56:14.674root 11241100x8000000000000000762302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4cd7e4634709d82021-12-20 15:56:14.674root 11241100x8000000000000000762303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af5358085b6e21e2021-12-20 15:56:14.674root 11241100x8000000000000000762304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbe3efb3a9b69452021-12-20 15:56:14.674root 11241100x8000000000000000762305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582c95d94d3567ec2021-12-20 15:56:14.674root 11241100x8000000000000000762306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978444c747ee66922021-12-20 15:56:14.675root 11241100x8000000000000000762307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebe95f5e348f5d02021-12-20 15:56:14.675root 11241100x8000000000000000762308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53bba9b8c21891a2021-12-20 15:56:14.675root 11241100x8000000000000000762309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91937bcbdc82edc2021-12-20 15:56:14.675root 11241100x8000000000000000762310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7ab4a14f45689f2021-12-20 15:56:14.676root 11241100x8000000000000000762311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4a5ec4a51887892021-12-20 15:56:14.676root 11241100x8000000000000000762312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51b20c0619597872021-12-20 15:56:14.677root 11241100x8000000000000000762313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328838091603587f2021-12-20 15:56:14.677root 11241100x8000000000000000762314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a3dc62e79795162021-12-20 15:56:14.677root 11241100x8000000000000000762315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a4c5cbd87193862021-12-20 15:56:14.677root 11241100x8000000000000000762316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5d518967f7990e2021-12-20 15:56:14.677root 11241100x8000000000000000762317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84001b980d1216ea2021-12-20 15:56:14.677root 11241100x8000000000000000762318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530da6379e7ee5d72021-12-20 15:56:14.677root 11241100x8000000000000000762319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a06782f914b14852021-12-20 15:56:14.677root 11241100x8000000000000000762320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fd5389952448392021-12-20 15:56:14.678root 11241100x8000000000000000762321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec0a839c970aeab2021-12-20 15:56:14.678root 11241100x8000000000000000762322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26d21ffbc8d2d5e2021-12-20 15:56:14.678root 11241100x8000000000000000762323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a653819611aff55b2021-12-20 15:56:14.678root 11241100x8000000000000000762324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94a6b717b599f522021-12-20 15:56:14.678root 11241100x8000000000000000762325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15966bf913f8b372021-12-20 15:56:14.678root 11241100x8000000000000000762326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30204d05361a33312021-12-20 15:56:14.678root 11241100x8000000000000000762327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d01d6e2528e2372021-12-20 15:56:14.678root 11241100x8000000000000000762328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f409b1690f6c9522021-12-20 15:56:14.678root 11241100x8000000000000000762329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c1781fb98433ae2021-12-20 15:56:14.678root 11241100x8000000000000000762330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8b573bb9c766ed2021-12-20 15:56:14.678root 11241100x8000000000000000762331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7b33a16390d1d82021-12-20 15:56:14.678root 11241100x8000000000000000762332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b6a2f0ba5c28502021-12-20 15:56:14.679root 11241100x8000000000000000762333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77a5b468c9f52b72021-12-20 15:56:14.679root 11241100x8000000000000000762334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e3af36fb8693e12021-12-20 15:56:14.679root 11241100x8000000000000000762335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54f82ca8963791f2021-12-20 15:56:14.679root 11241100x8000000000000000762336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4185cf4c06fdd0a2021-12-20 15:56:14.679root 11241100x8000000000000000762337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81218404fa0bd02f2021-12-20 15:56:14.679root 11241100x8000000000000000762338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a1e02da1b233252021-12-20 15:56:14.679root 11241100x8000000000000000762339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a724762a0bc630d22021-12-20 15:56:14.679root 11241100x8000000000000000762340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95d9360a86058182021-12-20 15:56:14.679root 11241100x8000000000000000762341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d223fb98ecb71b3e2021-12-20 15:56:14.679root 11241100x8000000000000000762342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0612e46bd8088eb2021-12-20 15:56:14.680root 11241100x8000000000000000762343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b154e93a1876512021-12-20 15:56:14.681root 11241100x8000000000000000762344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42da52db3bf57b92021-12-20 15:56:14.681root 11241100x8000000000000000762345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:14.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281da073ac092fab2021-12-20 15:56:14.681root 11241100x8000000000000000762346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afaf5b80d2657f92021-12-20 15:56:15.174root 11241100x8000000000000000762347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d991723e5642863c2021-12-20 15:56:15.174root 11241100x8000000000000000762348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7919b3c7fb9616f52021-12-20 15:56:15.174root 11241100x8000000000000000762349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a57ca9c610c9b8f2021-12-20 15:56:15.174root 11241100x8000000000000000762350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89cd19e1cee4aa72021-12-20 15:56:15.175root 11241100x8000000000000000762351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e19e06974f5b332021-12-20 15:56:15.175root 11241100x8000000000000000762352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3188e7bf60b44a8e2021-12-20 15:56:15.175root 11241100x8000000000000000762353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d0cb5b5b3ef892021-12-20 15:56:15.175root 11241100x8000000000000000762354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7606a99913dae172021-12-20 15:56:15.175root 11241100x8000000000000000762355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb06bd5fef81f5812021-12-20 15:56:15.175root 11241100x8000000000000000762356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc17ab91c6655f822021-12-20 15:56:15.175root 11241100x8000000000000000762357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4325a32ac456c16d2021-12-20 15:56:15.175root 11241100x8000000000000000762358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c31d1cefffd7f692021-12-20 15:56:15.175root 11241100x8000000000000000762359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1ed824d91121df2021-12-20 15:56:15.175root 11241100x8000000000000000762360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a6f6a39872ecc52021-12-20 15:56:15.175root 11241100x8000000000000000762361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b001c44a1ff3c5ea2021-12-20 15:56:15.175root 11241100x8000000000000000762362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a007fb5b9266aa2021-12-20 15:56:15.175root 11241100x8000000000000000762363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae801b826dc76b482021-12-20 15:56:15.175root 11241100x8000000000000000762364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad00c8e91b19d022021-12-20 15:56:15.176root 11241100x8000000000000000762365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb7fc679c10a222021-12-20 15:56:15.176root 11241100x8000000000000000762366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2a124bfd821a9c2021-12-20 15:56:15.176root 11241100x8000000000000000762367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cd47a2409cbe2b2021-12-20 15:56:15.176root 11241100x8000000000000000762368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a5da3033ac226d2021-12-20 15:56:15.176root 11241100x8000000000000000762369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f2709ff608d9f52021-12-20 15:56:15.176root 11241100x8000000000000000762370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb96144c4f4741c42021-12-20 15:56:15.176root 11241100x8000000000000000762371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e6256d90c725182021-12-20 15:56:15.176root 11241100x8000000000000000762372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b919078a875eb2652021-12-20 15:56:15.177root 11241100x8000000000000000762373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600c91ac1471a46a2021-12-20 15:56:15.177root 11241100x8000000000000000762374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86da5590631a2c342021-12-20 15:56:15.177root 11241100x8000000000000000762375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7fc915ac25760f2021-12-20 15:56:15.177root 11241100x8000000000000000762376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fc7f8d3179a5cf2021-12-20 15:56:15.177root 11241100x8000000000000000762377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24fbbbdaea020f52021-12-20 15:56:15.177root 11241100x8000000000000000762378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0148fba2635a1f562021-12-20 15:56:15.177root 11241100x8000000000000000762379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec568ee633e16c2e2021-12-20 15:56:15.177root 11241100x8000000000000000762380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447c03cf9a7e47dc2021-12-20 15:56:15.177root 11241100x8000000000000000762381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6ddf4e97d125ad2021-12-20 15:56:15.177root 11241100x8000000000000000762382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a249bfec0cd65012021-12-20 15:56:15.177root 11241100x8000000000000000762383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5edc84b6a151b82021-12-20 15:56:15.177root 11241100x8000000000000000762384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c1fcb2ea2733152021-12-20 15:56:15.177root 11241100x8000000000000000762385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43f5c460bec78912021-12-20 15:56:15.177root 11241100x8000000000000000762386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674c6236ddc518092021-12-20 15:56:15.178root 11241100x8000000000000000762387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7556ed38dbef62ec2021-12-20 15:56:15.178root 11241100x8000000000000000762388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331fc16820c3ca562021-12-20 15:56:15.178root 11241100x8000000000000000762389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b1e9991a388d812021-12-20 15:56:15.178root 11241100x8000000000000000762390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca9758053a8343b2021-12-20 15:56:15.178root 11241100x8000000000000000762391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17522750814fd2a02021-12-20 15:56:15.178root 11241100x8000000000000000762392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3220a7ca74f72b342021-12-20 15:56:15.179root 11241100x8000000000000000762393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1965f651dabacdc82021-12-20 15:56:15.179root 11241100x8000000000000000762394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5b017ca5b41a0d2021-12-20 15:56:15.179root 11241100x8000000000000000762395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86159307585f9042021-12-20 15:56:15.179root 11241100x8000000000000000762396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776c15460bb7b2732021-12-20 15:56:15.179root 11241100x8000000000000000762397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f914fc8b334fcea2021-12-20 15:56:15.179root 11241100x8000000000000000762398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c2ab5f88ee5d8b2021-12-20 15:56:15.179root 11241100x8000000000000000762399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd18eac1c35822c2021-12-20 15:56:15.179root 11241100x8000000000000000762400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7566341a4d476b562021-12-20 15:56:15.179root 11241100x8000000000000000762401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a3c372715c2692021-12-20 15:56:15.179root 11241100x8000000000000000762402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e83db74cf05e952021-12-20 15:56:15.180root 11241100x8000000000000000762403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fed12811ff08de72021-12-20 15:56:15.180root 11241100x8000000000000000762404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7688fe752487a12021-12-20 15:56:15.180root 11241100x8000000000000000762405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381e924ac5222e6f2021-12-20 15:56:15.180root 11241100x8000000000000000762406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfcf8a2f8712d2c2021-12-20 15:56:15.674root 11241100x8000000000000000762407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67340c966ac7b5102021-12-20 15:56:15.674root 11241100x8000000000000000762408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e2799da4da5a7c2021-12-20 15:56:15.675root 11241100x8000000000000000762409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413eeb4e778775432021-12-20 15:56:15.675root 11241100x8000000000000000762410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5911886648e5b302021-12-20 15:56:15.675root 11241100x8000000000000000762411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8e1e086b1ec61a2021-12-20 15:56:15.675root 11241100x8000000000000000762412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba756215698355612021-12-20 15:56:15.675root 11241100x8000000000000000762413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f907c6dacf3242b42021-12-20 15:56:15.675root 11241100x8000000000000000762414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7422ed18968f2d52021-12-20 15:56:15.675root 11241100x8000000000000000762415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad3b238335ca5082021-12-20 15:56:15.675root 11241100x8000000000000000762416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589dd872862d0a3e2021-12-20 15:56:15.675root 11241100x8000000000000000762417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a59049e7a42b392021-12-20 15:56:15.675root 11241100x8000000000000000762418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c528f0b647da7152021-12-20 15:56:15.676root 11241100x8000000000000000762419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a92c550d30668e2021-12-20 15:56:15.676root 11241100x8000000000000000762420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cdac8c356a137a2021-12-20 15:56:15.676root 11241100x8000000000000000762421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eda97afe15ad882021-12-20 15:56:15.676root 11241100x8000000000000000762422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bd4385ba6ef8d02021-12-20 15:56:15.676root 11241100x8000000000000000762423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fe3d89f13f70c72021-12-20 15:56:15.676root 11241100x8000000000000000762424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e18eaa3b57d813a2021-12-20 15:56:15.676root 11241100x8000000000000000762425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1dd972de05f95e2021-12-20 15:56:15.676root 11241100x8000000000000000762426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938007df6e980bdf2021-12-20 15:56:15.676root 11241100x8000000000000000762427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a75ed670ce443942021-12-20 15:56:15.676root 11241100x8000000000000000762428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e561a94d0a755b5b2021-12-20 15:56:15.676root 11241100x8000000000000000762429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5902674ba8f595932021-12-20 15:56:15.676root 11241100x8000000000000000762430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861d922effddf8d92021-12-20 15:56:15.677root 11241100x8000000000000000762431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71a79309bbebc082021-12-20 15:56:15.677root 11241100x8000000000000000762432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ca4af3bf9e8ab02021-12-20 15:56:15.677root 11241100x8000000000000000762433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fda4103d73f182f2021-12-20 15:56:15.677root 11241100x8000000000000000762434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abdc3f25815742c2021-12-20 15:56:15.677root 11241100x8000000000000000762435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45151bdbcb07a9b2021-12-20 15:56:15.677root 11241100x8000000000000000762436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900d1ea7cb5bbb422021-12-20 15:56:15.678root 11241100x8000000000000000762437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3c9843a09450622021-12-20 15:56:15.678root 11241100x8000000000000000762438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a16a4c48d2486032021-12-20 15:56:15.678root 11241100x8000000000000000762439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809abb3c299107a82021-12-20 15:56:15.678root 11241100x8000000000000000762440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a87958043fbfb42021-12-20 15:56:15.679root 11241100x8000000000000000762441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c371c68549a4542021-12-20 15:56:15.679root 11241100x8000000000000000762442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd4ae9b2dbfd1822021-12-20 15:56:15.679root 11241100x8000000000000000762443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94648d98b81dd972021-12-20 15:56:15.679root 11241100x8000000000000000762444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29cb9ae12f51b1d2021-12-20 15:56:15.679root 11241100x8000000000000000762445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542da6397852db342021-12-20 15:56:15.679root 11241100x8000000000000000762446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1463bbea441d0e6e2021-12-20 15:56:15.679root 11241100x8000000000000000762447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6069e1a47d8de82021-12-20 15:56:15.680root 11241100x8000000000000000762448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc15f043bc7e11fa2021-12-20 15:56:15.680root 11241100x8000000000000000762449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c215c737b9090522021-12-20 15:56:15.680root 11241100x8000000000000000762450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66b50d37e707c0e2021-12-20 15:56:15.680root 11241100x8000000000000000762451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54ff0c5ba4beedb2021-12-20 15:56:15.681root 11241100x8000000000000000762452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cdd65286d049dc2021-12-20 15:56:15.681root 11241100x8000000000000000762453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a3972705dad0352021-12-20 15:56:15.681root 11241100x8000000000000000762454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9216a978f526df2021-12-20 15:56:15.681root 11241100x8000000000000000762455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58b945970c9813e2021-12-20 15:56:15.681root 11241100x8000000000000000762456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6ea293b94c360f2021-12-20 15:56:15.681root 11241100x8000000000000000762457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289cf6754651320f2021-12-20 15:56:15.681root 11241100x8000000000000000762458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:15.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4757f72b8947cafc2021-12-20 15:56:15.681root 11241100x8000000000000000762459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e5ebb987e9f4ca2021-12-20 15:56:16.174root 11241100x8000000000000000762460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a646b6cfcd6e4872021-12-20 15:56:16.174root 11241100x8000000000000000762461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1affa8c676b34be2021-12-20 15:56:16.174root 11241100x8000000000000000762462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b72df5a21970962021-12-20 15:56:16.174root 11241100x8000000000000000762463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d1a87db1e774a42021-12-20 15:56:16.174root 11241100x8000000000000000762464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130e6c2145ec5efc2021-12-20 15:56:16.175root 11241100x8000000000000000762465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47465889e5727412021-12-20 15:56:16.175root 11241100x8000000000000000762466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f652a29aa9c494092021-12-20 15:56:16.175root 11241100x8000000000000000762467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801a1f03952555382021-12-20 15:56:16.175root 11241100x8000000000000000762468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469f8fe54238da682021-12-20 15:56:16.175root 11241100x8000000000000000762469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b73e164fbdd3e0c2021-12-20 15:56:16.175root 11241100x8000000000000000762470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de46305767357e852021-12-20 15:56:16.175root 11241100x8000000000000000762471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b993a018f13f634d2021-12-20 15:56:16.175root 11241100x8000000000000000762472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cc4e351400395d2021-12-20 15:56:16.175root 11241100x8000000000000000762473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4d58ad14fdd0bb2021-12-20 15:56:16.175root 11241100x8000000000000000762474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e939504c629c4a62021-12-20 15:56:16.175root 11241100x8000000000000000762475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e700a51cf7eedf092021-12-20 15:56:16.176root 11241100x8000000000000000762476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8e0bc633a176c52021-12-20 15:56:16.176root 11241100x8000000000000000762477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa40eedb8559fed32021-12-20 15:56:16.176root 11241100x8000000000000000762478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425beeb6cf83981e2021-12-20 15:56:16.176root 11241100x8000000000000000762479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b83191113d4855f2021-12-20 15:56:16.176root 11241100x8000000000000000762480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e931cbb42a62ce12021-12-20 15:56:16.176root 11241100x8000000000000000762481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5626693445fe432021-12-20 15:56:16.176root 11241100x8000000000000000762482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc37d444bc1bcea2021-12-20 15:56:16.176root 11241100x8000000000000000762483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156bd327a56389f32021-12-20 15:56:16.176root 11241100x8000000000000000762484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215b90daa3d63f122021-12-20 15:56:16.177root 11241100x8000000000000000762485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45ac95a13d7a8d72021-12-20 15:56:16.177root 11241100x8000000000000000762486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cb69f74ab160702021-12-20 15:56:16.177root 11241100x8000000000000000762487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99e0b9c44d1bbf42021-12-20 15:56:16.177root 11241100x8000000000000000762488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0ee0cefecb06d82021-12-20 15:56:16.177root 11241100x8000000000000000762489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990375e1e7a791122021-12-20 15:56:16.177root 11241100x8000000000000000762490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699009d0786ccdd32021-12-20 15:56:16.177root 11241100x8000000000000000762491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86206ab1fc5921482021-12-20 15:56:16.177root 11241100x8000000000000000762492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60846a84a8181412021-12-20 15:56:16.177root 11241100x8000000000000000762493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f270fcffdfa09d2021-12-20 15:56:16.177root 11241100x8000000000000000762494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa361ead136122cf2021-12-20 15:56:16.177root 11241100x8000000000000000762495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921e07013e0a968f2021-12-20 15:56:16.177root 11241100x8000000000000000762496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6feabe85fca2e7162021-12-20 15:56:16.177root 11241100x8000000000000000762497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2b57c2f17777d32021-12-20 15:56:16.177root 11241100x8000000000000000762498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf72f0e936620102021-12-20 15:56:16.177root 11241100x8000000000000000762499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e121e00351f4c22021-12-20 15:56:16.178root 11241100x8000000000000000762500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66068ea084b607de2021-12-20 15:56:16.178root 11241100x8000000000000000762501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2b32e39428c1082021-12-20 15:56:16.178root 11241100x8000000000000000762502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc99ff8bd99f320a2021-12-20 15:56:16.178root 11241100x8000000000000000762503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb52324546cecd812021-12-20 15:56:16.178root 11241100x8000000000000000762504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073c2fd3ba2f12f12021-12-20 15:56:16.178root 11241100x8000000000000000762505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc032e0327e4150e2021-12-20 15:56:16.179root 11241100x8000000000000000762506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b396fe5aa09eff2021-12-20 15:56:16.179root 11241100x8000000000000000762507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0257d3d53c06ce632021-12-20 15:56:16.180root 11241100x8000000000000000762508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aee50e434b70062021-12-20 15:56:16.180root 11241100x8000000000000000762509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a6f4ed2ec045082021-12-20 15:56:16.180root 11241100x8000000000000000762510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fa237ebbb7522a2021-12-20 15:56:16.180root 11241100x8000000000000000762511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62808ae1d3c139c42021-12-20 15:56:16.180root 11241100x8000000000000000762512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec59a2f6af65231b2021-12-20 15:56:16.181root 11241100x8000000000000000762513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8d3c2a2a1d24ec2021-12-20 15:56:16.181root 11241100x8000000000000000762514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da129e891979afe2021-12-20 15:56:16.181root 11241100x8000000000000000762515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd94470a463b2dd2021-12-20 15:56:16.181root 11241100x8000000000000000762516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc66914280145d9c2021-12-20 15:56:16.181root 11241100x8000000000000000762517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b970f64433692c2021-12-20 15:56:16.181root 11241100x8000000000000000762518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4021603322b9e57e2021-12-20 15:56:16.181root 11241100x8000000000000000762519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada15ddea1f215022021-12-20 15:56:16.182root 11241100x8000000000000000762520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90a6c6fa9c8f46e2021-12-20 15:56:16.183root 11241100x8000000000000000762521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250340a2978ff23c2021-12-20 15:56:16.183root 11241100x8000000000000000762522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10c6d4d2854096d2021-12-20 15:56:16.675root 11241100x8000000000000000762523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5aae83535fd08a2021-12-20 15:56:16.675root 11241100x8000000000000000762524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fb92a0acbf60bf2021-12-20 15:56:16.675root 11241100x8000000000000000762525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa564d75211829f2021-12-20 15:56:16.675root 11241100x8000000000000000762526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c3b489f718697b2021-12-20 15:56:16.675root 11241100x8000000000000000762527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16bcfbd5290b9e22021-12-20 15:56:16.675root 11241100x8000000000000000762528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6878af5fc566ffbe2021-12-20 15:56:16.675root 11241100x8000000000000000762529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c64bc4aeded80da2021-12-20 15:56:16.675root 11241100x8000000000000000762530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fcb1e4fc580ab12021-12-20 15:56:16.675root 11241100x8000000000000000762531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a0fe923e5434602021-12-20 15:56:16.675root 11241100x8000000000000000762532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e005779c44182ab2021-12-20 15:56:16.675root 11241100x8000000000000000762533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8760833c586c7da2021-12-20 15:56:16.676root 11241100x8000000000000000762534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acd2f409bff8bba2021-12-20 15:56:16.676root 11241100x8000000000000000762535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5c69d6eb661e3e2021-12-20 15:56:16.676root 11241100x8000000000000000762536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5942a7f582156a52021-12-20 15:56:16.676root 11241100x8000000000000000762537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf128189dd1858d32021-12-20 15:56:16.676root 11241100x8000000000000000762538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d599a9f3366a79932021-12-20 15:56:16.676root 11241100x8000000000000000762539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1140e5494b623152021-12-20 15:56:16.676root 11241100x8000000000000000762540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e3d949cf38850b2021-12-20 15:56:16.676root 11241100x8000000000000000762541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7091e7d497cd192021-12-20 15:56:16.676root 11241100x8000000000000000762542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5559d904e928fb952021-12-20 15:56:16.676root 11241100x8000000000000000762543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323116e6c7a8eca82021-12-20 15:56:16.676root 11241100x8000000000000000762544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec11348b6f28fc62021-12-20 15:56:16.676root 11241100x8000000000000000762545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b93842c92d7b5bd2021-12-20 15:56:16.676root 11241100x8000000000000000762546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a96ae216ad38372021-12-20 15:56:16.676root 11241100x8000000000000000762547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd8f70ca60c0c6f2021-12-20 15:56:16.676root 11241100x8000000000000000762548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114baf9174f988cc2021-12-20 15:56:16.677root 11241100x8000000000000000762549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696f7359859510a32021-12-20 15:56:16.677root 11241100x8000000000000000762550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2bf0a1d814c8412021-12-20 15:56:16.677root 11241100x8000000000000000762551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bf87d5086562192021-12-20 15:56:16.677root 11241100x8000000000000000762552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1646d259f2222be82021-12-20 15:56:16.677root 11241100x8000000000000000762553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3c812285760ae12021-12-20 15:56:16.677root 11241100x8000000000000000762554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdfef161415bc962021-12-20 15:56:16.677root 11241100x8000000000000000762555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09adf8bc86d566a2021-12-20 15:56:16.677root 11241100x8000000000000000762556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e0df5f2ab755b52021-12-20 15:56:16.677root 11241100x8000000000000000762557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed3f34553ebe23e2021-12-20 15:56:16.677root 11241100x8000000000000000762558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960f2a48d94a20e32021-12-20 15:56:16.677root 11241100x8000000000000000762559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a4b9c985fa1e282021-12-20 15:56:16.677root 11241100x8000000000000000762560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074cab332be78b7a2021-12-20 15:56:16.677root 11241100x8000000000000000762561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3a8a91b7e5afee2021-12-20 15:56:16.677root 11241100x8000000000000000762562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b54a87588d2f2f2021-12-20 15:56:16.677root 11241100x8000000000000000762563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aaa163667921dc2021-12-20 15:56:16.677root 11241100x8000000000000000762564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70c81a281648c032021-12-20 15:56:17.174root 11241100x8000000000000000762565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1301906b2bd6ca2021-12-20 15:56:17.175root 11241100x8000000000000000762566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ce4cd0906e1acc2021-12-20 15:56:17.175root 11241100x8000000000000000762567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4074bf6ee32e1fa2021-12-20 15:56:17.175root 11241100x8000000000000000762568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d711f81a94843e2021-12-20 15:56:17.175root 11241100x8000000000000000762569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a3dc236bda4eea2021-12-20 15:56:17.175root 11241100x8000000000000000762570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c9760e4def86fd2021-12-20 15:56:17.175root 11241100x8000000000000000762571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d88eac80496c322021-12-20 15:56:17.175root 11241100x8000000000000000762572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47467d7d658b0f3f2021-12-20 15:56:17.175root 11241100x8000000000000000762573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bbb2c1f648cfbe2021-12-20 15:56:17.175root 11241100x8000000000000000762574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a503d7dbb6dcb42021-12-20 15:56:17.175root 11241100x8000000000000000762575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e7830c18bab17b2021-12-20 15:56:17.175root 11241100x8000000000000000762576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec86f57c0e27a0032021-12-20 15:56:17.175root 11241100x8000000000000000762577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3551d0b856e7475e2021-12-20 15:56:17.175root 11241100x8000000000000000762578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4073ffdb15a49722021-12-20 15:56:17.175root 11241100x8000000000000000762579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790baf6003f0ad5c2021-12-20 15:56:17.176root 11241100x8000000000000000762580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f47cadfca728972021-12-20 15:56:17.176root 11241100x8000000000000000762581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ee71f15e4592b2021-12-20 15:56:17.176root 11241100x8000000000000000762582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae1e5f87d10e7932021-12-20 15:56:17.176root 11241100x8000000000000000762583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd076efd7b319e02021-12-20 15:56:17.176root 11241100x8000000000000000762584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b68bae0aa5ff6552021-12-20 15:56:17.176root 11241100x8000000000000000762585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ad556aa73233ad2021-12-20 15:56:17.176root 11241100x8000000000000000762586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331915bbe59893df2021-12-20 15:56:17.176root 11241100x8000000000000000762587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2808f8ed87470b112021-12-20 15:56:17.176root 11241100x8000000000000000762588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb1f15678b1c952021-12-20 15:56:17.176root 11241100x8000000000000000762589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deec0cd6157f5912021-12-20 15:56:17.176root 11241100x8000000000000000762590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46431fdf86701c82021-12-20 15:56:17.176root 11241100x8000000000000000762591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c46e5cbd5bc5cbd2021-12-20 15:56:17.176root 11241100x8000000000000000762592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72949639c518a7d92021-12-20 15:56:17.176root 11241100x8000000000000000762593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bb3a01ef2febfb2021-12-20 15:56:17.176root 11241100x8000000000000000762594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e11622d38cf3c042021-12-20 15:56:17.177root 11241100x8000000000000000762595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c575259f04cc322021-12-20 15:56:17.177root 11241100x8000000000000000762596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df86722547bc0d12021-12-20 15:56:17.177root 11241100x8000000000000000762597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec8357710ac1be62021-12-20 15:56:17.177root 11241100x8000000000000000762598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be746941aaf25522021-12-20 15:56:17.177root 11241100x8000000000000000762599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6b9c7035b121262021-12-20 15:56:17.177root 11241100x8000000000000000762600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6b6201737512162021-12-20 15:56:17.177root 11241100x8000000000000000762601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6228dbf49d38bb5f2021-12-20 15:56:17.177root 11241100x8000000000000000762602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c757584a7526b2be2021-12-20 15:56:17.177root 11241100x8000000000000000762603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1e2611870f805f2021-12-20 15:56:17.177root 11241100x8000000000000000762604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50467ca763b17ee2021-12-20 15:56:17.177root 11241100x8000000000000000762605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48d8a3bc4fc35032021-12-20 15:56:17.177root 11241100x8000000000000000762606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540c4bbb854b4f132021-12-20 15:56:17.177root 11241100x8000000000000000762607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71767abd2525bf42021-12-20 15:56:17.177root 11241100x8000000000000000762608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83c307446b175532021-12-20 15:56:17.177root 11241100x8000000000000000762609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5035497e9d5660fa2021-12-20 15:56:17.178root 11241100x8000000000000000762610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2f8b7d678336b32021-12-20 15:56:17.178root 11241100x8000000000000000762611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f735e6b573abb722021-12-20 15:56:17.178root 11241100x8000000000000000762612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475406340c03a3752021-12-20 15:56:17.674root 11241100x8000000000000000762613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdb6588688afe7e2021-12-20 15:56:17.674root 11241100x8000000000000000762614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954c5c05b57e26d82021-12-20 15:56:17.674root 11241100x8000000000000000762615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afc43d57f3654ae2021-12-20 15:56:17.674root 11241100x8000000000000000762616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef51ebe178713532021-12-20 15:56:17.674root 11241100x8000000000000000762617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e02c9a1c9b91d7c2021-12-20 15:56:17.674root 11241100x8000000000000000762618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668c4bf7c856df0f2021-12-20 15:56:17.674root 11241100x8000000000000000762619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1355ee4f8546a92021-12-20 15:56:17.674root 11241100x8000000000000000762620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6afffbe844c96412021-12-20 15:56:17.674root 11241100x8000000000000000762621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a91e7889126bcb2021-12-20 15:56:17.674root 11241100x8000000000000000762622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1343f537941ccd472021-12-20 15:56:17.674root 11241100x8000000000000000762623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45be30885d2a7cf2021-12-20 15:56:17.675root 11241100x8000000000000000762624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc653b9369c22352021-12-20 15:56:17.675root 11241100x8000000000000000762625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2462e6319832de632021-12-20 15:56:17.675root 11241100x8000000000000000762626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a8b1bbeb82c88a2021-12-20 15:56:17.675root 11241100x8000000000000000762627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f174b3251c5a09c12021-12-20 15:56:17.675root 11241100x8000000000000000762628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c764ec7fc9580af22021-12-20 15:56:17.675root 11241100x8000000000000000762629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c972e6cfc7cc6c32021-12-20 15:56:17.675root 11241100x8000000000000000762630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571320f0b9e94a462021-12-20 15:56:17.675root 11241100x8000000000000000762631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e12f7df7e6ab072021-12-20 15:56:17.675root 11241100x8000000000000000762632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ac204263b81a722021-12-20 15:56:17.675root 11241100x8000000000000000762633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60827b01c401d2fe2021-12-20 15:56:17.675root 11241100x8000000000000000762634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f818fdc7ecd4d12021-12-20 15:56:17.675root 11241100x8000000000000000762635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1f6b977cc7be122021-12-20 15:56:17.675root 11241100x8000000000000000762636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116b99f47b81c5aa2021-12-20 15:56:17.675root 11241100x8000000000000000762637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a549d43a8296812021-12-20 15:56:17.675root 11241100x8000000000000000762638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4a6e61a2c50dc42021-12-20 15:56:17.676root 11241100x8000000000000000762639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d1632b2891d3a42021-12-20 15:56:17.676root 11241100x8000000000000000762640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6dd9affca0917422021-12-20 15:56:17.676root 11241100x8000000000000000762641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962f40d18fd320ac2021-12-20 15:56:17.676root 11241100x8000000000000000762642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d1a1c4ad64aa952021-12-20 15:56:17.676root 11241100x8000000000000000762643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234c969be9db94942021-12-20 15:56:17.676root 11241100x8000000000000000762644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c872ebbb83abff2021-12-20 15:56:17.676root 11241100x8000000000000000762645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a801628164840892021-12-20 15:56:17.676root 11241100x8000000000000000762646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c3d86f898f33d92021-12-20 15:56:17.676root 11241100x8000000000000000762647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564478794b5057352021-12-20 15:56:17.677root 11241100x8000000000000000762648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5df2204578e86ea2021-12-20 15:56:17.677root 11241100x8000000000000000762649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4d0fa0aaf8083c2021-12-20 15:56:17.677root 11241100x8000000000000000762650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0d1fd3d97df2c42021-12-20 15:56:17.677root 11241100x8000000000000000762651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc0adc6156e3e152021-12-20 15:56:17.677root 11241100x8000000000000000762652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ee83552432093b2021-12-20 15:56:17.677root 11241100x8000000000000000762653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09253c8b924fabc82021-12-20 15:56:17.677root 11241100x8000000000000000762654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439f992951af7fc22021-12-20 15:56:17.677root 11241100x8000000000000000762655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f861acd7aeeb0d602021-12-20 15:56:17.677root 11241100x8000000000000000762656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed8b36d24e8c3fc2021-12-20 15:56:17.677root 11241100x8000000000000000762657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1519aa339483553b2021-12-20 15:56:17.678root 11241100x8000000000000000762658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72d7d75ec51cff62021-12-20 15:56:17.678root 11241100x8000000000000000762659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673ae66274fd6c342021-12-20 15:56:17.678root 11241100x8000000000000000762660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b926d7dbb91724a2021-12-20 15:56:17.678root 11241100x8000000000000000762661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0332423d8e6e9f62021-12-20 15:56:17.678root 11241100x8000000000000000762662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ace0bc0edfd7b12021-12-20 15:56:17.678root 11241100x8000000000000000762663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0269f4aed2ffebd62021-12-20 15:56:18.174root 11241100x8000000000000000762664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40534221d74b9ce82021-12-20 15:56:18.174root 11241100x8000000000000000762665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7bbb2e7320d8922021-12-20 15:56:18.174root 11241100x8000000000000000762666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fc715817410a132021-12-20 15:56:18.174root 11241100x8000000000000000762667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76351c55541c5c302021-12-20 15:56:18.174root 11241100x8000000000000000762668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7213d33bcf086f7e2021-12-20 15:56:18.175root 11241100x8000000000000000762669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7020ccd8a89423b82021-12-20 15:56:18.175root 11241100x8000000000000000762670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1019c5c35801c12021-12-20 15:56:18.175root 11241100x8000000000000000762671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a0d293ead534fa2021-12-20 15:56:18.175root 11241100x8000000000000000762672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c160d740b216532021-12-20 15:56:18.175root 11241100x8000000000000000762673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9956010a9ed3ceb2021-12-20 15:56:18.175root 11241100x8000000000000000762674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9440b8b70c2293972021-12-20 15:56:18.175root 11241100x8000000000000000762675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d957571f42e818c2021-12-20 15:56:18.175root 11241100x8000000000000000762676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f6a953304d350c2021-12-20 15:56:18.175root 11241100x8000000000000000762677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0469a8462fee644a2021-12-20 15:56:18.175root 11241100x8000000000000000762678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a378ba8add2427d22021-12-20 15:56:18.175root 11241100x8000000000000000762679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19a36ed254569252021-12-20 15:56:18.176root 11241100x8000000000000000762680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c761042dd3523db2021-12-20 15:56:18.176root 11241100x8000000000000000762681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c28926376afef72021-12-20 15:56:18.176root 11241100x8000000000000000762682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb153a2b047a5812021-12-20 15:56:18.176root 11241100x8000000000000000762683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32473ff320d989bf2021-12-20 15:56:18.176root 11241100x8000000000000000762684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef987c1cd77c4f62021-12-20 15:56:18.176root 11241100x8000000000000000762685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef71aa4250df2062021-12-20 15:56:18.177root 11241100x8000000000000000762686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed55f25c20e78f3d2021-12-20 15:56:18.177root 11241100x8000000000000000762687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d681ec293036b9a22021-12-20 15:56:18.177root 11241100x8000000000000000762688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8004817f8fdcfe2021-12-20 15:56:18.177root 11241100x8000000000000000762689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd80f44b49006c12021-12-20 15:56:18.177root 11241100x8000000000000000762690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f57c3048b709a92021-12-20 15:56:18.177root 11241100x8000000000000000762691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c566ec93a86bfb2021-12-20 15:56:18.177root 11241100x8000000000000000762692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66db9c7480e859f32021-12-20 15:56:18.177root 11241100x8000000000000000762693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef08233bcfd23de2021-12-20 15:56:18.178root 11241100x8000000000000000762694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15c8b5c1f5f591a2021-12-20 15:56:18.178root 11241100x8000000000000000762695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf489ff05e98cef2021-12-20 15:56:18.178root 11241100x8000000000000000762696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20eb74bf0b5276b2021-12-20 15:56:18.179root 11241100x8000000000000000762697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a7bd17ea673e1d2021-12-20 15:56:18.179root 11241100x8000000000000000762698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7101014b80203b3d2021-12-20 15:56:18.179root 11241100x8000000000000000762699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037cf7fc0b2830f12021-12-20 15:56:18.179root 11241100x8000000000000000762700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe4c26b15b41ed82021-12-20 15:56:18.179root 11241100x8000000000000000762701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b8bcf814f67e542021-12-20 15:56:18.180root 11241100x8000000000000000762702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd625ab77d174402021-12-20 15:56:18.180root 11241100x8000000000000000762703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6446c5766d1601fd2021-12-20 15:56:18.180root 11241100x8000000000000000762704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe34187d5d6b1d72021-12-20 15:56:18.180root 11241100x8000000000000000762705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88328ed8155e0c2e2021-12-20 15:56:18.180root 11241100x8000000000000000762706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788fccae7a72c6222021-12-20 15:56:18.180root 11241100x8000000000000000762707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3782e5dd324a6fe2021-12-20 15:56:18.180root 11241100x8000000000000000762708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46186791fde72df22021-12-20 15:56:18.180root 11241100x8000000000000000762709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54750f2dbe00a1cb2021-12-20 15:56:18.181root 11241100x8000000000000000762710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1f0b6aed6dfaa02021-12-20 15:56:18.181root 11241100x8000000000000000762711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98640741755843f2021-12-20 15:56:18.181root 11241100x8000000000000000762712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42319f7e3d904e42021-12-20 15:56:18.674root 11241100x8000000000000000762713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e1056b03b848722021-12-20 15:56:18.674root 11241100x8000000000000000762714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944631757706fd2e2021-12-20 15:56:18.675root 11241100x8000000000000000762715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab8fb1d651da9502021-12-20 15:56:18.675root 11241100x8000000000000000762716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541ec30b9358e1072021-12-20 15:56:18.675root 11241100x8000000000000000762717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8782d64f5e4440c52021-12-20 15:56:18.675root 11241100x8000000000000000762718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bba58db2f1c6e82021-12-20 15:56:18.675root 11241100x8000000000000000762719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441ef1b8667a8d0f2021-12-20 15:56:18.675root 11241100x8000000000000000762720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52ba2aa6dd25ed02021-12-20 15:56:18.675root 11241100x8000000000000000762721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29efde2a83acb492021-12-20 15:56:18.675root 11241100x8000000000000000762722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae0c9971a35e3082021-12-20 15:56:18.675root 11241100x8000000000000000762723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1fc9d312f083542021-12-20 15:56:18.675root 11241100x8000000000000000762724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b653e27562c8282021-12-20 15:56:18.676root 11241100x8000000000000000762725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bef6efa16dafc32021-12-20 15:56:18.676root 11241100x8000000000000000762726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f8939e6fd03e4b2021-12-20 15:56:18.676root 11241100x8000000000000000762727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b0e64d7da224412021-12-20 15:56:18.676root 11241100x8000000000000000762728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83df1037712047422021-12-20 15:56:18.676root 11241100x8000000000000000762729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d9c9447213e2df2021-12-20 15:56:18.676root 11241100x8000000000000000762730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd82fb276eef5962021-12-20 15:56:18.677root 11241100x8000000000000000762731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba412fa18183b882021-12-20 15:56:18.677root 11241100x8000000000000000762732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fda71d5a15dfe162021-12-20 15:56:18.677root 11241100x8000000000000000762733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c5b589d0dba9262021-12-20 15:56:18.677root 11241100x8000000000000000762734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ce9f8bf31bdc202021-12-20 15:56:18.677root 11241100x8000000000000000762735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f412b33c89f1b1832021-12-20 15:56:18.677root 11241100x8000000000000000762736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36b21f5b1101cfd2021-12-20 15:56:18.677root 11241100x8000000000000000762737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32225222793d6392021-12-20 15:56:18.678root 11241100x8000000000000000762738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b157fb1c61f74e2021-12-20 15:56:18.678root 11241100x8000000000000000762739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8700694e242d2b2021-12-20 15:56:18.678root 11241100x8000000000000000762740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56348d48298384272021-12-20 15:56:18.678root 11241100x8000000000000000762741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c6756d4d2d73662021-12-20 15:56:18.678root 11241100x8000000000000000762742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fbf939d9ce0b0e2021-12-20 15:56:18.678root 11241100x8000000000000000762743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b85feaf50038e12021-12-20 15:56:18.678root 11241100x8000000000000000762744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8847e65625222352021-12-20 15:56:18.679root 11241100x8000000000000000762745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6676d236567563802021-12-20 15:56:18.679root 11241100x8000000000000000762746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b185a090b73fce2021-12-20 15:56:18.679root 11241100x8000000000000000762747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6ff75e6353dd882021-12-20 15:56:18.679root 11241100x8000000000000000762748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53a42362c37ac4f2021-12-20 15:56:18.679root 11241100x8000000000000000762749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df44daf698d0eaf2021-12-20 15:56:18.679root 11241100x8000000000000000762750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436d13536b5e300b2021-12-20 15:56:18.680root 11241100x8000000000000000762751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782937e06564ad1b2021-12-20 15:56:18.680root 11241100x8000000000000000762752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07a240fc12a24442021-12-20 15:56:18.680root 11241100x8000000000000000762753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2e2f85f7bc351e2021-12-20 15:56:18.680root 11241100x8000000000000000762754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593141e6ca1904592021-12-20 15:56:18.680root 11241100x8000000000000000762755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db6d5ed2a6867bc2021-12-20 15:56:18.680root 11241100x8000000000000000762756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfd7e4ba8842c282021-12-20 15:56:18.680root 11241100x8000000000000000762757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3543f37fef4864e82021-12-20 15:56:18.680root 11241100x8000000000000000762758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:18.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de5071d07572492021-12-20 15:56:18.681root 11241100x8000000000000000762759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ca74b60ea9f2022021-12-20 15:56:19.174root 11241100x8000000000000000762760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d190de574f9982592021-12-20 15:56:19.174root 11241100x8000000000000000762761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c9ac31a5b4c22c2021-12-20 15:56:19.174root 11241100x8000000000000000762762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da92d1fae056335a2021-12-20 15:56:19.174root 11241100x8000000000000000762763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80af66ddb26700962021-12-20 15:56:19.175root 11241100x8000000000000000762764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a4847f6d17241b2021-12-20 15:56:19.175root 11241100x8000000000000000762765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763dc169d4f609a52021-12-20 15:56:19.175root 11241100x8000000000000000762766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe15491b144405e2021-12-20 15:56:19.175root 11241100x8000000000000000762767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfc28205874dcef2021-12-20 15:56:19.175root 11241100x8000000000000000762768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae06a498cdbd2842021-12-20 15:56:19.175root 11241100x8000000000000000762769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad466532ee91d4f12021-12-20 15:56:19.175root 11241100x8000000000000000762770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ce79d622cad50f2021-12-20 15:56:19.175root 11241100x8000000000000000762771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e869dfd4fad37312021-12-20 15:56:19.175root 11241100x8000000000000000762772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67470c483f01d8b22021-12-20 15:56:19.175root 11241100x8000000000000000762773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452a8210ee6a08c02021-12-20 15:56:19.175root 11241100x8000000000000000762774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17858d52604f50552021-12-20 15:56:19.176root 11241100x8000000000000000762775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff59c3d05694af5b2021-12-20 15:56:19.176root 11241100x8000000000000000762776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd2bdecc60b8aeb2021-12-20 15:56:19.176root 11241100x8000000000000000762777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67d08806052ecaa2021-12-20 15:56:19.176root 11241100x8000000000000000762778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887ad59d5f342d712021-12-20 15:56:19.176root 11241100x8000000000000000762779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e04f555107c7422021-12-20 15:56:19.176root 11241100x8000000000000000762780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457380155d0df4622021-12-20 15:56:19.176root 11241100x8000000000000000762781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cce4bab3a1c19272021-12-20 15:56:19.176root 11241100x8000000000000000762782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b032bf2e54c5a72021-12-20 15:56:19.177root 11241100x8000000000000000762783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db17d551cc6a6f7c2021-12-20 15:56:19.177root 11241100x8000000000000000762784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a33d6eac3e5d3a2021-12-20 15:56:19.177root 11241100x8000000000000000762785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93755af8bb507ae2021-12-20 15:56:19.177root 11241100x8000000000000000762786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f95ac470a19a7d2021-12-20 15:56:19.177root 11241100x8000000000000000762787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a62f43a168af3c2021-12-20 15:56:19.177root 11241100x8000000000000000762788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c82bcf8ae3b4382021-12-20 15:56:19.177root 11241100x8000000000000000762789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741c348ac6f911b92021-12-20 15:56:19.178root 11241100x8000000000000000762790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baa3d7cfc109d6f2021-12-20 15:56:19.178root 11241100x8000000000000000762791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397936c7295b41542021-12-20 15:56:19.178root 11241100x8000000000000000762792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879a1abddfda714c2021-12-20 15:56:19.178root 11241100x8000000000000000762793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bb4d6571feb5802021-12-20 15:56:19.179root 11241100x8000000000000000762794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203c205513d276742021-12-20 15:56:19.179root 11241100x8000000000000000762795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c227bc8a3b458552021-12-20 15:56:19.179root 11241100x8000000000000000762796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a1e5b59e87f8bd2021-12-20 15:56:19.179root 11241100x8000000000000000762797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136cb9f42e8f624f2021-12-20 15:56:19.179root 11241100x8000000000000000762798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18da878e1a9b1c42021-12-20 15:56:19.179root 11241100x8000000000000000762799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3f25e3fe7921152021-12-20 15:56:19.179root 11241100x8000000000000000762800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aa2373439d08592021-12-20 15:56:19.179root 11241100x8000000000000000762801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba95407842eb2b92021-12-20 15:56:19.179root 11241100x8000000000000000762802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de77d928ee0b9cb2021-12-20 15:56:19.179root 11241100x8000000000000000762803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d7727f0909889f2021-12-20 15:56:19.179root 11241100x8000000000000000762804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c40a086f59127752021-12-20 15:56:19.179root 11241100x8000000000000000762805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7a1abce0fd11612021-12-20 15:56:19.180root 11241100x8000000000000000762806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8242670d4c21a61a2021-12-20 15:56:19.180root 11241100x8000000000000000762807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bda54733ae296e32021-12-20 15:56:19.180root 11241100x8000000000000000762808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00844a2cf929e5d82021-12-20 15:56:19.180root 11241100x8000000000000000762809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8294bc6b6c97592d2021-12-20 15:56:19.180root 11241100x8000000000000000762810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317ec142eb5d2bb2021-12-20 15:56:19.674root 11241100x8000000000000000762811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6e7ed093e9d26a2021-12-20 15:56:19.674root 11241100x8000000000000000762812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237aa9ca24ea967e2021-12-20 15:56:19.674root 11241100x8000000000000000762813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dd4b303e8eb2022021-12-20 15:56:19.674root 11241100x8000000000000000762814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5f81374ded552f2021-12-20 15:56:19.674root 11241100x8000000000000000762815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccf8dde1b513a2f2021-12-20 15:56:19.675root 11241100x8000000000000000762816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6070bbdd18b546522021-12-20 15:56:19.675root 11241100x8000000000000000762817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba36cd92c5ed482f2021-12-20 15:56:19.675root 11241100x8000000000000000762818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96b6cb0e317fccd2021-12-20 15:56:19.675root 11241100x8000000000000000762819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a904a453c5ed21ad2021-12-20 15:56:19.675root 11241100x8000000000000000762820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a375774eb17bf0b2021-12-20 15:56:19.675root 11241100x8000000000000000762821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec6c111f855cb972021-12-20 15:56:19.675root 11241100x8000000000000000762822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b42d8c0c5a50772021-12-20 15:56:19.675root 11241100x8000000000000000762823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f1c5349e0289d42021-12-20 15:56:19.676root 11241100x8000000000000000762824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9f14d9d16b8dce2021-12-20 15:56:19.676root 11241100x8000000000000000762825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f613ce73fbbe1f72021-12-20 15:56:19.676root 11241100x8000000000000000762826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3442cc1df5a415082021-12-20 15:56:19.676root 11241100x8000000000000000762827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a9087ea15bb1042021-12-20 15:56:19.676root 11241100x8000000000000000762828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85862e497b93732e2021-12-20 15:56:19.676root 11241100x8000000000000000762829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb47e8ffc952d5132021-12-20 15:56:19.677root 11241100x8000000000000000762830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50681ba444c10962021-12-20 15:56:19.677root 11241100x8000000000000000762831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a53e1d74374cc072021-12-20 15:56:19.677root 11241100x8000000000000000762832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a38ea6710a299a2021-12-20 15:56:19.677root 11241100x8000000000000000762833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef1aae41c3c5ff42021-12-20 15:56:19.677root 11241100x8000000000000000762834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155a60f2147b4d9c2021-12-20 15:56:19.678root 11241100x8000000000000000762835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cebcc360c656c992021-12-20 15:56:19.678root 11241100x8000000000000000762836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013e4f5363aede672021-12-20 15:56:19.678root 11241100x8000000000000000762837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e9dd84e99349282021-12-20 15:56:19.678root 11241100x8000000000000000762838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5255ef85c74993352021-12-20 15:56:19.678root 11241100x8000000000000000762839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b5a9a55de351af2021-12-20 15:56:19.679root 11241100x8000000000000000762840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbb323dd9d7edac2021-12-20 15:56:19.679root 11241100x8000000000000000762841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac07d512cb0183662021-12-20 15:56:19.679root 11241100x8000000000000000762842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77af5fc1679ca382021-12-20 15:56:19.679root 11241100x8000000000000000762843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ec0eea21551b532021-12-20 15:56:19.679root 11241100x8000000000000000762844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885b2d460103b0a02021-12-20 15:56:19.679root 11241100x8000000000000000762845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8f3c06546596b02021-12-20 15:56:19.679root 11241100x8000000000000000762846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b919ba17bde8bca2021-12-20 15:56:19.680root 11241100x8000000000000000762847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dadc2fe8f52afc42021-12-20 15:56:19.680root 11241100x8000000000000000762848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388d5ef46a82e2632021-12-20 15:56:19.680root 11241100x8000000000000000762849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e362446777a8c3eb2021-12-20 15:56:19.680root 11241100x8000000000000000762850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05fe76e181e995e2021-12-20 15:56:19.681root 11241100x8000000000000000762851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa98e6686529156a2021-12-20 15:56:19.681root 11241100x8000000000000000762852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bfe399716aef542021-12-20 15:56:19.681root 11241100x8000000000000000762853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda3ff2b4b4b8cf32021-12-20 15:56:19.681root 11241100x8000000000000000762854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:19.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3444dda0bd14d5b42021-12-20 15:56:19.681root 354300x8000000000000000762855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.044{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46098-false10.0.1.12-8089- 354300x8000000000000000762856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.045{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51398-false10.0.1.12-8000- 11241100x8000000000000000762857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36af1ff4885edb8f2021-12-20 15:56:20.045root 11241100x8000000000000000762858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b141abef3a50d92021-12-20 15:56:20.045root 11241100x8000000000000000762859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d54bd3f6c55ab72021-12-20 15:56:20.045root 11241100x8000000000000000762860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62203497b2ef94722021-12-20 15:56:20.045root 11241100x8000000000000000762861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2164737b774dcb7f2021-12-20 15:56:20.045root 11241100x8000000000000000762862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c0d5faa0725dc22021-12-20 15:56:20.045root 11241100x8000000000000000762863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.046{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd59f246f1bec5692021-12-20 15:56:20.046root 11241100x8000000000000000762864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.046{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c0589c6d13d9982021-12-20 15:56:20.046root 11241100x8000000000000000762865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.046{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d820c5251be9da322021-12-20 15:56:20.046root 11241100x8000000000000000762866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.046{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b53a0ea1d884ce2021-12-20 15:56:20.046root 11241100x8000000000000000762867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.046{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11100eee0c3194e2021-12-20 15:56:20.046root 11241100x8000000000000000762868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e8dcf72eafefde2021-12-20 15:56:20.047root 11241100x8000000000000000762869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724528de79b6048b2021-12-20 15:56:20.047root 11241100x8000000000000000762870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65043cc3ec0dd4fc2021-12-20 15:56:20.047root 11241100x8000000000000000762871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6ead2320f04fa72021-12-20 15:56:20.047root 11241100x8000000000000000762872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37012116bc497ea42021-12-20 15:56:20.047root 11241100x8000000000000000762873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a3de80267c132d2021-12-20 15:56:20.047root 11241100x8000000000000000762874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.047{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147418509b64a4ec2021-12-20 15:56:20.047root 11241100x8000000000000000762875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd0f4ff215fb4bb2021-12-20 15:56:20.048root 11241100x8000000000000000762876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ce601fa9542a302021-12-20 15:56:20.048root 11241100x8000000000000000762877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07b46942cb6b4152021-12-20 15:56:20.048root 11241100x8000000000000000762878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d777fe99589c9a572021-12-20 15:56:20.048root 11241100x8000000000000000762879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f5d831016cec3d2021-12-20 15:56:20.048root 11241100x8000000000000000762880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2e1e21e8698dd22021-12-20 15:56:20.048root 11241100x8000000000000000762881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1211294f71c40e2021-12-20 15:56:20.048root 11241100x8000000000000000762882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb659788df4d6b272021-12-20 15:56:20.048root 11241100x8000000000000000762883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a916f83eb4cb03042021-12-20 15:56:20.049root 11241100x8000000000000000762884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25238cd7d2aceeba2021-12-20 15:56:20.049root 11241100x8000000000000000762885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f084f0b31155bf3f2021-12-20 15:56:20.049root 11241100x8000000000000000762886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da3c4959c66c28e2021-12-20 15:56:20.049root 11241100x8000000000000000762887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ec2b892114877e2021-12-20 15:56:20.049root 11241100x8000000000000000762888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46c7da78c7ce7282021-12-20 15:56:20.049root 11241100x8000000000000000762889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3011926d0fcb48152021-12-20 15:56:20.049root 11241100x8000000000000000762890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2edfe252eb1a5dc2021-12-20 15:56:20.050root 11241100x8000000000000000762891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c7df87bba1c2e02021-12-20 15:56:20.050root 11241100x8000000000000000762892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2309fe802dd50e2021-12-20 15:56:20.050root 11241100x8000000000000000762893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef111692d8df7f212021-12-20 15:56:20.050root 11241100x8000000000000000762894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cc208cd2ca53e32021-12-20 15:56:20.050root 11241100x8000000000000000762895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b975b1a67d80ce5c2021-12-20 15:56:20.050root 11241100x8000000000000000762896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914a1b2ef7ae99352021-12-20 15:56:20.050root 11241100x8000000000000000762897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43d4259ed227b212021-12-20 15:56:20.050root 11241100x8000000000000000762898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffac9ed73e3b0ddc2021-12-20 15:56:20.051root 11241100x8000000000000000762899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28582e7e3f3f0032021-12-20 15:56:20.051root 11241100x8000000000000000762900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a2df1bff7489c92021-12-20 15:56:20.051root 11241100x8000000000000000762901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e818b16b8dae47d2021-12-20 15:56:20.051root 11241100x8000000000000000762902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ec1629279390192021-12-20 15:56:20.051root 11241100x8000000000000000762903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503a2def90206a3e2021-12-20 15:56:20.051root 11241100x8000000000000000762904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f28a5593895c792021-12-20 15:56:20.051root 11241100x8000000000000000762905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31e9468d27d89712021-12-20 15:56:20.052root 11241100x8000000000000000762906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2223a681f3abc95d2021-12-20 15:56:20.052root 11241100x8000000000000000762907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286c6d5eb4e23f232021-12-20 15:56:20.052root 11241100x8000000000000000762908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b63e053411030c2021-12-20 15:56:20.052root 11241100x8000000000000000762909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a8e0d0580fc3a22021-12-20 15:56:20.052root 11241100x8000000000000000762910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c22bc276cd011ca2021-12-20 15:56:20.052root 11241100x8000000000000000762911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ef43e6ccf93c2e2021-12-20 15:56:20.052root 11241100x8000000000000000762912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab7a3731655d3f72021-12-20 15:56:20.053root 11241100x8000000000000000762913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e83c0e0dfc817722021-12-20 15:56:20.053root 11241100x8000000000000000762914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30520803516acef22021-12-20 15:56:20.053root 11241100x8000000000000000762915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76150924856154582021-12-20 15:56:20.053root 11241100x8000000000000000762916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d3560597b66a722021-12-20 15:56:20.424root 11241100x8000000000000000762917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7ed534a3b5f12f2021-12-20 15:56:20.424root 11241100x8000000000000000762918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5d0f9d78a12cde2021-12-20 15:56:20.424root 11241100x8000000000000000762919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b314de61542c8c2021-12-20 15:56:20.424root 11241100x8000000000000000762920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b25ac01f9603ea2021-12-20 15:56:20.425root 11241100x8000000000000000762921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3636627805082b2021-12-20 15:56:20.425root 11241100x8000000000000000762922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509be362b8e10a402021-12-20 15:56:20.425root 11241100x8000000000000000762923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993133ca854d91ad2021-12-20 15:56:20.425root 11241100x8000000000000000762924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f662a332e33d8e682021-12-20 15:56:20.425root 11241100x8000000000000000762925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ea80f98c47feb92021-12-20 15:56:20.425root 11241100x8000000000000000762926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec3a1a777788da82021-12-20 15:56:20.425root 11241100x8000000000000000762927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eb6b76bfade3852021-12-20 15:56:20.425root 11241100x8000000000000000762928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1640b972b7fe1a92021-12-20 15:56:20.425root 11241100x8000000000000000762929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0fd18bf97b35b12021-12-20 15:56:20.425root 11241100x8000000000000000762930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac5e7d231a038282021-12-20 15:56:20.426root 11241100x8000000000000000762931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96197ab0c1d7890d2021-12-20 15:56:20.426root 11241100x8000000000000000762932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19220647a8e255522021-12-20 15:56:20.426root 11241100x8000000000000000762933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470f08f92857856e2021-12-20 15:56:20.426root 11241100x8000000000000000762934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eea9869b63bf1f42021-12-20 15:56:20.426root 11241100x8000000000000000762935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc89306902d7592021-12-20 15:56:20.426root 11241100x8000000000000000762936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead1cb27e1346e872021-12-20 15:56:20.426root 11241100x8000000000000000762937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a99b517afc80d92021-12-20 15:56:20.426root 11241100x8000000000000000762938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcb456d36e8485b2021-12-20 15:56:20.426root 11241100x8000000000000000762939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8ccc190b741f9b2021-12-20 15:56:20.426root 11241100x8000000000000000762940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde4b06f9c5226a62021-12-20 15:56:20.427root 11241100x8000000000000000762941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278a1ce4fafae2fd2021-12-20 15:56:20.427root 11241100x8000000000000000762942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183ebc9c23b634cf2021-12-20 15:56:20.427root 11241100x8000000000000000762943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1849dfc7856b86152021-12-20 15:56:20.427root 11241100x8000000000000000762944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539b4f7cf7f3ed862021-12-20 15:56:20.427root 11241100x8000000000000000762945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496ed98bcffcc5212021-12-20 15:56:20.427root 11241100x8000000000000000762946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b994c5063fa48e6e2021-12-20 15:56:20.427root 11241100x8000000000000000762947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8c4960908ac9212021-12-20 15:56:20.427root 11241100x8000000000000000762948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e2e57cf924cef42021-12-20 15:56:20.427root 11241100x8000000000000000762949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31363f073e95105c2021-12-20 15:56:20.428root 11241100x8000000000000000762950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7268f831913e4f2021-12-20 15:56:20.428root 11241100x8000000000000000762951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85814e2b6ca851482021-12-20 15:56:20.428root 11241100x8000000000000000762952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f74362260382032021-12-20 15:56:20.428root 11241100x8000000000000000762953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ad495dad88fb522021-12-20 15:56:20.428root 11241100x8000000000000000762954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6497eb46839007402021-12-20 15:56:20.428root 11241100x8000000000000000762955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10aef4aaba7708032021-12-20 15:56:20.428root 11241100x8000000000000000762956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce2864b933dedd72021-12-20 15:56:20.428root 11241100x8000000000000000762957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe554612e9bec5b2021-12-20 15:56:20.428root 11241100x8000000000000000762958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8484a4188e1301ef2021-12-20 15:56:20.429root 11241100x8000000000000000762959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14740ef3c22de85d2021-12-20 15:56:20.429root 11241100x8000000000000000762960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0b7fd6420621f92021-12-20 15:56:20.429root 11241100x8000000000000000762961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a27cf04798cd032021-12-20 15:56:20.429root 11241100x8000000000000000762962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c6216d1a94d46e2021-12-20 15:56:20.429root 11241100x8000000000000000762963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b00bc7c28e13b022021-12-20 15:56:20.429root 11241100x8000000000000000762964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d6f4d1dd7f69772021-12-20 15:56:20.429root 11241100x8000000000000000762965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e18223ea483a29e2021-12-20 15:56:20.429root 11241100x8000000000000000762966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eb2a0f5a7eb5c62021-12-20 15:56:20.429root 11241100x8000000000000000762967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1979bd6980167722021-12-20 15:56:20.430root 11241100x8000000000000000762968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d54bd9eebdc9db2021-12-20 15:56:20.430root 11241100x8000000000000000762969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95318c30b77b676a2021-12-20 15:56:20.430root 11241100x8000000000000000762970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c0f171f3ef44ec2021-12-20 15:56:20.430root 11241100x8000000000000000762971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df2e20c3a66147c2021-12-20 15:56:20.430root 11241100x8000000000000000762972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cee7f46fc08cf262021-12-20 15:56:20.430root 11241100x8000000000000000762973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a306a2a7e8f1a8012021-12-20 15:56:20.430root 11241100x8000000000000000762974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e42475c0b03f3512021-12-20 15:56:20.430root 11241100x8000000000000000762975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422870afe9e90492021-12-20 15:56:20.430root 11241100x8000000000000000762976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9343842a2577152021-12-20 15:56:20.431root 11241100x8000000000000000762977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0281a54191f09f2021-12-20 15:56:20.924root 11241100x8000000000000000762978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3fa49aebf1c7232021-12-20 15:56:20.924root 11241100x8000000000000000762979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610daa67db4c95a72021-12-20 15:56:20.925root 11241100x8000000000000000762980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d38e4454b8b13f32021-12-20 15:56:20.925root 11241100x8000000000000000762981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305d15b1f487e5212021-12-20 15:56:20.925root 11241100x8000000000000000762982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c70d89d06001bd2021-12-20 15:56:20.926root 11241100x8000000000000000762983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a02d373b90e1b4e2021-12-20 15:56:20.926root 11241100x8000000000000000762984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfff2afcb7bae572021-12-20 15:56:20.926root 11241100x8000000000000000762985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50032e1d826106472021-12-20 15:56:20.926root 11241100x8000000000000000762986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b801ce7118827842021-12-20 15:56:20.926root 11241100x8000000000000000762987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4520e3dfda064be82021-12-20 15:56:20.927root 11241100x8000000000000000762988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf349e31ce44e6a2021-12-20 15:56:20.927root 11241100x8000000000000000762989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66c403ee11a2f7f2021-12-20 15:56:20.927root 11241100x8000000000000000762990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5384f28c0f3797c12021-12-20 15:56:20.927root 11241100x8000000000000000762991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e274c324273991e2021-12-20 15:56:20.928root 11241100x8000000000000000762992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957eec1192cc57f92021-12-20 15:56:20.928root 11241100x8000000000000000762993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc03ccfba44b97732021-12-20 15:56:20.928root 11241100x8000000000000000762994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b143ade8b71fee2021-12-20 15:56:20.928root 11241100x8000000000000000762995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586984663845525b2021-12-20 15:56:20.928root 11241100x8000000000000000762996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c0ec6c7dde4f0b2021-12-20 15:56:20.929root 11241100x8000000000000000762997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00252f7963130b122021-12-20 15:56:20.929root 11241100x8000000000000000762998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639f940f924494972021-12-20 15:56:20.929root 11241100x8000000000000000762999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303b51104f872b1b2021-12-20 15:56:20.929root 11241100x8000000000000000763000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb2d3078f61e8312021-12-20 15:56:20.929root 11241100x8000000000000000763001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82c066c9b4fa06c2021-12-20 15:56:20.929root 11241100x8000000000000000763002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9620b831fb7111a82021-12-20 15:56:20.929root 11241100x8000000000000000763003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb220e14c45a1612021-12-20 15:56:20.930root 11241100x8000000000000000763004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d234963f366e4dec2021-12-20 15:56:20.930root 11241100x8000000000000000763005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a6af0aaedf88852021-12-20 15:56:20.930root 11241100x8000000000000000763006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b38c48c6f694522021-12-20 15:56:20.930root 11241100x8000000000000000763007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750970bd94d46ab32021-12-20 15:56:20.930root 11241100x8000000000000000763008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec51e705a5d3d6c92021-12-20 15:56:20.930root 11241100x8000000000000000763009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b685e8f5f10f962021-12-20 15:56:20.930root 11241100x8000000000000000763010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bc40d52efab4db2021-12-20 15:56:20.930root 11241100x8000000000000000763011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492b586a4c0216f82021-12-20 15:56:20.930root 11241100x8000000000000000763012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74ab96f693078b22021-12-20 15:56:20.930root 11241100x8000000000000000763013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c888573f01e71ae2021-12-20 15:56:20.931root 11241100x8000000000000000763014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b451185b9ee1d71c2021-12-20 15:56:20.931root 11241100x8000000000000000763015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40942e87dbbc924b2021-12-20 15:56:20.931root 11241100x8000000000000000763016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074a4e531f43ce1a2021-12-20 15:56:20.931root 11241100x8000000000000000763017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b506910c5b1a7572021-12-20 15:56:20.931root 11241100x8000000000000000763018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f20455ac95c2432021-12-20 15:56:20.931root 11241100x8000000000000000763019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70adab5da657439d2021-12-20 15:56:20.931root 11241100x8000000000000000763020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e418f7594520c9b2021-12-20 15:56:20.931root 11241100x8000000000000000763021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89163dd7b8afe6182021-12-20 15:56:20.931root 11241100x8000000000000000763022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c336ec225bc0c8722021-12-20 15:56:20.931root 11241100x8000000000000000763023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079257c71ceafc2a2021-12-20 15:56:20.931root 11241100x8000000000000000763024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3461080e1fbdd6582021-12-20 15:56:20.931root 11241100x8000000000000000763025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:20.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6547f359ef23be2021-12-20 15:56:20.931root 11241100x8000000000000000763026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab17cc3023306592021-12-20 15:56:21.424root 11241100x8000000000000000763027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ef30fd787eb3102021-12-20 15:56:21.424root 11241100x8000000000000000763028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbc5c0c393a76252021-12-20 15:56:21.424root 11241100x8000000000000000763029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4276b2200710edde2021-12-20 15:56:21.424root 11241100x8000000000000000763030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a547d3a9d9b6bd2021-12-20 15:56:21.424root 11241100x8000000000000000763031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62171087fc6dfab62021-12-20 15:56:21.424root 11241100x8000000000000000763032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bd9d26c18858592021-12-20 15:56:21.424root 11241100x8000000000000000763033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d057e0852e09165d2021-12-20 15:56:21.424root 11241100x8000000000000000763034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf0c990b4866d052021-12-20 15:56:21.424root 11241100x8000000000000000763035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58828b2922b8f282021-12-20 15:56:21.425root 11241100x8000000000000000763036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb054b8a175b4f672021-12-20 15:56:21.425root 11241100x8000000000000000763037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95266db51862000e2021-12-20 15:56:21.425root 11241100x8000000000000000763038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb2f917a76db3a52021-12-20 15:56:21.425root 11241100x8000000000000000763039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43b0b04ccbd46dd2021-12-20 15:56:21.425root 11241100x8000000000000000763040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a957263197637d32021-12-20 15:56:21.425root 11241100x8000000000000000763041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00a9049ec353e1e2021-12-20 15:56:21.425root 11241100x8000000000000000763042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdbd9c0ff533ca92021-12-20 15:56:21.425root 11241100x8000000000000000763043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa6e66baeee9d6d2021-12-20 15:56:21.425root 11241100x8000000000000000763044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7242c686e37b2422021-12-20 15:56:21.426root 11241100x8000000000000000763045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b87100fdf2aa12e2021-12-20 15:56:21.426root 11241100x8000000000000000763046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9026436af31b64cb2021-12-20 15:56:21.426root 11241100x8000000000000000763047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2f30f6f24622c12021-12-20 15:56:21.426root 11241100x8000000000000000763048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16985d1691a04fe2021-12-20 15:56:21.426root 11241100x8000000000000000763049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f08a5b4e289e4942021-12-20 15:56:21.427root 11241100x8000000000000000763050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150dfebe8e761b2b2021-12-20 15:56:21.427root 11241100x8000000000000000763051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf605fed636afe302021-12-20 15:56:21.427root 11241100x8000000000000000763052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d05bb722c76972b2021-12-20 15:56:21.427root 11241100x8000000000000000763053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6d857d16bbec702021-12-20 15:56:21.427root 11241100x8000000000000000763054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17be585cfb6875e12021-12-20 15:56:21.428root 11241100x8000000000000000763055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f506dbf9540a94162021-12-20 15:56:21.428root 11241100x8000000000000000763056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b3a17701a2e5902021-12-20 15:56:21.428root 11241100x8000000000000000763057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0647ecb3bd1b9652021-12-20 15:56:21.429root 11241100x8000000000000000763058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7e869e51e588c02021-12-20 15:56:21.429root 11241100x8000000000000000763059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ece8e93f2aa9452021-12-20 15:56:21.429root 11241100x8000000000000000763060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa1c87ae5d344fa2021-12-20 15:56:21.430root 11241100x8000000000000000763061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301fd3ead35d1a192021-12-20 15:56:21.430root 11241100x8000000000000000763062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5ce5433055abf92021-12-20 15:56:21.430root 11241100x8000000000000000763063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dd6456694c2a5f2021-12-20 15:56:21.430root 11241100x8000000000000000763064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d4eee33ed94b782021-12-20 15:56:21.430root 11241100x8000000000000000763065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aee1e914f8fa862021-12-20 15:56:21.431root 11241100x8000000000000000763066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efd35e9210f20fb2021-12-20 15:56:21.431root 11241100x8000000000000000763067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d494762b58ab57632021-12-20 15:56:21.431root 11241100x8000000000000000763068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54e7c6b239d12d52021-12-20 15:56:21.431root 11241100x8000000000000000763069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a1cecaf2f930a92021-12-20 15:56:21.432root 11241100x8000000000000000763070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b17f28e295ca7932021-12-20 15:56:21.432root 11241100x8000000000000000763071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37ffdb2ee61d5c22021-12-20 15:56:21.433root 11241100x8000000000000000763072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c5d90bc10042c52021-12-20 15:56:21.433root 11241100x8000000000000000763073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7565036f49f633f2021-12-20 15:56:21.433root 11241100x8000000000000000763074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89acc6c57020c2b2021-12-20 15:56:21.433root 11241100x8000000000000000763075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc1d012b0e096302021-12-20 15:56:21.433root 11241100x8000000000000000763076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa373fa4331d95f2021-12-20 15:56:21.434root 11241100x8000000000000000763077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf97b561e6086e132021-12-20 15:56:21.434root 11241100x8000000000000000763078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd2883df8762e5e2021-12-20 15:56:21.434root 11241100x8000000000000000763079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ac84150e3ad93b2021-12-20 15:56:21.434root 11241100x8000000000000000763080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263a05746c43f3ad2021-12-20 15:56:21.434root 11241100x8000000000000000763081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6253a4c34d1dc8582021-12-20 15:56:21.435root 11241100x8000000000000000763082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1898b27317a685442021-12-20 15:56:21.435root 11241100x8000000000000000763083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82fddf4842df1852021-12-20 15:56:21.435root 11241100x8000000000000000763084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3839854eaaa50082021-12-20 15:56:21.435root 11241100x8000000000000000763085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9377778541e8ff182021-12-20 15:56:21.435root 11241100x8000000000000000763086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15618e5510bf37562021-12-20 15:56:21.436root 11241100x8000000000000000763087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb6a71ebeb8e1a52021-12-20 15:56:21.436root 11241100x8000000000000000763088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468176d364d9da022021-12-20 15:56:21.436root 11241100x8000000000000000763089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643809965552a66c2021-12-20 15:56:21.436root 11241100x8000000000000000763090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2a793e4cc3a1f12021-12-20 15:56:21.436root 11241100x8000000000000000763091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3993033d76bd2bbd2021-12-20 15:56:21.437root 11241100x8000000000000000763092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98242759789ec352021-12-20 15:56:21.437root 11241100x8000000000000000763093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de87f3f6e6b0fd82021-12-20 15:56:21.437root 11241100x8000000000000000763094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f043d0e8c90c60a2021-12-20 15:56:21.437root 11241100x8000000000000000763095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c3c10a641e0a282021-12-20 15:56:21.438root 11241100x8000000000000000763096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f174ed6a182bf2d2021-12-20 15:56:21.438root 11241100x8000000000000000763097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46234cb8cce5dd5c2021-12-20 15:56:21.438root 11241100x8000000000000000763098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d530150ab584d862021-12-20 15:56:21.438root 11241100x8000000000000000763099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de37cbef21418a722021-12-20 15:56:21.438root 11241100x8000000000000000763100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907b5cd0069335c12021-12-20 15:56:21.439root 11241100x8000000000000000763101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409ee37e7e50863d2021-12-20 15:56:21.924root 11241100x8000000000000000763102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bcd0e926acf2872021-12-20 15:56:21.924root 11241100x8000000000000000763103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d0d3431407ccdd2021-12-20 15:56:21.924root 11241100x8000000000000000763104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19db36143093a8a2021-12-20 15:56:21.924root 11241100x8000000000000000763105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6466cb3793a6f5542021-12-20 15:56:21.925root 11241100x8000000000000000763106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f0adb085df2f6f2021-12-20 15:56:21.925root 11241100x8000000000000000763107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885c5ae8139e8edd2021-12-20 15:56:21.925root 11241100x8000000000000000763108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e798d7e253d959d2021-12-20 15:56:21.925root 11241100x8000000000000000763109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9c7a81b826332f2021-12-20 15:56:21.925root 11241100x8000000000000000763110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8e7f5088c224352021-12-20 15:56:21.925root 11241100x8000000000000000763111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1d444e66df47bc2021-12-20 15:56:21.925root 11241100x8000000000000000763112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d203623ea7f3d3892021-12-20 15:56:21.925root 11241100x8000000000000000763113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b77e6eb4ad0fc5c2021-12-20 15:56:21.925root 11241100x8000000000000000763114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7e778b0a4d26192021-12-20 15:56:21.925root 11241100x8000000000000000763115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183ea2bdde1c1e812021-12-20 15:56:21.926root 11241100x8000000000000000763116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de322ebefb6add82021-12-20 15:56:21.926root 11241100x8000000000000000763117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79509a4cf118ae142021-12-20 15:56:21.926root 11241100x8000000000000000763118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d53a50b949bdb002021-12-20 15:56:21.926root 11241100x8000000000000000763119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519f4014d570a2b12021-12-20 15:56:21.926root 11241100x8000000000000000763120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9e125e7ff5a40f2021-12-20 15:56:21.926root 11241100x8000000000000000763121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136b67aa45b56f7f2021-12-20 15:56:21.926root 11241100x8000000000000000763122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815d5d549ca6cf002021-12-20 15:56:21.926root 11241100x8000000000000000763123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a55cb50c23c85d92021-12-20 15:56:21.926root 11241100x8000000000000000763124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7734f1db9c42088e2021-12-20 15:56:21.926root 11241100x8000000000000000763125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850eb926013819492021-12-20 15:56:21.927root 11241100x8000000000000000763126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3408e1ff4e4035e22021-12-20 15:56:21.927root 11241100x8000000000000000763127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6875b5338e784592021-12-20 15:56:21.927root 11241100x8000000000000000763128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c8cc373008884c2021-12-20 15:56:21.927root 11241100x8000000000000000763129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70786d204d096ff72021-12-20 15:56:21.927root 11241100x8000000000000000763130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8885bedc1f64218c2021-12-20 15:56:21.927root 11241100x8000000000000000763131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3d70c5a0ef38da2021-12-20 15:56:21.927root 11241100x8000000000000000763132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c9314c3fe2dad42021-12-20 15:56:21.927root 11241100x8000000000000000763133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487dc20b425531d42021-12-20 15:56:21.927root 11241100x8000000000000000763134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deae572015ff5ad2021-12-20 15:56:21.927root 11241100x8000000000000000763135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa0f5a3af92c8b02021-12-20 15:56:21.927root 11241100x8000000000000000763136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71964fe26c14fd442021-12-20 15:56:21.928root 11241100x8000000000000000763137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95e4f954b8aa01d2021-12-20 15:56:21.928root 11241100x8000000000000000763138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6008214a16c1be812021-12-20 15:56:21.928root 11241100x8000000000000000763139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c27dd906ed91a52021-12-20 15:56:21.928root 11241100x8000000000000000763140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980de4962758f7002021-12-20 15:56:21.928root 11241100x8000000000000000763141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa3c4217be986102021-12-20 15:56:21.928root 11241100x8000000000000000763142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e92035309055e42021-12-20 15:56:21.928root 11241100x8000000000000000763143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac905ab07e3b03b2021-12-20 15:56:21.928root 11241100x8000000000000000763144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daebb92d994879fb2021-12-20 15:56:21.928root 11241100x8000000000000000763145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc818f9a8811ad42021-12-20 15:56:21.928root 11241100x8000000000000000763146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd6349fc5c253342021-12-20 15:56:21.929root 11241100x8000000000000000763147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eac2dfadb0fd67a2021-12-20 15:56:21.929root 534500x8000000000000000763202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:34.329{00000000-0000-0000-0000-000000000000}10210<unknown process>ubuntu 534500x8000000000000000763203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:34.331{00000000-0000-0000-0000-000000000000}10211<unknown process>ubuntu 11241100x8000000000000000763204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:34.331{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bash/tmp/sh-thd.ZyUSru2021-12-20 15:56:34.331ubuntu 23542300x8000000000000000763205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:34.331{ec2c97d1-9cd7-61c0-0864-408b87550000}9810ubuntu/bin/bash/tmp/sh-thd.ZyUSru--- 11241100x8000000000000000763206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4636e40d19392292021-12-20 15:56:34.674root 11241100x8000000000000000763207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784da74abae452742021-12-20 15:56:34.674root 11241100x8000000000000000763208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f519a79dcc51a0e2021-12-20 15:56:34.674root 11241100x8000000000000000763209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5975145ab3a1d4782021-12-20 15:56:34.674root 354300x8000000000000000763210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.079{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51404-false10.0.1.12-8000- 11241100x8000000000000000763211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.080{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bcef72b26d3d462021-12-20 15:56:35.080root 11241100x8000000000000000763212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.080{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdfe9896863cb8b2021-12-20 15:56:35.080root 11241100x8000000000000000763213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.080{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7194aa9a418e3b302021-12-20 15:56:35.080root 11241100x8000000000000000763214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a288510854cc5bd22021-12-20 15:56:35.081root 11241100x8000000000000000763215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b76f4f8d19eae52021-12-20 15:56:35.081root 11241100x8000000000000000763216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afbfe459b61482e2021-12-20 15:56:35.081root 11241100x8000000000000000763217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10e7122e3d4f6a22021-12-20 15:56:35.081root 11241100x8000000000000000763218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.082{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952fe0d25ce7c3122021-12-20 15:56:35.082root 11241100x8000000000000000763219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.082{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2cea38d96006882021-12-20 15:56:35.082root 11241100x8000000000000000763220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.082{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcabf6845b85ae452021-12-20 15:56:35.082root 11241100x8000000000000000763221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.082{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004c0aa930c0e9e42021-12-20 15:56:35.082root 11241100x8000000000000000763222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.083{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901f1625ae2219952021-12-20 15:56:35.083root 11241100x8000000000000000763223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c71ac55d951e2382021-12-20 15:56:35.424root 11241100x8000000000000000763224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdb28e63c6118042021-12-20 15:56:35.424root 11241100x8000000000000000763225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2693b0f45c000c02021-12-20 15:56:35.424root 11241100x8000000000000000763226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf45a50b6614df202021-12-20 15:56:35.424root 11241100x8000000000000000763227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77256859d874724a2021-12-20 15:56:35.424root 11241100x8000000000000000763228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0808fd916c7a99782021-12-20 15:56:35.924root 11241100x8000000000000000763229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733490a78b0727212021-12-20 15:56:35.924root 11241100x8000000000000000763230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c747388ae1a2998f2021-12-20 15:56:35.924root 11241100x8000000000000000763231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9f9e70fe913f6f2021-12-20 15:56:35.924root 11241100x8000000000000000763232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b446c48880d13e62021-12-20 15:56:35.924root 11241100x8000000000000000763233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:56:36.068root 534500x8000000000000000763234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.331{00000000-0000-0000-0000-000000000000}10212<unknown process>ubuntu 11241100x8000000000000000763235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.332{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077dcecff2afee722021-12-20 15:56:36.332root 11241100x8000000000000000763236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.332{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9982bfaee869a2782021-12-20 15:56:36.332root 11241100x8000000000000000763237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.332{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a417d8162418252021-12-20 15:56:36.332root 11241100x8000000000000000763238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.332{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcee088c93583f0c2021-12-20 15:56:36.332root 534500x8000000000000000763239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.333{ec2c97d1-67ad-61c0-c8ca-1059e4550000}10213-ubuntu 11241100x8000000000000000763240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.332{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e312312aeadc7772021-12-20 15:56:36.332root 11241100x8000000000000000763241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.334{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d788b46829bb3022021-12-20 15:56:36.334root 11241100x8000000000000000763242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.334{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a25d23b01df58ea2021-12-20 15:56:36.334root 11241100x8000000000000000763243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab52f01bd82ba7472021-12-20 15:56:36.674root 11241100x8000000000000000763244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d229426f559ad502021-12-20 15:56:36.674root 11241100x8000000000000000763245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89824ee3c0a4e0d92021-12-20 15:56:36.674root 11241100x8000000000000000763246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a1484b1c0ea7592021-12-20 15:56:36.674root 11241100x8000000000000000763247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b96dca8bd771afb2021-12-20 15:56:36.674root 11241100x8000000000000000763248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f92bb925ba4594d2021-12-20 15:56:36.674root 11241100x8000000000000000763249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cf7ced033197002021-12-20 15:56:36.674root 11241100x8000000000000000763250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:36.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9aceaa23f73f932021-12-20 15:56:36.674root 11241100x8000000000000000763251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529c45f393badeda2021-12-20 15:56:37.174root 11241100x8000000000000000763252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f80154d82f5b2442021-12-20 15:56:37.174root 11241100x8000000000000000763253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5837a0fa8162452021-12-20 15:56:37.174root 11241100x8000000000000000763254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd33ddf34c80e582021-12-20 15:56:37.174root 11241100x8000000000000000763255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419980c185f71cb42021-12-20 15:56:37.174root 11241100x8000000000000000763256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57da64d7f76f7a52021-12-20 15:56:37.174root 11241100x8000000000000000763257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52bd7f5708164542021-12-20 15:56:37.175root 11241100x8000000000000000763258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527a007f43c50cf92021-12-20 15:56:37.175root 11241100x8000000000000000763259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc3729d18e292762021-12-20 15:56:37.674root 11241100x8000000000000000763260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02dac278ad6c192021-12-20 15:56:37.674root 11241100x8000000000000000763261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4871368842c9b3ad2021-12-20 15:56:37.674root 11241100x8000000000000000763262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8b8cb6fcf6b7892021-12-20 15:56:37.674root 11241100x8000000000000000763263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c9314656855ea82021-12-20 15:56:37.674root 11241100x8000000000000000763264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e5fe55992f76112021-12-20 15:56:37.674root 11241100x8000000000000000763265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4aad4cc1bcf4ad2021-12-20 15:56:37.674root 11241100x8000000000000000763266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:37.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f277dbddd975312c2021-12-20 15:56:37.675root 11241100x8000000000000000763267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f795814e98d0fe052021-12-20 15:56:38.174root 11241100x8000000000000000763268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05677a9153f9365d2021-12-20 15:56:38.174root 11241100x8000000000000000763269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9faafc1b072540a2021-12-20 15:56:38.174root 11241100x8000000000000000763270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e651c6ef7cabd3e2021-12-20 15:56:38.175root 11241100x8000000000000000763271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bb78e23a0ac9a12021-12-20 15:56:38.175root 11241100x8000000000000000763272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961244ea90f9ff352021-12-20 15:56:38.175root 11241100x8000000000000000763273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba924fed71685552021-12-20 15:56:38.175root 11241100x8000000000000000763274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f532855a7f8f1b22021-12-20 15:56:38.176root 534500x8000000000000000763275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.402{00000000-0000-0000-0000-000000000000}10214<unknown process>ubuntu 534500x8000000000000000763276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.403{ec2c97d1-67ad-61c0-c8ca-1059e4550000}10215-ubuntu 11241100x8000000000000000763277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c948d065730c50c72021-12-20 15:56:38.674root 11241100x8000000000000000763278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a86a90d924190242021-12-20 15:56:38.674root 11241100x8000000000000000763279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c3ce356481ba9e2021-12-20 15:56:38.674root 11241100x8000000000000000763280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e153ced74e17b02021-12-20 15:56:38.675root 11241100x8000000000000000763281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2812ab81b839c02021-12-20 15:56:38.675root 11241100x8000000000000000763282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4af456245387122021-12-20 15:56:38.675root 11241100x8000000000000000763283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89914dfc4e20a7e12021-12-20 15:56:38.675root 11241100x8000000000000000763284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ee2822d1d9260e2021-12-20 15:56:38.675root 11241100x8000000000000000763285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8cadf89d4ff1412021-12-20 15:56:38.676root 11241100x8000000000000000763286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614c5533e7cc88a32021-12-20 15:56:38.676root 23542300x8000000000000000763287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.070{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000763288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165e7db3c05a58002021-12-20 15:56:39.071root 11241100x8000000000000000763289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c203ea3c9a01b1d2021-12-20 15:56:39.071root 11241100x8000000000000000763290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de20d1442f6080102021-12-20 15:56:39.071root 11241100x8000000000000000763291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992c408da294df532021-12-20 15:56:39.071root 11241100x8000000000000000763292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0478f2c363a4c072021-12-20 15:56:39.072root 11241100x8000000000000000763293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f20cc50ec0cb9e02021-12-20 15:56:39.072root 11241100x8000000000000000763294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc8658fc352421e2021-12-20 15:56:39.072root 11241100x8000000000000000763295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e910af2991b0b81c2021-12-20 15:56:39.072root 11241100x8000000000000000763296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ad1013e4d129ae2021-12-20 15:56:39.073root 11241100x8000000000000000763297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d921e9047837a7482021-12-20 15:56:39.073root 11241100x8000000000000000763298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e84ca7454400982021-12-20 15:56:39.073root 534500x8000000000000000763299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.330{00000000-0000-0000-0000-000000000000}10216<unknown process>ubuntu 11241100x8000000000000000763300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.331{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170867def6340cc52021-12-20 15:56:39.331root 11241100x8000000000000000763301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.331{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7723793ed4e57832021-12-20 15:56:39.331root 534500x8000000000000000763302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.332{00000000-0000-0000-0000-000000000000}10217<unknown process>ubuntu 11241100x8000000000000000763303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.333{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2870bbcb2d614d82021-12-20 15:56:39.333root 11241100x8000000000000000763304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.333{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee3d35f3e2185a52021-12-20 15:56:39.333root 11241100x8000000000000000763305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.333{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880a2f8b4c4529632021-12-20 15:56:39.333root 11241100x8000000000000000763306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.333{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd62f41f75813702021-12-20 15:56:39.333root 11241100x8000000000000000763307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.333{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd723928af9a91fc2021-12-20 15:56:39.333root 11241100x8000000000000000763308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.333{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c892d63d4f2a532021-12-20 15:56:39.333root 11241100x8000000000000000763309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.333{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcd7b01bf10a83e2021-12-20 15:56:39.333root 11241100x8000000000000000763310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.333{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fb1a791cbb65d02021-12-20 15:56:39.333root 11241100x8000000000000000763311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.334{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bbf850b08f79d72021-12-20 15:56:39.334root 11241100x8000000000000000763312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.334{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3df6e7cd19ff4d2021-12-20 15:56:39.334root 11241100x8000000000000000763313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.334{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e133d812a351f8ce2021-12-20 15:56:39.334root 11241100x8000000000000000763314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcecd93aedb42e862021-12-20 15:56:39.674root 11241100x8000000000000000763315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d15f5bd8605db582021-12-20 15:56:39.674root 11241100x8000000000000000763316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1296a50de6835842021-12-20 15:56:39.674root 11241100x8000000000000000763317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c282a1a66d3ef12021-12-20 15:56:39.674root 11241100x8000000000000000763318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b2833d9ceedb1e2021-12-20 15:56:39.675root 11241100x8000000000000000763319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f225ef799d4fcdad2021-12-20 15:56:39.675root 11241100x8000000000000000763320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a02b9515522a7d2021-12-20 15:56:39.675root 11241100x8000000000000000763321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4292c31901627c2021-12-20 15:56:39.675root 11241100x8000000000000000763322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c04e1999a5d8932021-12-20 15:56:39.675root 11241100x8000000000000000763323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eff5d8ca0adac662021-12-20 15:56:39.675root 11241100x8000000000000000763324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2efc430a3e83682021-12-20 15:56:39.675root 11241100x8000000000000000763325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31e01f1ddf8247c2021-12-20 15:56:39.675root 11241100x8000000000000000763326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:39.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dea5f502b958c592021-12-20 15:56:39.675root 534500x8000000000000000763327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.010{00000000-0000-0000-0000-000000000000}10218<unknown process>ubuntu 11241100x8000000000000000763328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.010{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67a293f3a06f82b2021-12-20 15:56:40.010root 11241100x8000000000000000763329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.010{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a3213c23b5b67d2021-12-20 15:56:40.010root 11241100x8000000000000000763330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.011{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e280616ae6ae1e2021-12-20 15:56:40.011root 11241100x8000000000000000763331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.011{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9559c478aa9a3e572021-12-20 15:56:40.011root 11241100x8000000000000000763332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.011{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bd283819e79fcd2021-12-20 15:56:40.011root 11241100x8000000000000000763333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.011{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55b1a82f597156c2021-12-20 15:56:40.011root 11241100x8000000000000000763334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.011{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3317fd8c81155f2021-12-20 15:56:40.011root 11241100x8000000000000000763335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.011{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707f74909ff52f412021-12-20 15:56:40.011root 11241100x8000000000000000763336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.011{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75714915640f105e2021-12-20 15:56:40.011root 534500x8000000000000000763337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.012{ec2c97d1-a7b8-61c0-0000-000000000000}10219-ubuntu 11241100x8000000000000000763338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.012{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f152dd23f3413c2021-12-20 15:56:40.012root 11241100x8000000000000000763339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.012{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1c46f54d7628762021-12-20 15:56:40.012root 11241100x8000000000000000763340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.012{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2429faf4b01cc52021-12-20 15:56:40.012root 11241100x8000000000000000763341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.012{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b4c942ffd469652021-12-20 15:56:40.012root 11241100x8000000000000000763342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.012{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3085e879e445329d2021-12-20 15:56:40.012root 354300x8000000000000000763343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.116{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51406-false10.0.1.12-8000- 11241100x8000000000000000763344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f557b2a69e532a92021-12-20 15:56:40.424root 11241100x8000000000000000763345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315957842a54a1462021-12-20 15:56:40.424root 11241100x8000000000000000763346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997ca50c7dd6a7c62021-12-20 15:56:40.424root 11241100x8000000000000000763347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df0393b124dc7722021-12-20 15:56:40.424root 11241100x8000000000000000763348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041fe832374640e92021-12-20 15:56:40.425root 11241100x8000000000000000763349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31e68c3dc66ada22021-12-20 15:56:40.426root 11241100x8000000000000000763350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4ba7f646cf9d372021-12-20 15:56:40.426root 11241100x8000000000000000763351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9da92fc21d83472021-12-20 15:56:40.426root 11241100x8000000000000000763352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8a4eb6735f6a4a2021-12-20 15:56:40.426root 11241100x8000000000000000763353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e09358a023c2c22021-12-20 15:56:40.426root 11241100x8000000000000000763354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfe654731695ba62021-12-20 15:56:40.426root 11241100x8000000000000000763355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9d1857b5d1fa0b2021-12-20 15:56:40.426root 11241100x8000000000000000763356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8fbaba0db7106a2021-12-20 15:56:40.426root 11241100x8000000000000000763357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d6cc1cfb29b0812021-12-20 15:56:40.426root 11241100x8000000000000000763358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5145486ddb8eb312021-12-20 15:56:40.426root 11241100x8000000000000000763359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4471c49ba183ab52021-12-20 15:56:40.426root 11241100x8000000000000000763360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9818d2fd338961562021-12-20 15:56:40.924root 11241100x8000000000000000763361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2d10632ece12fc2021-12-20 15:56:40.924root 11241100x8000000000000000763362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c332c44e75fb9912021-12-20 15:56:40.924root 11241100x8000000000000000763363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ddcd6dbda175c62021-12-20 15:56:40.924root 11241100x8000000000000000763364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad36a4501ccee812021-12-20 15:56:40.925root 11241100x8000000000000000763365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad2f6d23341eb882021-12-20 15:56:40.925root 11241100x8000000000000000763366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb6985144ee6d232021-12-20 15:56:40.925root 11241100x8000000000000000763367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f000feeabb1927772021-12-20 15:56:40.925root 11241100x8000000000000000763368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e26ce802173cbb52021-12-20 15:56:40.925root 11241100x8000000000000000763369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc7095bcac3b7602021-12-20 15:56:40.925root 11241100x8000000000000000763370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d514f7c20e8fafa2021-12-20 15:56:40.925root 11241100x8000000000000000763371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1880aa023b33028e2021-12-20 15:56:40.925root 11241100x8000000000000000763372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0aab31e0a93e1202021-12-20 15:56:40.925root 11241100x8000000000000000763373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747272650a8b5fae2021-12-20 15:56:40.925root 11241100x8000000000000000763374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bda73609975da72021-12-20 15:56:40.925root 11241100x8000000000000000763375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7530d2546547e7672021-12-20 15:56:40.925root 11241100x8000000000000000763376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac5aa0c9abad0822021-12-20 15:56:41.424root 11241100x8000000000000000763377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01f6916367468592021-12-20 15:56:41.424root 11241100x8000000000000000763378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1582ca47c8dcc22021-12-20 15:56:41.424root 11241100x8000000000000000763379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3632a292d81331a92021-12-20 15:56:41.424root 11241100x8000000000000000763380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1827a0fd35e391652021-12-20 15:56:41.425root 11241100x8000000000000000763381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfa2bd28daca8902021-12-20 15:56:41.425root 11241100x8000000000000000763382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b4db4a3a22a7882021-12-20 15:56:41.425root 11241100x8000000000000000763383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84da6de428c5de002021-12-20 15:56:41.425root 11241100x8000000000000000763384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd90980f0c89e91f2021-12-20 15:56:41.425root 11241100x8000000000000000763385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ede821a0585b0862021-12-20 15:56:41.425root 11241100x8000000000000000763386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4688b34c7901a9b22021-12-20 15:56:41.425root 11241100x8000000000000000763387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d81195aba8aaff62021-12-20 15:56:41.425root 11241100x8000000000000000763388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab1edbe38956e242021-12-20 15:56:41.425root 11241100x8000000000000000763389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26872f202f48a3c72021-12-20 15:56:41.425root 11241100x8000000000000000763390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d270a389719fcb232021-12-20 15:56:41.425root 11241100x8000000000000000763391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f1347d9e5999e12021-12-20 15:56:41.426root 11241100x8000000000000000763392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92621617455c89e22021-12-20 15:56:41.924root 11241100x8000000000000000763393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d83140023b3e522021-12-20 15:56:41.924root 11241100x8000000000000000763394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6526f95ad098e0ae2021-12-20 15:56:41.924root 11241100x8000000000000000763395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d81505ca15a97d2021-12-20 15:56:41.924root 11241100x8000000000000000763396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbbf21678bbb4e02021-12-20 15:56:41.924root 11241100x8000000000000000763397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5c461f78335d362021-12-20 15:56:41.924root 11241100x8000000000000000763398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9a5cc55eaa940f2021-12-20 15:56:41.924root 11241100x8000000000000000763399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f2ceff5478f56e2021-12-20 15:56:41.924root 11241100x8000000000000000763400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7100565a43e41132021-12-20 15:56:41.924root 11241100x8000000000000000763401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e13763c632730c52021-12-20 15:56:41.925root 11241100x8000000000000000763402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859fc5ec9d786bc42021-12-20 15:56:41.925root 11241100x8000000000000000763403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6862e3fb7af22a932021-12-20 15:56:41.925root 11241100x8000000000000000763404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a5223ec56b7a622021-12-20 15:56:41.925root 11241100x8000000000000000763405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa72320158bc199b2021-12-20 15:56:41.925root 11241100x8000000000000000763406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784f507a7f57c0352021-12-20 15:56:41.925root 11241100x8000000000000000763407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af6627d9ed5e98b2021-12-20 15:56:41.925root 11241100x8000000000000000763408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91280006c91ef42b2021-12-20 15:56:42.424root 11241100x8000000000000000763409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a098bee56725ba0b2021-12-20 15:56:42.424root 11241100x8000000000000000763410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de998fd3cec23c502021-12-20 15:56:42.424root 11241100x8000000000000000763411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0a0cb1d7dc73652021-12-20 15:56:42.424root 11241100x8000000000000000763412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c42e5af6d36f242021-12-20 15:56:42.425root 11241100x8000000000000000763413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea8e836cbbf2fa92021-12-20 15:56:42.425root 11241100x8000000000000000763414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed705c6325167bc72021-12-20 15:56:42.425root 11241100x8000000000000000763415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dd6500b27bd1ef2021-12-20 15:56:42.425root 11241100x8000000000000000763416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5b39799a5997942021-12-20 15:56:42.425root 11241100x8000000000000000763417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb6ef2a099d09a02021-12-20 15:56:42.425root 11241100x8000000000000000763418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b2d27cb3010ba02021-12-20 15:56:42.425root 11241100x8000000000000000763419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4874eeee6bfeef682021-12-20 15:56:42.425root 11241100x8000000000000000763420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7856f2692e0958bc2021-12-20 15:56:42.425root 11241100x8000000000000000763421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bb2d33c27ee8bf2021-12-20 15:56:42.426root 11241100x8000000000000000763422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a112b22063e6da2021-12-20 15:56:42.426root 11241100x8000000000000000763423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fa3b3d326ebaeb2021-12-20 15:56:42.426root 11241100x8000000000000000763424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0980965ec07a13e92021-12-20 15:56:42.924root 11241100x8000000000000000763425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c319e6accbdd62a52021-12-20 15:56:42.924root 11241100x8000000000000000763426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f4982e392cd7042021-12-20 15:56:42.924root 11241100x8000000000000000763427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f85e26190e50802021-12-20 15:56:42.924root 11241100x8000000000000000763428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017280ad2160ce912021-12-20 15:56:42.925root 11241100x8000000000000000763429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86c93726517d5012021-12-20 15:56:42.925root 11241100x8000000000000000763430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6932c739ffb416e72021-12-20 15:56:42.925root 11241100x8000000000000000763431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44b2075b9ad638a2021-12-20 15:56:42.925root 11241100x8000000000000000763432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c147836579b7822021-12-20 15:56:42.925root 11241100x8000000000000000763433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bdfba2c324972c2021-12-20 15:56:42.925root 11241100x8000000000000000763434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83401b763d6f43062021-12-20 15:56:42.925root 11241100x8000000000000000763435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb2f45f099c6d402021-12-20 15:56:42.925root 11241100x8000000000000000763436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dea6a87c0534b592021-12-20 15:56:42.925root 11241100x8000000000000000763437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6438a05ed176d90f2021-12-20 15:56:42.925root 11241100x8000000000000000763438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2393622145bed8012021-12-20 15:56:42.926root 11241100x8000000000000000763439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f2905d79c761d62021-12-20 15:56:42.926root 11241100x8000000000000000763440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db65355e31ba7dc2021-12-20 15:56:43.424root 11241100x8000000000000000763441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe387680c4cd19772021-12-20 15:56:43.424root 11241100x8000000000000000763442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245eecc8a9a2da182021-12-20 15:56:43.424root 11241100x8000000000000000763443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0f2bf4b7bf2de12021-12-20 15:56:43.425root 11241100x8000000000000000763444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40b1554955dbebe2021-12-20 15:56:43.425root 11241100x8000000000000000763445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436c6b8b155b46ad2021-12-20 15:56:43.425root 11241100x8000000000000000763446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161aa0effb127c302021-12-20 15:56:43.425root 11241100x8000000000000000763447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46048ece8c1684a92021-12-20 15:56:43.425root 11241100x8000000000000000763448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9010346c34b03a9f2021-12-20 15:56:43.425root 11241100x8000000000000000763449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35636c0c70d398092021-12-20 15:56:43.425root 11241100x8000000000000000763450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8d8a4e0b091ab42021-12-20 15:56:43.425root 11241100x8000000000000000763451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8830e3402f5660ac2021-12-20 15:56:43.426root 11241100x8000000000000000763452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9bf946e1b830c72021-12-20 15:56:43.426root 11241100x8000000000000000763453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98655e8ec584e70e2021-12-20 15:56:43.426root 11241100x8000000000000000763454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466acca67fa77f932021-12-20 15:56:43.426root 11241100x8000000000000000763455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55dea83a13760f52021-12-20 15:56:43.426root 11241100x8000000000000000763456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600ca29ba38885af2021-12-20 15:56:43.924root 11241100x8000000000000000763457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b87d35fc665bdbe2021-12-20 15:56:43.924root 11241100x8000000000000000763458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85493625a9e99282021-12-20 15:56:43.924root 11241100x8000000000000000763459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c107d08940d899382021-12-20 15:56:43.925root 11241100x8000000000000000763460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3490ef6cec1517002021-12-20 15:56:43.925root 11241100x8000000000000000763461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8860262214e664af2021-12-20 15:56:43.925root 11241100x8000000000000000763462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1407e6335a52b7a2021-12-20 15:56:43.925root 11241100x8000000000000000763463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f22d0a1cd29c802021-12-20 15:56:43.925root 11241100x8000000000000000763464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea21406db3af6bc02021-12-20 15:56:43.925root 11241100x8000000000000000763465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0333dfcf85d5176a2021-12-20 15:56:43.925root 11241100x8000000000000000763466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d4c092683cba542021-12-20 15:56:43.925root 11241100x8000000000000000763467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4279b6766219e2802021-12-20 15:56:43.925root 11241100x8000000000000000763468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d5063d0b6f657b2021-12-20 15:56:43.925root 11241100x8000000000000000763469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff478741fc2533b92021-12-20 15:56:43.925root 11241100x8000000000000000763470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6dc41116272f8ad2021-12-20 15:56:43.926root 11241100x8000000000000000763471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a082b70f0a270c1d2021-12-20 15:56:43.926root 11241100x8000000000000000763472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ac8abce700ce892021-12-20 15:56:44.424root 11241100x8000000000000000763473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c4f08591d640172021-12-20 15:56:44.424root 11241100x8000000000000000763474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b75d5318400cc302021-12-20 15:56:44.424root 11241100x8000000000000000763475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1af1b06f6c86292021-12-20 15:56:44.424root 11241100x8000000000000000763476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09400d4bc513f142021-12-20 15:56:44.424root 11241100x8000000000000000763477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f051826beec77f2021-12-20 15:56:44.424root 11241100x8000000000000000763478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5ed94c232e51cc2021-12-20 15:56:44.424root 11241100x8000000000000000763479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6b2a3941e204ed2021-12-20 15:56:44.425root 11241100x8000000000000000763480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aea0c91f9bf78d12021-12-20 15:56:44.425root 11241100x8000000000000000763481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bbd67c469864902021-12-20 15:56:44.425root 11241100x8000000000000000763482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fd4fe795a6eccf2021-12-20 15:56:44.425root 11241100x8000000000000000763483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54e112062082f142021-12-20 15:56:44.425root 11241100x8000000000000000763484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fae7578d06bf342021-12-20 15:56:44.425root 11241100x8000000000000000763485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc8935f5148d0802021-12-20 15:56:44.425root 11241100x8000000000000000763486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375d7135fd7f5b172021-12-20 15:56:44.425root 11241100x8000000000000000763487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af8df17b4072f0e2021-12-20 15:56:44.425root 154100x8000000000000000763488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.878{ec2c97d1-a7bc-61c0-e8d6-036025560000}10220/bin/ls-----ls --color=auto -l /etc/rc.local/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 11241100x8000000000000000763489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.879{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5716a30b6fad8902021-12-20 15:56:44.879root 11241100x8000000000000000763490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.880{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2068254664df42662021-12-20 15:56:44.880root 11241100x8000000000000000763491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.880{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5851f0bc30ac103c2021-12-20 15:56:44.880root 11241100x8000000000000000763492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.880{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2963ca86aa85fda12021-12-20 15:56:44.880root 11241100x8000000000000000763493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.880{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db084ee2b26ead142021-12-20 15:56:44.880root 11241100x8000000000000000763494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.880{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0618c1ea361397d2021-12-20 15:56:44.880root 11241100x8000000000000000763495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.880{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5edae61bb81a9752021-12-20 15:56:44.880root 11241100x8000000000000000763496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.880{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435006e2b548dd9e2021-12-20 15:56:44.880root 11241100x8000000000000000763497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.881{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbcfd81cbfc28652021-12-20 15:56:44.881root 11241100x8000000000000000763498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.881{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a4647f8e9356ed2021-12-20 15:56:44.881root 534500x8000000000000000763499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.881{ec2c97d1-a7bc-61c0-e8d6-036025560000}10220/bin/lsubuntu 11241100x8000000000000000763500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.881{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b33993ec0bf3ea12021-12-20 15:56:44.881root 11241100x8000000000000000763501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.881{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1fdfc476422b9d2021-12-20 15:56:44.881root 11241100x8000000000000000763502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.881{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f918c2787d447c6c2021-12-20 15:56:44.881root 11241100x8000000000000000763503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.881{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0a7fb09a4e1f8d2021-12-20 15:56:44.881root 11241100x8000000000000000763504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.881{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f263de9eea6862ca2021-12-20 15:56:44.881root 11241100x8000000000000000763505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.882{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2692adab2e4e582021-12-20 15:56:44.882root 11241100x8000000000000000763506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.882{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337c9660c06fcb0a2021-12-20 15:56:44.882root 11241100x8000000000000000763507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.882{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3680da4495e7732021-12-20 15:56:44.882root 11241100x8000000000000000763508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.882{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad423808ea784e852021-12-20 15:56:44.882root 11241100x8000000000000000763509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.882{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e8e2b1f8df55722021-12-20 15:56:44.882root 11241100x8000000000000000763510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.882{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a48f84e7243010a2021-12-20 15:56:44.882root 11241100x8000000000000000763511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.882{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd285761e2742942021-12-20 15:56:44.882root 11241100x8000000000000000763512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.882{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8a8693b141f7152021-12-20 15:56:44.882root 11241100x8000000000000000763513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.882{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0c5af76910cd802021-12-20 15:56:44.882root 11241100x8000000000000000763514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.882{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f9432064b8ce1f2021-12-20 15:56:44.882root 11241100x8000000000000000763515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.884{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2c53c6329baf8b2021-12-20 15:56:44.884root 11241100x8000000000000000763516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.884{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01d40127e9ff85a2021-12-20 15:56:44.884root 11241100x8000000000000000763517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.885{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2c2ddd957e58a62021-12-20 15:56:44.885root 11241100x8000000000000000763518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.885{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de17f8d3c2372de42021-12-20 15:56:44.885root 11241100x8000000000000000763519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.885{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72892ef5d7fa647e2021-12-20 15:56:44.885root 11241100x8000000000000000763520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.885{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aa007aac8d15692021-12-20 15:56:44.885root 11241100x8000000000000000763521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.885{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f3007d2132c9d72021-12-20 15:56:44.885root 11241100x8000000000000000763522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.885{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19303f3752a031332021-12-20 15:56:44.885root 11241100x8000000000000000763523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.886{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97c24de576426e52021-12-20 15:56:44.886root 11241100x8000000000000000763524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.886{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7caf10a4f1a3282021-12-20 15:56:44.886root 11241100x8000000000000000763525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.886{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b463fc361cdced5a2021-12-20 15:56:44.886root 11241100x8000000000000000763526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.886{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7188ed3a832437632021-12-20 15:56:44.886root 11241100x8000000000000000763527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.886{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc5456cd74fe2672021-12-20 15:56:44.886root 11241100x8000000000000000763528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.886{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b2dce461334e182021-12-20 15:56:44.886root 11241100x8000000000000000763529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.887{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c008a7fd65cbe252021-12-20 15:56:44.887root 11241100x8000000000000000763530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.887{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4674341432c1d7e2021-12-20 15:56:44.887root 11241100x8000000000000000763531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.887{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d429c19468998a12021-12-20 15:56:44.887root 11241100x8000000000000000763532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.887{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cfa655a703bcf82021-12-20 15:56:44.887root 11241100x8000000000000000763533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.888{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c230b725d26bd9a2021-12-20 15:56:44.888root 11241100x8000000000000000763534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.888{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f600b7cbaa002562021-12-20 15:56:44.888root 11241100x8000000000000000763535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.888{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d87517ca23042e62021-12-20 15:56:44.888root 11241100x8000000000000000763536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:44.888{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbd7d8a8faa528b2021-12-20 15:56:44.888root 11241100x8000000000000000763537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9034ba0dce5256052021-12-20 15:56:45.174root 11241100x8000000000000000763538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17e239bf7e944322021-12-20 15:56:45.174root 11241100x8000000000000000763539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11acc5ffb24f58e02021-12-20 15:56:45.174root 11241100x8000000000000000763540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbd24476afbfd552021-12-20 15:56:45.174root 11241100x8000000000000000763541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20faab6060c65ae42021-12-20 15:56:45.174root 11241100x8000000000000000763542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b21b199757744882021-12-20 15:56:45.175root 11241100x8000000000000000763543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8077d367fedfb782021-12-20 15:56:45.175root 11241100x8000000000000000763544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a09a2338acf0ec62021-12-20 15:56:45.175root 11241100x8000000000000000763545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3380e26a0db7b2ba2021-12-20 15:56:45.175root 11241100x8000000000000000763546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58e59842ce76f9a2021-12-20 15:56:45.175root 11241100x8000000000000000763547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78485adf87fe3c992021-12-20 15:56:45.175root 11241100x8000000000000000763548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799c7b7510c7e822021-12-20 15:56:45.175root 11241100x8000000000000000763549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96276cf4a3f9f6222021-12-20 15:56:45.175root 11241100x8000000000000000763550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce817c49e252643f2021-12-20 15:56:45.175root 11241100x8000000000000000763551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07d4168f466e6cf2021-12-20 15:56:45.176root 11241100x8000000000000000763552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bb2e2d7444a71d2021-12-20 15:56:45.176root 11241100x8000000000000000763553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49684ca9db4519d32021-12-20 15:56:45.176root 11241100x8000000000000000763554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3faf2288c2e158e2021-12-20 15:56:45.176root 11241100x8000000000000000763555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ee8109264adcad2021-12-20 15:56:45.674root 11241100x8000000000000000763556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9e277003f101f52021-12-20 15:56:45.674root 11241100x8000000000000000763557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18ab68834ea31f42021-12-20 15:56:45.674root 11241100x8000000000000000763558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712fa786cc389ca92021-12-20 15:56:45.674root 11241100x8000000000000000763559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5306015a0176e5d2021-12-20 15:56:45.675root 11241100x8000000000000000763560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d123f9e7c73f0762021-12-20 15:56:45.675root 11241100x8000000000000000763561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b26b88c08e416f2021-12-20 15:56:45.675root 11241100x8000000000000000763562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afc5d08a9b736022021-12-20 15:56:45.675root 11241100x8000000000000000763563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1463571939ad09622021-12-20 15:56:45.675root 11241100x8000000000000000763564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5787636bd0015e832021-12-20 15:56:45.675root 11241100x8000000000000000763565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c98847f7f137042021-12-20 15:56:45.675root 11241100x8000000000000000763566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a75da6be2da90c2021-12-20 15:56:45.675root 11241100x8000000000000000763567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495dfab7facafc432021-12-20 15:56:45.675root 11241100x8000000000000000763568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d56c57af93861b2021-12-20 15:56:45.675root 11241100x8000000000000000763569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d1ee5a922461f32021-12-20 15:56:45.676root 11241100x8000000000000000763570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea7a521feddd1b42021-12-20 15:56:45.676root 11241100x8000000000000000763571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3a50b5ef6bd3e02021-12-20 15:56:45.676root 11241100x8000000000000000763572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e586f01a32f4942021-12-20 15:56:45.676root 354300x8000000000000000763573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.075{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51408-false10.0.1.12-8000- 11241100x8000000000000000763574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a8de21f6bb09842021-12-20 15:56:46.076root 11241100x8000000000000000763575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9fdf73a0c016db2021-12-20 15:56:46.076root 11241100x8000000000000000763576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ffb79443209f462021-12-20 15:56:46.076root 11241100x8000000000000000763577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c02f4b3ad02a922021-12-20 15:56:46.076root 11241100x8000000000000000763578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f4664518119d692021-12-20 15:56:46.076root 11241100x8000000000000000763579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4e7f3806cf66f72021-12-20 15:56:46.076root 11241100x8000000000000000763580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4544e3e15e6ca2872021-12-20 15:56:46.076root 11241100x8000000000000000763581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba372d012455c6522021-12-20 15:56:46.076root 11241100x8000000000000000763582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4af576dea9f6292021-12-20 15:56:46.076root 11241100x8000000000000000763583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1d964f53b16d6b2021-12-20 15:56:46.077root 11241100x8000000000000000763584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b7789c3a64b89d2021-12-20 15:56:46.077root 11241100x8000000000000000763585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6631664fe050119c2021-12-20 15:56:46.077root 11241100x8000000000000000763586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759966b284ba41c32021-12-20 15:56:46.077root 11241100x8000000000000000763587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd173c064db3b0882021-12-20 15:56:46.077root 11241100x8000000000000000763588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861d5847d6c7ad9c2021-12-20 15:56:46.077root 11241100x8000000000000000763589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7939822fd321f312021-12-20 15:56:46.077root 11241100x8000000000000000763590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c640b4ec567ef5a92021-12-20 15:56:46.077root 11241100x8000000000000000763591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9fee0f02d5cb002021-12-20 15:56:46.077root 11241100x8000000000000000763592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4967bca36a31a42021-12-20 15:56:46.077root 11241100x8000000000000000763593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a50d1950e36bdb72021-12-20 15:56:46.077root 11241100x8000000000000000763594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.077{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c386e7cb556f834b2021-12-20 15:56:46.077root 11241100x8000000000000000763595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09392e2c570c4ad82021-12-20 15:56:46.424root 11241100x8000000000000000763596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629ad18e852010832021-12-20 15:56:46.424root 11241100x8000000000000000763597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f4d59dc7c26f842021-12-20 15:56:46.424root 11241100x8000000000000000763598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e567a54ff92fe902021-12-20 15:56:46.424root 11241100x8000000000000000763599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed5bb7b3680a1bd2021-12-20 15:56:46.425root 11241100x8000000000000000763600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4eae608b1097a92021-12-20 15:56:46.425root 11241100x8000000000000000763601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318f54f36ce1baea2021-12-20 15:56:46.425root 11241100x8000000000000000763602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76deb051208477c2021-12-20 15:56:46.425root 11241100x8000000000000000763603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f1b8c34b3232e42021-12-20 15:56:46.425root 11241100x8000000000000000763604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cff52503346fd9b2021-12-20 15:56:46.425root 11241100x8000000000000000763605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf735b85d395ed42021-12-20 15:56:46.425root 11241100x8000000000000000763606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989e0cf5ea9577652021-12-20 15:56:46.425root 11241100x8000000000000000763607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d274521f791b412021-12-20 15:56:46.425root 11241100x8000000000000000763608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f655d1a32a2fcb662021-12-20 15:56:46.425root 11241100x8000000000000000763609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629029f0c80712e82021-12-20 15:56:46.425root 11241100x8000000000000000763610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31fa857df0a72902021-12-20 15:56:46.426root 11241100x8000000000000000763611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17daaa1d2b501302021-12-20 15:56:46.426root 11241100x8000000000000000763612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bfcf8558b28a462021-12-20 15:56:46.426root 11241100x8000000000000000763613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e410d2748f8a2722021-12-20 15:56:46.426root 11241100x8000000000000000763614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0713a798ebc41a0e2021-12-20 15:56:46.924root 11241100x8000000000000000763615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa882f3a695243b2021-12-20 15:56:46.924root 11241100x8000000000000000763616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61c9c7e584ae54f2021-12-20 15:56:46.924root 11241100x8000000000000000763617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9ba2cd9f145aa02021-12-20 15:56:46.924root 11241100x8000000000000000763618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5d4cd361d176802021-12-20 15:56:46.925root 11241100x8000000000000000763619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44849ad8f1311ef22021-12-20 15:56:46.925root 11241100x8000000000000000763620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31364501b8e2527b2021-12-20 15:56:46.925root 11241100x8000000000000000763621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ff980496e970542021-12-20 15:56:46.925root 11241100x8000000000000000763622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7e73d81804af4c2021-12-20 15:56:46.925root 11241100x8000000000000000763623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46059a528290f0682021-12-20 15:56:46.925root 11241100x8000000000000000763624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45f15689a58952b2021-12-20 15:56:46.925root 11241100x8000000000000000763625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b916a9fe03a632702021-12-20 15:56:46.926root 11241100x8000000000000000763626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926cf410ae7dc1f42021-12-20 15:56:46.926root 11241100x8000000000000000763627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2765cf84eb1110f2021-12-20 15:56:46.926root 11241100x8000000000000000763628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cbcdedde42de392021-12-20 15:56:46.926root 11241100x8000000000000000763629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aba2dede9a1779e2021-12-20 15:56:46.926root 11241100x8000000000000000763630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617b85c4ecc399722021-12-20 15:56:46.926root 11241100x8000000000000000763631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf84ba68a5ecdb82021-12-20 15:56:46.926root 11241100x8000000000000000763632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6301080188649b212021-12-20 15:56:46.926root 11241100x8000000000000000763633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3287f2409cf8fd362021-12-20 15:56:47.424root 11241100x8000000000000000763634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e36c4783dc801d42021-12-20 15:56:47.424root 11241100x8000000000000000763635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315266c08215d9e12021-12-20 15:56:47.424root 11241100x8000000000000000763636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da52b0295de9a8c82021-12-20 15:56:47.424root 11241100x8000000000000000763637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be05dfc90fe143d2021-12-20 15:56:47.424root 11241100x8000000000000000763638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44124b20caef44b22021-12-20 15:56:47.424root 11241100x8000000000000000763639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbcbfef1470371f2021-12-20 15:56:47.424root 11241100x8000000000000000763640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d547d03dfe61b8c92021-12-20 15:56:47.425root 11241100x8000000000000000763641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98b228fd6100d022021-12-20 15:56:47.425root 11241100x8000000000000000763642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2411bf83ffdb4522021-12-20 15:56:47.425root 11241100x8000000000000000763643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347bc4083860b88f2021-12-20 15:56:47.425root 11241100x8000000000000000763644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9106dbb163ddaf892021-12-20 15:56:47.425root 11241100x8000000000000000763645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf08d7fe2c457a62021-12-20 15:56:47.425root 11241100x8000000000000000763646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857e87c70a7d06a92021-12-20 15:56:47.425root 11241100x8000000000000000763647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96f6253aa6448be2021-12-20 15:56:47.425root 11241100x8000000000000000763648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcdda388be09a392021-12-20 15:56:47.425root 11241100x8000000000000000763649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4e55c732c9764f2021-12-20 15:56:47.425root 11241100x8000000000000000763650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c9add538b996962021-12-20 15:56:47.426root 11241100x8000000000000000763651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae53b3b22aba5412021-12-20 15:56:47.426root 11241100x8000000000000000763652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742d281e5328bd452021-12-20 15:56:47.924root 11241100x8000000000000000763653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a070623d0cc38d2021-12-20 15:56:47.924root 11241100x8000000000000000763654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62289e0b37150a2a2021-12-20 15:56:47.925root 11241100x8000000000000000763655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42ff475bc1675da2021-12-20 15:56:47.925root 11241100x8000000000000000763656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783de0ce2f935cf92021-12-20 15:56:47.925root 11241100x8000000000000000763657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddb52b53a598d2f2021-12-20 15:56:47.925root 11241100x8000000000000000763658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504d9e8cc2cfef9a2021-12-20 15:56:47.926root 11241100x8000000000000000763659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c87b68849b8b3f92021-12-20 15:56:47.926root 11241100x8000000000000000763660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97a084ba58ff0fa2021-12-20 15:56:47.926root 11241100x8000000000000000763661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13f5474ef12935e2021-12-20 15:56:47.926root 11241100x8000000000000000763662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4961047d44a2ac522021-12-20 15:56:47.926root 11241100x8000000000000000763663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d398aaf84169c9ef2021-12-20 15:56:47.926root 11241100x8000000000000000763664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5478cc1dcdd9986a2021-12-20 15:56:47.926root 11241100x8000000000000000763665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4623f0e2de9c384f2021-12-20 15:56:47.926root 11241100x8000000000000000763666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae507fc719b0f9732021-12-20 15:56:47.926root 11241100x8000000000000000763667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd01eebadedd1e22021-12-20 15:56:47.926root 11241100x8000000000000000763668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9c940ae50af4482021-12-20 15:56:47.926root 11241100x8000000000000000763669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0a368d67156d6f2021-12-20 15:56:47.927root 11241100x8000000000000000763670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea839f5f0dbf6e2021-12-20 15:56:47.927root 11241100x8000000000000000763671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcc40a4ab0fb01d2021-12-20 15:56:48.424root 11241100x8000000000000000763672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6af5193faf63982021-12-20 15:56:48.424root 11241100x8000000000000000763673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601a894ea64d9a022021-12-20 15:56:48.424root 11241100x8000000000000000763674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357e679c6ad09b882021-12-20 15:56:48.424root 11241100x8000000000000000763675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3175a9c583ae8032021-12-20 15:56:48.424root 11241100x8000000000000000763676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d6198fda79ba9b2021-12-20 15:56:48.424root 11241100x8000000000000000763677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfab06e446ad4ddc2021-12-20 15:56:48.424root 11241100x8000000000000000763678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cb8711e1a172d42021-12-20 15:56:48.425root 11241100x8000000000000000763679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d5a3a8b2ac774d2021-12-20 15:56:48.425root 11241100x8000000000000000763680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4759d5adf139db2021-12-20 15:56:48.425root 11241100x8000000000000000763681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9080356c4f65b882021-12-20 15:56:48.425root 11241100x8000000000000000763682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72917b06c9656d882021-12-20 15:56:48.425root 11241100x8000000000000000763683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088be3509a42de432021-12-20 15:56:48.425root 11241100x8000000000000000763684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aadbe19d29a27b2021-12-20 15:56:48.425root 11241100x8000000000000000763685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0482ffe5205f55a12021-12-20 15:56:48.425root 11241100x8000000000000000763686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b690f4176149d82021-12-20 15:56:48.426root 11241100x8000000000000000763687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b24a6162a2258b62021-12-20 15:56:48.426root 11241100x8000000000000000763688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50c96af2587a6ac2021-12-20 15:56:48.426root 11241100x8000000000000000763689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25ed3edc37f9a052021-12-20 15:56:48.426root 11241100x8000000000000000763690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159b98c0e12d122c2021-12-20 15:56:48.924root 11241100x8000000000000000763691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5382ff3b676e5772021-12-20 15:56:48.924root 11241100x8000000000000000763692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56337cf9994abea22021-12-20 15:56:48.924root 11241100x8000000000000000763693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e769d96b5267c35d2021-12-20 15:56:48.924root 11241100x8000000000000000763694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc2ed37dda005de2021-12-20 15:56:48.924root 11241100x8000000000000000763695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617da8a0bd35f99e2021-12-20 15:56:48.924root 11241100x8000000000000000763696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8af68e8606413672021-12-20 15:56:48.924root 11241100x8000000000000000763697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e334b0f1d7e462e2021-12-20 15:56:48.925root 11241100x8000000000000000763698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ce032a793ede362021-12-20 15:56:48.925root 11241100x8000000000000000763699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc894b85a0d95f72021-12-20 15:56:48.925root 11241100x8000000000000000763700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da01f36753c00012021-12-20 15:56:48.925root 11241100x8000000000000000763701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dccf265886923b2021-12-20 15:56:48.925root 11241100x8000000000000000763702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98defd699d4202a2021-12-20 15:56:48.925root 11241100x8000000000000000763703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782b65c675ca5f8c2021-12-20 15:56:48.925root 11241100x8000000000000000763704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a6cfffa19f8fb52021-12-20 15:56:48.925root 11241100x8000000000000000763705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cd528decf32f172021-12-20 15:56:48.926root 11241100x8000000000000000763706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98780467a93893702021-12-20 15:56:48.926root 11241100x8000000000000000763707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086557ae50408af52021-12-20 15:56:48.926root 11241100x8000000000000000763708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be725f218123442f2021-12-20 15:56:48.926root 11241100x8000000000000000763709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d9352e5ed8fb182021-12-20 15:56:49.424root 11241100x8000000000000000763710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6041e80473c0452021-12-20 15:56:49.424root 11241100x8000000000000000763711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca6f6285d624f842021-12-20 15:56:49.424root 11241100x8000000000000000763712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91061b84b6117d3d2021-12-20 15:56:49.425root 11241100x8000000000000000763713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8a5a42403346082021-12-20 15:56:49.425root 11241100x8000000000000000763714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95683cd7ee051662021-12-20 15:56:49.425root 11241100x8000000000000000763715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868bf5ecab9144142021-12-20 15:56:49.425root 11241100x8000000000000000763716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d47f11ae2ebcf12021-12-20 15:56:49.425root 11241100x8000000000000000763717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b04988636d348f82021-12-20 15:56:49.425root 11241100x8000000000000000763718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6a0895770280aa2021-12-20 15:56:49.425root 11241100x8000000000000000763719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0cc76c65f8e02b2021-12-20 15:56:49.425root 11241100x8000000000000000763720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a8af4af2fdccfa2021-12-20 15:56:49.425root 11241100x8000000000000000763721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ca82bfd3b4738b2021-12-20 15:56:49.425root 11241100x8000000000000000763722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a417ac6954f5472021-12-20 15:56:49.426root 11241100x8000000000000000763723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185d4a88ff4a7ac62021-12-20 15:56:49.426root 11241100x8000000000000000763724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2456f0853f4d21fc2021-12-20 15:56:49.426root 11241100x8000000000000000763725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f868d3d2d4ce8d2021-12-20 15:56:49.426root 11241100x8000000000000000763726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cef5236c64acc002021-12-20 15:56:49.426root 11241100x8000000000000000763727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83826e078540015d2021-12-20 15:56:49.426root 11241100x8000000000000000763728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bfd44dda1d0e822021-12-20 15:56:49.924root 11241100x8000000000000000763729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6adaf454a701fd12021-12-20 15:56:49.924root 11241100x8000000000000000763730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a320bbf70f52579e2021-12-20 15:56:49.924root 11241100x8000000000000000763731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472ba50ca04533282021-12-20 15:56:49.925root 11241100x8000000000000000763732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc5f5eb96c9fc5e2021-12-20 15:56:49.925root 11241100x8000000000000000763733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74f8db9aeed45902021-12-20 15:56:49.925root 11241100x8000000000000000763734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f332688294e66132021-12-20 15:56:49.925root 11241100x8000000000000000763735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c39c4a4cd559722021-12-20 15:56:49.925root 11241100x8000000000000000763736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9da1aeed33b89b2021-12-20 15:56:49.925root 11241100x8000000000000000763737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b164fe232757f72f2021-12-20 15:56:49.925root 11241100x8000000000000000763738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707a21df5a3809f62021-12-20 15:56:49.925root 11241100x8000000000000000763739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907975398e58b1ea2021-12-20 15:56:49.925root 11241100x8000000000000000763740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9677efba56c6b8462021-12-20 15:56:49.925root 11241100x8000000000000000763741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a82d71ab6e04642021-12-20 15:56:49.926root 11241100x8000000000000000763742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f5b14236c760bc2021-12-20 15:56:49.926root 11241100x8000000000000000763743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271cc2f1183a77422021-12-20 15:56:49.926root 11241100x8000000000000000763744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1152e6ed1cb0a26e2021-12-20 15:56:49.926root 11241100x8000000000000000763745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91a1f13fe0c01c62021-12-20 15:56:49.926root 11241100x8000000000000000763746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0936b9cf89f02c2021-12-20 15:56:49.926root 11241100x8000000000000000763747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24f9d1636604fd22021-12-20 15:56:50.424root 11241100x8000000000000000763748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddabc7167c38f7c52021-12-20 15:56:50.424root 11241100x8000000000000000763749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6e3c148c7ba8742021-12-20 15:56:50.424root 11241100x8000000000000000763750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e774b0c9c7b49be82021-12-20 15:56:50.424root 11241100x8000000000000000763751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd9d56e2942b0802021-12-20 15:56:50.424root 11241100x8000000000000000763752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1224bdc3348f96d72021-12-20 15:56:50.424root 11241100x8000000000000000763753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50b57e3fd7bfaaa2021-12-20 15:56:50.425root 11241100x8000000000000000763754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b390d475dd462b02021-12-20 15:56:50.425root 11241100x8000000000000000763755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030e57062dc9c8732021-12-20 15:56:50.425root 11241100x8000000000000000763756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84db6614f47349612021-12-20 15:56:50.425root 11241100x8000000000000000763757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5633769538628d2021-12-20 15:56:50.425root 11241100x8000000000000000763758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45623e3227fe153b2021-12-20 15:56:50.425root 11241100x8000000000000000763759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf4e63672d87fc72021-12-20 15:56:50.425root 11241100x8000000000000000763760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4227433ddfdebaa2021-12-20 15:56:50.425root 11241100x8000000000000000763761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2b6f24ec0ce7642021-12-20 15:56:50.425root 11241100x8000000000000000763762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259f0d613cb097e32021-12-20 15:56:50.425root 11241100x8000000000000000763763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21adaf2b544155e2021-12-20 15:56:50.426root 11241100x8000000000000000763764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac16f7a869be85222021-12-20 15:56:50.426root 11241100x8000000000000000763765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7097bbd5df7a88e2021-12-20 15:56:50.426root 11241100x8000000000000000763766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09d6078a363a5b42021-12-20 15:56:50.924root 11241100x8000000000000000763767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d583d07ca55fe63f2021-12-20 15:56:50.924root 11241100x8000000000000000763768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7905aa61afe70bd72021-12-20 15:56:50.924root 11241100x8000000000000000763769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f82a2c088318de42021-12-20 15:56:50.924root 11241100x8000000000000000763770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1abd54b59b41162021-12-20 15:56:50.924root 11241100x8000000000000000763771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c864e5019b47de42021-12-20 15:56:50.925root 11241100x8000000000000000763772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caee42c954aeaa52021-12-20 15:56:50.925root 11241100x8000000000000000763773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe8048e8f1ad97e2021-12-20 15:56:50.925root 11241100x8000000000000000763774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa442c2192ea2132021-12-20 15:56:50.925root 11241100x8000000000000000763775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba363bc17715ecf52021-12-20 15:56:50.925root 11241100x8000000000000000763776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf3fc4960e5d1e82021-12-20 15:56:50.925root 11241100x8000000000000000763777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0d9335258886632021-12-20 15:56:50.926root 11241100x8000000000000000763778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2efd39851578e32021-12-20 15:56:50.926root 11241100x8000000000000000763779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65af88b9a79a7b702021-12-20 15:56:50.926root 11241100x8000000000000000763780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c7d4de8006a4312021-12-20 15:56:50.926root 11241100x8000000000000000763781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943254c3fb6d7b9b2021-12-20 15:56:50.926root 11241100x8000000000000000763782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02f3ea00c94bb902021-12-20 15:56:50.926root 11241100x8000000000000000763783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67867eebf83fbc82021-12-20 15:56:50.926root 11241100x8000000000000000763784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705823d460034ae92021-12-20 15:56:50.926root 11241100x8000000000000000763785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2f9553dc676bad2021-12-20 15:56:51.424root 11241100x8000000000000000763786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817edea8995f049f2021-12-20 15:56:51.424root 11241100x8000000000000000763787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22649ee44be23aa62021-12-20 15:56:51.424root 11241100x8000000000000000763788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f618fc7addd613192021-12-20 15:56:51.424root 11241100x8000000000000000763789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4203b9ca10ae3b2021-12-20 15:56:51.424root 11241100x8000000000000000763790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceeb985334daf6c12021-12-20 15:56:51.424root 11241100x8000000000000000763791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d44a62fa90941b32021-12-20 15:56:51.425root 11241100x8000000000000000763792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7a7e0721772bf52021-12-20 15:56:51.425root 11241100x8000000000000000763793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09c838c87db33e72021-12-20 15:56:51.425root 11241100x8000000000000000763794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0195b6dba9840afc2021-12-20 15:56:51.425root 11241100x8000000000000000763795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbb19a432dd80b32021-12-20 15:56:51.425root 11241100x8000000000000000763796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2409f26c8732677e2021-12-20 15:56:51.425root 11241100x8000000000000000763797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69321636259c743d2021-12-20 15:56:51.425root 11241100x8000000000000000763798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7be9a7e98d6e2e2021-12-20 15:56:51.425root 11241100x8000000000000000763799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867a991386a72ff72021-12-20 15:56:51.425root 11241100x8000000000000000763800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c488a7fdb876a42021-12-20 15:56:51.425root 11241100x8000000000000000763801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a6d0afef3ea50a2021-12-20 15:56:51.425root 11241100x8000000000000000763802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d067029f43ca5ca72021-12-20 15:56:51.426root 11241100x8000000000000000763803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a7bafcfb5b2ad52021-12-20 15:56:51.426root 11241100x8000000000000000763804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3c85968fb3ca792021-12-20 15:56:51.924root 11241100x8000000000000000763805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7442c8d443da538e2021-12-20 15:56:51.924root 11241100x8000000000000000763806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1685a5b5fc330232021-12-20 15:56:51.924root 11241100x8000000000000000763807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e2fccfde40afc82021-12-20 15:56:51.925root 11241100x8000000000000000763808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220247b1bd9656282021-12-20 15:56:51.925root 11241100x8000000000000000763809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccd2578961fe41a2021-12-20 15:56:51.925root 11241100x8000000000000000763810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f54e2ac8016b9a2021-12-20 15:56:51.925root 11241100x8000000000000000763811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f79a32e16043ba2021-12-20 15:56:51.925root 11241100x8000000000000000763812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0822489e839adc312021-12-20 15:56:51.926root 11241100x8000000000000000763813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9067b40728ccfa262021-12-20 15:56:51.926root 11241100x8000000000000000763814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2dac7af224ff102021-12-20 15:56:51.926root 11241100x8000000000000000763815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a69294ef1548f192021-12-20 15:56:51.926root 11241100x8000000000000000763816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de236de6213de66b2021-12-20 15:56:51.926root 11241100x8000000000000000763817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2418744f3f3b3fd42021-12-20 15:56:51.927root 11241100x8000000000000000763818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9881acbba0e6f3b2021-12-20 15:56:51.927root 11241100x8000000000000000763819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd448c1748c95c92021-12-20 15:56:51.927root 11241100x8000000000000000763820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508b6df74a5ea0f2021-12-20 15:56:51.927root 11241100x8000000000000000763821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27636af9a8024192021-12-20 15:56:51.928root 11241100x8000000000000000763822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0691f2401329305c2021-12-20 15:56:51.928root 354300x8000000000000000763823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.067{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51410-false10.0.1.12-8000- 11241100x8000000000000000763824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bc079d199b19892021-12-20 15:56:52.424root 11241100x8000000000000000763825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1de76cebe1aa552021-12-20 15:56:52.424root 11241100x8000000000000000763826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70135ddbbb4b131b2021-12-20 15:56:52.424root 11241100x8000000000000000763827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b755f942a4ec9c2021-12-20 15:56:52.424root 11241100x8000000000000000763828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d40c669db7b8ece2021-12-20 15:56:52.425root 11241100x8000000000000000763829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d909aec97127202021-12-20 15:56:52.425root 11241100x8000000000000000763830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb3f1830aa422442021-12-20 15:56:52.425root 11241100x8000000000000000763831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f893fce382f6dd3f2021-12-20 15:56:52.425root 11241100x8000000000000000763832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0133c19b50706c912021-12-20 15:56:52.425root 11241100x8000000000000000763833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aaeb4c0f638cf692021-12-20 15:56:52.425root 11241100x8000000000000000763834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f90e3dd9096b34b2021-12-20 15:56:52.425root 11241100x8000000000000000763835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7788d2aec9fa112021-12-20 15:56:52.425root 11241100x8000000000000000763836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5584576a4c516b742021-12-20 15:56:52.425root 11241100x8000000000000000763837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064d8b33dbec3de72021-12-20 15:56:52.425root 11241100x8000000000000000763838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9713a3a1b04187002021-12-20 15:56:52.426root 11241100x8000000000000000763839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30d062e6007a0612021-12-20 15:56:52.426root 11241100x8000000000000000763840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16be15130f45ee492021-12-20 15:56:52.426root 11241100x8000000000000000763841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b18242bf6837b2b2021-12-20 15:56:52.426root 11241100x8000000000000000763842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e127f2483f6c84d2021-12-20 15:56:52.426root 11241100x8000000000000000763843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a8e359698709132021-12-20 15:56:52.426root 11241100x8000000000000000763844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea89e5ae06a0c9d2021-12-20 15:56:52.426root 11241100x8000000000000000763845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb56b619e8583ba2021-12-20 15:56:52.426root 11241100x8000000000000000763846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd139b70c29f47b2021-12-20 15:56:52.924root 11241100x8000000000000000763847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7392b7c12b00f22021-12-20 15:56:52.924root 11241100x8000000000000000763848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bbf1242178ee912021-12-20 15:56:52.925root 11241100x8000000000000000763849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2d08737fd0eaae2021-12-20 15:56:52.925root 11241100x8000000000000000763850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a5ac84c524b62a2021-12-20 15:56:52.925root 11241100x8000000000000000763851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e93e67fc2e7d5252021-12-20 15:56:52.925root 11241100x8000000000000000763852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cf661a0084c4e12021-12-20 15:56:52.925root 11241100x8000000000000000763853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3264f6cdf64cd5d2021-12-20 15:56:52.925root 11241100x8000000000000000763854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36754892b77a491d2021-12-20 15:56:52.925root 11241100x8000000000000000763855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626360b44c3d8b242021-12-20 15:56:52.925root 11241100x8000000000000000763856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c018f858ac88a4462021-12-20 15:56:52.925root 11241100x8000000000000000763857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbebe1aff6e390c82021-12-20 15:56:52.925root 11241100x8000000000000000763858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba0b9224aee318e2021-12-20 15:56:52.925root 11241100x8000000000000000763859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f66989b89474bc42021-12-20 15:56:52.926root 11241100x8000000000000000763860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdb6b0e51474f972021-12-20 15:56:52.926root 11241100x8000000000000000763861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36eb155c10088042021-12-20 15:56:52.926root 11241100x8000000000000000763862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc9b8038bddccee2021-12-20 15:56:52.926root 11241100x8000000000000000763863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b4bb1607298fa32021-12-20 15:56:52.926root 11241100x8000000000000000763864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7275880b7b4614612021-12-20 15:56:52.927root 11241100x8000000000000000763865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea816337593326572021-12-20 15:56:52.927root 11241100x8000000000000000763866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c5580d8ad714762021-12-20 15:56:53.424root 11241100x8000000000000000763867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5acd2605e0554582021-12-20 15:56:53.424root 11241100x8000000000000000763868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7add1cea0f83242021-12-20 15:56:53.425root 11241100x8000000000000000763869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed870f7d9d5e8b82021-12-20 15:56:53.425root 11241100x8000000000000000763870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef20742bcd2260c22021-12-20 15:56:53.425root 11241100x8000000000000000763871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b442c77ac6c8b182021-12-20 15:56:53.425root 11241100x8000000000000000763872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343cbc97ed31eb282021-12-20 15:56:53.426root 11241100x8000000000000000763873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113c3a808679b9c42021-12-20 15:56:53.426root 11241100x8000000000000000763874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d2bf35615c8a0f2021-12-20 15:56:53.426root 11241100x8000000000000000763875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cd7463fdd66b602021-12-20 15:56:53.426root 11241100x8000000000000000763876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee4dd8372a2bf262021-12-20 15:56:53.427root 11241100x8000000000000000763877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04518e64f6b044822021-12-20 15:56:53.427root 11241100x8000000000000000763878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fa9d79da2face82021-12-20 15:56:53.427root 11241100x8000000000000000763879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31441b2db8a5f5592021-12-20 15:56:53.427root 11241100x8000000000000000763880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac3b8aae8c93a402021-12-20 15:56:53.428root 11241100x8000000000000000763881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273af573bc42c1d12021-12-20 15:56:53.428root 11241100x8000000000000000763882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94068e6eb9453f232021-12-20 15:56:53.428root 11241100x8000000000000000763883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad1ba68f1476db32021-12-20 15:56:53.428root 11241100x8000000000000000763884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c779469853c0e9c2021-12-20 15:56:53.428root 11241100x8000000000000000763885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c46afbf520703b52021-12-20 15:56:53.429root 11241100x8000000000000000763886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1361b16ed369d9a72021-12-20 15:56:53.924root 11241100x8000000000000000763887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9aaf103c9f4b59b2021-12-20 15:56:53.924root 11241100x8000000000000000763888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a649d4a5fcdca21f2021-12-20 15:56:53.924root 11241100x8000000000000000763889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf5c78821ae8da62021-12-20 15:56:53.924root 11241100x8000000000000000763890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e980b1e7de0ebd2021-12-20 15:56:53.924root 11241100x8000000000000000763891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea9c58168fff0b42021-12-20 15:56:53.924root 11241100x8000000000000000763892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76f416d080c9ff22021-12-20 15:56:53.924root 11241100x8000000000000000763893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e5a9e4f6eb10462021-12-20 15:56:53.925root 11241100x8000000000000000763894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3c577804a538e62021-12-20 15:56:53.925root 11241100x8000000000000000763895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748f10b041ff53862021-12-20 15:56:53.925root 11241100x8000000000000000763896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa0547cb69a8db42021-12-20 15:56:53.925root 11241100x8000000000000000763897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace0ffeb250d7fa32021-12-20 15:56:53.925root 11241100x8000000000000000763898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20feddd78eab547e2021-12-20 15:56:53.925root 11241100x8000000000000000763899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f55b574c26e6462021-12-20 15:56:53.925root 11241100x8000000000000000763900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c62f343286f43b22021-12-20 15:56:53.926root 11241100x8000000000000000763901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e18c220d1bc5f42021-12-20 15:56:53.926root 11241100x8000000000000000763902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622d0086786be0442021-12-20 15:56:53.926root 11241100x8000000000000000763903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322c9329692847ed2021-12-20 15:56:53.926root 11241100x8000000000000000763904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedf4100c09aeb312021-12-20 15:56:53.927root 11241100x8000000000000000763905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506686e00648e2172021-12-20 15:56:53.927root 11241100x8000000000000000763906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa34df3a44da4cf2021-12-20 15:56:54.424root 11241100x8000000000000000763907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a659d7a300a0502021-12-20 15:56:54.424root 11241100x8000000000000000763908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f539fcc0e43e07b2021-12-20 15:56:54.424root 11241100x8000000000000000763909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1403bbfa9c6801032021-12-20 15:56:54.425root 11241100x8000000000000000763910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7c021cb2cfd0872021-12-20 15:56:54.425root 11241100x8000000000000000763911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ab598cf3a99a3c2021-12-20 15:56:54.425root 11241100x8000000000000000763912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e929fcd65c1f492021-12-20 15:56:54.425root 11241100x8000000000000000763913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50538843eaecf262021-12-20 15:56:54.425root 11241100x8000000000000000763914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b70c65af4c5aee2021-12-20 15:56:54.425root 11241100x8000000000000000763915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3f3d3cb2cd37092021-12-20 15:56:54.425root 11241100x8000000000000000763916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55aba5791ae2f732021-12-20 15:56:54.426root 11241100x8000000000000000763917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2ffc640ac9cac62021-12-20 15:56:54.426root 11241100x8000000000000000763918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00c9c31d3b068b82021-12-20 15:56:54.426root 11241100x8000000000000000763919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20e83165ce6d6052021-12-20 15:56:54.426root 11241100x8000000000000000763920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae84010e09ec20b52021-12-20 15:56:54.426root 11241100x8000000000000000763921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edc671802eacd262021-12-20 15:56:54.426root 11241100x8000000000000000763922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9539f22c5bb25ee92021-12-20 15:56:54.426root 11241100x8000000000000000763923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab4c8759c2bdd372021-12-20 15:56:54.426root 11241100x8000000000000000763924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fcb989c775717a2021-12-20 15:56:54.426root 11241100x8000000000000000763925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5e17e3f65415ac2021-12-20 15:56:54.427root 11241100x8000000000000000763926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea69d2c99e03eb7f2021-12-20 15:56:54.924root 11241100x8000000000000000763927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbfc66dd56441b22021-12-20 15:56:54.924root 11241100x8000000000000000763928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b75defb6631df5d2021-12-20 15:56:54.924root 11241100x8000000000000000763929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cfc74056bf102c2021-12-20 15:56:54.924root 11241100x8000000000000000763930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40893c2127e0f852021-12-20 15:56:54.925root 11241100x8000000000000000763931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ffaa9c24815d9b2021-12-20 15:56:54.925root 11241100x8000000000000000763932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559a50a392d131042021-12-20 15:56:54.925root 11241100x8000000000000000763933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aadfd6a43cc4bd02021-12-20 15:56:54.925root 11241100x8000000000000000763934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f77435c99668622021-12-20 15:56:54.925root 11241100x8000000000000000763935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca84737d53d36992021-12-20 15:56:54.925root 11241100x8000000000000000763936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4f4872b646daab2021-12-20 15:56:54.925root 11241100x8000000000000000763937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4c36882e3232952021-12-20 15:56:54.925root 11241100x8000000000000000763938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5edf9161066ac892021-12-20 15:56:54.925root 11241100x8000000000000000763939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d66a5341f6fae492021-12-20 15:56:54.925root 11241100x8000000000000000763940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd46ed0058395b152021-12-20 15:56:54.925root 11241100x8000000000000000763941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64576208eb7fec122021-12-20 15:56:54.925root 11241100x8000000000000000763942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f3110ebeaddc462021-12-20 15:56:54.925root 11241100x8000000000000000763943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574fa4bc7351cae52021-12-20 15:56:54.925root 11241100x8000000000000000763944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f59d33543917662021-12-20 15:56:54.925root 11241100x8000000000000000763945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab79930acedad1f2021-12-20 15:56:54.925root 11241100x8000000000000000763946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61430b4fc56caa8d2021-12-20 15:56:55.424root 11241100x8000000000000000763947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40440498621968532021-12-20 15:56:55.424root 11241100x8000000000000000763948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66816d643e789dba2021-12-20 15:56:55.424root 11241100x8000000000000000763949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffc357e3d9948472021-12-20 15:56:55.424root 11241100x8000000000000000763950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd5b6d7b4ab9da32021-12-20 15:56:55.425root 11241100x8000000000000000763951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc009d1be454f6f2021-12-20 15:56:55.425root 11241100x8000000000000000763952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b167ec1c9f1b0f722021-12-20 15:56:55.425root 11241100x8000000000000000763953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f3a83dbd4e70762021-12-20 15:56:55.425root 11241100x8000000000000000763954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62fcaaf24ed83d42021-12-20 15:56:55.425root 11241100x8000000000000000763955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bd3e67eb6ab81f2021-12-20 15:56:55.425root 11241100x8000000000000000763956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9981c67f23da0fb12021-12-20 15:56:55.425root 11241100x8000000000000000763957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ceda51e269ddd0c2021-12-20 15:56:55.425root 11241100x8000000000000000763958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299b4405bbae7a652021-12-20 15:56:55.425root 11241100x8000000000000000763959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603616b54e01e0eb2021-12-20 15:56:55.425root 11241100x8000000000000000763960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0078330170112f2021-12-20 15:56:55.425root 11241100x8000000000000000763961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9092adacddb2e82021-12-20 15:56:55.425root 11241100x8000000000000000763962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6549097c5da6dc072021-12-20 15:56:55.425root 11241100x8000000000000000763963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94a30067b5fc2222021-12-20 15:56:55.426root 11241100x8000000000000000763964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72649726cb6fab072021-12-20 15:56:55.426root 11241100x8000000000000000763965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223b33904e719fb42021-12-20 15:56:55.426root 11241100x8000000000000000763966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633a6cfbb320cb682021-12-20 15:56:55.924root 11241100x8000000000000000763967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b87babb1702d86b2021-12-20 15:56:55.924root 11241100x8000000000000000763968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3fd021374bb56d2021-12-20 15:56:55.924root 11241100x8000000000000000763969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a94049d890421d2021-12-20 15:56:55.924root 11241100x8000000000000000763970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567dad9311ffbb842021-12-20 15:56:55.925root 11241100x8000000000000000763971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1942470a9b52d9ef2021-12-20 15:56:55.925root 11241100x8000000000000000763972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0971d011bf1c562021-12-20 15:56:55.925root 11241100x8000000000000000763973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8340781e8b21772021-12-20 15:56:55.925root 11241100x8000000000000000763974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a159dc2a22f4d8a2021-12-20 15:56:55.925root 11241100x8000000000000000763975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2247c0022b45a7252021-12-20 15:56:55.925root 11241100x8000000000000000763976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa8b506a3b56f992021-12-20 15:56:55.925root 11241100x8000000000000000763977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcb06ff0be6b5022021-12-20 15:56:55.925root 11241100x8000000000000000763978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7268b1cde920d82021-12-20 15:56:55.925root 11241100x8000000000000000763979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637598b26acb8f502021-12-20 15:56:55.925root 11241100x8000000000000000763980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bf92b828f3d1362021-12-20 15:56:55.925root 11241100x8000000000000000763981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84a7aedd14301912021-12-20 15:56:55.925root 11241100x8000000000000000763982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cc455ac8c6c71e2021-12-20 15:56:55.926root 11241100x8000000000000000763983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3349a2368a74d02021-12-20 15:56:55.926root 11241100x8000000000000000763984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c5f0cbe9fe4a0f2021-12-20 15:56:55.926root 11241100x8000000000000000763985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:55.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedcfb09ad3a28f32021-12-20 15:56:55.926root 11241100x8000000000000000763986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e6415ccaa2ea932021-12-20 15:56:56.424root 11241100x8000000000000000763987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47a7349939eb7392021-12-20 15:56:56.424root 11241100x8000000000000000763988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27d8d704a27c6142021-12-20 15:56:56.424root 11241100x8000000000000000763989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5170bc1446a26d2021-12-20 15:56:56.425root 11241100x8000000000000000763990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b59a62ab145058f2021-12-20 15:56:56.425root 11241100x8000000000000000763991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8e70302f61169e2021-12-20 15:56:56.425root 11241100x8000000000000000763992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf8d374879ea6722021-12-20 15:56:56.425root 11241100x8000000000000000763993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf1f453e4cb8e1f2021-12-20 15:56:56.425root 11241100x8000000000000000763994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8503e5e1934387222021-12-20 15:56:56.425root 11241100x8000000000000000763995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b345f8e1bf8bdac82021-12-20 15:56:56.425root 11241100x8000000000000000763996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591ed691baa57a892021-12-20 15:56:56.425root 11241100x8000000000000000763997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7086ca1ef3b793312021-12-20 15:56:56.425root 11241100x8000000000000000763998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bcabf786a6bf312021-12-20 15:56:56.426root 11241100x8000000000000000763999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c2126abab753222021-12-20 15:56:56.426root 11241100x8000000000000000764000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63818604647607c92021-12-20 15:56:56.426root 11241100x8000000000000000764001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c4da92e8ece46d2021-12-20 15:56:56.426root 11241100x8000000000000000764002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cd8ffe912d55982021-12-20 15:56:56.426root 11241100x8000000000000000764003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26485c7527ca4e42021-12-20 15:56:56.426root 11241100x8000000000000000764004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaf5c23f4f7d6682021-12-20 15:56:56.426root 11241100x8000000000000000764005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f84f730d039a732021-12-20 15:56:56.426root 11241100x8000000000000000764006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358c85c5a518820b2021-12-20 15:56:56.426root 11241100x8000000000000000764007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364b7650a26fe00f2021-12-20 15:56:56.924root 11241100x8000000000000000764008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68215a70ec994bad2021-12-20 15:56:56.924root 11241100x8000000000000000764009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e5e2d222f53f182021-12-20 15:56:56.924root 11241100x8000000000000000764010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3a1c5626a682592021-12-20 15:56:56.924root 11241100x8000000000000000764011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec09f38b7bc78172021-12-20 15:56:56.924root 11241100x8000000000000000764012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd4f111d37511ab2021-12-20 15:56:56.924root 11241100x8000000000000000764013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b52a07335f06cf2021-12-20 15:56:56.925root 11241100x8000000000000000764014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b655ad3ad34d9d82021-12-20 15:56:56.925root 11241100x8000000000000000764015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78083c748c610a492021-12-20 15:56:56.925root 11241100x8000000000000000764016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d54df5fa2b9a47c2021-12-20 15:56:56.925root 11241100x8000000000000000764017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3839453c7fe004fc2021-12-20 15:56:56.925root 11241100x8000000000000000764018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88aee7d7725f14a52021-12-20 15:56:56.925root 11241100x8000000000000000764019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4b1cd56049125c2021-12-20 15:56:56.925root 11241100x8000000000000000764020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8a9b9ce502e71c2021-12-20 15:56:56.925root 11241100x8000000000000000764021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccab9e4025d731a2021-12-20 15:56:56.925root 11241100x8000000000000000764022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c47da9bb4e18ac2021-12-20 15:56:56.925root 11241100x8000000000000000764023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e704df00118e63e62021-12-20 15:56:56.926root 11241100x8000000000000000764024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb450070c60328a02021-12-20 15:56:56.926root 11241100x8000000000000000764025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f34db5df6d510f22021-12-20 15:56:56.926root 11241100x8000000000000000764026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9630cc308dd211fe2021-12-20 15:56:56.926root 11241100x8000000000000000764027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92203628f8b4dee42021-12-20 15:56:57.424root 11241100x8000000000000000764028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d226884a83d6b62021-12-20 15:56:57.424root 11241100x8000000000000000764029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8f280699a8624e2021-12-20 15:56:57.424root 11241100x8000000000000000764030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f773fe47e43057a2021-12-20 15:56:57.424root 11241100x8000000000000000764031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86fbbc58f5d055e2021-12-20 15:56:57.424root 11241100x8000000000000000764032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6975af58bed0a2fb2021-12-20 15:56:57.424root 11241100x8000000000000000764033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d9367a953637fe2021-12-20 15:56:57.424root 11241100x8000000000000000764034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36d2fe6dbd34be92021-12-20 15:56:57.424root 11241100x8000000000000000764035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77efb0c5d848b2f92021-12-20 15:56:57.424root 11241100x8000000000000000764036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18da0ac09bd0e7be2021-12-20 15:56:57.425root 11241100x8000000000000000764037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a616363b3c2e0d42021-12-20 15:56:57.425root 11241100x8000000000000000764038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0fbfa4fe26139a2021-12-20 15:56:57.425root 11241100x8000000000000000764039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c11dc30189638d42021-12-20 15:56:57.425root 11241100x8000000000000000764040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed6dbc046adfa932021-12-20 15:56:57.425root 11241100x8000000000000000764041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6285f946488b65d02021-12-20 15:56:57.425root 11241100x8000000000000000764042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f19c456edfef4b2021-12-20 15:56:57.425root 11241100x8000000000000000764043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2184fd641591d8b2021-12-20 15:56:57.425root 11241100x8000000000000000764044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b282e34e633cfc1b2021-12-20 15:56:57.426root 11241100x8000000000000000764045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc9809f35bf256a2021-12-20 15:56:57.426root 11241100x8000000000000000764046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b185eada0defb1312021-12-20 15:56:57.426root 11241100x8000000000000000764047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb13310201ee36222021-12-20 15:56:57.427root 11241100x8000000000000000764048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4148b4afaf13e9562021-12-20 15:56:57.427root 11241100x8000000000000000764049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97c2a9ab855989c2021-12-20 15:56:57.427root 11241100x8000000000000000764050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4289b2a2c456d92021-12-20 15:56:57.427root 11241100x8000000000000000764051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9098d87c39d5503f2021-12-20 15:56:57.427root 11241100x8000000000000000764052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388aae441a1494542021-12-20 15:56:57.427root 11241100x8000000000000000764053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d63dd188edb2722021-12-20 15:56:57.427root 11241100x8000000000000000764054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1aa691547301572021-12-20 15:56:57.427root 11241100x8000000000000000764055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4602d4de6de4cd2021-12-20 15:56:57.427root 11241100x8000000000000000764056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e469f110dde5ab582021-12-20 15:56:57.428root 11241100x8000000000000000764057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f1d8a3edf212792021-12-20 15:56:57.428root 11241100x8000000000000000764058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39a37c694d8c91a2021-12-20 15:56:57.430root 11241100x8000000000000000764059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d738c0436e7f056c2021-12-20 15:56:57.430root 11241100x8000000000000000764060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8112508a0429c752021-12-20 15:56:57.430root 11241100x8000000000000000764061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae0dd53ac6043292021-12-20 15:56:57.430root 11241100x8000000000000000764062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6c97314644f5792021-12-20 15:56:57.430root 11241100x8000000000000000764063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bcbd30ce7885112021-12-20 15:56:57.430root 11241100x8000000000000000764064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5013fad045785b252021-12-20 15:56:57.924root 11241100x8000000000000000764065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9cbd636a79e5e12021-12-20 15:56:57.924root 11241100x8000000000000000764066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9ca13d2be8361b2021-12-20 15:56:57.924root 11241100x8000000000000000764067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559c5b7304812c982021-12-20 15:56:57.925root 11241100x8000000000000000764068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf9750f848c2e9c2021-12-20 15:56:57.925root 11241100x8000000000000000764069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e755bb525aa6da32021-12-20 15:56:57.925root 11241100x8000000000000000764070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7603b2bfeebd02932021-12-20 15:56:57.925root 11241100x8000000000000000764071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0888760e98a8e9a2021-12-20 15:56:57.925root 11241100x8000000000000000764072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777985b2e76af0192021-12-20 15:56:57.925root 11241100x8000000000000000764073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1893f248ef31fd22021-12-20 15:56:57.925root 11241100x8000000000000000764074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d543f500ecc5dc2021-12-20 15:56:57.925root 11241100x8000000000000000764075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c065c2e61f3052021-12-20 15:56:57.925root 11241100x8000000000000000764076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b89e597a5875aa22021-12-20 15:56:57.925root 11241100x8000000000000000764077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96736a195746c3c2021-12-20 15:56:57.926root 11241100x8000000000000000764078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cc3fe1eda702802021-12-20 15:56:57.926root 11241100x8000000000000000764079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34692c4337d1b9f2021-12-20 15:56:57.926root 11241100x8000000000000000764080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57565c55d17cd28a2021-12-20 15:56:57.926root 11241100x8000000000000000764081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d9b54bc9fd3d7e2021-12-20 15:56:57.926root 11241100x8000000000000000764082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181d8e23b164499e2021-12-20 15:56:57.926root 11241100x8000000000000000764083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced40e610eeb10342021-12-20 15:56:57.926root 354300x8000000000000000764084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.046{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51412-false10.0.1.12-8000- 11241100x8000000000000000764085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e75e8806f0a7d12021-12-20 15:56:58.424root 11241100x8000000000000000764086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da476dd1be9d883e2021-12-20 15:56:58.424root 11241100x8000000000000000764087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f57cbc5122a93f02021-12-20 15:56:58.424root 11241100x8000000000000000764088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cdaa79ef616b012021-12-20 15:56:58.424root 11241100x8000000000000000764089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8f769bfc3315cf2021-12-20 15:56:58.424root 11241100x8000000000000000764090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1041e2b823b2da222021-12-20 15:56:58.424root 11241100x8000000000000000764091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13541dfd4701e8132021-12-20 15:56:58.424root 11241100x8000000000000000764092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d82a17c8d8cef02021-12-20 15:56:58.425root 11241100x8000000000000000764093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ade10e1a9a58b62021-12-20 15:56:58.425root 11241100x8000000000000000764094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2791d85d1adb0b82021-12-20 15:56:58.425root 11241100x8000000000000000764095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f4c3a51ec6b0682021-12-20 15:56:58.425root 11241100x8000000000000000764096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a49c9a2674f7a42021-12-20 15:56:58.425root 11241100x8000000000000000764097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55954e61a8cebff32021-12-20 15:56:58.425root 11241100x8000000000000000764098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1828e2fe9cdc057f2021-12-20 15:56:58.425root 11241100x8000000000000000764099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349f0ab3f08d83992021-12-20 15:56:58.425root 11241100x8000000000000000764100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0c9c930aee7a002021-12-20 15:56:58.425root 11241100x8000000000000000764101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021049fb819f337b2021-12-20 15:56:58.426root 11241100x8000000000000000764102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdcdad59315e8f72021-12-20 15:56:58.426root 11241100x8000000000000000764103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6045c5a1b6d34d0f2021-12-20 15:56:58.426root 11241100x8000000000000000764104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742973e7ba129f642021-12-20 15:56:58.426root 11241100x8000000000000000764105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b1d9017520b7b62021-12-20 15:56:58.426root 11241100x8000000000000000764106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4536bb01755a303b2021-12-20 15:56:58.924root 11241100x8000000000000000764107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9def8a462078d582021-12-20 15:56:58.924root 11241100x8000000000000000764108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e1c142e6e4e4832021-12-20 15:56:58.924root 11241100x8000000000000000764109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b091f3edbdb604022021-12-20 15:56:58.924root 11241100x8000000000000000764110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371828fd18bd72792021-12-20 15:56:58.925root 11241100x8000000000000000764111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020490a6acb720bf2021-12-20 15:56:58.925root 11241100x8000000000000000764112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2aff1bf924b3302021-12-20 15:56:58.925root 11241100x8000000000000000764113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8702815e3ca27a2021-12-20 15:56:58.925root 11241100x8000000000000000764114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d354bbc91e6c88112021-12-20 15:56:58.925root 11241100x8000000000000000764115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd7a5eec6638e0e2021-12-20 15:56:58.925root 11241100x8000000000000000764116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae1642534dc6b62021-12-20 15:56:58.925root 11241100x8000000000000000764117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aea65e748ee31992021-12-20 15:56:58.925root 11241100x8000000000000000764118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820eb58351037cda2021-12-20 15:56:58.925root 11241100x8000000000000000764119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ecd8e12d03e3f42021-12-20 15:56:58.925root 11241100x8000000000000000764120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c91ee365517c9a2021-12-20 15:56:58.926root 11241100x8000000000000000764121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01aa290c418ac362021-12-20 15:56:58.926root 11241100x8000000000000000764122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2a4a6369c2ba1b2021-12-20 15:56:58.926root 11241100x8000000000000000764123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da78041ac1f5d55a2021-12-20 15:56:58.926root 11241100x8000000000000000764124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146581424108ac952021-12-20 15:56:58.926root 11241100x8000000000000000764125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549768efcbaf42592021-12-20 15:56:58.926root 11241100x8000000000000000764126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d84d82536cab762021-12-20 15:56:58.926root 11241100x8000000000000000764127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c1f2fdb9c7c98a2021-12-20 15:56:58.926root 11241100x8000000000000000764128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d886d246a6a0ca8e2021-12-20 15:56:58.926root 11241100x8000000000000000764129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f4067d0c6a6b362021-12-20 15:56:59.424root 11241100x8000000000000000764130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfc5c7d194acf2b2021-12-20 15:56:59.424root 11241100x8000000000000000764131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202f10125be206732021-12-20 15:56:59.424root 11241100x8000000000000000764132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bf3ae70d59d9ba2021-12-20 15:56:59.425root 11241100x8000000000000000764133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a5ecd0296457de2021-12-20 15:56:59.425root 11241100x8000000000000000764134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970c6fd51dce08782021-12-20 15:56:59.425root 11241100x8000000000000000764135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045742a34f6a8c642021-12-20 15:56:59.425root 11241100x8000000000000000764136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90f5303c3cb3d172021-12-20 15:56:59.425root 11241100x8000000000000000764137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc759c1d768131f92021-12-20 15:56:59.425root 11241100x8000000000000000764138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bbdc994a7c1a3c2021-12-20 15:56:59.425root 11241100x8000000000000000764139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bd8d02a9a2a8ba2021-12-20 15:56:59.425root 11241100x8000000000000000764140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0685143a7d692cc62021-12-20 15:56:59.425root 11241100x8000000000000000764141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022e5db7b66f49d72021-12-20 15:56:59.425root 11241100x8000000000000000764142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409d83da84e7b5cf2021-12-20 15:56:59.426root 11241100x8000000000000000764143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92781e46120dfd5f2021-12-20 15:56:59.426root 11241100x8000000000000000764144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3193c12e244fe76d2021-12-20 15:56:59.426root 11241100x8000000000000000764145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cfae8ff66c4f392021-12-20 15:56:59.426root 11241100x8000000000000000764146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9dcfbadd48a5b82021-12-20 15:56:59.426root 11241100x8000000000000000764147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97d05252827df612021-12-20 15:56:59.426root 11241100x8000000000000000764148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5049de95b6915b9a2021-12-20 15:56:59.426root 11241100x8000000000000000764149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f29f335872106c2021-12-20 15:56:59.426root 11241100x8000000000000000764150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3090258c91dc71162021-12-20 15:56:59.924root 11241100x8000000000000000764151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ded0277b3ce82e2021-12-20 15:56:59.924root 11241100x8000000000000000764152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4013e590ded218cb2021-12-20 15:56:59.924root 11241100x8000000000000000764153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fad29f9e85770b72021-12-20 15:56:59.925root 11241100x8000000000000000764154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7df372f781653f2021-12-20 15:56:59.925root 11241100x8000000000000000764155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5da18d81c7ac442021-12-20 15:56:59.925root 11241100x8000000000000000764156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1049cc4bc3992822021-12-20 15:56:59.925root 11241100x8000000000000000764157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2582c6052aa4beb42021-12-20 15:56:59.925root 11241100x8000000000000000764158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dd9f54a94cbcbd2021-12-20 15:56:59.925root 11241100x8000000000000000764159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8cb0afba8f0bee2021-12-20 15:56:59.925root 11241100x8000000000000000764160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e1cf1d8fe49d1f2021-12-20 15:56:59.925root 11241100x8000000000000000764161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76383222c01b9d752021-12-20 15:56:59.925root 11241100x8000000000000000764162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cb9bfec6edc2542021-12-20 15:56:59.925root 11241100x8000000000000000764163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ca304d921017422021-12-20 15:56:59.926root 11241100x8000000000000000764164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24d52d9f70515802021-12-20 15:56:59.926root 11241100x8000000000000000764165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82933ed43360bbf02021-12-20 15:56:59.926root 11241100x8000000000000000764166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdb598a80b2fe022021-12-20 15:56:59.926root 11241100x8000000000000000764167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a38d1cc611201f2021-12-20 15:56:59.926root 11241100x8000000000000000764168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a833cdddd7d94a12021-12-20 15:56:59.926root 11241100x8000000000000000764169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ed1af41444911d2021-12-20 15:56:59.926root 11241100x8000000000000000764170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:56:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a43f4813aa63d962021-12-20 15:56:59.926root 11241100x8000000000000000764171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeaa8fa45bce1fa2021-12-20 15:57:00.424root 11241100x8000000000000000764172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23adcc55184714f2021-12-20 15:57:00.424root 11241100x8000000000000000764173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc24b9db806d95f2021-12-20 15:57:00.424root 11241100x8000000000000000764174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3afc56462058202021-12-20 15:57:00.425root 11241100x8000000000000000764175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff1eca989f5cc932021-12-20 15:57:00.425root 11241100x8000000000000000764176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8592703a26d1f4e32021-12-20 15:57:00.425root 11241100x8000000000000000764177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b6bc9522d0710a2021-12-20 15:57:00.425root 11241100x8000000000000000764178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72334683428a9ae2021-12-20 15:57:00.425root 11241100x8000000000000000764179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ccbe4af2752cdb2021-12-20 15:57:00.425root 11241100x8000000000000000764180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d2666bfb2307db2021-12-20 15:57:00.425root 11241100x8000000000000000764181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e2e7a2585e77c72021-12-20 15:57:00.425root 11241100x8000000000000000764182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57935772c41c46462021-12-20 15:57:00.425root 11241100x8000000000000000764183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cbcc2b98c674402021-12-20 15:57:00.425root 11241100x8000000000000000764184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b8c89f4256d04a2021-12-20 15:57:00.426root 11241100x8000000000000000764185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f015ea98d4ce8d652021-12-20 15:57:00.426root 11241100x8000000000000000764186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938d5018df961e612021-12-20 15:57:00.426root 11241100x8000000000000000764187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615008dfa7b415ce2021-12-20 15:57:00.426root 11241100x8000000000000000764188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5678e8e9058372d32021-12-20 15:57:00.426root 11241100x8000000000000000764189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51fb4ac65ed23302021-12-20 15:57:00.426root 11241100x8000000000000000764190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3ec9fffe1828112021-12-20 15:57:00.426root 11241100x8000000000000000764191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f023903bf8337f62021-12-20 15:57:00.426root 11241100x8000000000000000764192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c5bf7c949645472021-12-20 15:57:00.931root 11241100x8000000000000000764193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7341c6783412834d2021-12-20 15:57:00.931root 11241100x8000000000000000764194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c73f666b44f66392021-12-20 15:57:00.931root 11241100x8000000000000000764195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b888c38c2945d0c2021-12-20 15:57:00.932root 11241100x8000000000000000764196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24050814a33876042021-12-20 15:57:00.932root 11241100x8000000000000000764197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45d0098596ca1042021-12-20 15:57:00.932root 11241100x8000000000000000764198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e9b4510362cca12021-12-20 15:57:00.932root 11241100x8000000000000000764199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22393128697344512021-12-20 15:57:00.932root 11241100x8000000000000000764200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1696d1d7dfe074d92021-12-20 15:57:00.932root 11241100x8000000000000000764201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04030b7e8312cfef2021-12-20 15:57:00.932root 11241100x8000000000000000764202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428e5fefcdc07d302021-12-20 15:57:00.932root 11241100x8000000000000000764203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1e959c762360dd2021-12-20 15:57:00.932root 11241100x8000000000000000764204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306432cc935b16e82021-12-20 15:57:00.932root 11241100x8000000000000000764205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855266b1fbca74af2021-12-20 15:57:00.933root 11241100x8000000000000000764206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2087596cff1866142021-12-20 15:57:00.933root 11241100x8000000000000000764207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51bf5b9991ca1ec2021-12-20 15:57:00.933root 11241100x8000000000000000764208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fc08b42611bdab2021-12-20 15:57:00.933root 11241100x8000000000000000764209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5392a6cbde660372021-12-20 15:57:00.933root 11241100x8000000000000000764210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b369d07b62f9f5a2021-12-20 15:57:00.933root 11241100x8000000000000000764211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23b001092719e902021-12-20 15:57:00.933root 11241100x8000000000000000764212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:00.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fadec024d0d8c6e2021-12-20 15:57:00.933root 11241100x8000000000000000764213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21ea5d731b2114c2021-12-20 15:57:01.424root 11241100x8000000000000000764214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead9fbf011771e5b2021-12-20 15:57:01.424root 11241100x8000000000000000764215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f785c61f9be34852021-12-20 15:57:01.424root 11241100x8000000000000000764216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e23cc1a50965d22021-12-20 15:57:01.425root 11241100x8000000000000000764217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb140c11aea8b722021-12-20 15:57:01.425root 11241100x8000000000000000764218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8ab63d1b1107362021-12-20 15:57:01.425root 11241100x8000000000000000764219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db9268569bada5b2021-12-20 15:57:01.425root 11241100x8000000000000000764220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd030f2c061154f2021-12-20 15:57:01.425root 11241100x8000000000000000764221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe49807747a843f2021-12-20 15:57:01.425root 11241100x8000000000000000764222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d3eb22639601912021-12-20 15:57:01.425root 11241100x8000000000000000764223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b978406ce6d4c1fc2021-12-20 15:57:01.425root 11241100x8000000000000000764224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7f7e978b7b02b22021-12-20 15:57:01.426root 11241100x8000000000000000764225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db09495bde3245a2021-12-20 15:57:01.426root 11241100x8000000000000000764226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce26002e39ec8e8f2021-12-20 15:57:01.426root 11241100x8000000000000000764227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48176048bc4923b2021-12-20 15:57:01.426root 11241100x8000000000000000764228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f326633dc5e87b352021-12-20 15:57:01.426root 11241100x8000000000000000764229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e39a292e9fc7db2021-12-20 15:57:01.426root 11241100x8000000000000000764230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac3eaa6592e1e512021-12-20 15:57:01.426root 11241100x8000000000000000764231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4521e592c5ecb6f12021-12-20 15:57:01.426root 11241100x8000000000000000764232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca4717c0da73a4c2021-12-20 15:57:01.426root 11241100x8000000000000000764233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816f2c66614f3c6d2021-12-20 15:57:01.426root 11241100x8000000000000000764234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8022e4d9ebfe272021-12-20 15:57:01.924root 11241100x8000000000000000764235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03f23af6e836c562021-12-20 15:57:01.924root 11241100x8000000000000000764236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a622742356e1e232021-12-20 15:57:01.924root 11241100x8000000000000000764237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408d32260523b8802021-12-20 15:57:01.925root 11241100x8000000000000000764238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1480d3f1b4b2cafa2021-12-20 15:57:01.925root 11241100x8000000000000000764239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe2a870d37ea8a62021-12-20 15:57:01.925root 11241100x8000000000000000764240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47241b0a24b30bf12021-12-20 15:57:01.925root 11241100x8000000000000000764241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b01ed8c969fb3182021-12-20 15:57:01.925root 11241100x8000000000000000764242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c786b36e3e32ae2021-12-20 15:57:01.925root 11241100x8000000000000000764243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedd92cc5884434a2021-12-20 15:57:01.925root 11241100x8000000000000000764244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465e774d57dc71392021-12-20 15:57:01.925root 11241100x8000000000000000764245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160eea2682d100252021-12-20 15:57:01.925root 11241100x8000000000000000764246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eac55357bdc76d42021-12-20 15:57:01.926root 11241100x8000000000000000764247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfdef2c18da756c2021-12-20 15:57:01.926root 11241100x8000000000000000764248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1118f7cb6bfb672021-12-20 15:57:01.926root 11241100x8000000000000000764249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470a803ff73d4a0d2021-12-20 15:57:01.926root 11241100x8000000000000000764250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d5cb5ff37b10cb2021-12-20 15:57:01.926root 11241100x8000000000000000764251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e8f1a7689f21bd2021-12-20 15:57:01.926root 11241100x8000000000000000764252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cacc2f0f6b25722021-12-20 15:57:01.926root 11241100x8000000000000000764253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25877b9f1e7270c22021-12-20 15:57:01.926root 11241100x8000000000000000764254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab3a5c2a3d72b5b2021-12-20 15:57:01.926root 11241100x8000000000000000764255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcf243293c0396e2021-12-20 15:57:02.424root 11241100x8000000000000000764256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49499688ec9d30f32021-12-20 15:57:02.424root 11241100x8000000000000000764257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8901238453691fdb2021-12-20 15:57:02.425root 11241100x8000000000000000764258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cfffed7cc84e382021-12-20 15:57:02.425root 11241100x8000000000000000764259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda36d55e23ac0992021-12-20 15:57:02.425root 11241100x8000000000000000764260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d70f54954f6942021-12-20 15:57:02.425root 11241100x8000000000000000764261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e39a4752d98194d2021-12-20 15:57:02.425root 11241100x8000000000000000764262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e81b6bece3dcc1d2021-12-20 15:57:02.425root 11241100x8000000000000000764263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011b923983de241b2021-12-20 15:57:02.425root 11241100x8000000000000000764264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65969b134a7e7ff22021-12-20 15:57:02.425root 11241100x8000000000000000764265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba2592b5b5f0f352021-12-20 15:57:02.425root 11241100x8000000000000000764266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb3f9dbfbe469302021-12-20 15:57:02.425root 11241100x8000000000000000764267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056c367d813cbdc52021-12-20 15:57:02.426root 11241100x8000000000000000764268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d61f88467f108ca2021-12-20 15:57:02.426root 11241100x8000000000000000764269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cba1065628a9382021-12-20 15:57:02.426root 11241100x8000000000000000764270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1ef861dffca0012021-12-20 15:57:02.426root 11241100x8000000000000000764271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953f23234a0032bf2021-12-20 15:57:02.426root 11241100x8000000000000000764272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21623c28fbedc1d22021-12-20 15:57:02.426root 11241100x8000000000000000764273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bb9c40a5abf1ea2021-12-20 15:57:02.426root 11241100x8000000000000000764274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35815d5786575c342021-12-20 15:57:02.426root 11241100x8000000000000000764275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e06c70f724aac182021-12-20 15:57:02.426root 11241100x8000000000000000764276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d13b78c7f396e742021-12-20 15:57:02.924root 11241100x8000000000000000764277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1919495e8f18de1c2021-12-20 15:57:02.924root 11241100x8000000000000000764278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9641af7d762b21e52021-12-20 15:57:02.924root 11241100x8000000000000000764279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e186a210d2f1e502021-12-20 15:57:02.925root 11241100x8000000000000000764280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdd64198d5db0212021-12-20 15:57:02.925root 11241100x8000000000000000764281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5cd38c440693332021-12-20 15:57:02.925root 11241100x8000000000000000764282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2426032c72ff19152021-12-20 15:57:02.925root 11241100x8000000000000000764283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d520cd741621eca2021-12-20 15:57:02.925root 11241100x8000000000000000764284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fc21104f4cdae62021-12-20 15:57:02.925root 11241100x8000000000000000764285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd92c6ace3a6619b2021-12-20 15:57:02.925root 11241100x8000000000000000764286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae13e5125000b9b92021-12-20 15:57:02.926root 11241100x8000000000000000764287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3b84c1e5a23bfe2021-12-20 15:57:02.926root 11241100x8000000000000000764288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4419dbdbe6a85272021-12-20 15:57:02.926root 11241100x8000000000000000764289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac269ff25a9243b2021-12-20 15:57:02.926root 11241100x8000000000000000764290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31855fec168a36b72021-12-20 15:57:02.926root 11241100x8000000000000000764291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c07af83369d009c2021-12-20 15:57:02.926root 11241100x8000000000000000764292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e66e92dbcc98472021-12-20 15:57:02.926root 11241100x8000000000000000764293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e18a4cded8a7e062021-12-20 15:57:02.926root 11241100x8000000000000000764294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a88ae87537ac4f82021-12-20 15:57:02.926root 11241100x8000000000000000764295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2214582697767a8f2021-12-20 15:57:02.926root 11241100x8000000000000000764296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0fb8e42ea101ca2021-12-20 15:57:02.927root 11241100x8000000000000000764297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a1ce963bf613832021-12-20 15:57:03.424root 11241100x8000000000000000764298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5f16feda1e69a32021-12-20 15:57:03.425root 11241100x8000000000000000764299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e3aa83a0c05edb2021-12-20 15:57:03.425root 11241100x8000000000000000764300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6f04f6988815732021-12-20 15:57:03.425root 11241100x8000000000000000764301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cceccd7671709cd2021-12-20 15:57:03.425root 11241100x8000000000000000764302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8148b96b0d1a89a72021-12-20 15:57:03.425root 11241100x8000000000000000764303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17790e8dbcaa25bf2021-12-20 15:57:03.426root 11241100x8000000000000000764304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1eadc81359acc2f2021-12-20 15:57:03.426root 11241100x8000000000000000764305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c62ce02490d1032021-12-20 15:57:03.426root 11241100x8000000000000000764306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4dc0e0539036122021-12-20 15:57:03.426root 11241100x8000000000000000764307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb039e5ec4273322021-12-20 15:57:03.426root 11241100x8000000000000000764308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8ec3990ef5b92d2021-12-20 15:57:03.427root 11241100x8000000000000000764309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb167d2e7136c2602021-12-20 15:57:03.427root 11241100x8000000000000000764310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e011945cd532f6df2021-12-20 15:57:03.427root 11241100x8000000000000000764311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc981985fe9e22d2021-12-20 15:57:03.427root 11241100x8000000000000000764312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651d7bd61403ccbe2021-12-20 15:57:03.427root 11241100x8000000000000000764313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09387aef29039edc2021-12-20 15:57:03.428root 11241100x8000000000000000764314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587176699c73c2722021-12-20 15:57:03.428root 11241100x8000000000000000764315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c2bda32b5bb3a62021-12-20 15:57:03.428root 11241100x8000000000000000764316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170a93a24ade7a132021-12-20 15:57:03.428root 11241100x8000000000000000764317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c801c0fe9b53b4d42021-12-20 15:57:03.429root 11241100x8000000000000000764318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b8d8bd2d2a24882021-12-20 15:57:03.924root 11241100x8000000000000000764319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ed68a41bbdefe32021-12-20 15:57:03.925root 11241100x8000000000000000764320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16081dd2d618cd3d2021-12-20 15:57:03.925root 11241100x8000000000000000764321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5474519230a31842021-12-20 15:57:03.925root 11241100x8000000000000000764322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5e31835819f4ef2021-12-20 15:57:03.925root 11241100x8000000000000000764323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d89f33eb1b33de2021-12-20 15:57:03.925root 11241100x8000000000000000764324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e3df0092ea03ae2021-12-20 15:57:03.925root 11241100x8000000000000000764325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107dcbbe584581df2021-12-20 15:57:03.925root 11241100x8000000000000000764326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22e3b66dfb7bf142021-12-20 15:57:03.926root 11241100x8000000000000000764327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e256bb6b0d49db2021-12-20 15:57:03.926root 11241100x8000000000000000764328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5989a4ce5ff19b292021-12-20 15:57:03.926root 11241100x8000000000000000764329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a5f8824298fe002021-12-20 15:57:03.927root 11241100x8000000000000000764330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be7c3a4ea7c1ba72021-12-20 15:57:03.927root 11241100x8000000000000000764331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0c448cd9f3bd5b2021-12-20 15:57:03.927root 11241100x8000000000000000764332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9a1bb077cbcabe2021-12-20 15:57:03.928root 11241100x8000000000000000764333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81e20b3471596482021-12-20 15:57:03.929root 11241100x8000000000000000764334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6b69cf3268b19d2021-12-20 15:57:03.929root 11241100x8000000000000000764335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5b2f98391c33ee2021-12-20 15:57:03.929root 11241100x8000000000000000764336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8f4268218ca2b32021-12-20 15:57:03.930root 11241100x8000000000000000764337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91df565f9f650acc2021-12-20 15:57:03.930root 11241100x8000000000000000764338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939ecd6c463bdf742021-12-20 15:57:03.930root 354300x8000000000000000764339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.018{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51414-false10.0.1.12-8000- 11241100x8000000000000000764340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b633e3551deeab2021-12-20 15:57:04.424root 11241100x8000000000000000764341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4416a70218e33d8f2021-12-20 15:57:04.424root 11241100x8000000000000000764342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d21d123f50ee8b2021-12-20 15:57:04.424root 11241100x8000000000000000764343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e35b706aeb365c82021-12-20 15:57:04.425root 11241100x8000000000000000764344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1a56e9fe8150302021-12-20 15:57:04.425root 11241100x8000000000000000764345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f915c241ca5ef072021-12-20 15:57:04.425root 11241100x8000000000000000764346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b81dd972e1f85462021-12-20 15:57:04.425root 11241100x8000000000000000764347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b914b2539600bf2021-12-20 15:57:04.425root 11241100x8000000000000000764348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4af87825a3c8dbc2021-12-20 15:57:04.425root 11241100x8000000000000000764349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc296392de4acce12021-12-20 15:57:04.425root 11241100x8000000000000000764350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcd0deca4101cb62021-12-20 15:57:04.425root 11241100x8000000000000000764351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33eaf41fcccca0292021-12-20 15:57:04.425root 11241100x8000000000000000764352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7efeab7671874a2021-12-20 15:57:04.426root 11241100x8000000000000000764353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19bd144133f8cca2021-12-20 15:57:04.426root 11241100x8000000000000000764354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c81619161584c02021-12-20 15:57:04.426root 11241100x8000000000000000764355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa51c5e7afee8992021-12-20 15:57:04.426root 11241100x8000000000000000764356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e278ebd8f84bcdb22021-12-20 15:57:04.426root 11241100x8000000000000000764357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26054eb0b289fea2021-12-20 15:57:04.426root 11241100x8000000000000000764358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dae1ddbb62100ae2021-12-20 15:57:04.426root 11241100x8000000000000000764359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1c644ee68b0b812021-12-20 15:57:04.426root 11241100x8000000000000000764360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd388ed8b9540be32021-12-20 15:57:04.426root 11241100x8000000000000000764361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f62c70122b17c212021-12-20 15:57:04.426root 11241100x8000000000000000764362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9120acfd9eb7b992021-12-20 15:57:04.924root 11241100x8000000000000000764363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2904efbb69b19ca22021-12-20 15:57:04.924root 11241100x8000000000000000764364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6a94a16564ce152021-12-20 15:57:04.924root 11241100x8000000000000000764365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef1803bec93a2dc2021-12-20 15:57:04.925root 11241100x8000000000000000764366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb38be50e9fecae2021-12-20 15:57:04.925root 11241100x8000000000000000764367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdeedb02edcba122021-12-20 15:57:04.925root 11241100x8000000000000000764368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbebca7fb79b3d22021-12-20 15:57:04.925root 11241100x8000000000000000764369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826bd3afc428a7402021-12-20 15:57:04.925root 11241100x8000000000000000764370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed2577e676ad08b2021-12-20 15:57:04.925root 11241100x8000000000000000764371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798886f9c7d8c1e22021-12-20 15:57:04.925root 11241100x8000000000000000764372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dff7e4dd14ce37a2021-12-20 15:57:04.925root 11241100x8000000000000000764373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbd1b128e557e032021-12-20 15:57:04.926root 11241100x8000000000000000764374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb359cebf58b915e2021-12-20 15:57:04.926root 11241100x8000000000000000764375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae36400eb78f59192021-12-20 15:57:04.926root 11241100x8000000000000000764376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdcd04cce9e6a3a2021-12-20 15:57:04.926root 11241100x8000000000000000764377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8101ac7d54d2c6d12021-12-20 15:57:04.926root 11241100x8000000000000000764378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c8cf3105302def2021-12-20 15:57:04.926root 11241100x8000000000000000764379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5d703de22b12492021-12-20 15:57:04.926root 11241100x8000000000000000764380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b967d09232de36312021-12-20 15:57:04.926root 11241100x8000000000000000764381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1324e5a013688e262021-12-20 15:57:04.926root 11241100x8000000000000000764382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffc31f067f7bf3f2021-12-20 15:57:04.927root 11241100x8000000000000000764383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dc1d4b528c4d582021-12-20 15:57:04.927root 11241100x8000000000000000764384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aba9167394d40b2021-12-20 15:57:05.424root 11241100x8000000000000000764385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a021890f5953252021-12-20 15:57:05.424root 11241100x8000000000000000764386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f516aafeeab42e2021-12-20 15:57:05.424root 11241100x8000000000000000764387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796595866761c6562021-12-20 15:57:05.424root 11241100x8000000000000000764388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12de85f992575fe2021-12-20 15:57:05.424root 11241100x8000000000000000764389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d79440e76ad924a2021-12-20 15:57:05.424root 11241100x8000000000000000764390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68943f09f36ff1b2021-12-20 15:57:05.424root 11241100x8000000000000000764391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e648430b6f30a0972021-12-20 15:57:05.424root 11241100x8000000000000000764392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c4fe24380efd842021-12-20 15:57:05.424root 11241100x8000000000000000764393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e5dc11be232f592021-12-20 15:57:05.424root 11241100x8000000000000000764394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48501fc366e3a8d22021-12-20 15:57:05.424root 11241100x8000000000000000764395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae5ee39445d533d2021-12-20 15:57:05.424root 11241100x8000000000000000764396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98c5c5e09ddbe0e2021-12-20 15:57:05.425root 11241100x8000000000000000764397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce998aa41e23dd5c2021-12-20 15:57:05.425root 11241100x8000000000000000764398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08d0f9f62699ca82021-12-20 15:57:05.425root 11241100x8000000000000000764399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0825321f4057823f2021-12-20 15:57:05.425root 11241100x8000000000000000764400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a1b427043fd38a2021-12-20 15:57:05.425root 11241100x8000000000000000764401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ff811d6ac4fbbd2021-12-20 15:57:05.425root 11241100x8000000000000000764402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f366cc44fc0b76322021-12-20 15:57:05.425root 11241100x8000000000000000764403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7771941b9166b0cc2021-12-20 15:57:05.425root 11241100x8000000000000000764404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df9c56bf8b037c52021-12-20 15:57:05.425root 11241100x8000000000000000764405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc83a5ab60f3e902021-12-20 15:57:05.425root 11241100x8000000000000000764406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5625e061111ccf872021-12-20 15:57:05.425root 11241100x8000000000000000764407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69091e600f990912021-12-20 15:57:05.425root 11241100x8000000000000000764408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17b61d40992569b2021-12-20 15:57:05.425root 11241100x8000000000000000764409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6642ac7928f00da2021-12-20 15:57:05.425root 11241100x8000000000000000764410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3b3053b905b3542021-12-20 15:57:05.425root 11241100x8000000000000000764411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92935a2db7d74bb72021-12-20 15:57:05.425root 11241100x8000000000000000764412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e321a3786f61fc2021-12-20 15:57:05.425root 11241100x8000000000000000764413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66015e90102f4682021-12-20 15:57:05.426root 11241100x8000000000000000764414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b2612e40c7a82a2021-12-20 15:57:05.426root 11241100x8000000000000000764415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12beeda64e5c95482021-12-20 15:57:05.426root 11241100x8000000000000000764416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010adcc9d15ccf992021-12-20 15:57:05.426root 11241100x8000000000000000764417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2ba2f2d6de75972021-12-20 15:57:05.426root 11241100x8000000000000000764418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aad979ce77370e2021-12-20 15:57:05.426root 11241100x8000000000000000764419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80db327f220805b2021-12-20 15:57:05.426root 11241100x8000000000000000764420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3359adfee48bcab62021-12-20 15:57:05.427root 11241100x8000000000000000764421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7244fd64519cf1db2021-12-20 15:57:05.427root 11241100x8000000000000000764422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6392b4381fc7761b2021-12-20 15:57:05.427root 11241100x8000000000000000764423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06b400f1e45edac2021-12-20 15:57:05.427root 11241100x8000000000000000764424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a5a35d932181082021-12-20 15:57:05.427root 11241100x8000000000000000764425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf69e6b26cc39df2021-12-20 15:57:05.427root 11241100x8000000000000000764426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc51df42030e7392021-12-20 15:57:05.427root 11241100x8000000000000000764427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd0825f474373a2021-12-20 15:57:05.427root 11241100x8000000000000000764428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669db5b3dd8128372021-12-20 15:57:05.427root 11241100x8000000000000000764429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5efab6d261859b2021-12-20 15:57:05.427root 11241100x8000000000000000764430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621da3348694ad7c2021-12-20 15:57:05.428root 11241100x8000000000000000764431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd5f38bf273bf532021-12-20 15:57:05.924root 11241100x8000000000000000764432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ea3b32baecebaf2021-12-20 15:57:05.924root 11241100x8000000000000000764433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266b55e6d4a254272021-12-20 15:57:05.924root 11241100x8000000000000000764434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200fa3047d77a79e2021-12-20 15:57:05.924root 11241100x8000000000000000764435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd67583a305db0de2021-12-20 15:57:05.924root 11241100x8000000000000000764436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d83ad47dcb9c9232021-12-20 15:57:05.925root 11241100x8000000000000000764437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec4b2dbc9da30212021-12-20 15:57:05.925root 11241100x8000000000000000764438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3640e4f86832998c2021-12-20 15:57:05.925root 11241100x8000000000000000764439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8448184d7e950d562021-12-20 15:57:05.925root 11241100x8000000000000000764440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46674b2693c2949a2021-12-20 15:57:05.925root 11241100x8000000000000000764441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d913f7eef8abc54e2021-12-20 15:57:05.925root 11241100x8000000000000000764442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fe6e5701b37d5c2021-12-20 15:57:05.926root 11241100x8000000000000000764443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e0b72a8737cf2a2021-12-20 15:57:05.926root 11241100x8000000000000000764444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a55e23916621d52021-12-20 15:57:05.926root 11241100x8000000000000000764445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8b482740cbc8b52021-12-20 15:57:05.926root 11241100x8000000000000000764446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9916f2e423eaae1e2021-12-20 15:57:05.926root 11241100x8000000000000000764447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc24708bcb4c72c32021-12-20 15:57:05.926root 11241100x8000000000000000764448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93712e69bbeefd002021-12-20 15:57:05.926root 11241100x8000000000000000764449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd01e1bde4169e352021-12-20 15:57:05.926root 11241100x8000000000000000764450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2907ccb1a8b38f22021-12-20 15:57:05.926root 11241100x8000000000000000764451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a020b1adf617db2021-12-20 15:57:05.926root 11241100x8000000000000000764452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac12c023b12df2a52021-12-20 15:57:05.927root 11241100x8000000000000000764453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b469641b475d0942021-12-20 15:57:05.927root 11241100x8000000000000000764454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8303a6c8ea36d7a32021-12-20 15:57:05.927root 11241100x8000000000000000764455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1faf754942a9bc22021-12-20 15:57:05.927root 11241100x8000000000000000764456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14019921642b6152021-12-20 15:57:05.927root 11241100x8000000000000000764457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f0fb3790f5e8292021-12-20 15:57:05.927root 11241100x8000000000000000764458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:57:06.069root 11241100x8000000000000000764459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ece3b89eba2ba6f2021-12-20 15:57:06.424root 11241100x8000000000000000764460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09c9ef724ea9f502021-12-20 15:57:06.424root 11241100x8000000000000000764461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8af9d7a55e06782021-12-20 15:57:06.424root 11241100x8000000000000000764462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de209413a7783b72021-12-20 15:57:06.425root 11241100x8000000000000000764463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ec88472091732b2021-12-20 15:57:06.425root 11241100x8000000000000000764464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080c09d1ab4b5c552021-12-20 15:57:06.425root 11241100x8000000000000000764465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c957e74f47c326a2021-12-20 15:57:06.425root 11241100x8000000000000000764466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfb74ca2c3caf4a2021-12-20 15:57:06.425root 11241100x8000000000000000764467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5995c90c4318e9422021-12-20 15:57:06.425root 11241100x8000000000000000764468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea7f73811c2a9132021-12-20 15:57:06.425root 11241100x8000000000000000764469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2c17cd303c271a2021-12-20 15:57:06.425root 11241100x8000000000000000764470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a181312b58a768b2021-12-20 15:57:06.426root 11241100x8000000000000000764471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2f172c43bf5bf92021-12-20 15:57:06.426root 11241100x8000000000000000764472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5c22441ae9ec412021-12-20 15:57:06.426root 11241100x8000000000000000764473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1c28acec34a9162021-12-20 15:57:06.426root 11241100x8000000000000000764474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1ed3e7715821472021-12-20 15:57:06.426root 11241100x8000000000000000764475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11765a0c97427c82021-12-20 15:57:06.426root 11241100x8000000000000000764476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb488b0feddb64d2021-12-20 15:57:06.426root 11241100x8000000000000000764477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd9addd0338d0b92021-12-20 15:57:06.426root 11241100x8000000000000000764478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dd00e9cb71bffa2021-12-20 15:57:06.427root 11241100x8000000000000000764479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb3a1f12b1888652021-12-20 15:57:06.427root 11241100x8000000000000000764480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfcd8183d2a71df2021-12-20 15:57:06.427root 11241100x8000000000000000764481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755b548e05ba0bc82021-12-20 15:57:06.427root 11241100x8000000000000000764482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3062fb3e998454712021-12-20 15:57:06.924root 11241100x8000000000000000764483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5447f926eaaa9b2021-12-20 15:57:06.924root 11241100x8000000000000000764484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b8b3c672bcc11c2021-12-20 15:57:06.925root 11241100x8000000000000000764485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdc9c43beab7cde2021-12-20 15:57:06.925root 11241100x8000000000000000764486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceb4a0e785798da2021-12-20 15:57:06.925root 11241100x8000000000000000764487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe43a17d8cc7b7c62021-12-20 15:57:06.925root 11241100x8000000000000000764488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64a0f3cdd7414612021-12-20 15:57:06.925root 11241100x8000000000000000764489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1243dcf3e2a889922021-12-20 15:57:06.925root 11241100x8000000000000000764490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02525f650d992eb62021-12-20 15:57:06.925root 11241100x8000000000000000764491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666ad115a02ae3802021-12-20 15:57:06.926root 11241100x8000000000000000764492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334f453940b700012021-12-20 15:57:06.926root 11241100x8000000000000000764493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b185fbc193637702021-12-20 15:57:06.926root 11241100x8000000000000000764494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a799dd9caf0c382021-12-20 15:57:06.926root 11241100x8000000000000000764495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768f377918533e802021-12-20 15:57:06.926root 11241100x8000000000000000764496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9ae5191746d5672021-12-20 15:57:06.926root 11241100x8000000000000000764497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1064d49cf7e32c2021-12-20 15:57:06.926root 11241100x8000000000000000764498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a097352e90425d092021-12-20 15:57:06.926root 11241100x8000000000000000764499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f02f3cb303f54a2021-12-20 15:57:06.926root 11241100x8000000000000000764500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8907cb96869275492021-12-20 15:57:06.926root 11241100x8000000000000000764501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc5fbd06d90f8512021-12-20 15:57:06.927root 11241100x8000000000000000764502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e82d33aac854572021-12-20 15:57:06.927root 11241100x8000000000000000764503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439a8a4863b9e4db2021-12-20 15:57:06.927root 11241100x8000000000000000764504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcf7a70f1fd4a882021-12-20 15:57:06.927root 11241100x8000000000000000764505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed63d9a1e410efb82021-12-20 15:57:07.424root 11241100x8000000000000000764506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fd619408b2567f2021-12-20 15:57:07.424root 11241100x8000000000000000764507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ae53740c513cfe2021-12-20 15:57:07.424root 11241100x8000000000000000764508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74aa4d4c10536a322021-12-20 15:57:07.424root 11241100x8000000000000000764509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04546fc7ace479c92021-12-20 15:57:07.424root 11241100x8000000000000000764510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9faca4f3fa6c92ab2021-12-20 15:57:07.425root 11241100x8000000000000000764511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfefd9f6297f8732021-12-20 15:57:07.425root 11241100x8000000000000000764512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f44c6a873e5a202021-12-20 15:57:07.425root 11241100x8000000000000000764513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c392930b144b32a2021-12-20 15:57:07.425root 11241100x8000000000000000764514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed343e74957635e2021-12-20 15:57:07.425root 11241100x8000000000000000764515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b687f6688ca8b832021-12-20 15:57:07.425root 11241100x8000000000000000764516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05721891e067b542021-12-20 15:57:07.425root 11241100x8000000000000000764517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1e2c59a4bbb3102021-12-20 15:57:07.426root 11241100x8000000000000000764518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c209675067896812021-12-20 15:57:07.426root 11241100x8000000000000000764519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8c6acd7c7351c82021-12-20 15:57:07.426root 11241100x8000000000000000764520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01264e51dd9a99962021-12-20 15:57:07.426root 11241100x8000000000000000764521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3261a987bf080d92021-12-20 15:57:07.426root 11241100x8000000000000000764522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004d19398d39998a2021-12-20 15:57:07.426root 11241100x8000000000000000764523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c3cc531dc88ac12021-12-20 15:57:07.427root 11241100x8000000000000000764524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee68c7ea531dbdad2021-12-20 15:57:07.427root 11241100x8000000000000000764525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e23626fb9a13402021-12-20 15:57:07.427root 11241100x8000000000000000764526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ff5161c60237e12021-12-20 15:57:07.427root 11241100x8000000000000000764527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3cebeb1b97181d2021-12-20 15:57:07.427root 11241100x8000000000000000764528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c3b3cae3bc4fd72021-12-20 15:57:07.427root 11241100x8000000000000000764529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442cb370a4d409ed2021-12-20 15:57:07.427root 11241100x8000000000000000764530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbddf1c595202cd2021-12-20 15:57:07.427root 11241100x8000000000000000764531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e48e5e136381cdb2021-12-20 15:57:07.427root 11241100x8000000000000000764532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641cf034765104472021-12-20 15:57:07.428root 11241100x8000000000000000764533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b0fcd3ca35f13d2021-12-20 15:57:07.924root 11241100x8000000000000000764534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b5369d652faa242021-12-20 15:57:07.924root 11241100x8000000000000000764535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3315bbad7386f8e52021-12-20 15:57:07.924root 11241100x8000000000000000764536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df0f7f86a5e1b932021-12-20 15:57:07.924root 11241100x8000000000000000764537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2108c1242761ce2021-12-20 15:57:07.924root 11241100x8000000000000000764538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59cd89fb123c6612021-12-20 15:57:07.924root 11241100x8000000000000000764539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dbf5d917a867d62021-12-20 15:57:07.924root 11241100x8000000000000000764540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4ae156fd026dd72021-12-20 15:57:07.924root 11241100x8000000000000000764541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9885aca0ba0f6732021-12-20 15:57:07.924root 11241100x8000000000000000764542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bdff30b5d4021d2021-12-20 15:57:07.925root 11241100x8000000000000000764543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e931ab0316a9ac072021-12-20 15:57:07.925root 11241100x8000000000000000764544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd37341e8ea4d522021-12-20 15:57:07.925root 11241100x8000000000000000764545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b898db9f44946bd2021-12-20 15:57:07.925root 11241100x8000000000000000764546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b28e2583eab02592021-12-20 15:57:07.925root 11241100x8000000000000000764547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9627fb28d39ba12021-12-20 15:57:07.925root 11241100x8000000000000000764548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f93221ab9fcf3f2021-12-20 15:57:07.925root 11241100x8000000000000000764549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8aaf6ff81b0e8e2021-12-20 15:57:07.925root 11241100x8000000000000000764550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad4b9e472b8ce4b2021-12-20 15:57:07.925root 11241100x8000000000000000764551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26f1595bf0688852021-12-20 15:57:07.926root 11241100x8000000000000000764552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c32b476f34cb5202021-12-20 15:57:07.926root 11241100x8000000000000000764553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea6bc90f1ae81672021-12-20 15:57:07.926root 11241100x8000000000000000764554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973b8327a6e554fa2021-12-20 15:57:07.926root 11241100x8000000000000000764555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f296476e9b3d0002021-12-20 15:57:07.926root 11241100x8000000000000000764556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fec7d60b722f542021-12-20 15:57:07.926root 11241100x8000000000000000764557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1d75870db525362021-12-20 15:57:08.424root 11241100x8000000000000000764558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d38d6b38b09a612021-12-20 15:57:08.424root 11241100x8000000000000000764559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e38707c52724362021-12-20 15:57:08.424root 11241100x8000000000000000764560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab6160d0267550c2021-12-20 15:57:08.424root 11241100x8000000000000000764561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd9d7d29d3fa0ed2021-12-20 15:57:08.424root 11241100x8000000000000000764562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923fe2da26c5ac9a2021-12-20 15:57:08.424root 11241100x8000000000000000764563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25993409074cebb52021-12-20 15:57:08.424root 11241100x8000000000000000764564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613b8f9e0c8b71922021-12-20 15:57:08.425root 11241100x8000000000000000764565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411fcf2aa09972492021-12-20 15:57:08.425root 11241100x8000000000000000764566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a889730dfff3b82021-12-20 15:57:08.425root 11241100x8000000000000000764567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571679265f8b5a7e2021-12-20 15:57:08.425root 11241100x8000000000000000764568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2177a90bdc030a102021-12-20 15:57:08.425root 11241100x8000000000000000764569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97084e89e62d21952021-12-20 15:57:08.425root 11241100x8000000000000000764570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a3b7d5b8f98fe82021-12-20 15:57:08.425root 11241100x8000000000000000764571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797d61fbe97944a22021-12-20 15:57:08.425root 11241100x8000000000000000764572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5703eb47f9868b42021-12-20 15:57:08.425root 11241100x8000000000000000764573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7567c4e67a27042021-12-20 15:57:08.425root 11241100x8000000000000000764574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6ee8146350dc4c2021-12-20 15:57:08.426root 11241100x8000000000000000764575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a10f30886d9f9b2021-12-20 15:57:08.426root 11241100x8000000000000000764576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53d69adc0903b632021-12-20 15:57:08.426root 11241100x8000000000000000764577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b2bdf2906b2ce32021-12-20 15:57:08.426root 11241100x8000000000000000764578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07da3f80c036034e2021-12-20 15:57:08.426root 11241100x8000000000000000764579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f69988a1dd28d532021-12-20 15:57:08.426root 11241100x8000000000000000764580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c087ee2c42cb9a2021-12-20 15:57:08.426root 11241100x8000000000000000764581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e7977761d28da52021-12-20 15:57:08.426root 11241100x8000000000000000764582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137ce7c893620c362021-12-20 15:57:08.924root 11241100x8000000000000000764583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a784b3a865bffa2021-12-20 15:57:08.924root 11241100x8000000000000000764584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf66e236709381a2021-12-20 15:57:08.924root 11241100x8000000000000000764585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1c6e04d26f27c52021-12-20 15:57:08.924root 11241100x8000000000000000764586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07004722cebde9b72021-12-20 15:57:08.924root 11241100x8000000000000000764587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7cbcc061a76ef52021-12-20 15:57:08.924root 11241100x8000000000000000764588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a90c07cbb703322021-12-20 15:57:08.924root 11241100x8000000000000000764589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d182c44ce613642021-12-20 15:57:08.925root 11241100x8000000000000000764590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c231bf1aefc9016f2021-12-20 15:57:08.925root 11241100x8000000000000000764591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d0de318c5208112021-12-20 15:57:08.925root 11241100x8000000000000000764592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039f43e2d66684af2021-12-20 15:57:08.925root 11241100x8000000000000000764593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d2e6ed1f553e832021-12-20 15:57:08.925root 11241100x8000000000000000764594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d6df6fda2970e22021-12-20 15:57:08.925root 11241100x8000000000000000764595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90f50ac1929ba232021-12-20 15:57:08.925root 11241100x8000000000000000764596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a4418ec54532ac2021-12-20 15:57:08.925root 11241100x8000000000000000764597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d285feef5f4654902021-12-20 15:57:08.925root 11241100x8000000000000000764598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a66ccc27160cb352021-12-20 15:57:08.925root 11241100x8000000000000000764599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dde43992455cd112021-12-20 15:57:08.925root 11241100x8000000000000000764600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be21518809179c402021-12-20 15:57:08.926root 11241100x8000000000000000764601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aceb11f1608128e2021-12-20 15:57:08.926root 11241100x8000000000000000764602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ea3a36f4dfd9e52021-12-20 15:57:08.926root 11241100x8000000000000000764603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d12866046d58bc2021-12-20 15:57:08.926root 11241100x8000000000000000764604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78fcd6b4f0d02cb2021-12-20 15:57:08.926root 23542300x8000000000000000764605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.070{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000764606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.075{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51416-false10.0.1.12-8000- 11241100x8000000000000000764607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d7d005390c845c2021-12-20 15:57:09.424root 11241100x8000000000000000764608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ba137397f3c4ae2021-12-20 15:57:09.424root 11241100x8000000000000000764609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8511eacfc68cfa12021-12-20 15:57:09.424root 11241100x8000000000000000764610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b20b57e10087a402021-12-20 15:57:09.424root 11241100x8000000000000000764611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f136f73c0cc8a592021-12-20 15:57:09.424root 11241100x8000000000000000764612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c14a8c6883ff0a2021-12-20 15:57:09.424root 11241100x8000000000000000764613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f592a60d9a0d6a062021-12-20 15:57:09.424root 11241100x8000000000000000764614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4a2ac75f6b8de52021-12-20 15:57:09.424root 11241100x8000000000000000764615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f80f94f92a1b9e2021-12-20 15:57:09.425root 11241100x8000000000000000764616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c550a31dfd27172021-12-20 15:57:09.425root 11241100x8000000000000000764617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36640151fd668e12021-12-20 15:57:09.425root 11241100x8000000000000000764618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70f02844f8e77db2021-12-20 15:57:09.425root 11241100x8000000000000000764619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e0f592643426182021-12-20 15:57:09.425root 11241100x8000000000000000764620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1189d3017034c1192021-12-20 15:57:09.425root 11241100x8000000000000000764621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74dcfa95cb8cb6e2021-12-20 15:57:09.425root 11241100x8000000000000000764622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a8710d7816d0f32021-12-20 15:57:09.425root 11241100x8000000000000000764623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2580169c57aea5f72021-12-20 15:57:09.425root 11241100x8000000000000000764624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0f80568fcb2e2b2021-12-20 15:57:09.425root 11241100x8000000000000000764625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236057f070c9a0772021-12-20 15:57:09.425root 11241100x8000000000000000764626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901057c2a331d2032021-12-20 15:57:09.425root 11241100x8000000000000000764627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1639647f4cb0d6b42021-12-20 15:57:09.425root 11241100x8000000000000000764628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215c400d450680462021-12-20 15:57:09.425root 11241100x8000000000000000764629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd85ed3eb906b622021-12-20 15:57:09.425root 11241100x8000000000000000764630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ce8b9de32ad14b2021-12-20 15:57:09.425root 11241100x8000000000000000764631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d4c0d90933c1c52021-12-20 15:57:09.426root 11241100x8000000000000000764632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838d3fb9da7031952021-12-20 15:57:09.426root 11241100x8000000000000000764633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b523016003853332021-12-20 15:57:09.426root 11241100x8000000000000000764634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef27789edb98e8ba2021-12-20 15:57:09.426root 11241100x8000000000000000764635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfde7bdab74408332021-12-20 15:57:09.426root 11241100x8000000000000000764636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843ae66209e158bc2021-12-20 15:57:09.426root 11241100x8000000000000000764637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2822476796200f752021-12-20 15:57:09.426root 11241100x8000000000000000764638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a30e3f6dd5e33e02021-12-20 15:57:09.426root 11241100x8000000000000000764639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5017a5c92c3844d2021-12-20 15:57:09.426root 11241100x8000000000000000764640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf7923424b1a2142021-12-20 15:57:09.426root 11241100x8000000000000000764641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829269dc4dd1890c2021-12-20 15:57:09.426root 11241100x8000000000000000764642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e8cdcb0734b70f2021-12-20 15:57:09.426root 11241100x8000000000000000764643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfce1afae731d9702021-12-20 15:57:09.426root 11241100x8000000000000000764644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6065d0803eaa767b2021-12-20 15:57:09.427root 11241100x8000000000000000764645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a6530a09ccc60c2021-12-20 15:57:09.427root 11241100x8000000000000000764646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383819afd8c4d2662021-12-20 15:57:09.427root 11241100x8000000000000000764647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216333ffb04dce8c2021-12-20 15:57:09.924root 11241100x8000000000000000764648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc152479203bdb82021-12-20 15:57:09.924root 11241100x8000000000000000764649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53a725d562a6d022021-12-20 15:57:09.924root 11241100x8000000000000000764650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a11527656cdc6f2021-12-20 15:57:09.924root 11241100x8000000000000000764651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656bfc8ca95b34a02021-12-20 15:57:09.924root 11241100x8000000000000000764652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067f18b19a31d2e82021-12-20 15:57:09.924root 11241100x8000000000000000764653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8866dadf5aa32c3c2021-12-20 15:57:09.925root 11241100x8000000000000000764654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f37b66609fab8872021-12-20 15:57:09.925root 11241100x8000000000000000764655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f178b64825e79082021-12-20 15:57:09.925root 11241100x8000000000000000764656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed27cbbe94515682021-12-20 15:57:09.925root 11241100x8000000000000000764657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33e4c41366b85fe2021-12-20 15:57:09.925root 11241100x8000000000000000764658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bf92b41ac826ef2021-12-20 15:57:09.925root 11241100x8000000000000000764659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea89ae82839b0c92021-12-20 15:57:09.925root 11241100x8000000000000000764660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34067d9a8d6f65222021-12-20 15:57:09.925root 11241100x8000000000000000764661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cf376af8a4ada02021-12-20 15:57:09.925root 11241100x8000000000000000764662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c31e22fb7d44d5f2021-12-20 15:57:09.926root 11241100x8000000000000000764663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeafec64dc367fc62021-12-20 15:57:09.926root 11241100x8000000000000000764664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cade9957e548d172021-12-20 15:57:09.926root 11241100x8000000000000000764665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2771841ed5d65a2e2021-12-20 15:57:09.927root 11241100x8000000000000000764666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ca513ec21105f52021-12-20 15:57:09.927root 11241100x8000000000000000764667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d62db4a5db13692021-12-20 15:57:09.928root 11241100x8000000000000000764668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111302573329a9122021-12-20 15:57:09.928root 11241100x8000000000000000764669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9afb5f81d8272d52021-12-20 15:57:09.929root 11241100x8000000000000000764670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d519de099edd1182021-12-20 15:57:09.929root 11241100x8000000000000000764671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf25d09e8591c2c2021-12-20 15:57:09.929root 11241100x8000000000000000764672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c060681327c7af102021-12-20 15:57:09.929root 11241100x8000000000000000764673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95bc20d0d3445722021-12-20 15:57:10.424root 11241100x8000000000000000764674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ee3c7d60068dcd2021-12-20 15:57:10.424root 11241100x8000000000000000764675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d0884038430bf52021-12-20 15:57:10.424root 11241100x8000000000000000764676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d8fd245a047f9e2021-12-20 15:57:10.424root 11241100x8000000000000000764677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23a62237adba03d2021-12-20 15:57:10.424root 11241100x8000000000000000764678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc59f1a7558071e2021-12-20 15:57:10.424root 11241100x8000000000000000764679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a4992527157c252021-12-20 15:57:10.425root 11241100x8000000000000000764680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3368c0c3f434166f2021-12-20 15:57:10.425root 11241100x8000000000000000764681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbdfb811e71882b2021-12-20 15:57:10.425root 11241100x8000000000000000764682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022301a3ded532c42021-12-20 15:57:10.425root 11241100x8000000000000000764683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8485ff8bbca860ad2021-12-20 15:57:10.425root 11241100x8000000000000000764684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a998c88a72aa996b2021-12-20 15:57:10.425root 11241100x8000000000000000764685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5dd786e81ad1912021-12-20 15:57:10.425root 11241100x8000000000000000764686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f6c3823a2b71ac2021-12-20 15:57:10.425root 11241100x8000000000000000764687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cf8075d295b7302021-12-20 15:57:10.425root 11241100x8000000000000000764688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be736c7437d4a7002021-12-20 15:57:10.425root 11241100x8000000000000000764689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75740dd7f092fb92021-12-20 15:57:10.425root 11241100x8000000000000000764690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271cbf4564c6bce72021-12-20 15:57:10.425root 11241100x8000000000000000764691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5341974bf5b6fd2021-12-20 15:57:10.425root 11241100x8000000000000000764692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a595b63a01496c2021-12-20 15:57:10.426root 11241100x8000000000000000764693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a58b19f45c2c4d2021-12-20 15:57:10.426root 11241100x8000000000000000764694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f24b734346887d72021-12-20 15:57:10.426root 11241100x8000000000000000764695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607a0ae2dd98afe82021-12-20 15:57:10.426root 11241100x8000000000000000764696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1649463b15d2452021-12-20 15:57:10.426root 11241100x8000000000000000764697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb0681be2d7be7d2021-12-20 15:57:10.426root 11241100x8000000000000000764698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3eef42712785c12021-12-20 15:57:10.924root 11241100x8000000000000000764699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e4f3aab02e12862021-12-20 15:57:10.924root 11241100x8000000000000000764700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc9acfad590697c2021-12-20 15:57:10.924root 11241100x8000000000000000764701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f9311b1e87f6002021-12-20 15:57:10.925root 11241100x8000000000000000764702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c666f7740196ec2021-12-20 15:57:10.925root 11241100x8000000000000000764703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c788931ec725f51c2021-12-20 15:57:10.925root 11241100x8000000000000000764704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1686d78ead95ee2021-12-20 15:57:10.925root 11241100x8000000000000000764705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3a8283da82bafc2021-12-20 15:57:10.925root 11241100x8000000000000000764706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e01bbfe736bd8722021-12-20 15:57:10.925root 11241100x8000000000000000764707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52fd044cf8ff9652021-12-20 15:57:10.925root 11241100x8000000000000000764708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774e0f7ef3061c3e2021-12-20 15:57:10.925root 11241100x8000000000000000764709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c67df16dc208d02021-12-20 15:57:10.926root 11241100x8000000000000000764710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342f60bc3e1a4ccf2021-12-20 15:57:10.926root 11241100x8000000000000000764711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9281a995fd51ad902021-12-20 15:57:10.926root 11241100x8000000000000000764712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06f0722e7d007502021-12-20 15:57:10.926root 11241100x8000000000000000764713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970601c00dc7587a2021-12-20 15:57:10.926root 11241100x8000000000000000764714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41c5bd4a9b40b232021-12-20 15:57:10.926root 11241100x8000000000000000764715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa78e60e8ec0fdaf2021-12-20 15:57:10.926root 11241100x8000000000000000764716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd0c01557d6a0d62021-12-20 15:57:10.926root 11241100x8000000000000000764717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965f3266543eb2022021-12-20 15:57:10.926root 11241100x8000000000000000764718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873cfdc44f1d19112021-12-20 15:57:10.926root 11241100x8000000000000000764719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15928a08724516b2021-12-20 15:57:10.926root 11241100x8000000000000000764720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d5d196f6902a9e2021-12-20 15:57:10.927root 11241100x8000000000000000764721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd0298218bef8302021-12-20 15:57:10.927root 11241100x8000000000000000764722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab22e7f43d32830f2021-12-20 15:57:10.927root 11241100x8000000000000000764723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da360ecc42cbd612021-12-20 15:57:11.424root 11241100x8000000000000000764724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dfe4579f0056ee2021-12-20 15:57:11.424root 11241100x8000000000000000764725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ea32a4a3f88a242021-12-20 15:57:11.424root 11241100x8000000000000000764726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b12adfa31bd12372021-12-20 15:57:11.424root 11241100x8000000000000000764727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84192a5d2e4253892021-12-20 15:57:11.424root 11241100x8000000000000000764728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a93a15277b724f2021-12-20 15:57:11.425root 11241100x8000000000000000764729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db01feb9cb4802c2021-12-20 15:57:11.425root 11241100x8000000000000000764730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a9f3fd2220080d2021-12-20 15:57:11.425root 11241100x8000000000000000764731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870d118e5c627de42021-12-20 15:57:11.425root 11241100x8000000000000000764732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee1c453b836ff312021-12-20 15:57:11.425root 11241100x8000000000000000764733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa21270ca5bfca532021-12-20 15:57:11.425root 11241100x8000000000000000764734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee2f7249b2a252f2021-12-20 15:57:11.425root 11241100x8000000000000000764735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58888226e02881a92021-12-20 15:57:11.425root 11241100x8000000000000000764736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c37c6cec3131252021-12-20 15:57:11.425root 11241100x8000000000000000764737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b491f8fada750d2021-12-20 15:57:11.426root 11241100x8000000000000000764738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f19a94cf37c1882021-12-20 15:57:11.426root 11241100x8000000000000000764739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4630b679d37464352021-12-20 15:57:11.426root 11241100x8000000000000000764740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47adb528e12b36352021-12-20 15:57:11.426root 11241100x8000000000000000764741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e850e908011f2f512021-12-20 15:57:11.426root 11241100x8000000000000000764742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3eda336cc4ce3a2021-12-20 15:57:11.426root 11241100x8000000000000000764743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15de4d8b7f9655332021-12-20 15:57:11.426root 11241100x8000000000000000764744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bbc0f17d0416bb2021-12-20 15:57:11.427root 11241100x8000000000000000764745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b7eeeda4df3c252021-12-20 15:57:11.427root 11241100x8000000000000000764746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd307b16a5cd28f52021-12-20 15:57:11.427root 11241100x8000000000000000764747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d0ac3d5430129a2021-12-20 15:57:11.427root 11241100x8000000000000000764748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49f1af782360f9f2021-12-20 15:57:11.924root 11241100x8000000000000000764749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848d2306b8c819a72021-12-20 15:57:11.925root 11241100x8000000000000000764750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf214e47baed7382021-12-20 15:57:11.925root 11241100x8000000000000000764751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9deb969ec91765a2021-12-20 15:57:11.925root 11241100x8000000000000000764752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b892555ef4d8b1782021-12-20 15:57:11.925root 11241100x8000000000000000764753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3833c8988276f582021-12-20 15:57:11.925root 11241100x8000000000000000764754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cebfb2bc22c82a22021-12-20 15:57:11.925root 11241100x8000000000000000764755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2851e62e043d09ea2021-12-20 15:57:11.925root 11241100x8000000000000000764756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be96c2e4848e08682021-12-20 15:57:11.925root 11241100x8000000000000000764757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2253e374043d45f42021-12-20 15:57:11.925root 11241100x8000000000000000764758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d424745593df6f2021-12-20 15:57:11.926root 11241100x8000000000000000764759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9661d69f44f66aea2021-12-20 15:57:11.926root 11241100x8000000000000000764760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf81ea5a8b09cb82021-12-20 15:57:11.926root 11241100x8000000000000000764761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e488fc53b216d72021-12-20 15:57:11.926root 11241100x8000000000000000764762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e54407175b89ab32021-12-20 15:57:11.926root 11241100x8000000000000000764763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250a97735ca995e62021-12-20 15:57:11.927root 11241100x8000000000000000764764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c5d028bef7f9fd2021-12-20 15:57:11.927root 11241100x8000000000000000764765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99053e0061cd93872021-12-20 15:57:11.927root 11241100x8000000000000000764766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578fb34eaca12d182021-12-20 15:57:11.927root 11241100x8000000000000000764767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573614a61837c5b92021-12-20 15:57:11.927root 11241100x8000000000000000764768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec30ddc1cc58ddb2021-12-20 15:57:11.927root 11241100x8000000000000000764769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e721de67da04aaf2021-12-20 15:57:11.928root 11241100x8000000000000000764770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ca1e720be331162021-12-20 15:57:11.928root 11241100x8000000000000000764771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce2e53e649780062021-12-20 15:57:11.928root 11241100x8000000000000000764772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02773954b8847c82021-12-20 15:57:11.928root 11241100x8000000000000000764773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74651df2b04a8d2a2021-12-20 15:57:12.424root 11241100x8000000000000000764774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baafd5d21c3b3b22021-12-20 15:57:12.424root 11241100x8000000000000000764775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024122d9097815452021-12-20 15:57:12.424root 11241100x8000000000000000764776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170fbb45ec45508b2021-12-20 15:57:12.424root 11241100x8000000000000000764777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a94c97edbfdf0772021-12-20 15:57:12.425root 11241100x8000000000000000764778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f068161b6e05ee2021-12-20 15:57:12.425root 11241100x8000000000000000764779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fb17dd55b8b5da2021-12-20 15:57:12.425root 11241100x8000000000000000764780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c9481de45056e02021-12-20 15:57:12.425root 11241100x8000000000000000764781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb2291c93a2ae792021-12-20 15:57:12.425root 11241100x8000000000000000764782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f7f3f08155eca62021-12-20 15:57:12.425root 11241100x8000000000000000764783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5487313c14eef132021-12-20 15:57:12.426root 11241100x8000000000000000764784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd9dc641330d74c2021-12-20 15:57:12.426root 11241100x8000000000000000764785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ccc376b3aefd552021-12-20 15:57:12.426root 11241100x8000000000000000764786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8b9fec28357f692021-12-20 15:57:12.426root 11241100x8000000000000000764787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac275c8d6945e472021-12-20 15:57:12.427root 11241100x8000000000000000764788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd03199cdd00a162021-12-20 15:57:12.427root 11241100x8000000000000000764789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc68153c043cd6f2021-12-20 15:57:12.427root 11241100x8000000000000000764790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1a8a543a6b26272021-12-20 15:57:12.428root 11241100x8000000000000000764791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81027f6c639fc88d2021-12-20 15:57:12.428root 11241100x8000000000000000764792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e54aa6ccf416ca12021-12-20 15:57:12.428root 11241100x8000000000000000764793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fa6baf4f398fca2021-12-20 15:57:12.428root 11241100x8000000000000000764794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e0076002c11a5b2021-12-20 15:57:12.428root 11241100x8000000000000000764795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39f7241ce2b4ae92021-12-20 15:57:12.428root 11241100x8000000000000000764796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f83cde1f240bf2021-12-20 15:57:12.428root 11241100x8000000000000000764797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3f2f2c85b1ded72021-12-20 15:57:12.428root 11241100x8000000000000000764798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6ff426d4e9b3092021-12-20 15:57:12.924root 11241100x8000000000000000764799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f255589f41106ab72021-12-20 15:57:12.924root 11241100x8000000000000000764800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb463c99d93f06c2021-12-20 15:57:12.924root 11241100x8000000000000000764801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9779faece88203262021-12-20 15:57:12.925root 11241100x8000000000000000764802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42efa87e50882122021-12-20 15:57:12.925root 11241100x8000000000000000764803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da2f2c441d9a4ca2021-12-20 15:57:12.925root 11241100x8000000000000000764804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4943324e754d182021-12-20 15:57:12.925root 11241100x8000000000000000764805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5086ee039052ef8b2021-12-20 15:57:12.925root 11241100x8000000000000000764806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babce9dac32f21922021-12-20 15:57:12.925root 11241100x8000000000000000764807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b829e856388a342021-12-20 15:57:12.925root 11241100x8000000000000000764808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0885eedbf70546422021-12-20 15:57:12.925root 11241100x8000000000000000764809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5a4e9f33d56cd32021-12-20 15:57:12.926root 11241100x8000000000000000764810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409003df85307f6f2021-12-20 15:57:12.926root 11241100x8000000000000000764811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e5f74994861f592021-12-20 15:57:12.926root 11241100x8000000000000000764812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181e4104e23993572021-12-20 15:57:12.926root 11241100x8000000000000000764813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d07c408dab6bea82021-12-20 15:57:12.926root 11241100x8000000000000000764814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59087f5f0e037702021-12-20 15:57:12.926root 11241100x8000000000000000764815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9eecfa2c532b1c2021-12-20 15:57:12.926root 11241100x8000000000000000764816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c4f16c6d599bcd2021-12-20 15:57:12.926root 11241100x8000000000000000764817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f9d20cbc0174aa2021-12-20 15:57:12.926root 11241100x8000000000000000764818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de744e1ead5b8b52021-12-20 15:57:12.926root 11241100x8000000000000000764819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc767ac9e4964c292021-12-20 15:57:12.927root 11241100x8000000000000000764820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34436569642b72402021-12-20 15:57:12.927root 11241100x8000000000000000764821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99899922aae45a22021-12-20 15:57:12.927root 11241100x8000000000000000764822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80faff27fbcb6c72021-12-20 15:57:12.927root 11241100x8000000000000000764823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e852aceca084e4bc2021-12-20 15:57:13.424root 11241100x8000000000000000764824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc55e4d210ce3e702021-12-20 15:57:13.424root 11241100x8000000000000000764825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3663f81b6bdd4fc2021-12-20 15:57:13.424root 11241100x8000000000000000764826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b055118c97d82272021-12-20 15:57:13.425root 11241100x8000000000000000764827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4596e6d89e144df52021-12-20 15:57:13.425root 11241100x8000000000000000764828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f880e5ff5ccf1a72021-12-20 15:57:13.425root 11241100x8000000000000000764829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ad1a7bc81a177d2021-12-20 15:57:13.425root 11241100x8000000000000000764830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca2663027ced6632021-12-20 15:57:13.425root 11241100x8000000000000000764831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f874b3bf0009ed2021-12-20 15:57:13.425root 11241100x8000000000000000764832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998096e5166d68052021-12-20 15:57:13.425root 11241100x8000000000000000764833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf3ff25a143de322021-12-20 15:57:13.425root 11241100x8000000000000000764834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8473d44a906ed85e2021-12-20 15:57:13.425root 11241100x8000000000000000764835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b942429746cfe1c2021-12-20 15:57:13.426root 11241100x8000000000000000764836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a143fd6c04f0272021-12-20 15:57:13.426root 11241100x8000000000000000764837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f549e1f9d7aebbd2021-12-20 15:57:13.426root 11241100x8000000000000000764838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab61f17096884032021-12-20 15:57:13.426root 11241100x8000000000000000764839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf702910e99335ca2021-12-20 15:57:13.426root 11241100x8000000000000000764840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67584d62ea2207b2021-12-20 15:57:13.426root 11241100x8000000000000000764841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e40064d7d824bc12021-12-20 15:57:13.426root 11241100x8000000000000000764842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a5d8c0a9ad89682021-12-20 15:57:13.426root 11241100x8000000000000000764843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770c46e057c37ff12021-12-20 15:57:13.426root 11241100x8000000000000000764844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde0f210110201e92021-12-20 15:57:13.426root 11241100x8000000000000000764845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dd5da4886d42c72021-12-20 15:57:13.427root 11241100x8000000000000000764846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9a25b833bb076e2021-12-20 15:57:13.427root 11241100x8000000000000000764847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0186d454fbdc722021-12-20 15:57:13.427root 11241100x8000000000000000764848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3564f66a0df14b312021-12-20 15:57:13.924root 11241100x8000000000000000764849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cda5a52b66fce22021-12-20 15:57:13.924root 11241100x8000000000000000764850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d42ab93bfa4aca2021-12-20 15:57:13.924root 11241100x8000000000000000764851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0ce2bd54ff3aab2021-12-20 15:57:13.924root 11241100x8000000000000000764852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e975b13ac0ef9f1e2021-12-20 15:57:13.924root 11241100x8000000000000000764853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856ead88dc0ddc252021-12-20 15:57:13.924root 11241100x8000000000000000764854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fce06897f87de052021-12-20 15:57:13.924root 11241100x8000000000000000764855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af0a18119f6ddc62021-12-20 15:57:13.924root 11241100x8000000000000000764856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0717ed942ef8af9b2021-12-20 15:57:13.924root 11241100x8000000000000000764857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee76f233633898d2021-12-20 15:57:13.925root 11241100x8000000000000000764858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726035d3114f61ea2021-12-20 15:57:13.925root 11241100x8000000000000000764859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4871367d34b28cef2021-12-20 15:57:13.925root 11241100x8000000000000000764860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1c4a20fe198e442021-12-20 15:57:13.925root 11241100x8000000000000000764861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b42341c1788857b2021-12-20 15:57:13.925root 11241100x8000000000000000764862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060909459b7759bb2021-12-20 15:57:13.926root 11241100x8000000000000000764863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d02dd6721b219f32021-12-20 15:57:13.926root 11241100x8000000000000000764864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67166af27f9ad842021-12-20 15:57:13.926root 11241100x8000000000000000764865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0c94ae2bd58f0e2021-12-20 15:57:13.926root 11241100x8000000000000000764866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91644a289d74acdb2021-12-20 15:57:13.926root 11241100x8000000000000000764867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1572bc6ad49dac032021-12-20 15:57:13.927root 11241100x8000000000000000764868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4934f193112fa242021-12-20 15:57:13.927root 11241100x8000000000000000764869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d7b215fbea6aa12021-12-20 15:57:13.928root 11241100x8000000000000000764870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71bae4f76ab83af2021-12-20 15:57:13.928root 11241100x8000000000000000764871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7074cb5704236a02021-12-20 15:57:13.928root 11241100x8000000000000000764872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61854e58f76e3d82021-12-20 15:57:13.928root 11241100x8000000000000000764873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:13.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54af5853b31d82492021-12-20 15:57:13.929root 11241100x8000000000000000764874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d894cd15d353d72021-12-20 15:57:14.424root 11241100x8000000000000000764875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148af0b2c63f19aa2021-12-20 15:57:14.424root 11241100x8000000000000000764876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1cd42f01cc9f932021-12-20 15:57:14.424root 11241100x8000000000000000764877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6dcf9f4ac1be142021-12-20 15:57:14.424root 11241100x8000000000000000764878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238765208f317a672021-12-20 15:57:14.424root 11241100x8000000000000000764879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea71b7c2ab9e3bd92021-12-20 15:57:14.424root 11241100x8000000000000000764880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb0209f4d666c232021-12-20 15:57:14.424root 11241100x8000000000000000764881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732745c9fedde3b62021-12-20 15:57:14.425root 11241100x8000000000000000764882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8701c1c2eff71752021-12-20 15:57:14.425root 11241100x8000000000000000764883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b964cf091d108c12021-12-20 15:57:14.425root 11241100x8000000000000000764884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fc37977839362b2021-12-20 15:57:14.425root 11241100x8000000000000000764885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c563c0adf1217a4d2021-12-20 15:57:14.425root 11241100x8000000000000000764886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06d3fe1d62d12f52021-12-20 15:57:14.425root 11241100x8000000000000000764887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64e7897ed06b10f2021-12-20 15:57:14.425root 11241100x8000000000000000764888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2825acddf64913c52021-12-20 15:57:14.425root 11241100x8000000000000000764889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99e2442049b574f2021-12-20 15:57:14.425root 11241100x8000000000000000764890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec92576817b6e222021-12-20 15:57:14.425root 11241100x8000000000000000764891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ecaa40de4b7c202021-12-20 15:57:14.425root 11241100x8000000000000000764892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7d86b0dafb22472021-12-20 15:57:14.425root 11241100x8000000000000000764893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4de72276e1b0842021-12-20 15:57:14.425root 11241100x8000000000000000764894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b659d897aebd19f92021-12-20 15:57:14.425root 11241100x8000000000000000764895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cdabc12099273e2021-12-20 15:57:14.425root 11241100x8000000000000000764896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae1c1098e5bd92c2021-12-20 15:57:14.426root 11241100x8000000000000000764897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749efec31fc397df2021-12-20 15:57:14.426root 11241100x8000000000000000764898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabe83a987810abe2021-12-20 15:57:14.426root 11241100x8000000000000000764899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134889f7cbdd3a242021-12-20 15:57:14.924root 11241100x8000000000000000764900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706d499e7679ea8b2021-12-20 15:57:14.924root 11241100x8000000000000000764901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ce19a7782f05d42021-12-20 15:57:14.924root 11241100x8000000000000000764902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c03cfafff130ec72021-12-20 15:57:14.925root 11241100x8000000000000000764903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4201ab6524bf986d2021-12-20 15:57:14.925root 11241100x8000000000000000764904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3803259e19f42f252021-12-20 15:57:14.925root 11241100x8000000000000000764905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4ab50616c3e9622021-12-20 15:57:14.925root 11241100x8000000000000000764906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9d6ac4d181f2d92021-12-20 15:57:14.926root 11241100x8000000000000000764907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3981c2b4cff73b82021-12-20 15:57:14.926root 11241100x8000000000000000764908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97aab6de852a84cd2021-12-20 15:57:14.926root 11241100x8000000000000000764909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9882f74179790a02021-12-20 15:57:14.926root 11241100x8000000000000000764910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4cd008189642c72021-12-20 15:57:14.926root 11241100x8000000000000000764911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921ce7d9b15181672021-12-20 15:57:14.926root 11241100x8000000000000000764912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428837816c8e56c72021-12-20 15:57:14.927root 11241100x8000000000000000764913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ef0ccee05798572021-12-20 15:57:14.927root 11241100x8000000000000000764914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929cd22b81798b5e2021-12-20 15:57:14.927root 11241100x8000000000000000764915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd38e7d23c6b4c7b2021-12-20 15:57:14.927root 11241100x8000000000000000764916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62ee9adc7344e0c2021-12-20 15:57:14.928root 11241100x8000000000000000764917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bc239f52fc83e92021-12-20 15:57:14.928root 11241100x8000000000000000764918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bb48719b0a84662021-12-20 15:57:14.929root 11241100x8000000000000000764919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05900c8dca34443d2021-12-20 15:57:14.929root 11241100x8000000000000000764920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af011fd47a4777742021-12-20 15:57:14.929root 11241100x8000000000000000764921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856ea5b347938f7f2021-12-20 15:57:14.929root 11241100x8000000000000000764922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad40819511af8872021-12-20 15:57:14.929root 11241100x8000000000000000764923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9088317cbd8ea92021-12-20 15:57:14.929root 11241100x8000000000000000764924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc172b75b28571a2021-12-20 15:57:14.929root 11241100x8000000000000000764925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34fc4927b9326352021-12-20 15:57:14.929root 354300x8000000000000000764926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.048{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51418-false10.0.1.12-8000- 154100x8000000000000000764927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.284{ec2c97d1-a7db-61c0-68f4-744373550000}10221/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000764928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.285{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d316eff36a0b0a2021-12-20 15:57:15.285root 11241100x8000000000000000764929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.286{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc82736a0e9f9b52021-12-20 15:57:15.286root 11241100x8000000000000000764930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.286{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7213dbde12250b2021-12-20 15:57:15.286root 11241100x8000000000000000764931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.286{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f58072b4a7cbd342021-12-20 15:57:15.286root 11241100x8000000000000000764932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.286{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dac8f7d7df73e72021-12-20 15:57:15.286root 11241100x8000000000000000764933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.286{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9bd14282596f0d2021-12-20 15:57:15.286root 11241100x8000000000000000764934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.286{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac689637cc455592021-12-20 15:57:15.286root 11241100x8000000000000000764935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.286{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e183e83613a2976e2021-12-20 15:57:15.286root 11241100x8000000000000000764936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.286{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b309ae4d18eb65892021-12-20 15:57:15.286root 11241100x8000000000000000764937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.286{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f1f9b5c306554d2021-12-20 15:57:15.286root 11241100x8000000000000000764938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.286{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2972521a9da8c22021-12-20 15:57:15.286root 11241100x8000000000000000764939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.287{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe994b803c57d02021-12-20 15:57:15.287root 11241100x8000000000000000764940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.287{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4254901c66684c562021-12-20 15:57:15.287root 11241100x8000000000000000764941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.287{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbad41818af07852021-12-20 15:57:15.287root 11241100x8000000000000000764942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.287{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4f56b0f7c227af2021-12-20 15:57:15.287root 11241100x8000000000000000764943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.287{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e529fc3787841d6d2021-12-20 15:57:15.287root 11241100x8000000000000000764944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.287{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5ea0cc9de571022021-12-20 15:57:15.287root 11241100x8000000000000000764945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.287{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d599b6afc8096fd92021-12-20 15:57:15.287root 11241100x8000000000000000764946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.287{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22f401ff47b1d582021-12-20 15:57:15.287root 11241100x8000000000000000764947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.288{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97db4810f098916e2021-12-20 15:57:15.288root 11241100x8000000000000000764948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.288{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b23630e4187ba382021-12-20 15:57:15.288root 11241100x8000000000000000764949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.289{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7c86c059f94a802021-12-20 15:57:15.289root 11241100x8000000000000000764950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.289{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b4275d1f974b342021-12-20 15:57:15.289root 11241100x8000000000000000764951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.289{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db7ba0f83fd10472021-12-20 15:57:15.289root 11241100x8000000000000000764952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.289{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af214c6b6874dcd2021-12-20 15:57:15.289root 11241100x8000000000000000764953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.289{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45921ddc99977aed2021-12-20 15:57:15.289root 11241100x8000000000000000764954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.289{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c09bc8ad972014c2021-12-20 15:57:15.289root 11241100x8000000000000000764955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.289{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8e703463c8aa512021-12-20 15:57:15.289root 11241100x8000000000000000764956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.289{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a742b9e6254ef78a2021-12-20 15:57:15.289root 11241100x8000000000000000764957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.289{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77acfbe503ee56fc2021-12-20 15:57:15.289root 11241100x8000000000000000764958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.289{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63f3e539e917f582021-12-20 15:57:15.289root 11241100x8000000000000000764959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.290{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd870c4b698cf2662021-12-20 15:57:15.290root 11241100x8000000000000000764960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.290{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b10199b81bfcad2021-12-20 15:57:15.290root 11241100x8000000000000000764961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.290{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23be2d50cd1278f2021-12-20 15:57:15.290root 11241100x8000000000000000764962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.290{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79737bfda258de982021-12-20 15:57:15.290root 11241100x8000000000000000764963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.290{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90c82224b11b7fc2021-12-20 15:57:15.290root 11241100x8000000000000000764964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.290{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f273eb025705132021-12-20 15:57:15.290root 11241100x8000000000000000764965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.290{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aa646483d309392021-12-20 15:57:15.290root 11241100x8000000000000000764966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.290{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0c108a81e7031c2021-12-20 15:57:15.290root 11241100x8000000000000000764967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.290{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150a14bbef9fa45a2021-12-20 15:57:15.290root 11241100x8000000000000000764968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.290{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a0ef62bca2ee892021-12-20 15:57:15.290root 11241100x8000000000000000764969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.291{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a07a72dafd00f732021-12-20 15:57:15.291root 11241100x8000000000000000764970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.291{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456451cbdd6e02692021-12-20 15:57:15.291root 11241100x8000000000000000764971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.291{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600905d4ff1f3cfb2021-12-20 15:57:15.291root 11241100x8000000000000000764972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.291{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95da6afbf93d79462021-12-20 15:57:15.291root 534500x8000000000000000764973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.310{ec2c97d1-a7db-61c0-68f4-744373550000}10221/bin/psroot 11241100x8000000000000000764974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b3f78b5ff351ef2021-12-20 15:57:15.675root 11241100x8000000000000000764975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7451600208ec677a2021-12-20 15:57:15.675root 11241100x8000000000000000764976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bc23e3569caf342021-12-20 15:57:15.675root 11241100x8000000000000000764977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1e407a562696312021-12-20 15:57:15.675root 11241100x8000000000000000764978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6179b8640ec3b12021-12-20 15:57:15.675root 11241100x8000000000000000764979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73101a1e83aa57bc2021-12-20 15:57:15.675root 11241100x8000000000000000764980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c35210a1f90acd22021-12-20 15:57:15.675root 11241100x8000000000000000764981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f53bb9dab4220602021-12-20 15:57:15.675root 11241100x8000000000000000764982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707d4feb93b257332021-12-20 15:57:15.675root 11241100x8000000000000000764983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b8795cb499cc042021-12-20 15:57:15.675root 11241100x8000000000000000764984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1f2323806323fc2021-12-20 15:57:15.675root 11241100x8000000000000000764985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b388728ed75efc4b2021-12-20 15:57:15.676root 11241100x8000000000000000764986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045b77ecf8fd84702021-12-20 15:57:15.676root 11241100x8000000000000000764987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c353640a4050cd2021-12-20 15:57:15.676root 11241100x8000000000000000764988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d607319eefb5b12021-12-20 15:57:15.676root 11241100x8000000000000000764989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56572de5469b6f642021-12-20 15:57:15.676root 11241100x8000000000000000764990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b184bef23a161c62021-12-20 15:57:15.676root 11241100x8000000000000000764991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767a6c23cf8c25d32021-12-20 15:57:15.676root 11241100x8000000000000000764992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa756e05687825592021-12-20 15:57:15.676root 11241100x8000000000000000764993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23fe42e12be79c22021-12-20 15:57:15.676root 11241100x8000000000000000764994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8fd3c7e162732d2021-12-20 15:57:15.676root 11241100x8000000000000000764995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148b670ce6087b642021-12-20 15:57:15.676root 11241100x8000000000000000764996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b73e9475f5adf322021-12-20 15:57:15.676root 11241100x8000000000000000764997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feedc35dcc8ae6a62021-12-20 15:57:15.677root 11241100x8000000000000000764998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab82f8c2370bc6c2021-12-20 15:57:15.677root 11241100x8000000000000000764999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610a0443edc6b30a2021-12-20 15:57:15.677root 11241100x8000000000000000765000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b950120b3dc587ef2021-12-20 15:57:15.677root 11241100x8000000000000000765001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450bb98a7570d6822021-12-20 15:57:15.677root 11241100x8000000000000000765002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06aadea3834a39b2021-12-20 15:57:16.174root 11241100x8000000000000000765003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97335a926fcabf52021-12-20 15:57:16.175root 11241100x8000000000000000765004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117e4d44903f6ddb2021-12-20 15:57:16.175root 11241100x8000000000000000765005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbeb120538e05c92021-12-20 15:57:16.175root 11241100x8000000000000000765006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86a36d4ee2b1d322021-12-20 15:57:16.175root 11241100x8000000000000000765007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb87164ca58bc96f2021-12-20 15:57:16.175root 11241100x8000000000000000765008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f618c7a457b1712021-12-20 15:57:16.175root 11241100x8000000000000000765009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56594d5beadf8ef32021-12-20 15:57:16.176root 11241100x8000000000000000765010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dd874fdaa501502021-12-20 15:57:16.176root 11241100x8000000000000000765011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a060e4981a1a98c2021-12-20 15:57:16.176root 11241100x8000000000000000765012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceae8ad710e384612021-12-20 15:57:16.176root 11241100x8000000000000000765013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f651b08df556712021-12-20 15:57:16.176root 11241100x8000000000000000765014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c2f3a03c56b7182021-12-20 15:57:16.176root 11241100x8000000000000000765015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bd29524738b0222021-12-20 15:57:16.176root 11241100x8000000000000000765016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6014c4e92523a6892021-12-20 15:57:16.176root 11241100x8000000000000000765017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76174e9277297ed82021-12-20 15:57:16.177root 11241100x8000000000000000765018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b390597c1c896c6c2021-12-20 15:57:16.177root 11241100x8000000000000000765019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d268b47d90daee3d2021-12-20 15:57:16.177root 11241100x8000000000000000765020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213d4a07e59a68d52021-12-20 15:57:16.177root 11241100x8000000000000000765021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc38a740b5786f82021-12-20 15:57:16.177root 11241100x8000000000000000765022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5c3d1f5ae9248f2021-12-20 15:57:16.177root 11241100x8000000000000000765023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0356b56f59d9da6a2021-12-20 15:57:16.177root 11241100x8000000000000000765024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a1547398ac016c2021-12-20 15:57:16.177root 11241100x8000000000000000765025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a54f0d0febdc812021-12-20 15:57:16.177root 11241100x8000000000000000765026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd00ae2a50da2632021-12-20 15:57:16.177root 11241100x8000000000000000765027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0f5d80b9cd41bb2021-12-20 15:57:16.178root 11241100x8000000000000000765028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bcfb7bcb36d02c2021-12-20 15:57:16.178root 11241100x8000000000000000765029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781a296a18ec10532021-12-20 15:57:16.178root 11241100x8000000000000000765030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b053658faacab02021-12-20 15:57:16.674root 11241100x8000000000000000765031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb70f43504f4e2c2021-12-20 15:57:16.674root 11241100x8000000000000000765032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362cc7c65bbf88b42021-12-20 15:57:16.674root 11241100x8000000000000000765033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac18ac8489ea45c42021-12-20 15:57:16.675root 11241100x8000000000000000765034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7a692b6a38b8222021-12-20 15:57:16.675root 11241100x8000000000000000765035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a57227278fa8b32021-12-20 15:57:16.675root 11241100x8000000000000000765036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436f2e7e57ee8dbb2021-12-20 15:57:16.675root 11241100x8000000000000000765037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680e80dc044f89772021-12-20 15:57:16.675root 11241100x8000000000000000765038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6ebca935c1548f2021-12-20 15:57:16.675root 11241100x8000000000000000765039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03ec09f9e26660f2021-12-20 15:57:16.675root 11241100x8000000000000000765040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3240639949bae792021-12-20 15:57:16.675root 11241100x8000000000000000765041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5784cd30e140d8972021-12-20 15:57:16.675root 11241100x8000000000000000765042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce40aa3792bdcf32021-12-20 15:57:16.676root 11241100x8000000000000000765043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa8217c9fc6b0d42021-12-20 15:57:16.676root 11241100x8000000000000000765044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c165010c7bddbd892021-12-20 15:57:16.676root 11241100x8000000000000000765045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f913f788291a4542021-12-20 15:57:16.676root 11241100x8000000000000000765046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6fa0d20a94ddb62021-12-20 15:57:16.676root 11241100x8000000000000000765047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2224cf14471813972021-12-20 15:57:16.676root 11241100x8000000000000000765048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b933e2f913a240be2021-12-20 15:57:16.676root 11241100x8000000000000000765049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732b7fb6337e53de2021-12-20 15:57:16.676root 11241100x8000000000000000765050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4523ba37580d952021-12-20 15:57:16.677root 11241100x8000000000000000765051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b4e353104b32792021-12-20 15:57:16.677root 11241100x8000000000000000765052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905f3be737b4f27e2021-12-20 15:57:16.677root 11241100x8000000000000000765053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85e0be137bdcbce2021-12-20 15:57:16.677root 11241100x8000000000000000765054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5e1f328bce910e2021-12-20 15:57:16.677root 11241100x8000000000000000765055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfa621476e1ac572021-12-20 15:57:16.677root 11241100x8000000000000000765056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f054334f910dd352021-12-20 15:57:16.677root 11241100x8000000000000000765057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78e759d068cd61f2021-12-20 15:57:16.677root 11241100x8000000000000000765058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a10ffc70bd09bfb2021-12-20 15:57:17.175root 11241100x8000000000000000765059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9647dce3e85e522021-12-20 15:57:17.175root 11241100x8000000000000000765060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8de9df645f86b082021-12-20 15:57:17.175root 11241100x8000000000000000765061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e681f4f8c6dfa32021-12-20 15:57:17.175root 11241100x8000000000000000765062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10eccb69efeaa482021-12-20 15:57:17.175root 11241100x8000000000000000765063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8274a2c164ae144f2021-12-20 15:57:17.175root 11241100x8000000000000000765064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cb1724e72f6e6e2021-12-20 15:57:17.175root 11241100x8000000000000000765065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc94f8fcfbec0312021-12-20 15:57:17.175root 11241100x8000000000000000765066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2bcf9c1b2c1f1e2021-12-20 15:57:17.176root 11241100x8000000000000000765067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b800437dea0aa8bd2021-12-20 15:57:17.176root 11241100x8000000000000000765068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd548ea6033e1402021-12-20 15:57:17.176root 11241100x8000000000000000765069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff36e5f57e6af282021-12-20 15:57:17.176root 11241100x8000000000000000765070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8830b53e5a5622232021-12-20 15:57:17.176root 11241100x8000000000000000765071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4a3bf5a2ebf5072021-12-20 15:57:17.176root 11241100x8000000000000000765072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b297779cb926772021-12-20 15:57:17.176root 11241100x8000000000000000765073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184571cf188e184b2021-12-20 15:57:17.176root 11241100x8000000000000000765074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42353dba0f73df7b2021-12-20 15:57:17.176root 11241100x8000000000000000765075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82719618b19a93e2021-12-20 15:57:17.177root 11241100x8000000000000000765076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1f9683f0685fe92021-12-20 15:57:17.177root 11241100x8000000000000000765077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff225512ed045ae2021-12-20 15:57:17.177root 11241100x8000000000000000765078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9002ab36d277b9d2021-12-20 15:57:17.177root 11241100x8000000000000000765079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122c9aaa42cc8dbd2021-12-20 15:57:17.177root 11241100x8000000000000000765080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37f44d32a2b56ca2021-12-20 15:57:17.177root 11241100x8000000000000000765081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82ce6e1fe87baae2021-12-20 15:57:17.177root 11241100x8000000000000000765082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a032966536512a2021-12-20 15:57:17.178root 11241100x8000000000000000765083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c52076e0c7f60f2021-12-20 15:57:17.178root 11241100x8000000000000000765084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a74093536b5e192021-12-20 15:57:17.178root 11241100x8000000000000000765085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75372767663fc762021-12-20 15:57:17.179root 11241100x8000000000000000765086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2601083f4a38fb72021-12-20 15:57:17.179root 11241100x8000000000000000765087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a697f4d9efe4f40b2021-12-20 15:57:17.674root 11241100x8000000000000000765088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c0d250814f4c5c2021-12-20 15:57:17.674root 11241100x8000000000000000765089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6405a969d7f7eca22021-12-20 15:57:17.675root 11241100x8000000000000000765090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2221a1ee1acc2292021-12-20 15:57:17.675root 11241100x8000000000000000765091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b868770803c4072d2021-12-20 15:57:17.675root 11241100x8000000000000000765092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a746023fef78ae72021-12-20 15:57:17.675root 11241100x8000000000000000765093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c30261e1e21f9292021-12-20 15:57:17.675root 11241100x8000000000000000765094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b0b20d2591b2bd2021-12-20 15:57:17.676root 11241100x8000000000000000765095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a3ae7dca7af49e2021-12-20 15:57:17.676root 11241100x8000000000000000765096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b46ed6118470c602021-12-20 15:57:17.676root 11241100x8000000000000000765097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac4b1d7ed8619a2021-12-20 15:57:17.676root 11241100x8000000000000000765098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dbdffd7da973172021-12-20 15:57:17.676root 11241100x8000000000000000765099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad078708865858c2021-12-20 15:57:17.676root 11241100x8000000000000000765100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84772b9e551c15d42021-12-20 15:57:17.676root 11241100x8000000000000000765101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e205d3e2c9eed5f22021-12-20 15:57:17.676root 11241100x8000000000000000765102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f391f1768cacc4362021-12-20 15:57:17.676root 11241100x8000000000000000765103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37447e1993bf32082021-12-20 15:57:17.677root 11241100x8000000000000000765104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a858df2a19e87052021-12-20 15:57:17.677root 11241100x8000000000000000765105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15966dc67f75b7232021-12-20 15:57:17.677root 11241100x8000000000000000765106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abe44a0c0b59cd32021-12-20 15:57:17.677root 11241100x8000000000000000765107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5529dbe049db320e2021-12-20 15:57:17.677root 11241100x8000000000000000765108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165c12877e5729982021-12-20 15:57:17.677root 11241100x8000000000000000765109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3659eb3d06726d2021-12-20 15:57:17.677root 11241100x8000000000000000765110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929dc4c16a22fa1f2021-12-20 15:57:17.677root 11241100x8000000000000000765111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e2513f924777352021-12-20 15:57:17.677root 11241100x8000000000000000765112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5272eadd4b3b2d2021-12-20 15:57:17.678root 11241100x8000000000000000765113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a530f22225c7db432021-12-20 15:57:17.678root 11241100x8000000000000000765114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8e1f149ff42e3e2021-12-20 15:57:17.678root 11241100x8000000000000000765115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc792e211fb61ffc2021-12-20 15:57:18.174root 11241100x8000000000000000765116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1b6ea4a09ee962021-12-20 15:57:18.174root 11241100x8000000000000000765117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74d3e450e2873572021-12-20 15:57:18.175root 11241100x8000000000000000765118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d99a08a90a8aa62021-12-20 15:57:18.175root 11241100x8000000000000000765119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495833a2e07166ec2021-12-20 15:57:18.175root 11241100x8000000000000000765120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59d30d4f61fbe0f2021-12-20 15:57:18.175root 11241100x8000000000000000765121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ad9a359caba2132021-12-20 15:57:18.176root 11241100x8000000000000000765122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d6c0a8b6ee97252021-12-20 15:57:18.176root 11241100x8000000000000000765123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181427d840a570f72021-12-20 15:57:18.176root 11241100x8000000000000000765124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48582f5032ce3092021-12-20 15:57:18.176root 11241100x8000000000000000765125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb7e65087390ea12021-12-20 15:57:18.176root 11241100x8000000000000000765126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f6342ec0f837812021-12-20 15:57:18.176root 11241100x8000000000000000765127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16776f8e64aeacca2021-12-20 15:57:18.176root 11241100x8000000000000000765128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce6dc496b8f5dbf2021-12-20 15:57:18.177root 11241100x8000000000000000765129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e864e7585ef262c82021-12-20 15:57:18.177root 11241100x8000000000000000765130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac312ff770b46f92021-12-20 15:57:18.177root 11241100x8000000000000000765131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6567f911f2b846cc2021-12-20 15:57:18.177root 11241100x8000000000000000765132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766ed01d913318312021-12-20 15:57:18.177root 11241100x8000000000000000765133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b241dff5659b522021-12-20 15:57:18.177root 11241100x8000000000000000765134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f68f1f20f212d502021-12-20 15:57:18.177root 11241100x8000000000000000765135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca2041105efa3ed2021-12-20 15:57:18.178root 11241100x8000000000000000765136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913dcb79fa38a0b82021-12-20 15:57:18.178root 11241100x8000000000000000765137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65339e763d0b32bd2021-12-20 15:57:18.178root 11241100x8000000000000000765138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d80709a8035fef2021-12-20 15:57:18.178root 11241100x8000000000000000765139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67040a6735e90eaa2021-12-20 15:57:18.178root 11241100x8000000000000000765140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60378730ca54950e2021-12-20 15:57:18.178root 11241100x8000000000000000765141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479ea4e17d0f18712021-12-20 15:57:18.178root 11241100x8000000000000000765142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cde48046f92c9632021-12-20 15:57:18.179root 11241100x8000000000000000765143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b63beef50f0e19e2021-12-20 15:57:18.179root 11241100x8000000000000000765144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939286553ea30a702021-12-20 15:57:18.179root 11241100x8000000000000000765145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fcd48d61a5406b2021-12-20 15:57:18.674root 11241100x8000000000000000765146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672799809b4e00412021-12-20 15:57:18.674root 11241100x8000000000000000765147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed25c86b94371c862021-12-20 15:57:18.674root 11241100x8000000000000000765148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586755c36f5ed1d02021-12-20 15:57:18.674root 11241100x8000000000000000765149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bf053928a2e42c2021-12-20 15:57:18.675root 11241100x8000000000000000765150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b699e1824713c4c2021-12-20 15:57:18.675root 11241100x8000000000000000765151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2a166e61d1a9bf2021-12-20 15:57:18.675root 11241100x8000000000000000765152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbfa9c7a3ef86502021-12-20 15:57:18.675root 11241100x8000000000000000765153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a98062062ecb212021-12-20 15:57:18.675root 11241100x8000000000000000765154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae641076e18875b2021-12-20 15:57:18.675root 11241100x8000000000000000765155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01507705739d39002021-12-20 15:57:18.675root 11241100x8000000000000000765156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1089a5adbe128f2021-12-20 15:57:18.675root 11241100x8000000000000000765157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24050f9fa59bd9f72021-12-20 15:57:18.676root 11241100x8000000000000000765158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce1f565cfe7cc882021-12-20 15:57:18.676root 11241100x8000000000000000765159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80d07d33311554b2021-12-20 15:57:18.676root 11241100x8000000000000000765160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad3f8598a00621d2021-12-20 15:57:18.676root 11241100x8000000000000000765161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b094e6b7dc9cac2021-12-20 15:57:18.676root 11241100x8000000000000000765162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafca5a30bd1a0c22021-12-20 15:57:18.676root 11241100x8000000000000000765163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbeca7d5ddaccc92021-12-20 15:57:18.676root 11241100x8000000000000000765164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9874a1041b8169262021-12-20 15:57:18.676root 11241100x8000000000000000765165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b85334c258737c42021-12-20 15:57:18.676root 11241100x8000000000000000765166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af4ad31e83301642021-12-20 15:57:18.676root 11241100x8000000000000000765167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a381e877829a3b42021-12-20 15:57:18.677root 11241100x8000000000000000765168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd355cf8c346c112021-12-20 15:57:18.677root 11241100x8000000000000000765169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6153d6fb0ab125752021-12-20 15:57:18.677root 11241100x8000000000000000765170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a625aef000f3feea2021-12-20 15:57:18.677root 11241100x8000000000000000765171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bdfa909fe153242021-12-20 15:57:18.678root 11241100x8000000000000000765172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6b8cee955320142021-12-20 15:57:18.678root 11241100x8000000000000000765173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24b15faefe1cbe02021-12-20 15:57:19.174root 11241100x8000000000000000765174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce11ce833d05470f2021-12-20 15:57:19.174root 11241100x8000000000000000765175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd92015ed7ef67c52021-12-20 15:57:19.174root 11241100x8000000000000000765176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4678a85b984b62d62021-12-20 15:57:19.174root 11241100x8000000000000000765177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca343fe405e37af02021-12-20 15:57:19.174root 11241100x8000000000000000765178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001aeded7e6d7ef22021-12-20 15:57:19.174root 11241100x8000000000000000765179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02be4a5139c988022021-12-20 15:57:19.174root 11241100x8000000000000000765180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bf9146c4eda5de2021-12-20 15:57:19.174root 11241100x8000000000000000765181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7b376b36a8303a2021-12-20 15:57:19.175root 11241100x8000000000000000765182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b38eefd975aa912021-12-20 15:57:19.175root 11241100x8000000000000000765183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fba4d595d011c8a2021-12-20 15:57:19.175root 11241100x8000000000000000765184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f3da2e52c7a38a2021-12-20 15:57:19.175root 11241100x8000000000000000765185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8078281fc59e01642021-12-20 15:57:19.175root 11241100x8000000000000000765186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39e87fe875ab4ea2021-12-20 15:57:19.175root 11241100x8000000000000000765187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de0b47c1cfb22f42021-12-20 15:57:19.175root 11241100x8000000000000000765188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515867f2ba9305912021-12-20 15:57:19.175root 11241100x8000000000000000765189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa79a70aa0af8c662021-12-20 15:57:19.176root 11241100x8000000000000000765190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bee3a61cb6544d82021-12-20 15:57:19.176root 11241100x8000000000000000765191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c9f7b5928c92612021-12-20 15:57:19.176root 11241100x8000000000000000765192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd7c705a50d49972021-12-20 15:57:19.177root 11241100x8000000000000000765193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2be15e9e318a8a2021-12-20 15:57:19.177root 11241100x8000000000000000765194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baae64b246b39aac2021-12-20 15:57:19.177root 11241100x8000000000000000765195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b37660ccf9dd6fe2021-12-20 15:57:19.177root 11241100x8000000000000000765196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5d8480012d92442021-12-20 15:57:19.177root 11241100x8000000000000000765197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd73ba00455d698f2021-12-20 15:57:19.177root 11241100x8000000000000000765198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365a9f249959607a2021-12-20 15:57:19.178root 11241100x8000000000000000765199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9ae01bdd2ba3222021-12-20 15:57:19.179root 11241100x8000000000000000765200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7f78470cc3263e2021-12-20 15:57:19.179root 11241100x8000000000000000765201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae8866071a2e2a22021-12-20 15:57:19.179root 11241100x8000000000000000765202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168f9b03619db5622021-12-20 15:57:19.179root 11241100x8000000000000000765203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4f3a311e8dd6732021-12-20 15:57:19.179root 11241100x8000000000000000765204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13626f75f175350b2021-12-20 15:57:19.674root 11241100x8000000000000000765205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782dd83af05c77882021-12-20 15:57:19.674root 11241100x8000000000000000765206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab68bdf26ea87862021-12-20 15:57:19.675root 11241100x8000000000000000765207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f965d24b17b4b9082021-12-20 15:57:19.675root 11241100x8000000000000000765208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d13e01c2b6308a72021-12-20 15:57:19.675root 11241100x8000000000000000765209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec67dbcbfe4d4ee2021-12-20 15:57:19.675root 11241100x8000000000000000765210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8da09bef0cac1b2021-12-20 15:57:19.675root 11241100x8000000000000000765211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192e55044a51f7cd2021-12-20 15:57:19.676root 11241100x8000000000000000765212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8946f29498f10c6f2021-12-20 15:57:19.676root 11241100x8000000000000000765213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35865c88a1a1f3a62021-12-20 15:57:19.676root 11241100x8000000000000000765214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bfe6151b49ce1d2021-12-20 15:57:19.676root 11241100x8000000000000000765215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2621b2a288d660562021-12-20 15:57:19.676root 11241100x8000000000000000765216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef49cba52cda0732021-12-20 15:57:19.676root 11241100x8000000000000000765217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ddea8de68da06d2021-12-20 15:57:19.677root 11241100x8000000000000000765218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2697037b2efec82021-12-20 15:57:19.677root 11241100x8000000000000000765219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a62c54ffdb49f42021-12-20 15:57:19.677root 11241100x8000000000000000765220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6388a0c252f17f72021-12-20 15:57:19.677root 11241100x8000000000000000765221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ef8544965468372021-12-20 15:57:19.677root 11241100x8000000000000000765222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e738ab65990fd72021-12-20 15:57:19.677root 11241100x8000000000000000765223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083912a61ecc015e2021-12-20 15:57:19.677root 11241100x8000000000000000765224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3fba77163aa8922021-12-20 15:57:19.678root 11241100x8000000000000000765225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc0a98acdbed0512021-12-20 15:57:19.678root 11241100x8000000000000000765226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8af18b7e10901c2021-12-20 15:57:19.678root 11241100x8000000000000000765227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900b95584c640ee52021-12-20 15:57:19.678root 11241100x8000000000000000765228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92888b3297be8efd2021-12-20 15:57:19.678root 11241100x8000000000000000765229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02e6ac510cdc8452021-12-20 15:57:19.678root 11241100x8000000000000000765230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d3b139c9ed1dd62021-12-20 15:57:19.678root 11241100x8000000000000000765231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897aeb5c296585a52021-12-20 15:57:19.679root 11241100x8000000000000000765232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:19.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6661440bb646742021-12-20 15:57:19.679root 354300x8000000000000000765233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.050{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46122-false10.0.1.12-8089- 11241100x8000000000000000765234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2caea2536ca1d1b2021-12-20 15:57:20.051root 11241100x8000000000000000765235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634c1e3e971b38a72021-12-20 15:57:20.051root 11241100x8000000000000000765236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca86e37ab3e4604f2021-12-20 15:57:20.051root 11241100x8000000000000000765237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0577bd81c3f4e9032021-12-20 15:57:20.051root 11241100x8000000000000000765238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76abf47c3f545f702021-12-20 15:57:20.051root 11241100x8000000000000000765239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81fc385f150d0e92021-12-20 15:57:20.051root 11241100x8000000000000000765240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee4706a6177608d2021-12-20 15:57:20.051root 11241100x8000000000000000765241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6b9aac3dd9698b2021-12-20 15:57:20.052root 11241100x8000000000000000765242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b28e6a49d0068f2021-12-20 15:57:20.052root 11241100x8000000000000000765243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fcf7b78b0e8e4e2021-12-20 15:57:20.052root 11241100x8000000000000000765244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41efc0c646da2092021-12-20 15:57:20.052root 11241100x8000000000000000765245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88e979e87b66bae2021-12-20 15:57:20.052root 11241100x8000000000000000765246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9905a28579deec2021-12-20 15:57:20.052root 11241100x8000000000000000765247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7e4ceaa4d892412021-12-20 15:57:20.052root 11241100x8000000000000000765248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8170c968344cdfb62021-12-20 15:57:20.052root 11241100x8000000000000000765249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474220c1146e3c6c2021-12-20 15:57:20.052root 11241100x8000000000000000765250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c3520a1d7a4ce52021-12-20 15:57:20.052root 11241100x8000000000000000765251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c0061a53c51f182021-12-20 15:57:20.053root 11241100x8000000000000000765252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1852f92da4f86262021-12-20 15:57:20.053root 11241100x8000000000000000765253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c0c2d4a5a0af702021-12-20 15:57:20.053root 11241100x8000000000000000765254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0b2a2b953e40d12021-12-20 15:57:20.053root 11241100x8000000000000000765255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cededf490e358a2021-12-20 15:57:20.053root 11241100x8000000000000000765256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d310a98a3d2c7692021-12-20 15:57:20.053root 11241100x8000000000000000765257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1df8501ea5e3bf2021-12-20 15:57:20.053root 11241100x8000000000000000765258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9a04d3ca9cf9822021-12-20 15:57:20.053root 11241100x8000000000000000765259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bc7aaaca0e33702021-12-20 15:57:20.053root 11241100x8000000000000000765260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e484221cfcbf61f32021-12-20 15:57:20.053root 11241100x8000000000000000765261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5655b771a0f561f92021-12-20 15:57:20.054root 11241100x8000000000000000765262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafdfd37aea950572021-12-20 15:57:20.054root 11241100x8000000000000000765263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f09bbe0a5bd9432021-12-20 15:57:20.054root 11241100x8000000000000000765264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb985ab2e624a1b2021-12-20 15:57:20.054root 11241100x8000000000000000765265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f436ce87ca5aadf72021-12-20 15:57:20.054root 11241100x8000000000000000765266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7de5ee73ab72fda2021-12-20 15:57:20.054root 11241100x8000000000000000765267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb9dfadb8d4eec72021-12-20 15:57:20.054root 11241100x8000000000000000765268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eead644f008f1b2021-12-20 15:57:20.054root 11241100x8000000000000000765269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53cf63316ea3d2a2021-12-20 15:57:20.054root 11241100x8000000000000000765270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adfaf11edbd01212021-12-20 15:57:20.055root 11241100x8000000000000000765271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc1bc0a222021432021-12-20 15:57:20.056root 11241100x8000000000000000765272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca60a6268bd911c32021-12-20 15:57:20.056root 11241100x8000000000000000765273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c110f5b4e017f75e2021-12-20 15:57:20.056root 11241100x8000000000000000765274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7f3f44768894262021-12-20 15:57:20.056root 11241100x8000000000000000765275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a020b24fb275d02021-12-20 15:57:20.056root 11241100x8000000000000000765276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8d235a1a5064ad2021-12-20 15:57:20.056root 11241100x8000000000000000765277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b2730ccec226402021-12-20 15:57:20.057root 11241100x8000000000000000765278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3438cf3f8ab8802021-12-20 15:57:20.057root 11241100x8000000000000000765279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2daef0cba7be7a52021-12-20 15:57:20.057root 11241100x8000000000000000765280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ad4883c38c8bdd2021-12-20 15:57:20.057root 11241100x8000000000000000765281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49258897b5334e3a2021-12-20 15:57:20.057root 11241100x8000000000000000765282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f0b5062426eab52021-12-20 15:57:20.058root 11241100x8000000000000000765283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dfac3168e0d7c02021-12-20 15:57:20.058root 11241100x8000000000000000765284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344b00e605fbb2412021-12-20 15:57:20.058root 11241100x8000000000000000765285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f8e5da73de94112021-12-20 15:57:20.059root 11241100x8000000000000000765286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9d294fe31641a32021-12-20 15:57:20.059root 11241100x8000000000000000765287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9502c3cbbdcca1272021-12-20 15:57:20.059root 11241100x8000000000000000765288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857010deeb8f43122021-12-20 15:57:20.059root 11241100x8000000000000000765289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4431d17bd348e62021-12-20 15:57:20.059root 11241100x8000000000000000765290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e723d3abb08df77d2021-12-20 15:57:20.059root 11241100x8000000000000000765291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3140367cf7a3b2d42021-12-20 15:57:20.059root 11241100x8000000000000000765292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac9f2f3bce934db2021-12-20 15:57:20.059root 11241100x8000000000000000765293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c0fb11dbef02042021-12-20 15:57:20.059root 11241100x8000000000000000765294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.060{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5179c5246190fbdc2021-12-20 15:57:20.060root 11241100x8000000000000000765295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.060{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b193a040d4671d2021-12-20 15:57:20.060root 11241100x8000000000000000765296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70984047f0efdd02021-12-20 15:57:20.424root 11241100x8000000000000000765297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36962a3c702a93b02021-12-20 15:57:20.424root 11241100x8000000000000000765298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459e1ddf59c2595f2021-12-20 15:57:20.424root 11241100x8000000000000000765299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43007c9b55d564c32021-12-20 15:57:20.424root 11241100x8000000000000000765300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2383e584b32bcdd02021-12-20 15:57:20.424root 11241100x8000000000000000765301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8c49bd20fafa6f2021-12-20 15:57:20.424root 11241100x8000000000000000765302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c483540e8c73e9b32021-12-20 15:57:20.424root 11241100x8000000000000000765303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51c55b4c11185702021-12-20 15:57:20.424root 11241100x8000000000000000765304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c880bc18c7932662021-12-20 15:57:20.425root 11241100x8000000000000000765305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6580768d2952bb012021-12-20 15:57:20.425root 11241100x8000000000000000765306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc11b5d55480ac2b2021-12-20 15:57:20.425root 11241100x8000000000000000765307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9c047a9471e3d92021-12-20 15:57:20.425root 11241100x8000000000000000765308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18beb25d155d25de2021-12-20 15:57:20.425root 11241100x8000000000000000765309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e706ee809a0df5772021-12-20 15:57:20.425root 11241100x8000000000000000765310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d04d6f2f66b545a2021-12-20 15:57:20.425root 11241100x8000000000000000765311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c7fefb60b779b12021-12-20 15:57:20.425root 11241100x8000000000000000765312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bcb441a38d8dfd2021-12-20 15:57:20.425root 11241100x8000000000000000765313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b4ca6843e88f912021-12-20 15:57:20.425root 11241100x8000000000000000765314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d3dcd6db5bad572021-12-20 15:57:20.426root 11241100x8000000000000000765315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304f15b7ad9f53e62021-12-20 15:57:20.426root 11241100x8000000000000000765316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297422974aad0a792021-12-20 15:57:20.426root 11241100x8000000000000000765317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d44bd1647c929e2021-12-20 15:57:20.426root 11241100x8000000000000000765318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5407b7166cc381e2021-12-20 15:57:20.426root 11241100x8000000000000000765319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffcb4a50346bfa02021-12-20 15:57:20.426root 11241100x8000000000000000765320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a2b1ee6846940c2021-12-20 15:57:20.426root 11241100x8000000000000000765321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e2d85e78cf20ea2021-12-20 15:57:20.426root 11241100x8000000000000000765322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62988ab1e096e642021-12-20 15:57:20.426root 11241100x8000000000000000765323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbc984e08c411c12021-12-20 15:57:20.426root 11241100x8000000000000000765324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43953b1806b91ef2021-12-20 15:57:20.426root 11241100x8000000000000000765325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729aa7793a5fde4a2021-12-20 15:57:20.427root 11241100x8000000000000000765326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006a816e5443d3562021-12-20 15:57:20.427root 11241100x8000000000000000765327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5063263e4f35533d2021-12-20 15:57:20.427root 11241100x8000000000000000765328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41993c2816fc48912021-12-20 15:57:20.924root 11241100x8000000000000000765329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0219958d3a9af952021-12-20 15:57:20.924root 11241100x8000000000000000765330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b68f7be805b9252021-12-20 15:57:20.924root 11241100x8000000000000000765331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78193a0f51763f952021-12-20 15:57:20.924root 11241100x8000000000000000765332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f819dc50684d242021-12-20 15:57:20.924root 11241100x8000000000000000765333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbee3359d416af42021-12-20 15:57:20.924root 11241100x8000000000000000765334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf47ed5ce577e672021-12-20 15:57:20.924root 11241100x8000000000000000765335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eea75c110912ba82021-12-20 15:57:20.925root 11241100x8000000000000000765336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08156cc184f2572b2021-12-20 15:57:20.925root 11241100x8000000000000000765337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15909e00e6fb0242021-12-20 15:57:20.925root 11241100x8000000000000000765338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e8a88d376c5f682021-12-20 15:57:20.925root 11241100x8000000000000000765339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bed78721a1907f2021-12-20 15:57:20.925root 11241100x8000000000000000765340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc7bf475df889172021-12-20 15:57:20.925root 11241100x8000000000000000765341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266b922d69f24b212021-12-20 15:57:20.925root 11241100x8000000000000000765342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab8a47d649b1b362021-12-20 15:57:20.926root 11241100x8000000000000000765343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2711dec37f5e2b72021-12-20 15:57:20.926root 11241100x8000000000000000765344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59c898d26efc9052021-12-20 15:57:20.926root 11241100x8000000000000000765345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b21701a8f40f6c2021-12-20 15:57:20.926root 11241100x8000000000000000765346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f200d4972a4b2c082021-12-20 15:57:20.926root 11241100x8000000000000000765347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b660260721919a9c2021-12-20 15:57:20.926root 11241100x8000000000000000765348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3688896fe865f8482021-12-20 15:57:20.927root 11241100x8000000000000000765349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6341aaee7517ec62021-12-20 15:57:20.927root 11241100x8000000000000000765350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9daa38eb78a9aa82021-12-20 15:57:20.927root 11241100x8000000000000000765351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4d710fece938862021-12-20 15:57:20.928root 11241100x8000000000000000765352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9e86b948a2456c2021-12-20 15:57:20.928root 11241100x8000000000000000765353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c659ccae85b45612021-12-20 15:57:20.928root 11241100x8000000000000000765354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfb627bee22c5b52021-12-20 15:57:20.928root 11241100x8000000000000000765355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132a0798f93ef3312021-12-20 15:57:20.928root 11241100x8000000000000000765356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6665148b5ab73482021-12-20 15:57:20.928root 11241100x8000000000000000765357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58693196a7aaaf262021-12-20 15:57:20.928root 11241100x8000000000000000765358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae77bcababf9dea2021-12-20 15:57:20.928root 11241100x8000000000000000765359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260e26be5c829ab32021-12-20 15:57:20.928root 11241100x8000000000000000765360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4778ca4c023a7d422021-12-20 15:57:20.929root 11241100x8000000000000000765361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced5df1bfe187f5d2021-12-20 15:57:20.929root 354300x8000000000000000765362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.017{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51422-false10.0.1.12-8000- 11241100x8000000000000000765363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9468b90e42d81cfa2021-12-20 15:57:21.424root 11241100x8000000000000000765364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beece9dd596de9092021-12-20 15:57:21.424root 11241100x8000000000000000765365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89243014ea5a38502021-12-20 15:57:21.424root 11241100x8000000000000000765366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed078c82655c79a2021-12-20 15:57:21.424root 11241100x8000000000000000765367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c899a0df8dab6c82021-12-20 15:57:21.424root 11241100x8000000000000000765368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee48ca627dd71f632021-12-20 15:57:21.424root 11241100x8000000000000000765369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d812355404027232021-12-20 15:57:21.424root 11241100x8000000000000000765370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c5f729abe9997a2021-12-20 15:57:21.425root 11241100x8000000000000000765371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f643592a7965772021-12-20 15:57:21.425root 11241100x8000000000000000765372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27b8d1e63ef5e592021-12-20 15:57:21.425root 11241100x8000000000000000765373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cd1bdd229711b92021-12-20 15:57:21.425root 11241100x8000000000000000765374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed1d3b93cb3d5df2021-12-20 15:57:21.425root 11241100x8000000000000000765375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e727a5ba2e86e0822021-12-20 15:57:21.425root 11241100x8000000000000000765376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f90ab24099a8cfb2021-12-20 15:57:21.425root 11241100x8000000000000000765377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2693db512e5b26c12021-12-20 15:57:21.425root 11241100x8000000000000000765378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7391f9a3340c61402021-12-20 15:57:21.425root 11241100x8000000000000000765379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d61950052e83ab2021-12-20 15:57:21.425root 11241100x8000000000000000765380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34f400f14cc578f2021-12-20 15:57:21.425root 11241100x8000000000000000765381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049ccc253b1c8f9c2021-12-20 15:57:21.425root 11241100x8000000000000000765382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a93f722a81a54c52021-12-20 15:57:21.425root 11241100x8000000000000000765383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ad0710fdc581a22021-12-20 15:57:21.426root 11241100x8000000000000000765384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26234760ab79c5282021-12-20 15:57:21.426root 11241100x8000000000000000765385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4200accbfd2dbc2c2021-12-20 15:57:21.426root 11241100x8000000000000000765386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deede51619500ad2021-12-20 15:57:21.426root 11241100x8000000000000000765387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7ae596042d9b262021-12-20 15:57:21.426root 11241100x8000000000000000765388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d58fffe6cbd74b2021-12-20 15:57:21.426root 11241100x8000000000000000765389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b73052efe8c7982021-12-20 15:57:21.426root 11241100x8000000000000000765390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d679ff7314e566c22021-12-20 15:57:21.426root 11241100x8000000000000000765391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130edce16b04e0162021-12-20 15:57:21.426root 11241100x8000000000000000765392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c3bad658b202c52021-12-20 15:57:21.426root 11241100x8000000000000000765393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca4cfa6b4862afa2021-12-20 15:57:21.924root 11241100x8000000000000000765394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2be8db14e20cd42021-12-20 15:57:21.924root 11241100x8000000000000000765395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca866b19bbdd34c2021-12-20 15:57:21.925root 11241100x8000000000000000765396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900b89010bc0ebcf2021-12-20 15:57:21.925root 11241100x8000000000000000765397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0054e3a264bc44fa2021-12-20 15:57:21.925root 11241100x8000000000000000765398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6470992495ef7b392021-12-20 15:57:21.925root 11241100x8000000000000000765399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1ca5051a664cd42021-12-20 15:57:21.926root 11241100x8000000000000000765400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1945a353409c094e2021-12-20 15:57:21.926root 11241100x8000000000000000765401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecd41b76f9eb2612021-12-20 15:57:21.926root 11241100x8000000000000000765402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9e7f38cb4f00af2021-12-20 15:57:21.926root 11241100x8000000000000000765403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c34298f7b6f3092021-12-20 15:57:21.927root 11241100x8000000000000000765404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6de9fadda81481b2021-12-20 15:57:21.927root 11241100x8000000000000000765405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d2a2688ee444a02021-12-20 15:57:21.927root 11241100x8000000000000000765406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40231a59edece39e2021-12-20 15:57:21.927root 11241100x8000000000000000765407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76471af98c5e7672021-12-20 15:57:21.927root 11241100x8000000000000000765408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14263fbea12ba9a02021-12-20 15:57:21.927root 11241100x8000000000000000765409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7bb4b7d4b1aaf22021-12-20 15:57:21.928root 11241100x8000000000000000765410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ec722a21a0ad592021-12-20 15:57:21.928root 11241100x8000000000000000765411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529478ea3b3a0daa2021-12-20 15:57:21.928root 11241100x8000000000000000765412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59583a82ea8466952021-12-20 15:57:21.928root 11241100x8000000000000000765413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8f9fd8e760068e2021-12-20 15:57:21.928root 11241100x8000000000000000765414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66c5900886f687e2021-12-20 15:57:21.929root 11241100x8000000000000000765415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf47321d5a2d84c2021-12-20 15:57:21.929root 11241100x8000000000000000765416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0920506271d9837f2021-12-20 15:57:21.929root 11241100x8000000000000000765417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e262cb52e76cb22021-12-20 15:57:21.929root 11241100x8000000000000000765418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec013d733d28b342021-12-20 15:57:21.929root 11241100x8000000000000000765419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b290f8238f35c5dd2021-12-20 15:57:21.929root 11241100x8000000000000000765420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a18d96d0e4ddbe2021-12-20 15:57:21.930root 11241100x8000000000000000765421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c6500be3eb035c2021-12-20 15:57:21.930root 11241100x8000000000000000765422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c23f157d286be1d2021-12-20 15:57:21.930root 11241100x8000000000000000765423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bfcf30e41f0b7b2021-12-20 15:57:21.930root 11241100x8000000000000000765424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57af67336616fb9c2021-12-20 15:57:21.930root 11241100x8000000000000000765425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:21.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b267043cd227ac2021-12-20 15:57:21.930root 11241100x8000000000000000765426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7380ae9780bcb3e2021-12-20 15:57:22.424root 11241100x8000000000000000765427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cd1a232776f1ea2021-12-20 15:57:22.424root 11241100x8000000000000000765428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35a3103b5110c802021-12-20 15:57:22.424root 11241100x8000000000000000765429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14c23fe0fc81ab52021-12-20 15:57:22.424root 11241100x8000000000000000765430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a90dfb5fc742b92021-12-20 15:57:22.425root 11241100x8000000000000000765431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cd122b49d8a2522021-12-20 15:57:22.425root 11241100x8000000000000000765432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce3c066707adb812021-12-20 15:57:22.425root 11241100x8000000000000000765433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668adb59893519942021-12-20 15:57:22.425root 11241100x8000000000000000765434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ec7321e78dedb2021-12-20 15:57:22.425root 11241100x8000000000000000765435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c90f7d3994f48802021-12-20 15:57:22.425root 11241100x8000000000000000765436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6198a031c24c51be2021-12-20 15:57:22.425root 11241100x8000000000000000765437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57febb70b109d682021-12-20 15:57:22.425root 11241100x8000000000000000765438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51002e9269898832021-12-20 15:57:22.425root 11241100x8000000000000000765439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce151ef472207db92021-12-20 15:57:22.425root 11241100x8000000000000000765440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d8cad921f9be9f2021-12-20 15:57:22.426root 11241100x8000000000000000765441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3079e22dd418b002021-12-20 15:57:22.426root 11241100x8000000000000000765442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bb3a7820746b962021-12-20 15:57:22.426root 11241100x8000000000000000765443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9b48a57cce426c2021-12-20 15:57:22.426root 11241100x8000000000000000765444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2192cbc7d7f6d12021-12-20 15:57:22.426root 11241100x8000000000000000765445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aace9b7e70eed8702021-12-20 15:57:22.426root 11241100x8000000000000000765446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb68f25ea5913512021-12-20 15:57:22.426root 11241100x8000000000000000765447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063be5a1ceca878c2021-12-20 15:57:22.426root 11241100x8000000000000000765448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969ba3adcc1d85792021-12-20 15:57:22.426root 11241100x8000000000000000765449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1af459da1513272021-12-20 15:57:22.427root 11241100x8000000000000000765450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4bd8d70bd56ec82021-12-20 15:57:22.427root 11241100x8000000000000000765451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed81b27e403ff852021-12-20 15:57:22.427root 11241100x8000000000000000765452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3d270fe399aeae2021-12-20 15:57:22.427root 11241100x8000000000000000765453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff80a796fbaa71032021-12-20 15:57:22.427root 11241100x8000000000000000765454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cf2a878694d7eb2021-12-20 15:57:22.427root 11241100x8000000000000000765455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f981697ccaa6db2021-12-20 15:57:22.427root 11241100x8000000000000000765456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecc4d73aac65a722021-12-20 15:57:22.427root 11241100x8000000000000000765457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7c00e87d2403242021-12-20 15:57:22.427root 11241100x8000000000000000765458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b27d91698f6a0b2021-12-20 15:57:22.427root 11241100x8000000000000000765459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971144ace063c17f2021-12-20 15:57:22.428root 11241100x8000000000000000765460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a936dc0ec898cf592021-12-20 15:57:22.428root 11241100x8000000000000000765461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256567893f61229f2021-12-20 15:57:22.924root 11241100x8000000000000000765462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5466fae6851aeea2021-12-20 15:57:22.924root 11241100x8000000000000000765463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026e9c25b7e9b5322021-12-20 15:57:22.924root 11241100x8000000000000000765464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9a61da5f7c72d32021-12-20 15:57:22.925root 11241100x8000000000000000765465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c320dba57dd5262021-12-20 15:57:22.925root 11241100x8000000000000000765466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12299477c4effd72021-12-20 15:57:22.925root 11241100x8000000000000000765467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7424b74214177cb2021-12-20 15:57:22.925root 11241100x8000000000000000765468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9198693930e9a2702021-12-20 15:57:22.925root 11241100x8000000000000000765469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f2723c25b381512021-12-20 15:57:22.925root 11241100x8000000000000000765470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d53f0f7bec8fb12021-12-20 15:57:22.926root 11241100x8000000000000000765471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f9d2b9dbb464ea2021-12-20 15:57:22.926root 11241100x8000000000000000765472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58aaf6f90c7369fb2021-12-20 15:57:22.926root 11241100x8000000000000000765473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aeff776e6986cc82021-12-20 15:57:22.926root 11241100x8000000000000000765474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923c67f84ed235d32021-12-20 15:57:22.926root 11241100x8000000000000000765475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec71cc6943095552021-12-20 15:57:22.926root 11241100x8000000000000000765476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eddcd789c88e0be2021-12-20 15:57:22.926root 11241100x8000000000000000765477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f696ed5273b6bc482021-12-20 15:57:22.926root 11241100x8000000000000000765478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edb08aa9ea7d8662021-12-20 15:57:22.926root 11241100x8000000000000000765479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526c04d2edac159f2021-12-20 15:57:22.926root 11241100x8000000000000000765480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef0162e866ebfcb2021-12-20 15:57:22.927root 11241100x8000000000000000765481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b56988423c1fc12021-12-20 15:57:22.927root 11241100x8000000000000000765482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7314473cc5044722021-12-20 15:57:22.927root 11241100x8000000000000000765483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd841d06963db3542021-12-20 15:57:22.927root 11241100x8000000000000000765484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536c6dc9f7aa8b572021-12-20 15:57:22.927root 11241100x8000000000000000765485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fef53fdb39b2d12021-12-20 15:57:22.928root 11241100x8000000000000000765486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fddb1ea7785fe0d2021-12-20 15:57:22.928root 11241100x8000000000000000765487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14f8aff008d00ca2021-12-20 15:57:22.928root 11241100x8000000000000000765488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113ba1572b0286582021-12-20 15:57:22.929root 11241100x8000000000000000765489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adb4f156163d6272021-12-20 15:57:22.929root 11241100x8000000000000000765490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed4668a1a236352021-12-20 15:57:22.930root 11241100x8000000000000000765491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11be8219a88e2dfe2021-12-20 15:57:22.930root 11241100x8000000000000000765492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113df4dd1ceff2052021-12-20 15:57:22.930root 11241100x8000000000000000765493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:22.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0d54e74e62a4662021-12-20 15:57:22.930root 11241100x8000000000000000765494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eda107e6c03b062021-12-20 15:57:23.424root 11241100x8000000000000000765495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56407c383dff0e7a2021-12-20 15:57:23.424root 11241100x8000000000000000765496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fd14309ad5f37b2021-12-20 15:57:23.425root 11241100x8000000000000000765497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7261f2b3391059002021-12-20 15:57:23.425root 11241100x8000000000000000765498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187811363179877c2021-12-20 15:57:23.425root 11241100x8000000000000000765499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27844938f1ded0ad2021-12-20 15:57:23.425root 11241100x8000000000000000765500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a68376566bf5022021-12-20 15:57:23.426root 11241100x8000000000000000765501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d1dfbe75ab87fb2021-12-20 15:57:23.426root 11241100x8000000000000000765502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea2394c85c5d4d92021-12-20 15:57:23.426root 11241100x8000000000000000765503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d25991571a20932021-12-20 15:57:23.426root 11241100x8000000000000000765504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c29f0496a999ef2021-12-20 15:57:23.426root 11241100x8000000000000000765505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c15405533edfe42021-12-20 15:57:23.427root 11241100x8000000000000000765506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dadebf117a09a02021-12-20 15:57:23.427root 11241100x8000000000000000765507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bc99f9a75c1dfc2021-12-20 15:57:23.427root 11241100x8000000000000000765508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33070d60b943d6612021-12-20 15:57:23.427root 11241100x8000000000000000765509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ca9ee50218e6612021-12-20 15:57:23.427root 11241100x8000000000000000765510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082f8ab95793e84a2021-12-20 15:57:23.428root 11241100x8000000000000000765511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7519bbfb7bfc4ab22021-12-20 15:57:23.428root 11241100x8000000000000000765512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c772cf5e4abcfb2021-12-20 15:57:23.428root 11241100x8000000000000000765513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fdb7ea69e866722021-12-20 15:57:23.428root 11241100x8000000000000000765514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ed9e5a106dd99b2021-12-20 15:57:23.428root 11241100x8000000000000000765515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19918fafcec5c692021-12-20 15:57:23.428root 11241100x8000000000000000765516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b95cac131f0cdd2021-12-20 15:57:23.428root 11241100x8000000000000000765517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37411d72b94ff582021-12-20 15:57:23.428root 11241100x8000000000000000765518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b8f9a811fb3c222021-12-20 15:57:23.429root 11241100x8000000000000000765519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774f18a781f23cbd2021-12-20 15:57:23.429root 11241100x8000000000000000765520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2b46e83b01a7602021-12-20 15:57:23.429root 11241100x8000000000000000765521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a06e9c1f9940942021-12-20 15:57:23.429root 11241100x8000000000000000765522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e62be53940227422021-12-20 15:57:23.429root 11241100x8000000000000000765523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f855db23effe302021-12-20 15:57:23.429root 11241100x8000000000000000765524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6076171167df8c2021-12-20 15:57:23.429root 11241100x8000000000000000765525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46f535acb3173ea2021-12-20 15:57:23.429root 11241100x8000000000000000765526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a6bc2307cec43d2021-12-20 15:57:23.429root 11241100x8000000000000000765527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87817033b3c39a12021-12-20 15:57:23.429root 11241100x8000000000000000765528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525b725d665d945b2021-12-20 15:57:23.924root 11241100x8000000000000000765529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aabb3a5663c9b842021-12-20 15:57:23.924root 11241100x8000000000000000765530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4d387adaa4bd142021-12-20 15:57:23.924root 11241100x8000000000000000765531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc92baf1df35c0882021-12-20 15:57:23.924root 11241100x8000000000000000765532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877db7b0736c524d2021-12-20 15:57:23.925root 11241100x8000000000000000765533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fcaed4010b39a32021-12-20 15:57:23.925root 11241100x8000000000000000765534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80075a01e3d5e482021-12-20 15:57:23.925root 11241100x8000000000000000765535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7381aa54b7ddf22021-12-20 15:57:23.925root 11241100x8000000000000000765536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb65d3745cb521342021-12-20 15:57:23.925root 11241100x8000000000000000765537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4f1aff14d6db022021-12-20 15:57:23.925root 11241100x8000000000000000765538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb7c730089e4b302021-12-20 15:57:23.925root 11241100x8000000000000000765539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d17e8bb3f5ada22021-12-20 15:57:23.925root 11241100x8000000000000000765540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97aa5f3cacbc9b962021-12-20 15:57:23.925root 11241100x8000000000000000765541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39666a0dfd95f96b2021-12-20 15:57:23.925root 11241100x8000000000000000765542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467ed53749eb21e92021-12-20 15:57:23.925root 11241100x8000000000000000765543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa836c21ae6bbb452021-12-20 15:57:23.925root 11241100x8000000000000000765544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4dcc21558c637e2021-12-20 15:57:23.925root 11241100x8000000000000000765545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e633fc37d5d231a62021-12-20 15:57:23.925root 11241100x8000000000000000765546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28f7e3f0016f4002021-12-20 15:57:23.925root 11241100x8000000000000000765547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ade62366c6fbfb2021-12-20 15:57:23.926root 11241100x8000000000000000765548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b68d4ec25f373f12021-12-20 15:57:23.926root 11241100x8000000000000000765549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1751958acb744c02021-12-20 15:57:23.926root 11241100x8000000000000000765550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5adc838042a1092021-12-20 15:57:23.926root 11241100x8000000000000000765551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c3c9dea0593daf2021-12-20 15:57:23.926root 11241100x8000000000000000765552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6defe8a18b6153942021-12-20 15:57:23.926root 11241100x8000000000000000765553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dba0cc9ea3d3842021-12-20 15:57:23.926root 11241100x8000000000000000765554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5459f1a8e550a6132021-12-20 15:57:23.926root 11241100x8000000000000000765555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcba4b666e58638f2021-12-20 15:57:23.926root 11241100x8000000000000000765556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17d0f6e6c97cc482021-12-20 15:57:23.926root 11241100x8000000000000000765557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3125244bfe607f12021-12-20 15:57:23.926root 11241100x8000000000000000765558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb346704d58fc2152021-12-20 15:57:23.926root 11241100x8000000000000000765559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ed2e1c56a71d932021-12-20 15:57:23.926root 11241100x8000000000000000765560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b0da2ef9ef95812021-12-20 15:57:24.424root 11241100x8000000000000000765561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76dd4629c2342d12021-12-20 15:57:24.424root 11241100x8000000000000000765562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b82814c0157e162021-12-20 15:57:24.424root 11241100x8000000000000000765563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffdbeb877f6c1452021-12-20 15:57:24.424root 11241100x8000000000000000765564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa38af25468cfe7d2021-12-20 15:57:24.425root 11241100x8000000000000000765565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01ce4b1719394eb2021-12-20 15:57:24.425root 11241100x8000000000000000765566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbea94abc424080c2021-12-20 15:57:24.425root 11241100x8000000000000000765567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0add71b15593b2372021-12-20 15:57:24.425root 11241100x8000000000000000765568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516bd5142bafb0982021-12-20 15:57:24.425root 11241100x8000000000000000765569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291385efa495d4f42021-12-20 15:57:24.425root 11241100x8000000000000000765570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0499901980dc5b42021-12-20 15:57:24.425root 11241100x8000000000000000765571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d5d10e9c1703b12021-12-20 15:57:24.425root 11241100x8000000000000000765572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baecea05bfd77ea82021-12-20 15:57:24.425root 11241100x8000000000000000765573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3518874432e1bf7a2021-12-20 15:57:24.425root 11241100x8000000000000000765574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6269663a205816d2021-12-20 15:57:24.425root 11241100x8000000000000000765575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bcd596288628332021-12-20 15:57:24.426root 11241100x8000000000000000765576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e983d5c72dfc6452021-12-20 15:57:24.426root 11241100x8000000000000000765577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f44a645c9d2a5e2021-12-20 15:57:24.426root 11241100x8000000000000000765578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71c96a1f135a8b62021-12-20 15:57:24.426root 11241100x8000000000000000765579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0895db34ba2bf02021-12-20 15:57:24.426root 11241100x8000000000000000765580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ada3de1a989ed32021-12-20 15:57:24.426root 11241100x8000000000000000765581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c5f23f2a1181942021-12-20 15:57:24.426root 11241100x8000000000000000765582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe0d7b5914ed42a2021-12-20 15:57:24.426root 11241100x8000000000000000765583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90b20a0cc86f39e2021-12-20 15:57:24.426root 11241100x8000000000000000765584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b44deaf9e8c6d12021-12-20 15:57:24.427root 11241100x8000000000000000765585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bac3c896609c5fe2021-12-20 15:57:24.427root 11241100x8000000000000000765586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9fd9ce6558d9a32021-12-20 15:57:24.427root 11241100x8000000000000000765587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc19c8dddbec23152021-12-20 15:57:24.427root 11241100x8000000000000000765588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968f4ef6e4f873512021-12-20 15:57:24.427root 11241100x8000000000000000765589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c6ef0b2e67e5102021-12-20 15:57:24.427root 11241100x8000000000000000765590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8629978f670dee902021-12-20 15:57:24.924root 11241100x8000000000000000765591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a94726330506a12021-12-20 15:57:24.924root 11241100x8000000000000000765592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a443bb36de4af1222021-12-20 15:57:24.924root 11241100x8000000000000000765593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d0700d459f78212021-12-20 15:57:24.925root 11241100x8000000000000000765594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351cfc1c3766c3bd2021-12-20 15:57:24.925root 11241100x8000000000000000765595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7741e63f76ed9a2021-12-20 15:57:24.925root 11241100x8000000000000000765596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e82f806ff208a2021-12-20 15:57:24.925root 11241100x8000000000000000765597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480e39c7a7c04fc02021-12-20 15:57:24.925root 11241100x8000000000000000765598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662f2bcaf03416312021-12-20 15:57:24.925root 11241100x8000000000000000765599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aeffecffd47987a2021-12-20 15:57:24.925root 11241100x8000000000000000765600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7939b9a2aaec612b2021-12-20 15:57:24.926root 11241100x8000000000000000765601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512932b53b4a007e2021-12-20 15:57:24.926root 11241100x8000000000000000765602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c58d0a69ea70ae2021-12-20 15:57:24.926root 11241100x8000000000000000765603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1228d441a68c3902021-12-20 15:57:24.926root 11241100x8000000000000000765604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630189e5a7a877b52021-12-20 15:57:24.926root 11241100x8000000000000000765605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885884c894056e7e2021-12-20 15:57:24.926root 11241100x8000000000000000765606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f42ac81bc860d42021-12-20 15:57:24.927root 11241100x8000000000000000765607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f0377b18fdfb922021-12-20 15:57:24.927root 11241100x8000000000000000765608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1de62095acabf72021-12-20 15:57:24.927root 11241100x8000000000000000765609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b80645bee896542021-12-20 15:57:24.927root 11241100x8000000000000000765610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b71f22a87a9554e2021-12-20 15:57:24.927root 11241100x8000000000000000765611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d5f93a87a0b3562021-12-20 15:57:24.927root 11241100x8000000000000000765612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cebadeea0726262021-12-20 15:57:24.927root 11241100x8000000000000000765613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27333e948c928d0c2021-12-20 15:57:24.927root 11241100x8000000000000000765614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c862919d9f8d3362021-12-20 15:57:24.928root 11241100x8000000000000000765615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7713d08e0bae2652021-12-20 15:57:24.928root 11241100x8000000000000000765616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3699c4f33e67842021-12-20 15:57:24.928root 11241100x8000000000000000765617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb6bc23c04eb2002021-12-20 15:57:24.933root 11241100x8000000000000000765618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cde1fb877048ea2021-12-20 15:57:24.933root 11241100x8000000000000000765619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad539278a5cc6412021-12-20 15:57:24.933root 11241100x8000000000000000765620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef918cf16c4bd702021-12-20 15:57:24.933root 11241100x8000000000000000765621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d07074397f5becd2021-12-20 15:57:24.933root 11241100x8000000000000000765622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027189eb377dc1f82021-12-20 15:57:24.934root 11241100x8000000000000000765623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b3a106be1ef3992021-12-20 15:57:24.934root 11241100x8000000000000000765624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8b5c8ab2a8b45f2021-12-20 15:57:24.934root 11241100x8000000000000000765625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bb1ab56b2f035c2021-12-20 15:57:24.934root 11241100x8000000000000000765626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91825e97409347c42021-12-20 15:57:24.934root 11241100x8000000000000000765627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4836a37c787241102021-12-20 15:57:24.934root 11241100x8000000000000000765628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0552df199ebccbb2021-12-20 15:57:24.934root 11241100x8000000000000000765629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:24.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca3e4acf1a170872021-12-20 15:57:24.934root 11241100x8000000000000000765630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5d4d03e161dafd2021-12-20 15:57:25.424root 11241100x8000000000000000765631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72a6a902e3f2f192021-12-20 15:57:25.424root 11241100x8000000000000000765632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c577738a4ce9fcf72021-12-20 15:57:25.424root 11241100x8000000000000000765633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db92d84cef4a26b62021-12-20 15:57:25.424root 11241100x8000000000000000765634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d70d3f6ea49cc382021-12-20 15:57:25.424root 11241100x8000000000000000765635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe528c05dac7a722021-12-20 15:57:25.425root 11241100x8000000000000000765636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbb79479bfe669d2021-12-20 15:57:25.425root 11241100x8000000000000000765637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f7b0692fd67c3d2021-12-20 15:57:25.425root 11241100x8000000000000000765638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9641a320bcc559bb2021-12-20 15:57:25.425root 11241100x8000000000000000765639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568500bbd7c534f72021-12-20 15:57:25.425root 11241100x8000000000000000765640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76f6fe2d1e9e0e72021-12-20 15:57:25.425root 11241100x8000000000000000765641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c77c95c7589c0912021-12-20 15:57:25.425root 11241100x8000000000000000765642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a5cffdf9e3db4f2021-12-20 15:57:25.425root 11241100x8000000000000000765643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad8fab5e65fbe1f2021-12-20 15:57:25.425root 11241100x8000000000000000765644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c16d7bf6f166b162021-12-20 15:57:25.425root 11241100x8000000000000000765645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06acb18122e0d5272021-12-20 15:57:25.426root 11241100x8000000000000000765646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca66c5c1ae578a022021-12-20 15:57:25.426root 11241100x8000000000000000765647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c8d0adc83b40d02021-12-20 15:57:25.426root 11241100x8000000000000000765648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42d5cc3f3e50d802021-12-20 15:57:25.426root 11241100x8000000000000000765649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577f7fb32eb629212021-12-20 15:57:25.426root 11241100x8000000000000000765650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2436de11c9062072021-12-20 15:57:25.426root 11241100x8000000000000000765651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394e936be76229322021-12-20 15:57:25.426root 11241100x8000000000000000765652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126fe71d304017862021-12-20 15:57:25.426root 11241100x8000000000000000765653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622d952d770115342021-12-20 15:57:25.426root 11241100x8000000000000000765654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46be6c04dbcd71c42021-12-20 15:57:25.426root 11241100x8000000000000000765655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c999f5cf279346b2021-12-20 15:57:25.427root 11241100x8000000000000000765656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae12ad28468a00822021-12-20 15:57:25.427root 11241100x8000000000000000765657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660e5037523ea9d62021-12-20 15:57:25.427root 11241100x8000000000000000765658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2106113a7857ecb12021-12-20 15:57:25.427root 11241100x8000000000000000765659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c28afa6599b4342021-12-20 15:57:25.427root 11241100x8000000000000000765660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f044c5559a054c922021-12-20 15:57:25.427root 11241100x8000000000000000765661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2671e5afe233ff232021-12-20 15:57:25.427root 11241100x8000000000000000765662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00bd5b4d3ee12112021-12-20 15:57:25.428root 11241100x8000000000000000765663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96da01cf69d4e3532021-12-20 15:57:25.428root 11241100x8000000000000000765664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d5b2be9e8c74852021-12-20 15:57:25.428root 11241100x8000000000000000765665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec97778b07ff2962021-12-20 15:57:25.428root 11241100x8000000000000000765666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2977b5ddc9ba142021-12-20 15:57:25.429root 11241100x8000000000000000765667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c499a5f6d341512d2021-12-20 15:57:25.429root 11241100x8000000000000000765668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb6c8f1dbc82db62021-12-20 15:57:25.429root 11241100x8000000000000000765669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c80bf53285430942021-12-20 15:57:25.924root 11241100x8000000000000000765670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0697e6612aecb1ca2021-12-20 15:57:25.924root 11241100x8000000000000000765671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aeda695eb9ee32b2021-12-20 15:57:25.924root 11241100x8000000000000000765672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ab840a12c970ab2021-12-20 15:57:25.924root 11241100x8000000000000000765673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c494695c71d23d2021-12-20 15:57:25.924root 11241100x8000000000000000765674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b902bbba4e886ac2021-12-20 15:57:25.924root 11241100x8000000000000000765675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ecb1c6280ff9042021-12-20 15:57:25.925root 11241100x8000000000000000765676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028f3853190772da2021-12-20 15:57:25.925root 11241100x8000000000000000765677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6839142350235f52021-12-20 15:57:25.925root 11241100x8000000000000000765678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da8234c8ae65cfb2021-12-20 15:57:25.925root 11241100x8000000000000000765679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282e7bb4f3578e992021-12-20 15:57:25.925root 11241100x8000000000000000765680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a93730666c5352021-12-20 15:57:25.925root 11241100x8000000000000000765681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97df88c1e2fbcb4b2021-12-20 15:57:25.925root 11241100x8000000000000000765682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62379cd836f6441a2021-12-20 15:57:25.925root 11241100x8000000000000000765683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad1baa21693a1c32021-12-20 15:57:25.925root 11241100x8000000000000000765684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fb8f4ce87f38842021-12-20 15:57:25.925root 11241100x8000000000000000765685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feff3695c2c4cea2021-12-20 15:57:25.926root 11241100x8000000000000000765686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b790fecaa2bc1c2021-12-20 15:57:25.926root 11241100x8000000000000000765687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5097da80546bd06c2021-12-20 15:57:25.926root 11241100x8000000000000000765688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2000134d506138fc2021-12-20 15:57:25.926root 11241100x8000000000000000765689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb7e569588074cc2021-12-20 15:57:25.926root 11241100x8000000000000000765690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ff4916ab088e272021-12-20 15:57:25.926root 11241100x8000000000000000765691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2be964c1ab07aa2021-12-20 15:57:25.926root 11241100x8000000000000000765692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab11c889bb50dbc2021-12-20 15:57:25.926root 11241100x8000000000000000765693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3836cbfc3049b7e92021-12-20 15:57:25.926root 11241100x8000000000000000765694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777f6d0a790eea2d2021-12-20 15:57:25.926root 11241100x8000000000000000765695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2382bc30f68e04d2021-12-20 15:57:25.926root 11241100x8000000000000000765696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5cff49808e57ef2021-12-20 15:57:25.927root 11241100x8000000000000000765697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb27c7288d1576f2021-12-20 15:57:25.927root 11241100x8000000000000000765698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e29115c3f6e75e32021-12-20 15:57:25.927root 11241100x8000000000000000765699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbf8a6f3cc31b332021-12-20 15:57:25.927root 11241100x8000000000000000765700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721ea84c3a53cd202021-12-20 15:57:25.927root 11241100x8000000000000000765701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63709e4b88bc2a32021-12-20 15:57:25.927root 11241100x8000000000000000765702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a3902d4551f7442021-12-20 15:57:25.927root 11241100x8000000000000000765703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af20a3bb89ba80e42021-12-20 15:57:25.927root 11241100x8000000000000000765704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f144014f9fa250732021-12-20 15:57:25.927root 11241100x8000000000000000765705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2e71643c829cf82021-12-20 15:57:25.927root 11241100x8000000000000000765706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6dff20603bdb622021-12-20 15:57:25.927root 11241100x8000000000000000765707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae51ab34a1833432021-12-20 15:57:25.928root 11241100x8000000000000000765708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f2af7d4be840a82021-12-20 15:57:25.928root 11241100x8000000000000000765709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5c12a46bdd89092021-12-20 15:57:25.928root 11241100x8000000000000000765710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3081d5ced96884512021-12-20 15:57:25.928root 11241100x8000000000000000765711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0d3f073b5ba7842021-12-20 15:57:25.928root 11241100x8000000000000000765712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb95e8f66721c532021-12-20 15:57:25.928root 11241100x8000000000000000765713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b93bd8e1d2500b82021-12-20 15:57:25.928root 11241100x8000000000000000765714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96201d695ceda2a82021-12-20 15:57:25.929root 11241100x8000000000000000765715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adffd39eaf808ad92021-12-20 15:57:25.929root 11241100x8000000000000000765716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5efa69598f7944f2021-12-20 15:57:25.929root 11241100x8000000000000000765717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4749ddfa35ca2cd22021-12-20 15:57:25.929root 11241100x8000000000000000765718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5a90e59d03dc262021-12-20 15:57:25.929root 11241100x8000000000000000765719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b371ab21e4c443e42021-12-20 15:57:25.929root 11241100x8000000000000000765720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b31619a0a6e7702021-12-20 15:57:25.929root 11241100x8000000000000000765721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f7a5c4c7e99e082021-12-20 15:57:25.929root 11241100x8000000000000000765722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1626171120541a32021-12-20 15:57:25.929root 11241100x8000000000000000765723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be344ed75e3e1b2b2021-12-20 15:57:25.929root 11241100x8000000000000000765724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affc1b62c1c24b852021-12-20 15:57:25.929root 354300x8000000000000000765725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.225{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51424-false10.0.1.12-8000- 11241100x8000000000000000765726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42b52757589c1a52021-12-20 15:57:26.225root 11241100x8000000000000000765727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8ec38bcde65da62021-12-20 15:57:26.225root 11241100x8000000000000000765728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab7a1d6418c8a142021-12-20 15:57:26.225root 11241100x8000000000000000765729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd745dc50a20f4fa2021-12-20 15:57:26.226root 11241100x8000000000000000765730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c39889ec0b5c5932021-12-20 15:57:26.226root 11241100x8000000000000000765731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2a50d4645b26b72021-12-20 15:57:26.226root 11241100x8000000000000000765732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74ba00e2759b8612021-12-20 15:57:26.226root 11241100x8000000000000000765733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec592405b99bfd882021-12-20 15:57:26.226root 11241100x8000000000000000765734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21ab1d2439fde742021-12-20 15:57:26.226root 11241100x8000000000000000765735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5406d64cecbecc42021-12-20 15:57:26.226root 11241100x8000000000000000765736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ac1d0b22c44b392021-12-20 15:57:26.226root 11241100x8000000000000000765737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b75f45316c1b1542021-12-20 15:57:26.226root 11241100x8000000000000000765738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61363edf043ef012021-12-20 15:57:26.226root 11241100x8000000000000000765739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc360e3e4bbe1ab62021-12-20 15:57:26.226root 11241100x8000000000000000765740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3976980b4696a52021-12-20 15:57:26.227root 11241100x8000000000000000765741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d792958ab0c2a22021-12-20 15:57:26.227root 11241100x8000000000000000765742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffe434da7444a962021-12-20 15:57:26.227root 11241100x8000000000000000765743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f064c9b84c3239f2021-12-20 15:57:26.227root 11241100x8000000000000000765744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a995a3e8d03cdbfc2021-12-20 15:57:26.227root 11241100x8000000000000000765745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888108ca7164ea6d2021-12-20 15:57:26.227root 11241100x8000000000000000765746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2c373d9649ad7e2021-12-20 15:57:26.227root 11241100x8000000000000000765747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c7734dccc8dabe2021-12-20 15:57:26.227root 11241100x8000000000000000765748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3b3e582c2ec58a2021-12-20 15:57:26.227root 11241100x8000000000000000765749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d256aca3ff83567b2021-12-20 15:57:26.227root 11241100x8000000000000000765750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c18621b635934d72021-12-20 15:57:26.227root 11241100x8000000000000000765751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1654e52c37dd4b22021-12-20 15:57:26.227root 11241100x8000000000000000765752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4995ec3cfa0de2d52021-12-20 15:57:26.227root 11241100x8000000000000000765753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea43fa35eebb9902021-12-20 15:57:26.227root 11241100x8000000000000000765754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f39f0e96da9d9c2021-12-20 15:57:26.228root 11241100x8000000000000000765755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283eab7bc4ff2d1c2021-12-20 15:57:26.228root 11241100x8000000000000000765756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee46c0b9752763f2021-12-20 15:57:26.228root 11241100x8000000000000000765757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2129de1c9d6dec422021-12-20 15:57:26.228root 11241100x8000000000000000765758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3aec25f2773862c2021-12-20 15:57:26.228root 11241100x8000000000000000765759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92354ab7ee5130252021-12-20 15:57:26.674root 11241100x8000000000000000765760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076c0ce955e0c6272021-12-20 15:57:26.674root 11241100x8000000000000000765761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ee1e531b2bf9962021-12-20 15:57:26.674root 11241100x8000000000000000765762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd97073685624c742021-12-20 15:57:26.674root 11241100x8000000000000000765763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bdfb7e3827af952021-12-20 15:57:26.674root 11241100x8000000000000000765764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a186d0d32d7b62672021-12-20 15:57:26.674root 11241100x8000000000000000765765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4abde253479ba02021-12-20 15:57:26.674root 11241100x8000000000000000765766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a72933d3b16224d2021-12-20 15:57:26.674root 11241100x8000000000000000765767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc28e82ebe3e09872021-12-20 15:57:26.675root 11241100x8000000000000000765768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b64521e91cc9b92021-12-20 15:57:26.675root 11241100x8000000000000000765769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a966d2c651ea9db2021-12-20 15:57:26.675root 11241100x8000000000000000765770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aeea5a1189aa30f2021-12-20 15:57:26.675root 11241100x8000000000000000765771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d739d1435da5f4f2021-12-20 15:57:26.675root 11241100x8000000000000000765772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330f8aaafbc30fd22021-12-20 15:57:26.675root 11241100x8000000000000000765773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a29a0cbcd7396812021-12-20 15:57:26.675root 11241100x8000000000000000765774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11d5cc5730591302021-12-20 15:57:26.675root 11241100x8000000000000000765775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d177436ce9b4ed82021-12-20 15:57:26.675root 11241100x8000000000000000765776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05832c776a61e3fd2021-12-20 15:57:26.675root 11241100x8000000000000000765777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85370b61455f934c2021-12-20 15:57:26.675root 11241100x8000000000000000765778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c205625a37f090012021-12-20 15:57:26.676root 11241100x8000000000000000765779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1bcb413d37e2fb2021-12-20 15:57:26.676root 11241100x8000000000000000765780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a79104e103f5d52021-12-20 15:57:26.676root 11241100x8000000000000000765781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e2f9692418133c2021-12-20 15:57:26.676root 11241100x8000000000000000765782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300fb5564f8a24e72021-12-20 15:57:26.676root 11241100x8000000000000000765783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f177a5827eb68acb2021-12-20 15:57:26.676root 11241100x8000000000000000765784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d628f0a0a441d5192021-12-20 15:57:26.676root 11241100x8000000000000000765785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d5ea7a2c9f0b8b2021-12-20 15:57:26.676root 11241100x8000000000000000765786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6860d3345a264e9d2021-12-20 15:57:26.676root 11241100x8000000000000000765787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138eb93be090cd2e2021-12-20 15:57:26.676root 11241100x8000000000000000765788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65eddadf209788bf2021-12-20 15:57:26.677root 11241100x8000000000000000765789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628a8dcb1a222f3c2021-12-20 15:57:26.677root 11241100x8000000000000000765790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f7f5ddc068db272021-12-20 15:57:27.174root 11241100x8000000000000000765791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae03be276c71653c2021-12-20 15:57:27.174root 11241100x8000000000000000765792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb03622057f50dc42021-12-20 15:57:27.174root 11241100x8000000000000000765793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d34e3d375f15622021-12-20 15:57:27.174root 11241100x8000000000000000765794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3788d03c4051cbd52021-12-20 15:57:27.175root 11241100x8000000000000000765795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82f898480977a592021-12-20 15:57:27.175root 11241100x8000000000000000765796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086abef7e242b43f2021-12-20 15:57:27.175root 11241100x8000000000000000765797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0df2002eee42312021-12-20 15:57:27.175root 11241100x8000000000000000765798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c81dda80ba35132021-12-20 15:57:27.175root 11241100x8000000000000000765799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa448063aad931a32021-12-20 15:57:27.175root 11241100x8000000000000000765800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5e60a77b2215062021-12-20 15:57:27.175root 11241100x8000000000000000765801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b01ab8739b9b7922021-12-20 15:57:27.175root 11241100x8000000000000000765802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb851f28f3a274f72021-12-20 15:57:27.175root 11241100x8000000000000000765803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bedaf16ea8247b2021-12-20 15:57:27.176root 11241100x8000000000000000765804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b72cc5323815b32021-12-20 15:57:27.176root 11241100x8000000000000000765805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04daeff82cb8a66c2021-12-20 15:57:27.176root 11241100x8000000000000000765806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cf6fcdd03cf8252021-12-20 15:57:27.176root 11241100x8000000000000000765807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c603f2aeb9eec7492021-12-20 15:57:27.176root 11241100x8000000000000000765808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a23875a86670ff2021-12-20 15:57:27.176root 11241100x8000000000000000765809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a108d3cbfeedce662021-12-20 15:57:27.176root 11241100x8000000000000000765810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06094633a24f8a612021-12-20 15:57:27.176root 11241100x8000000000000000765811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080d397dcb7eafd22021-12-20 15:57:27.176root 11241100x8000000000000000765812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247f96e5f13acde82021-12-20 15:57:27.177root 11241100x8000000000000000765813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e70155348c399222021-12-20 15:57:27.177root 11241100x8000000000000000765814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aca09084c62280b2021-12-20 15:57:27.177root 11241100x8000000000000000765815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410e013743a19d8d2021-12-20 15:57:27.177root 11241100x8000000000000000765816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5698d7448f543e22021-12-20 15:57:27.177root 11241100x8000000000000000765817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a64e9eb3fca1552021-12-20 15:57:27.177root 11241100x8000000000000000765818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c5135e80aed7b42021-12-20 15:57:27.177root 11241100x8000000000000000765819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a4aecac69c29f12021-12-20 15:57:27.177root 11241100x8000000000000000765820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74655899baa00c9a2021-12-20 15:57:27.177root 11241100x8000000000000000765821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd98fb03ddb2080c2021-12-20 15:57:27.177root 11241100x8000000000000000765822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec61feac6cc707d2021-12-20 15:57:27.178root 11241100x8000000000000000765823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788865c342559dff2021-12-20 15:57:27.178root 11241100x8000000000000000765824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fa986986a918192021-12-20 15:57:27.178root 11241100x8000000000000000765825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff633abe6a2994a2021-12-20 15:57:27.178root 11241100x8000000000000000765826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e51cd86f03dc6982021-12-20 15:57:27.178root 11241100x8000000000000000765827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cd70127febbc1e2021-12-20 15:57:27.178root 11241100x8000000000000000765828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12539155ea9977572021-12-20 15:57:27.178root 11241100x8000000000000000765829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381c5e1b705611d82021-12-20 15:57:27.178root 11241100x8000000000000000765830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d9c5b79cdbfe762021-12-20 15:57:27.178root 11241100x8000000000000000765831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2776b96eb1b6b4152021-12-20 15:57:27.178root 11241100x8000000000000000765832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7687475fd59bf4992021-12-20 15:57:27.179root 11241100x8000000000000000765833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669e9fbebb3023cf2021-12-20 15:57:27.179root 11241100x8000000000000000765834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb9428eface04c02021-12-20 15:57:27.179root 11241100x8000000000000000765835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c021b957b0d90f2021-12-20 15:57:27.179root 11241100x8000000000000000765836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ce66976f31d0672021-12-20 15:57:27.179root 11241100x8000000000000000765837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16fb8ffa69dfaff2021-12-20 15:57:27.179root 11241100x8000000000000000765838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53373d7a92216fb92021-12-20 15:57:27.180root 11241100x8000000000000000765839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d71919e64f6f7942021-12-20 15:57:27.180root 11241100x8000000000000000765840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aed75a805b29272021-12-20 15:57:27.180root 11241100x8000000000000000765841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ebf131a77682ea2021-12-20 15:57:27.180root 11241100x8000000000000000765842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd6ace11dd6f0102021-12-20 15:57:27.180root 11241100x8000000000000000765843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a4c12653d9f5622021-12-20 15:57:27.180root 11241100x8000000000000000765844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4588275dee7a6942021-12-20 15:57:27.180root 11241100x8000000000000000765845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd080622f44676182021-12-20 15:57:27.181root 11241100x8000000000000000765846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04a7df3f8970ad22021-12-20 15:57:27.181root 11241100x8000000000000000765847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79acad72ef6c4d2c2021-12-20 15:57:27.181root 11241100x8000000000000000765848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64ecb9472eabbda2021-12-20 15:57:27.181root 11241100x8000000000000000765849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b896fbeab11e394a2021-12-20 15:57:27.181root 11241100x8000000000000000765850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9be78d07c4e24f32021-12-20 15:57:27.181root 11241100x8000000000000000765851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87426aacd856e1782021-12-20 15:57:27.181root 11241100x8000000000000000765852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec768f83d10f0d7f2021-12-20 15:57:27.181root 11241100x8000000000000000765853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829f12cf2470418a2021-12-20 15:57:27.181root 11241100x8000000000000000765854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1359de719d569b392021-12-20 15:57:27.182root 11241100x8000000000000000765855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27a5c06324b9d122021-12-20 15:57:27.182root 11241100x8000000000000000765856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df79a30bc566b2cb2021-12-20 15:57:27.182root 11241100x8000000000000000765857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce96edd80d232952021-12-20 15:57:27.182root 11241100x8000000000000000765858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4723878d231205402021-12-20 15:57:27.182root 11241100x8000000000000000765859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d72398fb20f9b5c2021-12-20 15:57:27.183root 11241100x8000000000000000765860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1e35d4485e55002021-12-20 15:57:27.183root 11241100x8000000000000000765861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9352a11bada1c5a52021-12-20 15:57:27.183root 11241100x8000000000000000765862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb106e862b552ac62021-12-20 15:57:27.183root 11241100x8000000000000000765863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae5a2ddc0b615ff2021-12-20 15:57:27.183root 11241100x8000000000000000765864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bfa22e9e65563d2021-12-20 15:57:27.183root 11241100x8000000000000000765865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffec904c044e7dad2021-12-20 15:57:27.183root 11241100x8000000000000000765866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e99618374a15e82021-12-20 15:57:27.184root 11241100x8000000000000000765867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7947e7295a08faba2021-12-20 15:57:27.184root 11241100x8000000000000000765868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c434083a0cf578b12021-12-20 15:57:27.184root 11241100x8000000000000000765869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728b308d94143e082021-12-20 15:57:27.184root 11241100x8000000000000000765870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de87282ad5956a972021-12-20 15:57:27.184root 11241100x8000000000000000765871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac416c7fa1a18ac2021-12-20 15:57:27.184root 11241100x8000000000000000765872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e7cdd7a6070d522021-12-20 15:57:27.184root 11241100x8000000000000000765873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dbbce6b450d01a2021-12-20 15:57:27.675root 11241100x8000000000000000765874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dd4d7757bfeac92021-12-20 15:57:27.675root 11241100x8000000000000000765875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2320afb9180296b2021-12-20 15:57:27.675root 11241100x8000000000000000765876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6f56703d65f39f2021-12-20 15:57:27.675root 11241100x8000000000000000765877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7352bcbb011ac56a2021-12-20 15:57:27.675root 11241100x8000000000000000765878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005e9e1b6b257eb92021-12-20 15:57:27.676root 11241100x8000000000000000765879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e03d74c731e6742021-12-20 15:57:27.676root 11241100x8000000000000000765880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249d0c47bff950d12021-12-20 15:57:27.676root 11241100x8000000000000000765881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907d0095dfffbff12021-12-20 15:57:27.679root 11241100x8000000000000000765882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118abfb62458e4182021-12-20 15:57:27.679root 11241100x8000000000000000765883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceacbd7b3a03816f2021-12-20 15:57:27.679root 11241100x8000000000000000765884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a522253f9c9762852021-12-20 15:57:27.679root 11241100x8000000000000000765885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9775abe81001f2ff2021-12-20 15:57:27.679root 11241100x8000000000000000765886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7619172711f2b5d2021-12-20 15:57:27.679root 11241100x8000000000000000765887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7480843861afc472021-12-20 15:57:27.680root 11241100x8000000000000000765888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fa89d02311d7ea2021-12-20 15:57:27.680root 11241100x8000000000000000765889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415abd2a50d6ab412021-12-20 15:57:27.680root 11241100x8000000000000000765890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f294d97af4f10c2021-12-20 15:57:27.680root 11241100x8000000000000000765891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f60593ca291b8e2021-12-20 15:57:27.680root 11241100x8000000000000000765892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73a4db04b2aa28c2021-12-20 15:57:27.680root 11241100x8000000000000000765893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a05c37a49450962021-12-20 15:57:27.680root 11241100x8000000000000000765894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187bee0a2194dbb52021-12-20 15:57:27.680root 11241100x8000000000000000765895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b8dc2366bbe1992021-12-20 15:57:27.680root 11241100x8000000000000000765896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9645ef1b96fa1ec12021-12-20 15:57:27.680root 11241100x8000000000000000765897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ec06d972b2c9be2021-12-20 15:57:27.680root 11241100x8000000000000000765898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55731f48c9a8355c2021-12-20 15:57:27.680root 11241100x8000000000000000765899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f82c50c4ab36da52021-12-20 15:57:27.680root 11241100x8000000000000000765900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a90dc604a95e452021-12-20 15:57:27.681root 11241100x8000000000000000765901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e706be313a29e2e2021-12-20 15:57:27.681root 11241100x8000000000000000765902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63358473fa749b102021-12-20 15:57:27.681root 11241100x8000000000000000765903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:27.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d4adf62189f9c72021-12-20 15:57:27.681root 11241100x8000000000000000765904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705784f05cceaefa2021-12-20 15:57:28.174root 11241100x8000000000000000765905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51799d9c0e209d792021-12-20 15:57:28.174root 11241100x8000000000000000765906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8bf7aee45220a12021-12-20 15:57:28.174root 11241100x8000000000000000765907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0b660e206e6c802021-12-20 15:57:28.174root 11241100x8000000000000000765908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b850796ba43f62072021-12-20 15:57:28.174root 11241100x8000000000000000765909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38eb1e2799aee86b2021-12-20 15:57:28.174root 11241100x8000000000000000765910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336fb5f93e3913652021-12-20 15:57:28.175root 11241100x8000000000000000765911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaa76d04338334e2021-12-20 15:57:28.175root 11241100x8000000000000000765912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a928b933d6ddbff2021-12-20 15:57:28.175root 11241100x8000000000000000765913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc575588e97f7842021-12-20 15:57:28.175root 11241100x8000000000000000765914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d716ab19ef5a58d2021-12-20 15:57:28.175root 11241100x8000000000000000765915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b901e542af17e372021-12-20 15:57:28.176root 11241100x8000000000000000765916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf796f02463c6992021-12-20 15:57:28.176root 11241100x8000000000000000765917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b2d7648c6892e72021-12-20 15:57:28.176root 11241100x8000000000000000765918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3906ee28e4f40e8b2021-12-20 15:57:28.176root 11241100x8000000000000000765919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff57a33db8b661f2021-12-20 15:57:28.176root 11241100x8000000000000000765920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5062572fcd7a7ccb2021-12-20 15:57:28.176root 11241100x8000000000000000765921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24c3fa9d62c4f752021-12-20 15:57:28.176root 11241100x8000000000000000765922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa79a5be09a56f52021-12-20 15:57:28.176root 11241100x8000000000000000765923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c67ae8cc6f055ad2021-12-20 15:57:28.176root 11241100x8000000000000000765924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa028cba2af2a262021-12-20 15:57:28.176root 11241100x8000000000000000765925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811df505348cbe6e2021-12-20 15:57:28.176root 11241100x8000000000000000765926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6c608cc8d7b77a2021-12-20 15:57:28.177root 11241100x8000000000000000765927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165983fcaa47ba312021-12-20 15:57:28.177root 11241100x8000000000000000765928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ae08a0e1c7fa4d2021-12-20 15:57:28.177root 11241100x8000000000000000765929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d80a4dfb1d28eb2021-12-20 15:57:28.177root 11241100x8000000000000000765930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f15502487d88e62021-12-20 15:57:28.177root 11241100x8000000000000000765931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265f508e93eed36d2021-12-20 15:57:28.177root 11241100x8000000000000000765932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a864ca54b8dafb2021-12-20 15:57:28.177root 11241100x8000000000000000765933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885a5853cd16d4412021-12-20 15:57:28.177root 11241100x8000000000000000765934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb9dd57227c48af2021-12-20 15:57:28.177root 11241100x8000000000000000765935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4b83f53c05bf312021-12-20 15:57:28.177root 11241100x8000000000000000765936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e132589b6c642a852021-12-20 15:57:28.674root 11241100x8000000000000000765937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2825a6d4df74c91a2021-12-20 15:57:28.674root 11241100x8000000000000000765938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394fffb24acf732f2021-12-20 15:57:28.674root 11241100x8000000000000000765939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cf642a5a5fc5982021-12-20 15:57:28.674root 11241100x8000000000000000765940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e2322e6e317d7a2021-12-20 15:57:28.674root 11241100x8000000000000000765941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b859c13c0c2f7e2021-12-20 15:57:28.674root 11241100x8000000000000000765942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa14e786954707e22021-12-20 15:57:28.674root 11241100x8000000000000000765943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605132d803f6ab7d2021-12-20 15:57:28.674root 11241100x8000000000000000765944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dc20a676230a2c2021-12-20 15:57:28.674root 11241100x8000000000000000765945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fb82cd94443ac22021-12-20 15:57:28.674root 11241100x8000000000000000765946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55db18881897b172021-12-20 15:57:28.674root 11241100x8000000000000000765947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877478351978dc972021-12-20 15:57:28.674root 11241100x8000000000000000765948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fffb4eddb2d9482021-12-20 15:57:28.675root 11241100x8000000000000000765949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8746fc404607132021-12-20 15:57:28.675root 11241100x8000000000000000765950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8108e3658713fe82021-12-20 15:57:28.675root 11241100x8000000000000000765951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c07e86e3f9492522021-12-20 15:57:28.675root 11241100x8000000000000000765952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa679faeef6d14f42021-12-20 15:57:28.675root 11241100x8000000000000000765953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883524e636ba211e2021-12-20 15:57:28.675root 11241100x8000000000000000765954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe4d3da74472f132021-12-20 15:57:28.675root 11241100x8000000000000000765955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64c5dab5c82a7782021-12-20 15:57:28.675root 11241100x8000000000000000765956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928d25644bd0d5972021-12-20 15:57:28.675root 11241100x8000000000000000765957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46292eaa51efb9862021-12-20 15:57:28.675root 11241100x8000000000000000765958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dda9e5c36fadcd22021-12-20 15:57:28.675root 11241100x8000000000000000765959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e50adf0f42897682021-12-20 15:57:28.675root 11241100x8000000000000000765960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d80f0eefc6cde32021-12-20 15:57:28.675root 11241100x8000000000000000765961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb29585842a2f8712021-12-20 15:57:28.675root 11241100x8000000000000000765962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6dbc1a8e2526342021-12-20 15:57:28.675root 11241100x8000000000000000765963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d228fb6627f1fa12021-12-20 15:57:28.675root 11241100x8000000000000000765964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a2d101b5f261e52021-12-20 15:57:28.676root 11241100x8000000000000000765965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb3edfbdea0a2672021-12-20 15:57:28.676root 11241100x8000000000000000765966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0b602b4098326d2021-12-20 15:57:28.676root 11241100x8000000000000000765967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c1caf2345df9362021-12-20 15:57:28.676root 11241100x8000000000000000765968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f98a7886f11eae2021-12-20 15:57:28.676root 11241100x8000000000000000765969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732d93636f5b4ed62021-12-20 15:57:28.676root 11241100x8000000000000000765970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3e7e1680b4dfb92021-12-20 15:57:28.676root 11241100x8000000000000000765971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a547e8b8d6e7c0e2021-12-20 15:57:28.676root 11241100x8000000000000000765972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7224c0626c059212021-12-20 15:57:28.676root 11241100x8000000000000000765973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273bf6f880b4c7952021-12-20 15:57:28.676root 11241100x8000000000000000765974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450e0b5021510ea42021-12-20 15:57:29.174root 11241100x8000000000000000765975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b31d8c658066192021-12-20 15:57:29.174root 11241100x8000000000000000765976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775148427b5ef04f2021-12-20 15:57:29.174root 11241100x8000000000000000765977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e55b7c18406a582021-12-20 15:57:29.174root 11241100x8000000000000000765978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eee7381ba9a1bdb2021-12-20 15:57:29.174root 11241100x8000000000000000765979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96dfc075760d00d2021-12-20 15:57:29.175root 11241100x8000000000000000765980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae6747281f973182021-12-20 15:57:29.175root 11241100x8000000000000000765981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9933ec410d11432021-12-20 15:57:29.175root 11241100x8000000000000000765982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb36deed7582b8c82021-12-20 15:57:29.175root 11241100x8000000000000000765983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb76e722278a4bf2021-12-20 15:57:29.175root 11241100x8000000000000000765984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb67fe3d8b05dcd02021-12-20 15:57:29.175root 11241100x8000000000000000765985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c3efa43599cb932021-12-20 15:57:29.175root 11241100x8000000000000000765986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a854fd090928c92021-12-20 15:57:29.176root 11241100x8000000000000000765987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421cbaecba0612852021-12-20 15:57:29.176root 11241100x8000000000000000765988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3bfccab6c4d0fb2021-12-20 15:57:29.176root 11241100x8000000000000000765989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38983ebbb1bcfa8d2021-12-20 15:57:29.176root 11241100x8000000000000000765990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a4a5272630667b2021-12-20 15:57:29.176root 11241100x8000000000000000765991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195e89f9968aa7632021-12-20 15:57:29.176root 11241100x8000000000000000765992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd45eae6908ec102021-12-20 15:57:29.177root 11241100x8000000000000000765993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225bcce109032db72021-12-20 15:57:29.177root 11241100x8000000000000000765994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0e97f569a029e52021-12-20 15:57:29.177root 11241100x8000000000000000765995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f510cbd4aebc6bd92021-12-20 15:57:29.177root 11241100x8000000000000000765996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c5292cd222963e2021-12-20 15:57:29.177root 11241100x8000000000000000765997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c3a2ffe67c62832021-12-20 15:57:29.177root 11241100x8000000000000000765998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e89be5027e91fcb2021-12-20 15:57:29.177root 11241100x8000000000000000765999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af37bfb889967172021-12-20 15:57:29.177root 11241100x8000000000000000766000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f81e85dfa3fac52021-12-20 15:57:29.178root 11241100x8000000000000000766001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9d902c371e19252021-12-20 15:57:29.178root 11241100x8000000000000000766002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bffb0c4a5ba18e2021-12-20 15:57:29.178root 11241100x8000000000000000766003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b642166c00f8bbe42021-12-20 15:57:29.178root 11241100x8000000000000000766004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c047b22832df4c442021-12-20 15:57:29.178root 11241100x8000000000000000766005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b117dda741e1fd2021-12-20 15:57:29.178root 11241100x8000000000000000766006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de25a115c3dfbba32021-12-20 15:57:29.178root 11241100x8000000000000000766007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e0c422cbc14f792021-12-20 15:57:29.179root 11241100x8000000000000000766008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695eb63a8c5ae5092021-12-20 15:57:29.179root 11241100x8000000000000000766009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee89bcd431e183322021-12-20 15:57:29.179root 11241100x8000000000000000766010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1621c73737f16ca02021-12-20 15:57:29.674root 11241100x8000000000000000766011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c59b91a7877f832021-12-20 15:57:29.674root 11241100x8000000000000000766012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7712c04d855e56772021-12-20 15:57:29.675root 11241100x8000000000000000766013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dd22803d5de7ab2021-12-20 15:57:29.675root 11241100x8000000000000000766014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da27b21743f04bc2021-12-20 15:57:29.675root 11241100x8000000000000000766015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d8fadea1de2a942021-12-20 15:57:29.676root 11241100x8000000000000000766016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24ee9c5595cf49e2021-12-20 15:57:29.676root 11241100x8000000000000000766017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58749b0a6ddf94a02021-12-20 15:57:29.676root 11241100x8000000000000000766018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1cb8f7548c76942021-12-20 15:57:29.677root 11241100x8000000000000000766019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217d2b033bbd9ebc2021-12-20 15:57:29.677root 11241100x8000000000000000766020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf16d1ba5019c8a2021-12-20 15:57:29.677root 11241100x8000000000000000766021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf07130d3d2d5672021-12-20 15:57:29.677root 11241100x8000000000000000766022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5587fe4bd8749c2021-12-20 15:57:29.677root 11241100x8000000000000000766023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f84f5a88889d5f2021-12-20 15:57:29.677root 11241100x8000000000000000766024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfef2c25f68f0342021-12-20 15:57:29.677root 11241100x8000000000000000766025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2a5b113f55828a2021-12-20 15:57:29.678root 11241100x8000000000000000766026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f98c1f6ea8e068c2021-12-20 15:57:29.678root 11241100x8000000000000000766027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ad8d2e466128032021-12-20 15:57:29.678root 11241100x8000000000000000766028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afccd39d631cb0e32021-12-20 15:57:29.678root 11241100x8000000000000000766029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40811222c67a7a232021-12-20 15:57:29.678root 11241100x8000000000000000766030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a239c45e157ec82021-12-20 15:57:29.678root 11241100x8000000000000000766031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedf4ae313b9ad482021-12-20 15:57:29.678root 11241100x8000000000000000766032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce062b520e862f552021-12-20 15:57:29.678root 11241100x8000000000000000766033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64bb4e2e4c8a27f2021-12-20 15:57:29.678root 11241100x8000000000000000766034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa5b09daba153712021-12-20 15:57:29.678root 11241100x8000000000000000766035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7362e041d51d03db2021-12-20 15:57:29.678root 11241100x8000000000000000766036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d594d9b85c3b1f02021-12-20 15:57:29.678root 11241100x8000000000000000766037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d43a17e073bdc892021-12-20 15:57:29.678root 11241100x8000000000000000766038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987b9cab07f2be772021-12-20 15:57:29.679root 11241100x8000000000000000766039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2c5606639eb9892021-12-20 15:57:29.679root 11241100x8000000000000000766040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97527eb9a1459ce02021-12-20 15:57:29.679root 11241100x8000000000000000766041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca5c63e900cbe2d2021-12-20 15:57:29.679root 11241100x8000000000000000766042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b4b4cc36eda0e52021-12-20 15:57:29.679root 11241100x8000000000000000766043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf84991bebdd3c6b2021-12-20 15:57:29.679root 11241100x8000000000000000766044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23c65e883db05632021-12-20 15:57:29.679root 11241100x8000000000000000766045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754674fc092cdcf32021-12-20 15:57:29.679root 11241100x8000000000000000766046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dfb3120aecb4d02021-12-20 15:57:29.679root 11241100x8000000000000000766047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f48c1b77feacd9b2021-12-20 15:57:29.679root 11241100x8000000000000000766048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611bc9ba7982e92f2021-12-20 15:57:29.679root 11241100x8000000000000000766049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5e771f15e289e72021-12-20 15:57:29.679root 11241100x8000000000000000766050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afa8c457693e3562021-12-20 15:57:29.680root 11241100x8000000000000000766051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:29.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377ffe7b655aebe82021-12-20 15:57:29.680root 11241100x8000000000000000766052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51b64d232b805ae2021-12-20 15:57:30.174root 11241100x8000000000000000766053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c70c4360cd2be7c2021-12-20 15:57:30.174root 11241100x8000000000000000766054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d12eda7b055dc6e2021-12-20 15:57:30.174root 11241100x8000000000000000766055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b464d97af572772021-12-20 15:57:30.175root 11241100x8000000000000000766056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470b44310dd93c5e2021-12-20 15:57:30.175root 11241100x8000000000000000766057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30aaa1e3318ef152021-12-20 15:57:30.175root 11241100x8000000000000000766058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa7d5c5534ef95d2021-12-20 15:57:30.175root 11241100x8000000000000000766059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1f5edb6fea5d492021-12-20 15:57:30.175root 11241100x8000000000000000766060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d2c238b058ff332021-12-20 15:57:30.175root 11241100x8000000000000000766061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9213f8274a76eb2021-12-20 15:57:30.175root 11241100x8000000000000000766062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377a9c6696f930b12021-12-20 15:57:30.175root 11241100x8000000000000000766063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862eaa514dd99b0c2021-12-20 15:57:30.175root 11241100x8000000000000000766064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea71acb4857540a2021-12-20 15:57:30.175root 11241100x8000000000000000766065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23489e3e1831550a2021-12-20 15:57:30.175root 11241100x8000000000000000766066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e5bfdfd3bdc1e72021-12-20 15:57:30.175root 11241100x8000000000000000766067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f90626240047cd72021-12-20 15:57:30.175root 11241100x8000000000000000766068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b242cd5525f2a62021-12-20 15:57:30.175root 11241100x8000000000000000766069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbce88724fa10eb82021-12-20 15:57:30.175root 11241100x8000000000000000766070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ee63a3304debd82021-12-20 15:57:30.176root 11241100x8000000000000000766071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c09cb642871ee632021-12-20 15:57:30.176root 11241100x8000000000000000766072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553d724fcb8f55a32021-12-20 15:57:30.176root 11241100x8000000000000000766073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36588715c4fc1c3f2021-12-20 15:57:30.176root 11241100x8000000000000000766074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9b0607613e2bee2021-12-20 15:57:30.176root 11241100x8000000000000000766075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d4c6d651e19fc32021-12-20 15:57:30.176root 11241100x8000000000000000766076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c36d9bd3de9e11b2021-12-20 15:57:30.176root 11241100x8000000000000000766077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b5cca49c8874322021-12-20 15:57:30.176root 11241100x8000000000000000766078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d52ba62060fe0762021-12-20 15:57:30.176root 11241100x8000000000000000766079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7586f89525a13b872021-12-20 15:57:30.176root 11241100x8000000000000000766080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c5638b1bbb68212021-12-20 15:57:30.176root 11241100x8000000000000000766081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb729e0b6d939882021-12-20 15:57:30.176root 11241100x8000000000000000766082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7903c9eabfba260f2021-12-20 15:57:30.176root 11241100x8000000000000000766083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9b37b35a8be7b12021-12-20 15:57:30.177root 11241100x8000000000000000766084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f03431e268de2cd2021-12-20 15:57:30.177root 11241100x8000000000000000766085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4872c182f1ed28ce2021-12-20 15:57:30.177root 11241100x8000000000000000766086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee353054c98dd39b2021-12-20 15:57:30.177root 11241100x8000000000000000766087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cc3c5f8137c2512021-12-20 15:57:30.177root 11241100x8000000000000000766088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48992d041ef7d9c62021-12-20 15:57:30.674root 11241100x8000000000000000766089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f829250c5698df9a2021-12-20 15:57:30.674root 11241100x8000000000000000766090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e816360be6e8ae062021-12-20 15:57:30.675root 11241100x8000000000000000766091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1fc3857ea02c1b2021-12-20 15:57:30.675root 11241100x8000000000000000766092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa48e01060c141e2021-12-20 15:57:30.675root 11241100x8000000000000000766093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1133b8b7baa4da3f2021-12-20 15:57:30.675root 11241100x8000000000000000766094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf96e3373d7eb6d12021-12-20 15:57:30.675root 11241100x8000000000000000766095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552eef551d4d098e2021-12-20 15:57:30.675root 11241100x8000000000000000766096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3999b63482cb39da2021-12-20 15:57:30.675root 11241100x8000000000000000766097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fca6abd8ba672c2021-12-20 15:57:30.675root 11241100x8000000000000000766098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a08c14e5fd78ef02021-12-20 15:57:30.675root 11241100x8000000000000000766099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40eb04c0f81d40372021-12-20 15:57:30.675root 11241100x8000000000000000766100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1365e9e5f5838ba2021-12-20 15:57:30.675root 11241100x8000000000000000766101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d104932f5392472021-12-20 15:57:30.675root 11241100x8000000000000000766102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbd22a06fe384a82021-12-20 15:57:30.675root 11241100x8000000000000000766103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b42e3b1d72a1ca2021-12-20 15:57:30.676root 11241100x8000000000000000766104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2020ac4c5ce4a62021-12-20 15:57:30.676root 11241100x8000000000000000766105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c1ab6f2d7e13592021-12-20 15:57:30.676root 11241100x8000000000000000766106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c272e90071e4866c2021-12-20 15:57:30.676root 11241100x8000000000000000766107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1a145ca8b2c9242021-12-20 15:57:30.676root 11241100x8000000000000000766108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bf3e5929e830472021-12-20 15:57:30.676root 11241100x8000000000000000766109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9727306ce1e952cd2021-12-20 15:57:30.676root 11241100x8000000000000000766110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f069eaa5e4563b2021-12-20 15:57:30.676root 11241100x8000000000000000766111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888505ea440e42812021-12-20 15:57:30.676root 11241100x8000000000000000766112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6993f86897c4e3e32021-12-20 15:57:30.676root 11241100x8000000000000000766113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be7a23acf1119102021-12-20 15:57:30.677root 11241100x8000000000000000766114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404673912e3ee05d2021-12-20 15:57:30.677root 11241100x8000000000000000766115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc90526ab22c01fb2021-12-20 15:57:30.677root 11241100x8000000000000000766116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77554bed01b3b4a2021-12-20 15:57:30.677root 11241100x8000000000000000766117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f22a7a851e18fd52021-12-20 15:57:30.677root 11241100x8000000000000000766118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b096179326b2957c2021-12-20 15:57:30.677root 11241100x8000000000000000766119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0778c31e66f7f72021-12-20 15:57:31.174root 11241100x8000000000000000766120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f7a2e9ec0af02e2021-12-20 15:57:31.175root 11241100x8000000000000000766121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee3505ebdb586432021-12-20 15:57:31.175root 11241100x8000000000000000766122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b939a304d960cc812021-12-20 15:57:31.175root 11241100x8000000000000000766123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785040606a47b3c12021-12-20 15:57:31.175root 11241100x8000000000000000766124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5317159801ac6c622021-12-20 15:57:31.175root 11241100x8000000000000000766125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ff8aab3f67b3772021-12-20 15:57:31.176root 11241100x8000000000000000766126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab546e9b90ab59f2021-12-20 15:57:31.176root 11241100x8000000000000000766127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284ed28b6901b282021-12-20 15:57:31.176root 11241100x8000000000000000766128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0313e5ed229699c72021-12-20 15:57:31.176root 11241100x8000000000000000766129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92248cb99838d5002021-12-20 15:57:31.176root 11241100x8000000000000000766130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25441c7517dab372021-12-20 15:57:31.176root 11241100x8000000000000000766131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3f36d4e27320a42021-12-20 15:57:31.176root 11241100x8000000000000000766132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b78daafd46ad42f2021-12-20 15:57:31.176root 11241100x8000000000000000766133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8b1fdd38121f352021-12-20 15:57:31.176root 11241100x8000000000000000766134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765e583bffd2251b2021-12-20 15:57:31.177root 11241100x8000000000000000766135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f9a8905f9d9ae32021-12-20 15:57:31.177root 11241100x8000000000000000766136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b973680859fb07242021-12-20 15:57:31.177root 11241100x8000000000000000766137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f44318379953f702021-12-20 15:57:31.177root 11241100x8000000000000000766138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d648b4c68cf856662021-12-20 15:57:31.177root 11241100x8000000000000000766139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa7ea73d63e75cc2021-12-20 15:57:31.177root 11241100x8000000000000000766140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fde374365e6b8262021-12-20 15:57:31.177root 11241100x8000000000000000766141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b42b0f6effab9b2021-12-20 15:57:31.177root 11241100x8000000000000000766142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f1bfb509e297162021-12-20 15:57:31.177root 11241100x8000000000000000766143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166ca29710eb99e12021-12-20 15:57:31.177root 11241100x8000000000000000766144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f933a40bb7c51052021-12-20 15:57:31.177root 11241100x8000000000000000766145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76aabd6e6a3f6272021-12-20 15:57:31.177root 11241100x8000000000000000766146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9b2afb333d14f22021-12-20 15:57:31.177root 11241100x8000000000000000766147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18c100ca68d0bfd2021-12-20 15:57:31.177root 11241100x8000000000000000766148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4c9b540b90e76f2021-12-20 15:57:31.178root 11241100x8000000000000000766149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ab840877acdd922021-12-20 15:57:31.178root 11241100x8000000000000000766150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7a357cf383a8e22021-12-20 15:57:31.178root 11241100x8000000000000000766151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e2eb5f2731ad7d2021-12-20 15:57:31.674root 11241100x8000000000000000766152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2200faa94930c4f2021-12-20 15:57:31.674root 11241100x8000000000000000766153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bda87d346e2f742021-12-20 15:57:31.674root 11241100x8000000000000000766154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cad963363e8c392021-12-20 15:57:31.674root 11241100x8000000000000000766155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b55d23f205824a2021-12-20 15:57:31.674root 11241100x8000000000000000766156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9b7f2ab37f6db22021-12-20 15:57:31.674root 11241100x8000000000000000766157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c51f7d1791c3e652021-12-20 15:57:31.674root 11241100x8000000000000000766158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73049318505e030a2021-12-20 15:57:31.674root 11241100x8000000000000000766159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72236e5a9868e4982021-12-20 15:57:31.675root 11241100x8000000000000000766160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121e01762ead0a3d2021-12-20 15:57:31.675root 11241100x8000000000000000766161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518c2a03bfb35a1d2021-12-20 15:57:31.675root 11241100x8000000000000000766162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83105b4700b22f622021-12-20 15:57:31.675root 11241100x8000000000000000766163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57c9566d42590042021-12-20 15:57:31.675root 11241100x8000000000000000766164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fecc962329990752021-12-20 15:57:31.675root 11241100x8000000000000000766165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5341e076d231432021-12-20 15:57:31.676root 11241100x8000000000000000766166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49d7c9eb732937a2021-12-20 15:57:31.676root 11241100x8000000000000000766167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaa987e13b9ffd02021-12-20 15:57:31.676root 11241100x8000000000000000766168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4c2730affdaa0b2021-12-20 15:57:31.676root 11241100x8000000000000000766169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd520d4959693d1e2021-12-20 15:57:31.676root 11241100x8000000000000000766170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb15639ecb9cd642021-12-20 15:57:31.676root 11241100x8000000000000000766171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7313a2a7cf2b4272021-12-20 15:57:31.677root 11241100x8000000000000000766172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399fdb740dc206492021-12-20 15:57:31.677root 11241100x8000000000000000766173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c79063553bf50242021-12-20 15:57:31.677root 11241100x8000000000000000766174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39edd8d7628a80c82021-12-20 15:57:31.677root 11241100x8000000000000000766175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccae47a07e7e26b2021-12-20 15:57:31.677root 11241100x8000000000000000766176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5f66098e9c82df2021-12-20 15:57:31.677root 11241100x8000000000000000766177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8b3838c3ad3d812021-12-20 15:57:31.677root 11241100x8000000000000000766178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf67aa9556f30262021-12-20 15:57:31.677root 11241100x8000000000000000766179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5ca92ecfa2453e2021-12-20 15:57:31.677root 11241100x8000000000000000766180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddf17bc78bc6ae22021-12-20 15:57:31.677root 11241100x8000000000000000766181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0225e6b1ca177812021-12-20 15:57:31.678root 11241100x8000000000000000766182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48692b3cfe1ab1192021-12-20 15:57:31.678root 11241100x8000000000000000766183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5288d4c0e76217722021-12-20 15:57:31.678root 11241100x8000000000000000766184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a48482efa9c9d7b2021-12-20 15:57:31.678root 11241100x8000000000000000766185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d0514caacc2522021-12-20 15:57:31.678root 11241100x8000000000000000766186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e8cbe6e0729be32021-12-20 15:57:31.679root 11241100x8000000000000000766187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ec56366b84c1ad2021-12-20 15:57:31.679root 11241100x8000000000000000766188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bb77308a3d0eff2021-12-20 15:57:31.679root 11241100x8000000000000000766189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50373f04fc493ba12021-12-20 15:57:31.679root 11241100x8000000000000000766190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c1672d1b1ae6aa2021-12-20 15:57:31.679root 11241100x8000000000000000766191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547e956373a401742021-12-20 15:57:32.174root 11241100x8000000000000000766192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91d98f0475e25e52021-12-20 15:57:32.174root 11241100x8000000000000000766193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0339df9ca3d6242021-12-20 15:57:32.174root 11241100x8000000000000000766194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0460f4e408d5a39f2021-12-20 15:57:32.174root 11241100x8000000000000000766195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a296c718c801bea2021-12-20 15:57:32.174root 11241100x8000000000000000766196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22821c91bc4091132021-12-20 15:57:32.174root 11241100x8000000000000000766197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da3edaef220ac3e2021-12-20 15:57:32.174root 11241100x8000000000000000766198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41fba79967ef59b2021-12-20 15:57:32.174root 11241100x8000000000000000766199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87710e0d730808412021-12-20 15:57:32.174root 11241100x8000000000000000766200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5d9cb49bfecaa12021-12-20 15:57:32.175root 11241100x8000000000000000766201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bac04d8d6429802021-12-20 15:57:32.175root 11241100x8000000000000000766202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8117f3a6754238302021-12-20 15:57:32.175root 11241100x8000000000000000766203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764c3c9f013bb5532021-12-20 15:57:32.175root 11241100x8000000000000000766204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4717b8e80e32aa602021-12-20 15:57:32.175root 11241100x8000000000000000766205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad12c282b48b68d2021-12-20 15:57:32.175root 11241100x8000000000000000766206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeccab61dc956f82021-12-20 15:57:32.175root 11241100x8000000000000000766207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfa5897f8dae4372021-12-20 15:57:32.175root 11241100x8000000000000000766208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e895f11cda25992021-12-20 15:57:32.175root 11241100x8000000000000000766209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cf835c19554b1d2021-12-20 15:57:32.175root 11241100x8000000000000000766210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3223bc286fb1395f2021-12-20 15:57:32.175root 11241100x8000000000000000766211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b29acf5171e5fda2021-12-20 15:57:32.175root 11241100x8000000000000000766212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6791c101c1aaccb12021-12-20 15:57:32.175root 11241100x8000000000000000766213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce8a06dca461b442021-12-20 15:57:32.175root 11241100x8000000000000000766214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2bcc426f4bb5472021-12-20 15:57:32.175root 11241100x8000000000000000766215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2564cae7e5c2e32021-12-20 15:57:32.175root 11241100x8000000000000000766216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69256ec37ffce202021-12-20 15:57:32.175root 11241100x8000000000000000766217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fa314c4b32e0be2021-12-20 15:57:32.176root 11241100x8000000000000000766218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcfe9430a49e8852021-12-20 15:57:32.176root 11241100x8000000000000000766219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9f10efc9a352882021-12-20 15:57:32.176root 11241100x8000000000000000766220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acec11f75ba5541a2021-12-20 15:57:32.176root 11241100x8000000000000000766221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85161cd3f6d45d682021-12-20 15:57:32.176root 11241100x8000000000000000766222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22e538504f388b62021-12-20 15:57:32.176root 11241100x8000000000000000766223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364dea483e6adfd62021-12-20 15:57:32.176root 11241100x8000000000000000766224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b42bab613b0fc2e2021-12-20 15:57:32.176root 11241100x8000000000000000766225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d869fbe727fcf5c42021-12-20 15:57:32.176root 11241100x8000000000000000766226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a79592e00e9f6242021-12-20 15:57:32.176root 11241100x8000000000000000766227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8836c0adf6055cce2021-12-20 15:57:32.177root 11241100x8000000000000000766228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d3f52831c2e89e2021-12-20 15:57:32.177root 11241100x8000000000000000766229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54d25ec29625dc22021-12-20 15:57:32.177root 11241100x8000000000000000766230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e0b5097de96c8e2021-12-20 15:57:32.177root 11241100x8000000000000000766231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3cd1011040dad02021-12-20 15:57:32.177root 354300x8000000000000000766232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.215{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51426-false10.0.1.12-8000- 11241100x8000000000000000766233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3a13d275ca966c2021-12-20 15:57:32.674root 11241100x8000000000000000766234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8379075706306902021-12-20 15:57:32.674root 11241100x8000000000000000766235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b643132462cb9c2021-12-20 15:57:32.675root 11241100x8000000000000000766236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e529423b887391ea2021-12-20 15:57:32.675root 11241100x8000000000000000766237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1315b0e949f0d55d2021-12-20 15:57:32.675root 11241100x8000000000000000766238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2dbcf74c60edf72021-12-20 15:57:32.675root 11241100x8000000000000000766239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6009617a6677fb2021-12-20 15:57:32.675root 11241100x8000000000000000766240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c941db3fea1aa6b12021-12-20 15:57:32.676root 11241100x8000000000000000766241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d5dc5ab6f448082021-12-20 15:57:32.676root 11241100x8000000000000000766242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c347cc8765c7a02021-12-20 15:57:32.676root 11241100x8000000000000000766243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7587ba9f2f71e6a52021-12-20 15:57:32.676root 11241100x8000000000000000766244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6cefd8255749342021-12-20 15:57:32.676root 11241100x8000000000000000766245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86e58e50a4367b42021-12-20 15:57:32.676root 11241100x8000000000000000766246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925c1393f555a2672021-12-20 15:57:32.676root 11241100x8000000000000000766247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc40302c224144942021-12-20 15:57:32.677root 11241100x8000000000000000766248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67d7465514f4c482021-12-20 15:57:32.677root 11241100x8000000000000000766249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcfe6b44b22f7c62021-12-20 15:57:32.677root 11241100x8000000000000000766250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f66fd4bd613a3d2021-12-20 15:57:32.677root 11241100x8000000000000000766251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b49981392e274df2021-12-20 15:57:32.677root 11241100x8000000000000000766252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4d06794d39b6922021-12-20 15:57:32.677root 11241100x8000000000000000766253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57ee1f870483df42021-12-20 15:57:32.677root 11241100x8000000000000000766254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015dd19e8d1725772021-12-20 15:57:32.677root 11241100x8000000000000000766255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036b52729769d4182021-12-20 15:57:32.677root 11241100x8000000000000000766256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893a8d3b07c6eb7b2021-12-20 15:57:32.678root 11241100x8000000000000000766257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb26dddaf0d0b692021-12-20 15:57:32.678root 11241100x8000000000000000766258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc32420f0b11e8bc2021-12-20 15:57:32.678root 11241100x8000000000000000766259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5d58a7590e42c72021-12-20 15:57:32.678root 11241100x8000000000000000766260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e0596e55cd94dc2021-12-20 15:57:32.678root 11241100x8000000000000000766261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d4fe4befbfa1eb2021-12-20 15:57:32.678root 11241100x8000000000000000766262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475c8d144b03c0db2021-12-20 15:57:32.679root 11241100x8000000000000000766263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ed060edd19cde12021-12-20 15:57:32.679root 11241100x8000000000000000766264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526f0a4a870158722021-12-20 15:57:32.679root 11241100x8000000000000000766265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2f7cec0fad04042021-12-20 15:57:33.174root 11241100x8000000000000000766266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7576ec26e24507762021-12-20 15:57:33.174root 11241100x8000000000000000766267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73821e3223e55a902021-12-20 15:57:33.174root 11241100x8000000000000000766268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd795fbd1f9644ce2021-12-20 15:57:33.174root 11241100x8000000000000000766269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a0c9ba9698a6612021-12-20 15:57:33.175root 11241100x8000000000000000766270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476da517b3a26b0c2021-12-20 15:57:33.175root 11241100x8000000000000000766271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1a1bbee3e845532021-12-20 15:57:33.175root 11241100x8000000000000000766272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b6ecaa8e79ad612021-12-20 15:57:33.175root 11241100x8000000000000000766273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5269814e29fae402021-12-20 15:57:33.175root 11241100x8000000000000000766274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cfe9e056f6533d2021-12-20 15:57:33.175root 11241100x8000000000000000766275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145eaf539ca930712021-12-20 15:57:33.175root 11241100x8000000000000000766276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f06e5270d72d6fd2021-12-20 15:57:33.175root 11241100x8000000000000000766277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122c736785912fa42021-12-20 15:57:33.176root 11241100x8000000000000000766278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3153c48103e0702021-12-20 15:57:33.176root 11241100x8000000000000000766279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43e594efa61d02d2021-12-20 15:57:33.176root 11241100x8000000000000000766280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92ec003c97ec2ae2021-12-20 15:57:33.176root 11241100x8000000000000000766281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242c75e2020e8eac2021-12-20 15:57:33.176root 11241100x8000000000000000766282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1206ad2995256752021-12-20 15:57:33.176root 11241100x8000000000000000766283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d049a464eb3e2c3b2021-12-20 15:57:33.176root 11241100x8000000000000000766284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9226d855cc31d8172021-12-20 15:57:33.176root 11241100x8000000000000000766285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29c3104641798b02021-12-20 15:57:33.176root 11241100x8000000000000000766286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773c8182040b56e02021-12-20 15:57:33.177root 11241100x8000000000000000766287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09907bb11e2d666a2021-12-20 15:57:33.177root 11241100x8000000000000000766288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3af7ab53d5c97842021-12-20 15:57:33.177root 11241100x8000000000000000766289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d363c85d10a4952021-12-20 15:57:33.177root 11241100x8000000000000000766290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a36dfad56637562021-12-20 15:57:33.177root 11241100x8000000000000000766291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160c226b643e14102021-12-20 15:57:33.177root 11241100x8000000000000000766292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e43dc5aea2a9192021-12-20 15:57:33.178root 11241100x8000000000000000766293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedb376a6402102e2021-12-20 15:57:33.178root 11241100x8000000000000000766294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2d0e096aa6af742021-12-20 15:57:33.178root 11241100x8000000000000000766295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3079c408b980231f2021-12-20 15:57:33.178root 11241100x8000000000000000766296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08999132b228ac1c2021-12-20 15:57:33.178root 11241100x8000000000000000766297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d1a33cf120a0c92021-12-20 15:57:33.178root 11241100x8000000000000000766298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da47a35103520562021-12-20 15:57:33.178root 11241100x8000000000000000766299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3008553257da9c452021-12-20 15:57:33.178root 11241100x8000000000000000766300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788cd4ea4eabbcc32021-12-20 15:57:33.178root 11241100x8000000000000000766301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454bdb43113064782021-12-20 15:57:33.178root 11241100x8000000000000000766302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7008a9fb223cdf472021-12-20 15:57:33.179root 11241100x8000000000000000766303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35e5b161ecbbaa92021-12-20 15:57:33.674root 11241100x8000000000000000766304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027fbb52e877f2632021-12-20 15:57:33.674root 11241100x8000000000000000766305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02e7e6fa772df382021-12-20 15:57:33.674root 11241100x8000000000000000766306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ed1f57d8c225b82021-12-20 15:57:33.675root 11241100x8000000000000000766307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d031aac7b35daa982021-12-20 15:57:33.675root 11241100x8000000000000000766308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dffd35735558dbd2021-12-20 15:57:33.675root 11241100x8000000000000000766309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5fe2af38a83ecf2021-12-20 15:57:33.675root 11241100x8000000000000000766310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb30cbba6d4a05ef2021-12-20 15:57:33.676root 11241100x8000000000000000766311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fb6d9913965e232021-12-20 15:57:33.676root 11241100x8000000000000000766312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbd11d3562660bc2021-12-20 15:57:33.676root 11241100x8000000000000000766313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438db10b87d600722021-12-20 15:57:33.676root 11241100x8000000000000000766314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daa65dc783274ba2021-12-20 15:57:33.677root 11241100x8000000000000000766315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0f03fd1ffe8d642021-12-20 15:57:33.678root 11241100x8000000000000000766316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13b7354780aa7202021-12-20 15:57:33.678root 11241100x8000000000000000766317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ede0b33825a8e012021-12-20 15:57:33.678root 11241100x8000000000000000766318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb8c99eb9b844eb2021-12-20 15:57:33.679root 11241100x8000000000000000766319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bdd212de5b5b0b2021-12-20 15:57:33.679root 11241100x8000000000000000766320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b0b32c8e0048522021-12-20 15:57:33.680root 11241100x8000000000000000766321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5d71942d6c582c2021-12-20 15:57:33.680root 11241100x8000000000000000766322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e2b5efec1cbd32021-12-20 15:57:33.680root 11241100x8000000000000000766323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2d781d3bf417b92021-12-20 15:57:33.680root 11241100x8000000000000000766324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb02dee1ac2a7962021-12-20 15:57:33.680root 11241100x8000000000000000766325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d84c6271659e6d2021-12-20 15:57:33.680root 11241100x8000000000000000766326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5af42a373af6f7b2021-12-20 15:57:33.680root 11241100x8000000000000000766327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc50f82fdd699b82021-12-20 15:57:33.681root 11241100x8000000000000000766328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3a06dd8bad06252021-12-20 15:57:33.681root 11241100x8000000000000000766329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac99fcc20b01e3332021-12-20 15:57:33.681root 11241100x8000000000000000766330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4d98483368179c2021-12-20 15:57:33.681root 11241100x8000000000000000766331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f96bfb9053a78b2021-12-20 15:57:33.681root 11241100x8000000000000000766332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9a7ffa0b5bd77a2021-12-20 15:57:33.681root 11241100x8000000000000000766333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7d6161f2d30e7c2021-12-20 15:57:33.681root 11241100x8000000000000000766334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d114c6c9f9d6ec1f2021-12-20 15:57:33.681root 11241100x8000000000000000766335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af99312131da15f52021-12-20 15:57:33.681root 11241100x8000000000000000766336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e84adb82382cf692021-12-20 15:57:33.681root 11241100x8000000000000000766337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:33.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c384ee3bf447fa912021-12-20 15:57:33.681root 11241100x8000000000000000766338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8087517ec606b22e2021-12-20 15:57:34.174root 11241100x8000000000000000766339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d829940728d42a822021-12-20 15:57:34.175root 11241100x8000000000000000766340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c024df7e8abf5c2021-12-20 15:57:34.175root 11241100x8000000000000000766341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2cb04161e938e12021-12-20 15:57:34.175root 11241100x8000000000000000766342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aff8d23940c1c72021-12-20 15:57:34.175root 11241100x8000000000000000766343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8238fe936cb09c442021-12-20 15:57:34.175root 11241100x8000000000000000766344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9627f3d46b1daca82021-12-20 15:57:34.175root 11241100x8000000000000000766345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3658185a6450fd7f2021-12-20 15:57:34.176root 11241100x8000000000000000766346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4190392d5e15322021-12-20 15:57:34.176root 11241100x8000000000000000766347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e6d3e780d827e42021-12-20 15:57:34.176root 11241100x8000000000000000766348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115a90d8e6718fc92021-12-20 15:57:34.176root 11241100x8000000000000000766349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1976302bbde91e002021-12-20 15:57:34.176root 11241100x8000000000000000766350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8650f5d41e944dc2021-12-20 15:57:34.177root 11241100x8000000000000000766351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fcb54ef57a92202021-12-20 15:57:34.177root 11241100x8000000000000000766352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6151e5b309805102021-12-20 15:57:34.177root 11241100x8000000000000000766353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6c2ff0af7576f92021-12-20 15:57:34.177root 11241100x8000000000000000766354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0a790b258753282021-12-20 15:57:34.177root 11241100x8000000000000000766355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b6b050bdfc262b2021-12-20 15:57:34.177root 11241100x8000000000000000766356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707cfed52d18ff522021-12-20 15:57:34.178root 11241100x8000000000000000766357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dcf0f30720767a2021-12-20 15:57:34.178root 11241100x8000000000000000766358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d42197b8c594a0d2021-12-20 15:57:34.178root 11241100x8000000000000000766359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3111f6e2e64dbb532021-12-20 15:57:34.178root 11241100x8000000000000000766360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9332bebe8342f92021-12-20 15:57:34.178root 11241100x8000000000000000766361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350f391277b828082021-12-20 15:57:34.178root 11241100x8000000000000000766362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5747065539f4c3cc2021-12-20 15:57:34.178root 11241100x8000000000000000766363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358ce958abd71c3b2021-12-20 15:57:34.178root 11241100x8000000000000000766364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5dcad83ed5df6b2021-12-20 15:57:34.178root 11241100x8000000000000000766365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277d9e04165b00c92021-12-20 15:57:34.179root 11241100x8000000000000000766366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6973ce615cbf927b2021-12-20 15:57:34.179root 11241100x8000000000000000766367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b42c15318f455bd2021-12-20 15:57:34.179root 11241100x8000000000000000766368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d911e6ecbd38cd82021-12-20 15:57:34.179root 11241100x8000000000000000766369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55efd7e1dc071c872021-12-20 15:57:34.179root 11241100x8000000000000000766370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b10ca10880d1b62021-12-20 15:57:34.674root 11241100x8000000000000000766371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c1dde5bc5b48be2021-12-20 15:57:34.674root 11241100x8000000000000000766372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76139e656b89d1e22021-12-20 15:57:34.674root 11241100x8000000000000000766373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061c09f1be7415eb2021-12-20 15:57:34.675root 11241100x8000000000000000766374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235519c779e66df82021-12-20 15:57:34.675root 11241100x8000000000000000766375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82896583d536b3fd2021-12-20 15:57:34.675root 11241100x8000000000000000766376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fd1d11e24311cd2021-12-20 15:57:34.675root 11241100x8000000000000000766377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d1176d367783502021-12-20 15:57:34.675root 11241100x8000000000000000766378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b0cc8fd8e0a5282021-12-20 15:57:34.675root 11241100x8000000000000000766379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1915cc2b87c68442021-12-20 15:57:34.675root 11241100x8000000000000000766380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203f005113d6641d2021-12-20 15:57:34.675root 11241100x8000000000000000766381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140ac729b63709822021-12-20 15:57:34.675root 11241100x8000000000000000766382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a308d980d760022021-12-20 15:57:34.675root 11241100x8000000000000000766383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b895d1d07e18783a2021-12-20 15:57:34.675root 11241100x8000000000000000766384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06cfed3e8781f1b2021-12-20 15:57:34.675root 11241100x8000000000000000766385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b600d82239edb32021-12-20 15:57:34.676root 11241100x8000000000000000766386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2476584944be1ef2021-12-20 15:57:34.676root 11241100x8000000000000000766387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a52186855e88ad22021-12-20 15:57:34.676root 11241100x8000000000000000766388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99c911ce2afd50e2021-12-20 15:57:34.676root 11241100x8000000000000000766389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c94a9e1b1c666712021-12-20 15:57:34.676root 11241100x8000000000000000766390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257de8efe1e7b9662021-12-20 15:57:34.676root 11241100x8000000000000000766391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f550733f131198352021-12-20 15:57:34.676root 11241100x8000000000000000766392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d361751938e48092021-12-20 15:57:34.676root 11241100x8000000000000000766393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49633f797c2b34102021-12-20 15:57:34.676root 11241100x8000000000000000766394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce7f41cdbe373482021-12-20 15:57:34.676root 11241100x8000000000000000766395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe5e2951ea87be22021-12-20 15:57:34.676root 11241100x8000000000000000766396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1bc6471a88593a2021-12-20 15:57:34.677root 11241100x8000000000000000766397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576a316732e14a192021-12-20 15:57:34.677root 11241100x8000000000000000766398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfca111acf0617492021-12-20 15:57:34.677root 11241100x8000000000000000766399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8bfc8e679631a52021-12-20 15:57:34.677root 11241100x8000000000000000766400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028559547dbaab2c2021-12-20 15:57:34.677root 11241100x8000000000000000766401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e61773619d44fb2021-12-20 15:57:34.677root 11241100x8000000000000000766402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:34.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89df981e50ac3122021-12-20 15:57:34.677root 11241100x8000000000000000766403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb0b21f574e58b42021-12-20 15:57:35.174root 11241100x8000000000000000766404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1b1db9ff2ba2ee2021-12-20 15:57:35.174root 11241100x8000000000000000766405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857bf8a84313d4dc2021-12-20 15:57:35.174root 11241100x8000000000000000766406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4f6753d34993582021-12-20 15:57:35.174root 11241100x8000000000000000766407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcd3386022577682021-12-20 15:57:35.174root 11241100x8000000000000000766408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79419da5c6793902021-12-20 15:57:35.174root 11241100x8000000000000000766409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbe0aa43612404d2021-12-20 15:57:35.174root 11241100x8000000000000000766410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0060471aa37c74042021-12-20 15:57:35.174root 11241100x8000000000000000766411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f93bafa724225232021-12-20 15:57:35.174root 11241100x8000000000000000766412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595db10521d8e1ec2021-12-20 15:57:35.174root 11241100x8000000000000000766413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfd1308c8b2944c2021-12-20 15:57:35.175root 11241100x8000000000000000766414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1915934906c6906b2021-12-20 15:57:35.175root 11241100x8000000000000000766415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2f512a3897b00d2021-12-20 15:57:35.175root 11241100x8000000000000000766416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526bc080eabd51a32021-12-20 15:57:35.175root 11241100x8000000000000000766417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1cc2611c605d7d2021-12-20 15:57:35.175root 11241100x8000000000000000766418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ef612b8a68a09b2021-12-20 15:57:35.175root 11241100x8000000000000000766419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fdda9d750fa8d32021-12-20 15:57:35.175root 11241100x8000000000000000766420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11edc8ec0d7a13642021-12-20 15:57:35.175root 11241100x8000000000000000766421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3219bd1b8c835f2021-12-20 15:57:35.175root 11241100x8000000000000000766422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde962b50070c91b2021-12-20 15:57:35.175root 11241100x8000000000000000766423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca24447fd20b13292021-12-20 15:57:35.176root 11241100x8000000000000000766424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7491ed3995655f4c2021-12-20 15:57:35.176root 11241100x8000000000000000766425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78d0f3dc28467562021-12-20 15:57:35.176root 11241100x8000000000000000766426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c7e5b428528e5c2021-12-20 15:57:35.176root 11241100x8000000000000000766427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b69cfbfae150d6b2021-12-20 15:57:35.176root 11241100x8000000000000000766428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f07572e16a63092021-12-20 15:57:35.176root 11241100x8000000000000000766429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cfc765510ff8c12021-12-20 15:57:35.176root 11241100x8000000000000000766430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a65d13a6282fb02021-12-20 15:57:35.177root 11241100x8000000000000000766431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eec834a807b7e1f2021-12-20 15:57:35.177root 11241100x8000000000000000766432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c666e59f69eaffe2021-12-20 15:57:35.177root 11241100x8000000000000000766433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f8e6f7e45a2f9f2021-12-20 15:57:35.177root 11241100x8000000000000000766434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e7056411135e702021-12-20 15:57:35.177root 11241100x8000000000000000766435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7015508476a9afbd2021-12-20 15:57:35.177root 11241100x8000000000000000766436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7430a83b628ff92021-12-20 15:57:35.177root 11241100x8000000000000000766437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efb8efdd65b43432021-12-20 15:57:35.177root 11241100x8000000000000000766438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeafdd5620660a732021-12-20 15:57:35.177root 11241100x8000000000000000766439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f948e6d3148212e92021-12-20 15:57:35.675root 11241100x8000000000000000766440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537568c049790a142021-12-20 15:57:35.675root 11241100x8000000000000000766441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384b81a00f1724c62021-12-20 15:57:35.675root 11241100x8000000000000000766442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b8f5bd9150ee5d2021-12-20 15:57:35.675root 11241100x8000000000000000766443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997be11b505ce1f82021-12-20 15:57:35.675root 11241100x8000000000000000766444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33203f03e82253b52021-12-20 15:57:35.675root 11241100x8000000000000000766445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deab6212b55ac922021-12-20 15:57:35.675root 11241100x8000000000000000766446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21be3b5bb6fd6ea12021-12-20 15:57:35.675root 11241100x8000000000000000766447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9965415d583d9512021-12-20 15:57:35.675root 11241100x8000000000000000766448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae9e3f9729f3ce42021-12-20 15:57:35.675root 11241100x8000000000000000766449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac677d31506f0102021-12-20 15:57:35.676root 11241100x8000000000000000766450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc4aaa62f86adec2021-12-20 15:57:35.676root 11241100x8000000000000000766451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31a96fba93a3c9a2021-12-20 15:57:35.676root 11241100x8000000000000000766452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583911de49941f802021-12-20 15:57:35.676root 11241100x8000000000000000766453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6740c7e47369de02021-12-20 15:57:35.676root 11241100x8000000000000000766454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a3ca8c40aecd0b2021-12-20 15:57:35.676root 11241100x8000000000000000766455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e951178efc50f4c2021-12-20 15:57:35.676root 11241100x8000000000000000766456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf15b5ce370a8b42021-12-20 15:57:35.676root 11241100x8000000000000000766457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b0038ee431cf772021-12-20 15:57:35.676root 11241100x8000000000000000766458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2497dbfce1395492021-12-20 15:57:35.676root 11241100x8000000000000000766459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba1984ba1da01932021-12-20 15:57:35.676root 11241100x8000000000000000766460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aeec37db4f034c2021-12-20 15:57:35.677root 11241100x8000000000000000766461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5f2329b1bda6f12021-12-20 15:57:35.677root 11241100x8000000000000000766462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3d406710894a962021-12-20 15:57:35.677root 11241100x8000000000000000766463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208fb2d73acbc6052021-12-20 15:57:35.677root 11241100x8000000000000000766464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775891728817c4fa2021-12-20 15:57:35.677root 11241100x8000000000000000766465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e46568b28b178362021-12-20 15:57:35.677root 11241100x8000000000000000766466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539b69a461799b382021-12-20 15:57:35.677root 11241100x8000000000000000766467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da65475eb7dd5212021-12-20 15:57:35.677root 11241100x8000000000000000766468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f001e9ce4f4b6b2021-12-20 15:57:35.677root 11241100x8000000000000000766469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e9f7b386437fc82021-12-20 15:57:35.677root 11241100x8000000000000000766470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:35.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4c08b13a633a612021-12-20 15:57:35.678root 11241100x8000000000000000766471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:57:36.068root 11241100x8000000000000000766472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a5cf8c9f7c14d32021-12-20 15:57:36.069root 11241100x8000000000000000766473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea44357438a4e1db2021-12-20 15:57:36.069root 11241100x8000000000000000766474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a91dae199ca0a62021-12-20 15:57:36.069root 11241100x8000000000000000766475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62eefcfbc1b67c62021-12-20 15:57:36.069root 11241100x8000000000000000766476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8958798cce82f3132021-12-20 15:57:36.069root 11241100x8000000000000000766477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e5fb57b70402952021-12-20 15:57:36.069root 11241100x8000000000000000766478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb5d1beab734ccc2021-12-20 15:57:36.070root 11241100x8000000000000000766479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f128ccd5cfa51a1c2021-12-20 15:57:36.070root 11241100x8000000000000000766480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b361de8e28f2d16a2021-12-20 15:57:36.070root 11241100x8000000000000000766481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7debe83c210a4ebe2021-12-20 15:57:36.070root 11241100x8000000000000000766482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c8c73acca84cab2021-12-20 15:57:36.070root 11241100x8000000000000000766483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd82d5415b589c12021-12-20 15:57:36.070root 11241100x8000000000000000766484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e07953e569a18622021-12-20 15:57:36.070root 11241100x8000000000000000766485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf42827732f6582021-12-20 15:57:36.070root 11241100x8000000000000000766486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe71093305d6e7902021-12-20 15:57:36.070root 11241100x8000000000000000766487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b9ac417200021e2021-12-20 15:57:36.071root 11241100x8000000000000000766488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce55cead98876b772021-12-20 15:57:36.071root 11241100x8000000000000000766489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfb6dca09fd3e262021-12-20 15:57:36.071root 11241100x8000000000000000766490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd6426c7588351f2021-12-20 15:57:36.071root 11241100x8000000000000000766491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475b40eb9f7f93002021-12-20 15:57:36.071root 11241100x8000000000000000766492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544cccc9be35de852021-12-20 15:57:36.071root 11241100x8000000000000000766493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537006cee199fcf92021-12-20 15:57:36.071root 11241100x8000000000000000766494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4795906ce9d500c62021-12-20 15:57:36.071root 11241100x8000000000000000766495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c5a3b1ed582e5f2021-12-20 15:57:36.071root 11241100x8000000000000000766496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b019f2e1c93147872021-12-20 15:57:36.071root 11241100x8000000000000000766497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6958e44d03a77e852021-12-20 15:57:36.071root 11241100x8000000000000000766498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4775129b193b089a2021-12-20 15:57:36.071root 11241100x8000000000000000766499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c63034fafd07d72021-12-20 15:57:36.072root 11241100x8000000000000000766500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955717971b3bd5be2021-12-20 15:57:36.072root 11241100x8000000000000000766501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a482403c4264521c2021-12-20 15:57:36.072root 11241100x8000000000000000766502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0841970981310bc2021-12-20 15:57:36.072root 11241100x8000000000000000766503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dee30011c62f11f2021-12-20 15:57:36.072root 11241100x8000000000000000766504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e631d849806a60d02021-12-20 15:57:36.072root 11241100x8000000000000000766505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d75a8e351b20052021-12-20 15:57:36.072root 11241100x8000000000000000766506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d8b9dd75b919862021-12-20 15:57:36.073root 11241100x8000000000000000766507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9214d28937a1e48c2021-12-20 15:57:36.073root 11241100x8000000000000000766508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d47a59559902392021-12-20 15:57:36.073root 11241100x8000000000000000766509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb92f54f783cb59c2021-12-20 15:57:36.073root 11241100x8000000000000000766510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a088e790fc52836b2021-12-20 15:57:36.073root 11241100x8000000000000000766511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b06be2b434adcdf2021-12-20 15:57:36.074root 11241100x8000000000000000766512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25afeeee417e37512021-12-20 15:57:36.074root 11241100x8000000000000000766513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d861ffb060cec72021-12-20 15:57:36.074root 11241100x8000000000000000766514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deecfdca9befdcb2021-12-20 15:57:36.074root 11241100x8000000000000000766515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437a17cbd6a8cdcf2021-12-20 15:57:36.074root 11241100x8000000000000000766516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5be5e5c1455fdc2021-12-20 15:57:36.075root 11241100x8000000000000000766517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc55bb576d38b372021-12-20 15:57:36.075root 11241100x8000000000000000766518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491f0f172b72c1812021-12-20 15:57:36.075root 11241100x8000000000000000766519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c5b569a92365682021-12-20 15:57:36.075root 11241100x8000000000000000766520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83133a9a1e76e6952021-12-20 15:57:36.075root 11241100x8000000000000000766521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b958e69ec4f1b632021-12-20 15:57:36.075root 11241100x8000000000000000766522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592f3901d1590c912021-12-20 15:57:36.424root 11241100x8000000000000000766523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d9402416c464282021-12-20 15:57:36.424root 11241100x8000000000000000766524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5116332830deca72021-12-20 15:57:36.424root 11241100x8000000000000000766525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a5f60ddb0bbdd72021-12-20 15:57:36.424root 11241100x8000000000000000766526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c42d1576804fcf2021-12-20 15:57:36.424root 11241100x8000000000000000766527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e80691fe157b152021-12-20 15:57:36.425root 11241100x8000000000000000766528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ffde0af8ec4d542021-12-20 15:57:36.425root 11241100x8000000000000000766529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad231c8873053a8b2021-12-20 15:57:36.425root 11241100x8000000000000000766530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89014107d909f6ac2021-12-20 15:57:36.425root 11241100x8000000000000000766531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebfa2dd280dca4d2021-12-20 15:57:36.425root 11241100x8000000000000000766532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f6c0f3fa3d684e2021-12-20 15:57:36.425root 11241100x8000000000000000766533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e31049b4d4a2f72021-12-20 15:57:36.425root 11241100x8000000000000000766534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bf2f24f22733d42021-12-20 15:57:36.425root 11241100x8000000000000000766535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f4700a2b15cdad2021-12-20 15:57:36.425root 11241100x8000000000000000766536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33529cbed794b0d62021-12-20 15:57:36.425root 11241100x8000000000000000766537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb26769f3f4d16f2021-12-20 15:57:36.425root 11241100x8000000000000000766538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5893959c23c1c1f02021-12-20 15:57:36.425root 11241100x8000000000000000766539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69083d33747feccf2021-12-20 15:57:36.426root 11241100x8000000000000000766540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d0850538b64c982021-12-20 15:57:36.426root 11241100x8000000000000000766541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b46cba4fba5d3852021-12-20 15:57:36.426root 11241100x8000000000000000766542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab0efb7fe79d1b12021-12-20 15:57:36.426root 11241100x8000000000000000766543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2b179cb8974ddc2021-12-20 15:57:36.426root 11241100x8000000000000000766544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8460f8a0239173062021-12-20 15:57:36.426root 11241100x8000000000000000766545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d210e0feba6c71692021-12-20 15:57:36.426root 11241100x8000000000000000766546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e45a3697b4368322021-12-20 15:57:36.426root 11241100x8000000000000000766547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f99219a8fd3d3852021-12-20 15:57:36.426root 11241100x8000000000000000766548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7d0bff0a7525142021-12-20 15:57:36.426root 11241100x8000000000000000766549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bbf339200ec2fd2021-12-20 15:57:36.426root 11241100x8000000000000000766550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7861424bafedd60e2021-12-20 15:57:36.426root 11241100x8000000000000000766551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d64aa6bb3273082021-12-20 15:57:36.427root 11241100x8000000000000000766552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379d85ba5c8e14872021-12-20 15:57:36.427root 11241100x8000000000000000766553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2570d2032a26ef2021-12-20 15:57:36.427root 11241100x8000000000000000766554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a7b0cddc922b7a2021-12-20 15:57:36.427root 11241100x8000000000000000766555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c4195fa5302f122021-12-20 15:57:36.924root 11241100x8000000000000000766556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13955b39884d26a62021-12-20 15:57:36.924root 11241100x8000000000000000766557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d0fbe18a525f492021-12-20 15:57:36.925root 11241100x8000000000000000766558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d64480d9caad112021-12-20 15:57:36.925root 11241100x8000000000000000766559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70076d5b8627a2252021-12-20 15:57:36.925root 11241100x8000000000000000766560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7441f44f0f7192902021-12-20 15:57:36.925root 11241100x8000000000000000766561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b643fccdf6604edf2021-12-20 15:57:36.925root 11241100x8000000000000000766562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7c80087221afcb2021-12-20 15:57:36.925root 11241100x8000000000000000766563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08d6a8790a42bff2021-12-20 15:57:36.926root 11241100x8000000000000000766564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e9dc53dae983692021-12-20 15:57:36.926root 11241100x8000000000000000766565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16da66894ee33ba52021-12-20 15:57:36.926root 11241100x8000000000000000766566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43868b321aabd1672021-12-20 15:57:36.926root 11241100x8000000000000000766567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b627067787320f4f2021-12-20 15:57:36.926root 11241100x8000000000000000766568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9535f81996cb39cf2021-12-20 15:57:36.926root 11241100x8000000000000000766569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2e58d9015095922021-12-20 15:57:36.926root 11241100x8000000000000000766570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d036c4f76a51992021-12-20 15:57:36.926root 11241100x8000000000000000766571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44401832721f131f2021-12-20 15:57:36.926root 11241100x8000000000000000766572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca25c281d868ba8a2021-12-20 15:57:36.927root 11241100x8000000000000000766573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856ce1e33c468af72021-12-20 15:57:36.927root 11241100x8000000000000000766574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207275b7078ad80b2021-12-20 15:57:36.927root 11241100x8000000000000000766575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5929618fb107d34e2021-12-20 15:57:36.927root 11241100x8000000000000000766576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9968a6735ddee82021-12-20 15:57:36.927root 11241100x8000000000000000766577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d1719ef24f5c1c2021-12-20 15:57:36.927root 11241100x8000000000000000766578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75215d28f8b7a3b32021-12-20 15:57:36.927root 11241100x8000000000000000766579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16e09cffdda11192021-12-20 15:57:36.927root 11241100x8000000000000000766580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28a55bf3f4dac242021-12-20 15:57:36.928root 11241100x8000000000000000766581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6f2d7666aace292021-12-20 15:57:36.928root 11241100x8000000000000000766582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d572c676f153002021-12-20 15:57:36.928root 11241100x8000000000000000766583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54c3b8d934f72a72021-12-20 15:57:36.928root 11241100x8000000000000000766584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a61b4a3bec820012021-12-20 15:57:36.928root 11241100x8000000000000000766585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937c6d8d0f22cace2021-12-20 15:57:36.928root 11241100x8000000000000000766586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f5de77b36897bb2021-12-20 15:57:36.928root 11241100x8000000000000000766587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e97267342f5d182021-12-20 15:57:36.928root 11241100x8000000000000000766588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373adb19ef8f7be62021-12-20 15:57:36.929root 354300x8000000000000000766589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.223{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51428-false10.0.1.12-8000- 11241100x8000000000000000766590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.223{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6273cab67b133bd82021-12-20 15:57:37.223root 11241100x8000000000000000766591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.224{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d06982147eb263f2021-12-20 15:57:37.224root 11241100x8000000000000000766592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.224{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e835590bd2fa222021-12-20 15:57:37.224root 11241100x8000000000000000766593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.224{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a98838325a597e2021-12-20 15:57:37.224root 11241100x8000000000000000766594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.224{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59584df3f5fa9ee72021-12-20 15:57:37.224root 11241100x8000000000000000766595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.224{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54171289692f5b562021-12-20 15:57:37.224root 11241100x8000000000000000766596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.224{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b98f926e6d34392021-12-20 15:57:37.224root 11241100x8000000000000000766597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.224{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec3a121130755ae2021-12-20 15:57:37.224root 11241100x8000000000000000766598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a6e17c3277f9dc2021-12-20 15:57:37.225root 11241100x8000000000000000766599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b1641c020729002021-12-20 15:57:37.225root 11241100x8000000000000000766600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56acbd01bd0e1b3b2021-12-20 15:57:37.225root 11241100x8000000000000000766601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7e5b7176a5c7dc2021-12-20 15:57:37.225root 11241100x8000000000000000766602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59172b1304e4d962021-12-20 15:57:37.226root 11241100x8000000000000000766603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433e668de765b5612021-12-20 15:57:37.226root 11241100x8000000000000000766604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab817a4bee06d912021-12-20 15:57:37.226root 11241100x8000000000000000766605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfe40ae1e414abe2021-12-20 15:57:37.226root 11241100x8000000000000000766606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c497c8db641876e72021-12-20 15:57:37.226root 11241100x8000000000000000766607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af205e114bdac432021-12-20 15:57:37.226root 11241100x8000000000000000766608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4841d94d98d4ddcd2021-12-20 15:57:37.226root 11241100x8000000000000000766609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5040d66e5f61efe2021-12-20 15:57:37.226root 11241100x8000000000000000766610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf7d383957106bf2021-12-20 15:57:37.227root 11241100x8000000000000000766611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d91cc00ac803bc12021-12-20 15:57:37.227root 11241100x8000000000000000766612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6039af087b9a4d882021-12-20 15:57:37.227root 11241100x8000000000000000766613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ebbd3c6541c57c2021-12-20 15:57:37.227root 11241100x8000000000000000766614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e0c019e3b10c122021-12-20 15:57:37.227root 11241100x8000000000000000766615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028244bb946fea542021-12-20 15:57:37.227root 11241100x8000000000000000766616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506ed326fbc09eaf2021-12-20 15:57:37.227root 11241100x8000000000000000766617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907dd7ecd0fc78222021-12-20 15:57:37.227root 11241100x8000000000000000766618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822de05ebd828a162021-12-20 15:57:37.227root 11241100x8000000000000000766619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20490e6e8e9101702021-12-20 15:57:37.227root 11241100x8000000000000000766620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f35ebb93410666e2021-12-20 15:57:37.227root 11241100x8000000000000000766621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d1552e76030a732021-12-20 15:57:37.227root 11241100x8000000000000000766622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7664cf5d4323913c2021-12-20 15:57:37.227root 11241100x8000000000000000766623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608fa9e332b65c272021-12-20 15:57:37.227root 11241100x8000000000000000766624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e066ac00f6a299e52021-12-20 15:57:37.227root 11241100x8000000000000000766625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c02ffed571527e2021-12-20 15:57:37.228root 11241100x8000000000000000766626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aef02bef2602bf22021-12-20 15:57:37.228root 11241100x8000000000000000766627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4784cc58662a4e772021-12-20 15:57:37.228root 11241100x8000000000000000766628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7043f0b2f1d0282021-12-20 15:57:37.228root 11241100x8000000000000000766629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2070aff941222a2021-12-20 15:57:37.228root 11241100x8000000000000000766630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7d6704f13616242021-12-20 15:57:37.228root 11241100x8000000000000000766631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ecbbc38b3ed6f62021-12-20 15:57:37.228root 11241100x8000000000000000766632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aad8c8816b05dfd2021-12-20 15:57:37.229root 11241100x8000000000000000766633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30e3f829bb24be32021-12-20 15:57:37.229root 11241100x8000000000000000766634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfef7aa44c656ca92021-12-20 15:57:37.229root 11241100x8000000000000000766635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8454ab390b8688cf2021-12-20 15:57:37.674root 11241100x8000000000000000766636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5021e0f31b24ec2021-12-20 15:57:37.674root 11241100x8000000000000000766637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f866a793ed577aa2021-12-20 15:57:37.674root 11241100x8000000000000000766638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4bc8309be088572021-12-20 15:57:37.674root 11241100x8000000000000000766639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf88307496b5bb7b2021-12-20 15:57:37.674root 11241100x8000000000000000766640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f30512b5c89ee962021-12-20 15:57:37.675root 11241100x8000000000000000766641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da6b7db966810f22021-12-20 15:57:37.675root 11241100x8000000000000000766642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe04fdb0f83557142021-12-20 15:57:37.675root 11241100x8000000000000000766643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6009de8302d5b592021-12-20 15:57:37.675root 11241100x8000000000000000766644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c84e31266e98cf02021-12-20 15:57:37.675root 11241100x8000000000000000766645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088809948223dcc52021-12-20 15:57:37.675root 11241100x8000000000000000766646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cc82e44fee5ea82021-12-20 15:57:37.675root 11241100x8000000000000000766647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43887360a874936d2021-12-20 15:57:37.675root 11241100x8000000000000000766648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b6a7813ecea0e42021-12-20 15:57:37.675root 11241100x8000000000000000766649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2273c389d6c766a72021-12-20 15:57:37.676root 11241100x8000000000000000766650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf42fc13fae8f3a2021-12-20 15:57:37.676root 11241100x8000000000000000766651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29064ea48d9e6c02021-12-20 15:57:37.676root 11241100x8000000000000000766652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07307a0456c8b6562021-12-20 15:57:37.676root 11241100x8000000000000000766653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3967e43858d0d872021-12-20 15:57:37.676root 11241100x8000000000000000766654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85638ef72ec492e2021-12-20 15:57:37.677root 11241100x8000000000000000766655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73592f4831abc9372021-12-20 15:57:37.677root 11241100x8000000000000000766656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4d3b8abc7e4cf92021-12-20 15:57:37.677root 11241100x8000000000000000766657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e57ee3e357438152021-12-20 15:57:37.677root 11241100x8000000000000000766658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439db4b9dcc9a7202021-12-20 15:57:37.677root 11241100x8000000000000000766659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3258192ddcc2cf2021-12-20 15:57:37.677root 11241100x8000000000000000766660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcd1e3b642b2dbf2021-12-20 15:57:37.677root 11241100x8000000000000000766661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b45ed5c86b48fc42021-12-20 15:57:37.677root 11241100x8000000000000000766662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4729d084851e07292021-12-20 15:57:37.677root 11241100x8000000000000000766663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a5ebc263bd9c902021-12-20 15:57:37.677root 11241100x8000000000000000766664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294d225e5e223e1b2021-12-20 15:57:37.677root 11241100x8000000000000000766665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0884962ae7aa4602021-12-20 15:57:37.678root 11241100x8000000000000000766666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0058a1414907802021-12-20 15:57:37.678root 11241100x8000000000000000766667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc74c9d3963ca352021-12-20 15:57:37.678root 11241100x8000000000000000766668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f770baa3636f6a2021-12-20 15:57:37.678root 11241100x8000000000000000766669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ba0ec1d6e1a9d32021-12-20 15:57:37.678root 11241100x8000000000000000766670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21aae462a8e938342021-12-20 15:57:37.678root 11241100x8000000000000000766671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9856eb30ee6877ea2021-12-20 15:57:37.678root 11241100x8000000000000000766672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be500b8e2241d3df2021-12-20 15:57:37.678root 11241100x8000000000000000766673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:37.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6972da063ea9052021-12-20 15:57:37.678root 11241100x8000000000000000766674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbae3a7a5fbc50802021-12-20 15:57:38.175root 11241100x8000000000000000766675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd2ca692ba9a8b82021-12-20 15:57:38.175root 11241100x8000000000000000766676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378cb347e81d00f62021-12-20 15:57:38.175root 11241100x8000000000000000766677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9fed9fb83af0032021-12-20 15:57:38.176root 11241100x8000000000000000766678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1394c642f26922a42021-12-20 15:57:38.176root 11241100x8000000000000000766679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c54f6562c6e5722021-12-20 15:57:38.176root 11241100x8000000000000000766680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a26d9d234288ca32021-12-20 15:57:38.176root 11241100x8000000000000000766681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23e7b95a3908ecd2021-12-20 15:57:38.176root 11241100x8000000000000000766682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38446301bbcceff22021-12-20 15:57:38.176root 11241100x8000000000000000766683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8da5472ad8955e2021-12-20 15:57:38.176root 11241100x8000000000000000766684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d7d900e8662b9a2021-12-20 15:57:38.176root 11241100x8000000000000000766685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc87719ed0def6b2021-12-20 15:57:38.176root 11241100x8000000000000000766686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5a3f7ce083d17b2021-12-20 15:57:38.177root 11241100x8000000000000000766687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a8f9f060a976ce2021-12-20 15:57:38.177root 11241100x8000000000000000766688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811ce623cbda06652021-12-20 15:57:38.177root 11241100x8000000000000000766689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e68d95e66d40f42021-12-20 15:57:38.177root 11241100x8000000000000000766690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c833d1f85d8a15852021-12-20 15:57:38.177root 11241100x8000000000000000766691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05db51c68915973e2021-12-20 15:57:38.177root 11241100x8000000000000000766692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954b6b7832b3369c2021-12-20 15:57:38.177root 11241100x8000000000000000766693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c21f453493d162a2021-12-20 15:57:38.177root 11241100x8000000000000000766694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3211cb12acd0db542021-12-20 15:57:38.177root 11241100x8000000000000000766695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943d29294c6072bc2021-12-20 15:57:38.178root 11241100x8000000000000000766696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86b1abb9a22b4732021-12-20 15:57:38.178root 11241100x8000000000000000766697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3536d487b1b2332021-12-20 15:57:38.178root 11241100x8000000000000000766698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365afecb4f96ba1e2021-12-20 15:57:38.178root 11241100x8000000000000000766699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ce4fb583a775532021-12-20 15:57:38.178root 11241100x8000000000000000766700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5324dfad657d07232021-12-20 15:57:38.178root 11241100x8000000000000000766701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce64d4119cd12dcc2021-12-20 15:57:38.178root 11241100x8000000000000000766702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6351c9c53aea7d52021-12-20 15:57:38.178root 11241100x8000000000000000766703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8827fffa9a24dc452021-12-20 15:57:38.178root 11241100x8000000000000000766704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c64d0059ebe24a2021-12-20 15:57:38.178root 11241100x8000000000000000766705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f0a2935b0c9a322021-12-20 15:57:38.179root 11241100x8000000000000000766706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811494be54f6f87d2021-12-20 15:57:38.179root 11241100x8000000000000000766707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd0bc423ae2b31b2021-12-20 15:57:38.179root 11241100x8000000000000000766708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3e231a0c73ed662021-12-20 15:57:38.674root 11241100x8000000000000000766709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c07fdd38e36e19a2021-12-20 15:57:38.675root 11241100x8000000000000000766710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4f60477c55807e2021-12-20 15:57:38.675root 11241100x8000000000000000766711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5488172ead471222021-12-20 15:57:38.675root 11241100x8000000000000000766712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4ccf5adef0d8da2021-12-20 15:57:38.675root 11241100x8000000000000000766713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f50d41b34b504c42021-12-20 15:57:38.675root 11241100x8000000000000000766714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0025bd0d81bf9052021-12-20 15:57:38.675root 11241100x8000000000000000766715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d004c5b2397bde22021-12-20 15:57:38.675root 11241100x8000000000000000766716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c581274bc0c5c20a2021-12-20 15:57:38.675root 11241100x8000000000000000766717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be49c980001991f2021-12-20 15:57:38.675root 11241100x8000000000000000766718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ade50798594cf92021-12-20 15:57:38.675root 11241100x8000000000000000766719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926bee91b40dcd9a2021-12-20 15:57:38.676root 11241100x8000000000000000766720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb81a35b29236262021-12-20 15:57:38.676root 11241100x8000000000000000766721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91da9bac05ff26e72021-12-20 15:57:38.676root 11241100x8000000000000000766722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0030127964972c2b2021-12-20 15:57:38.676root 11241100x8000000000000000766723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94535920b0c7ad4d2021-12-20 15:57:38.676root 11241100x8000000000000000766724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6307ce13056f265e2021-12-20 15:57:38.676root 11241100x8000000000000000766725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7111b769e18f2f32021-12-20 15:57:38.676root 11241100x8000000000000000766726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a537f562cdf31482021-12-20 15:57:38.676root 11241100x8000000000000000766727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8716506e73580a962021-12-20 15:57:38.676root 11241100x8000000000000000766728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36608ff1ac5895702021-12-20 15:57:38.676root 11241100x8000000000000000766729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c456768ffef9bea2021-12-20 15:57:38.676root 11241100x8000000000000000766730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0bca22dd208e2c2021-12-20 15:57:38.676root 11241100x8000000000000000766731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a450006cde00919c2021-12-20 15:57:38.677root 11241100x8000000000000000766732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d010afda822afd2021-12-20 15:57:38.677root 11241100x8000000000000000766733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e865b4618251d572021-12-20 15:57:38.677root 11241100x8000000000000000766734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15e99095015e0dd2021-12-20 15:57:38.677root 11241100x8000000000000000766735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7599506236b29f72021-12-20 15:57:38.677root 11241100x8000000000000000766736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912b203d428262162021-12-20 15:57:38.677root 11241100x8000000000000000766737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f017962c464b9ff2021-12-20 15:57:38.677root 11241100x8000000000000000766738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f57d5032b802de2021-12-20 15:57:38.677root 11241100x8000000000000000766739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bfe8f2bb88fe612021-12-20 15:57:38.677root 11241100x8000000000000000766740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9af479f0ebe1f02021-12-20 15:57:38.677root 11241100x8000000000000000766741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7b9fdb88048edb2021-12-20 15:57:38.677root 23542300x8000000000000000766742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.052{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000766743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b32a1302af21f82021-12-20 15:57:39.053root 11241100x8000000000000000766744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe05d6f18c4004b2021-12-20 15:57:39.053root 11241100x8000000000000000766745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ed0c4e3fe0b2ff2021-12-20 15:57:39.053root 11241100x8000000000000000766746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbef6e2f000e2c412021-12-20 15:57:39.054root 11241100x8000000000000000766747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a7fe823e2124562021-12-20 15:57:39.054root 11241100x8000000000000000766748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02352af835b33e2b2021-12-20 15:57:39.054root 11241100x8000000000000000766749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc0b062682b3cc12021-12-20 15:57:39.054root 11241100x8000000000000000766750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fb61092f62dd862021-12-20 15:57:39.054root 11241100x8000000000000000766751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6ff701d05105022021-12-20 15:57:39.054root 11241100x8000000000000000766752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658571127ccd03482021-12-20 15:57:39.054root 11241100x8000000000000000766753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744c80806dd4f1c62021-12-20 15:57:39.054root 11241100x8000000000000000766754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f2b161eab0ea592021-12-20 15:57:39.054root 11241100x8000000000000000766755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3268621ac7cdfc2021-12-20 15:57:39.054root 11241100x8000000000000000766756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c41127992669c02021-12-20 15:57:39.054root 11241100x8000000000000000766757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fc3a46aa2fc8812021-12-20 15:57:39.055root 11241100x8000000000000000766758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1144b0459d43a22021-12-20 15:57:39.055root 11241100x8000000000000000766759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125bbc330d2b5d102021-12-20 15:57:39.055root 11241100x8000000000000000766760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105a602f18976e252021-12-20 15:57:39.055root 11241100x8000000000000000766761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aafd39baa77e502021-12-20 15:57:39.055root 11241100x8000000000000000766762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81a6a62a865583c2021-12-20 15:57:39.055root 11241100x8000000000000000766763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d40931b37907322021-12-20 15:57:39.055root 11241100x8000000000000000766764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffb77b76994deba2021-12-20 15:57:39.055root 11241100x8000000000000000766765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69af8b7dfe46512c2021-12-20 15:57:39.055root 11241100x8000000000000000766766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1528b8470fdb8dea2021-12-20 15:57:39.055root 11241100x8000000000000000766767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead7c381b4c86ac2021-12-20 15:57:39.055root 11241100x8000000000000000766768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5065ad798d05a2962021-12-20 15:57:39.056root 11241100x8000000000000000766769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1616562f86c1152021-12-20 15:57:39.056root 11241100x8000000000000000766770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ac309bbd9fe2b22021-12-20 15:57:39.056root 11241100x8000000000000000766771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dad68e8335ae6a2021-12-20 15:57:39.057root 11241100x8000000000000000766772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf0543383cb1ffe2021-12-20 15:57:39.057root 11241100x8000000000000000766773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326acde39ddb1d22021-12-20 15:57:39.057root 11241100x8000000000000000766774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecb5d1a655532002021-12-20 15:57:39.057root 11241100x8000000000000000766775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cdde00a43d99e92021-12-20 15:57:39.058root 11241100x8000000000000000766776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1f9d1d6eabf3702021-12-20 15:57:39.058root 11241100x8000000000000000766777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00b386c1346acb72021-12-20 15:57:39.058root 11241100x8000000000000000766778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15addd0a41182c52021-12-20 15:57:39.058root 11241100x8000000000000000766779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4994bae21110132021-12-20 15:57:39.059root 11241100x8000000000000000766780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d146fa94c7aa0762021-12-20 15:57:39.059root 11241100x8000000000000000766781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c453839fbb7e8e72021-12-20 15:57:39.424root 11241100x8000000000000000766782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c1fcee838eb6da2021-12-20 15:57:39.424root 11241100x8000000000000000766783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6946a475a356b3512021-12-20 15:57:39.424root 11241100x8000000000000000766784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cd3b9682941e232021-12-20 15:57:39.424root 11241100x8000000000000000766785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf4b240943f42162021-12-20 15:57:39.425root 11241100x8000000000000000766786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49471fa20445a3b2021-12-20 15:57:39.425root 11241100x8000000000000000766787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d844a972b9ac4f22021-12-20 15:57:39.425root 11241100x8000000000000000766788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac99f1b7af5c3f82021-12-20 15:57:39.425root 11241100x8000000000000000766789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a7eb9d7ebb08e42021-12-20 15:57:39.425root 11241100x8000000000000000766790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ceb51658ff2e092021-12-20 15:57:39.425root 11241100x8000000000000000766791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477cee846c87f3f02021-12-20 15:57:39.425root 11241100x8000000000000000766792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7bd478350eba612021-12-20 15:57:39.426root 11241100x8000000000000000766793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91762d1a4ee8f7f02021-12-20 15:57:39.426root 11241100x8000000000000000766794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe363cfa0aa862562021-12-20 15:57:39.426root 11241100x8000000000000000766795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c097488b108281df2021-12-20 15:57:39.426root 11241100x8000000000000000766796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aac47e4314f27012021-12-20 15:57:39.426root 11241100x8000000000000000766797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153d66e9388389532021-12-20 15:57:39.426root 11241100x8000000000000000766798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98497220ae7e1b92021-12-20 15:57:39.426root 11241100x8000000000000000766799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9dfdc8fe49158f2021-12-20 15:57:39.426root 11241100x8000000000000000766800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be76e5239098d8f72021-12-20 15:57:39.426root 11241100x8000000000000000766801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693686e4e6b625d92021-12-20 15:57:39.426root 11241100x8000000000000000766802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37665af1a56d17062021-12-20 15:57:39.426root 11241100x8000000000000000766803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de85c4a2a665eea52021-12-20 15:57:39.426root 11241100x8000000000000000766804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecac89574fb6cf02021-12-20 15:57:39.426root 11241100x8000000000000000766805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0089e836b52ef22021-12-20 15:57:39.426root 11241100x8000000000000000766806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff968c916446909f2021-12-20 15:57:39.427root 11241100x8000000000000000766807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8577fe26901258db2021-12-20 15:57:39.427root 11241100x8000000000000000766808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5092bd8cedd52b372021-12-20 15:57:39.427root 11241100x8000000000000000766809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36aaefcdc4ad948d2021-12-20 15:57:39.427root 11241100x8000000000000000766810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0489922d85d8ce532021-12-20 15:57:39.427root 11241100x8000000000000000766811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1b61446ebdda852021-12-20 15:57:39.427root 11241100x8000000000000000766812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42c595ad8ad1a4f2021-12-20 15:57:39.427root 11241100x8000000000000000766813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1363a5ccf80db3c42021-12-20 15:57:39.427root 11241100x8000000000000000766814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364762e89af8ba702021-12-20 15:57:39.427root 11241100x8000000000000000766815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152f28e3f16edd332021-12-20 15:57:39.427root 11241100x8000000000000000766816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9016e4917d3ad732021-12-20 15:57:39.427root 11241100x8000000000000000766817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e38f6a25d7c2b72021-12-20 15:57:39.924root 11241100x8000000000000000766818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88044aca2bbf6f802021-12-20 15:57:39.925root 11241100x8000000000000000766819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4408c0bf8d50a1402021-12-20 15:57:39.925root 11241100x8000000000000000766820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20ae5de486f34c92021-12-20 15:57:39.925root 11241100x8000000000000000766821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a01f56cac9f9bc22021-12-20 15:57:39.925root 11241100x8000000000000000766822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b04eee7f21a0c302021-12-20 15:57:39.926root 11241100x8000000000000000766823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8ca130d59cf4382021-12-20 15:57:39.926root 11241100x8000000000000000766824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e305ca476b66dd2021-12-20 15:57:39.926root 11241100x8000000000000000766825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4b6fcfb23ac6202021-12-20 15:57:39.927root 11241100x8000000000000000766826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9419c3dc668591602021-12-20 15:57:39.927root 11241100x8000000000000000766827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c080a82087ccff062021-12-20 15:57:39.927root 11241100x8000000000000000766828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2fe6c0d482cce72021-12-20 15:57:39.927root 11241100x8000000000000000766829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2729faefeb3e37212021-12-20 15:57:39.927root 11241100x8000000000000000766830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acac57b361b65df2021-12-20 15:57:39.927root 11241100x8000000000000000766831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13fc66ea3380e3f2021-12-20 15:57:39.927root 11241100x8000000000000000766832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b83ea9c05d191d2021-12-20 15:57:39.928root 11241100x8000000000000000766833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fd68a1b101ee652021-12-20 15:57:39.928root 11241100x8000000000000000766834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c44767f6439af992021-12-20 15:57:39.928root 11241100x8000000000000000766835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9216333e5f487012021-12-20 15:57:39.928root 11241100x8000000000000000766836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e005a6207fee92642021-12-20 15:57:39.928root 11241100x8000000000000000766837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3d0d7401c04f072021-12-20 15:57:39.928root 11241100x8000000000000000766838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a30a5aaa61c7622021-12-20 15:57:39.928root 11241100x8000000000000000766839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f289fd2380bf1f882021-12-20 15:57:39.928root 11241100x8000000000000000766840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7aeda307456ea92021-12-20 15:57:39.929root 11241100x8000000000000000766841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca04bc72f5e7b82e2021-12-20 15:57:39.929root 11241100x8000000000000000766842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e402d03365710492021-12-20 15:57:39.929root 11241100x8000000000000000766843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae7f203648cbf172021-12-20 15:57:39.929root 11241100x8000000000000000766844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e9874b72ca2f052021-12-20 15:57:39.929root 11241100x8000000000000000766845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9560236d4662aa2021-12-20 15:57:39.931root 11241100x8000000000000000766846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac581bb9bab651d2021-12-20 15:57:39.931root 11241100x8000000000000000766847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293291d442e229b32021-12-20 15:57:39.931root 11241100x8000000000000000766848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb60b19f1030c7a2021-12-20 15:57:39.931root 11241100x8000000000000000766849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a5d5963d1de5252021-12-20 15:57:39.931root 11241100x8000000000000000766850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e103faaffd840282021-12-20 15:57:39.932root 11241100x8000000000000000766851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9e700dd28aead12021-12-20 15:57:39.932root 11241100x8000000000000000766852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:39.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af2177d4b47679f2021-12-20 15:57:39.932root 11241100x8000000000000000766853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316862804fd196822021-12-20 15:57:40.424root 11241100x8000000000000000766854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24d908efeb1f9222021-12-20 15:57:40.424root 11241100x8000000000000000766855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015aae6c0d47da462021-12-20 15:57:40.424root 11241100x8000000000000000766856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67d8d072ecb7bce2021-12-20 15:57:40.424root 11241100x8000000000000000766857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c697ea2c441783a82021-12-20 15:57:40.424root 11241100x8000000000000000766858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea96c3ce4aee8d2f2021-12-20 15:57:40.424root 11241100x8000000000000000766859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888d8ffbdedc91692021-12-20 15:57:40.424root 11241100x8000000000000000766860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832847045809522a2021-12-20 15:57:40.424root 11241100x8000000000000000766861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2b1f43bb9e16452021-12-20 15:57:40.424root 11241100x8000000000000000766862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d26c9d8831f6a62021-12-20 15:57:40.424root 11241100x8000000000000000766863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e241afdea29d3d52021-12-20 15:57:40.424root 11241100x8000000000000000766864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abbdf942761e2892021-12-20 15:57:40.425root 11241100x8000000000000000766865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7790ba872b15f3ce2021-12-20 15:57:40.425root 11241100x8000000000000000766866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9f06b20567d7952021-12-20 15:57:40.425root 11241100x8000000000000000766867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacebf49a2c67e802021-12-20 15:57:40.425root 11241100x8000000000000000766868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae0789b3c2107ba2021-12-20 15:57:40.425root 11241100x8000000000000000766869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2497c7617ef55aca2021-12-20 15:57:40.425root 11241100x8000000000000000766870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a93bd717ba9c6412021-12-20 15:57:40.425root 11241100x8000000000000000766871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561a7d29b1d973e32021-12-20 15:57:40.425root 11241100x8000000000000000766872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b4e674da3009c02021-12-20 15:57:40.425root 11241100x8000000000000000766873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc10b7dcc5b2414a2021-12-20 15:57:40.425root 11241100x8000000000000000766874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be464abf215c164f2021-12-20 15:57:40.425root 11241100x8000000000000000766875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d5d0554a67d8552021-12-20 15:57:40.425root 11241100x8000000000000000766876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6c6e51f77da9312021-12-20 15:57:40.425root 11241100x8000000000000000766877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ad40136fe95c922021-12-20 15:57:40.425root 11241100x8000000000000000766878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d60c8f62af06952021-12-20 15:57:40.426root 11241100x8000000000000000766879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c0452f0479f86a2021-12-20 15:57:40.426root 11241100x8000000000000000766880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821e3123364c30362021-12-20 15:57:40.426root 11241100x8000000000000000766881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c0806c19b7af5f2021-12-20 15:57:40.426root 11241100x8000000000000000766882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01b6010b0f564ff2021-12-20 15:57:40.426root 11241100x8000000000000000766883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015b3d1245db76e12021-12-20 15:57:40.427root 11241100x8000000000000000766884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91886c6c3d81d1812021-12-20 15:57:40.427root 11241100x8000000000000000766885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6153374795128c2021-12-20 15:57:40.427root 11241100x8000000000000000766886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86be78c81858ee0d2021-12-20 15:57:40.427root 11241100x8000000000000000766887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027bda0b7c3a33cf2021-12-20 15:57:40.427root 11241100x8000000000000000766888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229107a91b4756d62021-12-20 15:57:40.427root 11241100x8000000000000000766889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a537b19c5e25552021-12-20 15:57:40.427root 11241100x8000000000000000766890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744e3820cf8f996d2021-12-20 15:57:40.427root 11241100x8000000000000000766891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4a24195eb4a0c72021-12-20 15:57:40.427root 11241100x8000000000000000766892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3c2437cc6eea482021-12-20 15:57:40.427root 11241100x8000000000000000766893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e235b964ef05542021-12-20 15:57:40.427root 11241100x8000000000000000766894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795277cf2debf3d62021-12-20 15:57:40.427root 11241100x8000000000000000766895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8241d2354811f5d2021-12-20 15:57:40.427root 11241100x8000000000000000766896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d80141041fc2f152021-12-20 15:57:40.428root 11241100x8000000000000000766897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fda96310d457942021-12-20 15:57:40.428root 11241100x8000000000000000766898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531b38cc169c93e62021-12-20 15:57:40.428root 11241100x8000000000000000766899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fde34cf1c36aad72021-12-20 15:57:40.428root 11241100x8000000000000000766900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c10350799137cf92021-12-20 15:57:40.429root 11241100x8000000000000000766901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b975e2c5ab40ca222021-12-20 15:57:40.429root 11241100x8000000000000000766902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f2062bc4f1a4b12021-12-20 15:57:40.429root 11241100x8000000000000000766903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438fab7cb7eacb842021-12-20 15:57:40.429root 11241100x8000000000000000766904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643caf5597c97a872021-12-20 15:57:40.429root 11241100x8000000000000000766905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca0db95aa614f772021-12-20 15:57:40.430root 11241100x8000000000000000766906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb61cdd91d84d69b2021-12-20 15:57:40.430root 11241100x8000000000000000766907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f785e4f178e8e72021-12-20 15:57:40.430root 11241100x8000000000000000766908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6928ed4e7de9a0112021-12-20 15:57:40.430root 11241100x8000000000000000766909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b7c028086f225b2021-12-20 15:57:40.430root 11241100x8000000000000000766910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f3b86599f838282021-12-20 15:57:40.430root 11241100x8000000000000000766911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133e34c27c878e372021-12-20 15:57:40.430root 11241100x8000000000000000766912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25643908f643cd982021-12-20 15:57:40.924root 11241100x8000000000000000766913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab01a67533ec5a692021-12-20 15:57:40.924root 11241100x8000000000000000766914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743e9b756ae3d07c2021-12-20 15:57:40.925root 11241100x8000000000000000766915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8664d274afe1a5ca2021-12-20 15:57:40.925root 11241100x8000000000000000766916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0c480fe98e4efa2021-12-20 15:57:40.925root 11241100x8000000000000000766917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a8163deb6069c82021-12-20 15:57:40.925root 11241100x8000000000000000766918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ef088a83e7b16a2021-12-20 15:57:40.925root 11241100x8000000000000000766919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3125589710db48222021-12-20 15:57:40.926root 11241100x8000000000000000766920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d855b70c6830132021-12-20 15:57:40.926root 11241100x8000000000000000766921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9324cc7d8a7d7212021-12-20 15:57:40.926root 11241100x8000000000000000766922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d35997282d9e69a2021-12-20 15:57:40.926root 11241100x8000000000000000766923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad6ce36d4a3d4342021-12-20 15:57:40.926root 11241100x8000000000000000766924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bb95929e9808b92021-12-20 15:57:40.927root 11241100x8000000000000000766925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a804f7cb272e1f7f2021-12-20 15:57:40.928root 11241100x8000000000000000766926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a8a5b3cd4747ae2021-12-20 15:57:40.929root 11241100x8000000000000000766927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a098b68c482cd42021-12-20 15:57:40.929root 11241100x8000000000000000766928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c845ea85d46da62021-12-20 15:57:40.929root 11241100x8000000000000000766929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2409807f5594ddf2021-12-20 15:57:40.930root 11241100x8000000000000000766930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016da65ea3c183162021-12-20 15:57:40.930root 11241100x8000000000000000766931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923777aba6ab6b792021-12-20 15:57:40.930root 11241100x8000000000000000766932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c2f78c1a193da2021-12-20 15:57:40.930root 11241100x8000000000000000766933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9c7e0aa48b1e22021-12-20 15:57:40.931root 11241100x8000000000000000766934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005621709a72e9d12021-12-20 15:57:40.931root 11241100x8000000000000000766935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d2ce7892d9e0f92021-12-20 15:57:40.931root 11241100x8000000000000000766936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3650e8067ef4391b2021-12-20 15:57:40.931root 11241100x8000000000000000766937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e746243295455b32021-12-20 15:57:40.931root 11241100x8000000000000000766938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f441991d710c2dd2021-12-20 15:57:40.932root 11241100x8000000000000000766939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a7d569416da2aa2021-12-20 15:57:40.932root 11241100x8000000000000000766940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1600ca74015c861f2021-12-20 15:57:40.932root 11241100x8000000000000000766941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee2daf77f54779b2021-12-20 15:57:40.933root 11241100x8000000000000000766942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc87fb9a5d034d512021-12-20 15:57:40.933root 11241100x8000000000000000766943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adc694bafbc56032021-12-20 15:57:40.933root 11241100x8000000000000000766944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f47f48adab4fc42021-12-20 15:57:40.933root 11241100x8000000000000000766945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6da3458e5a9d152021-12-20 15:57:40.934root 11241100x8000000000000000766946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3803255f4671be2021-12-20 15:57:40.934root 11241100x8000000000000000766947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074b27cd26d37f592021-12-20 15:57:40.935root 11241100x8000000000000000766948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04105f0899f389b02021-12-20 15:57:40.935root 11241100x8000000000000000766949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6157ae314997242021-12-20 15:57:40.935root 11241100x8000000000000000766950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b617b5c814d9fab2021-12-20 15:57:41.424root 11241100x8000000000000000766951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba441dbc63a2f8152021-12-20 15:57:41.424root 11241100x8000000000000000766952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f231aa53937ee2e32021-12-20 15:57:41.424root 11241100x8000000000000000766953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c7eeef3194343f2021-12-20 15:57:41.424root 11241100x8000000000000000766954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb4214f03e32c772021-12-20 15:57:41.424root 11241100x8000000000000000766955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6b77a90f54aca62021-12-20 15:57:41.425root 11241100x8000000000000000766956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9570ccc311f0e72021-12-20 15:57:41.425root 11241100x8000000000000000766957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf1ed7705810ca22021-12-20 15:57:41.425root 11241100x8000000000000000766958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d79c331377625f02021-12-20 15:57:41.425root 11241100x8000000000000000766959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6799c91d8b47d6b42021-12-20 15:57:41.425root 11241100x8000000000000000766960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aafa2d3371261a72021-12-20 15:57:41.425root 11241100x8000000000000000766961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4b731c345be6ba2021-12-20 15:57:41.425root 11241100x8000000000000000766962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e584a5c90c1b1072021-12-20 15:57:41.426root 11241100x8000000000000000766963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e026b86c617598572021-12-20 15:57:41.426root 11241100x8000000000000000766964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85adc8af2c5d5bef2021-12-20 15:57:41.426root 11241100x8000000000000000766965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49965af17deb71bc2021-12-20 15:57:41.426root 11241100x8000000000000000766966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf4c5e9c1f0cc8e2021-12-20 15:57:41.426root 11241100x8000000000000000766967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd1f206833a90212021-12-20 15:57:41.427root 11241100x8000000000000000766968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0316b99991959d72021-12-20 15:57:41.427root 11241100x8000000000000000766969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8076417fef3145ae2021-12-20 15:57:41.427root 11241100x8000000000000000766970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a268ad075b3dbe2021-12-20 15:57:41.427root 11241100x8000000000000000766971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae587225a6357bc2021-12-20 15:57:41.427root 11241100x8000000000000000766972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8216c7c52cbb912021-12-20 15:57:41.428root 11241100x8000000000000000766973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b4e4f891a1e5192021-12-20 15:57:41.429root 11241100x8000000000000000766974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45118de25f41a66e2021-12-20 15:57:41.432root 11241100x8000000000000000766975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6454b7c8c9298d02021-12-20 15:57:41.432root 11241100x8000000000000000766976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcdb42a54a2b5e42021-12-20 15:57:41.432root 11241100x8000000000000000766977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcd94cd911b1c422021-12-20 15:57:41.432root 11241100x8000000000000000766978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5390c6e5df1b17442021-12-20 15:57:41.433root 11241100x8000000000000000766979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd9a588dadd5eb32021-12-20 15:57:41.433root 11241100x8000000000000000766980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198994273e034e622021-12-20 15:57:41.433root 11241100x8000000000000000766981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938100cdc45feb882021-12-20 15:57:41.433root 11241100x8000000000000000766982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ca1605ea4009552021-12-20 15:57:41.434root 11241100x8000000000000000766983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fb6b77bec6ac9a2021-12-20 15:57:41.434root 11241100x8000000000000000766984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8937d37508a040262021-12-20 15:57:41.434root 11241100x8000000000000000766985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32071c9dad3b389c2021-12-20 15:57:41.434root 11241100x8000000000000000766986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d994abc1c42ddda2021-12-20 15:57:41.434root 11241100x8000000000000000766987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc20b002f14e0af2021-12-20 15:57:41.435root 11241100x8000000000000000766988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0537431d1d27582021-12-20 15:57:41.436root 11241100x8000000000000000766989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bb8a35d3e70bcc2021-12-20 15:57:41.436root 11241100x8000000000000000766990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680f425ab77f27f22021-12-20 15:57:41.437root 11241100x8000000000000000766991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd935e57b177ede42021-12-20 15:57:41.438root 11241100x8000000000000000766992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b61f47dd8955a62021-12-20 15:57:41.438root 11241100x8000000000000000766993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b183a849b1d4f3a2021-12-20 15:57:41.439root 11241100x8000000000000000766994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a516c3076f879292021-12-20 15:57:41.439root 11241100x8000000000000000766995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaadfdc8e0d1b6c2021-12-20 15:57:41.439root 11241100x8000000000000000766996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f33ae7f278705292021-12-20 15:57:41.439root 11241100x8000000000000000766997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc912b719b448c52021-12-20 15:57:41.439root 11241100x8000000000000000766998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c321514b6d992092021-12-20 15:57:41.924root 11241100x8000000000000000766999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89cbd1fa2a7c3e32021-12-20 15:57:41.924root 11241100x8000000000000000767000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e451035cd7699f2021-12-20 15:57:41.924root 11241100x8000000000000000767001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2678a4083a25e12021-12-20 15:57:41.925root 11241100x8000000000000000767002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3490ea9f4b0343372021-12-20 15:57:41.925root 11241100x8000000000000000767003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2066aba519a6bf7e2021-12-20 15:57:41.925root 11241100x8000000000000000767004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b4296cee7c86d72021-12-20 15:57:41.925root 11241100x8000000000000000767005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0c98a66b47a062021-12-20 15:57:41.925root 11241100x8000000000000000767006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc2f681d744dad22021-12-20 15:57:41.925root 11241100x8000000000000000767007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b962f51a95123d482021-12-20 15:57:41.925root 11241100x8000000000000000767008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e161b3c46b3379b2021-12-20 15:57:41.925root 11241100x8000000000000000767009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5eb6174cbbbcf402021-12-20 15:57:41.925root 11241100x8000000000000000767010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2268ad74255c17f2021-12-20 15:57:41.925root 11241100x8000000000000000767011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264c0b2691429c122021-12-20 15:57:41.926root 11241100x8000000000000000767012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e263c95ec70ef112021-12-20 15:57:41.926root 11241100x8000000000000000767013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd992e8e304d9a22021-12-20 15:57:41.926root 11241100x8000000000000000767014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bf8a11516a39842021-12-20 15:57:41.926root 11241100x8000000000000000767015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32170ab4f4fc997a2021-12-20 15:57:41.926root 11241100x8000000000000000767016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3340026d6c63710d2021-12-20 15:57:41.926root 11241100x8000000000000000767017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f93e920981bebf62021-12-20 15:57:41.926root 11241100x8000000000000000767018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86907dba8725a9b12021-12-20 15:57:41.926root 11241100x8000000000000000767019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca7f01d1b1c04ce2021-12-20 15:57:41.926root 11241100x8000000000000000767020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f22f09b7b84291f2021-12-20 15:57:41.926root 11241100x8000000000000000767021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2802cb6e9aa7d8bc2021-12-20 15:57:41.927root 11241100x8000000000000000767022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c67fb3ef0bb4ab02021-12-20 15:57:41.927root 11241100x8000000000000000767023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164061dc29addeb82021-12-20 15:57:41.927root 11241100x8000000000000000767024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce626693da8fa102021-12-20 15:57:41.927root 11241100x8000000000000000767025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bca28e469fec862021-12-20 15:57:41.927root 11241100x8000000000000000767026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce318c22d72fdf12021-12-20 15:57:41.927root 11241100x8000000000000000767027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f6f55cb8d06a42021-12-20 15:57:41.927root 11241100x8000000000000000767028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5a1764497e317d2021-12-20 15:57:41.927root 11241100x8000000000000000767029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce56b3ee3e88e702021-12-20 15:57:41.927root 11241100x8000000000000000767030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5298a4db2fa3d76e2021-12-20 15:57:41.927root 11241100x8000000000000000767031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342f022e09fce2e72021-12-20 15:57:41.928root 11241100x8000000000000000767032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0181922928fea9fc2021-12-20 15:57:41.928root 11241100x8000000000000000767033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc029d6a668d79f2021-12-20 15:57:41.928root 11241100x8000000000000000767034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ce9bc9acd5a2472021-12-20 15:57:41.928root 11241100x8000000000000000767035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13899a77c6813c772021-12-20 15:57:41.928root 11241100x8000000000000000767036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a29223948053a02021-12-20 15:57:41.928root 11241100x8000000000000000767037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7554ef702b2b8082021-12-20 15:57:41.928root 11241100x8000000000000000767038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba970b69f7d73b72021-12-20 15:57:41.928root 11241100x8000000000000000767039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b46099fed2dae2a2021-12-20 15:57:41.928root 11241100x8000000000000000767040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ed18af47da1a6f2021-12-20 15:57:41.928root 11241100x8000000000000000767041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757ae74e35c957562021-12-20 15:57:41.929root 11241100x8000000000000000767042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32875f4a766c455d2021-12-20 15:57:41.929root 11241100x8000000000000000767043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a2e30f065305462021-12-20 15:57:41.929root 11241100x8000000000000000767044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f3bef943c642512021-12-20 15:57:41.929root 11241100x8000000000000000767045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6053701231978852021-12-20 15:57:41.929root 11241100x8000000000000000767046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec12775c7d6bc4ed2021-12-20 15:57:41.929root 11241100x8000000000000000767047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8863bf1bdfed97152021-12-20 15:57:41.929root 11241100x8000000000000000767048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0872d62e30a743622021-12-20 15:57:41.929root 11241100x8000000000000000767049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3541602c3ce2dee2021-12-20 15:57:41.929root 11241100x8000000000000000767050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c651422d03971c2021-12-20 15:57:42.424root 11241100x8000000000000000767051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9941d4d7c634bbad2021-12-20 15:57:42.424root 11241100x8000000000000000767052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c986d0338d1d7cf12021-12-20 15:57:42.424root 11241100x8000000000000000767053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3954fe016fab142021-12-20 15:57:42.425root 11241100x8000000000000000767054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58a1b26848922d42021-12-20 15:57:42.425root 11241100x8000000000000000767055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3fe1730f7c1a292021-12-20 15:57:42.425root 11241100x8000000000000000767056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a13b954a4b973a42021-12-20 15:57:42.425root 11241100x8000000000000000767057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50ecc98c805b5862021-12-20 15:57:42.426root 11241100x8000000000000000767058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954d90f01a5a01cd2021-12-20 15:57:42.426root 11241100x8000000000000000767059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa9ced9c557edfa2021-12-20 15:57:42.426root 11241100x8000000000000000767060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2511dc116f0ebd112021-12-20 15:57:42.427root 11241100x8000000000000000767061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8588ee5d10f8e51d2021-12-20 15:57:42.427root 11241100x8000000000000000767062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc12e2e9a46e57462021-12-20 15:57:42.427root 11241100x8000000000000000767063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9966b1c470ea50b42021-12-20 15:57:42.428root 11241100x8000000000000000767064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a6ca01a6bc47892021-12-20 15:57:42.428root 11241100x8000000000000000767065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a65175851323282021-12-20 15:57:42.429root 11241100x8000000000000000767066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436fea7ff4e878f82021-12-20 15:57:42.430root 11241100x8000000000000000767067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9070cd82b3c40f4c2021-12-20 15:57:42.430root 11241100x8000000000000000767068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e1ab059658b9132021-12-20 15:57:42.430root 11241100x8000000000000000767069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcffd578cd38fdda2021-12-20 15:57:42.430root 11241100x8000000000000000767070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1828bdc796aa4552021-12-20 15:57:42.431root 11241100x8000000000000000767071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5939ded1a23ff02021-12-20 15:57:42.431root 11241100x8000000000000000767072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99f63b8df8785252021-12-20 15:57:42.431root 11241100x8000000000000000767073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a561d4f004f75942021-12-20 15:57:42.431root 11241100x8000000000000000767074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af7819acbc9ad7a2021-12-20 15:57:42.432root 11241100x8000000000000000767075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e408dab68239a74e2021-12-20 15:57:42.432root 11241100x8000000000000000767076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33545a401cab3d12021-12-20 15:57:42.432root 11241100x8000000000000000767077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba18157a70a8cf02021-12-20 15:57:42.432root 11241100x8000000000000000767078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0e237b942026152021-12-20 15:57:42.432root 11241100x8000000000000000767079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc841131771d3f2021-12-20 15:57:42.433root 11241100x8000000000000000767080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18190a25775604dc2021-12-20 15:57:42.433root 11241100x8000000000000000767081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddc59b81edcaad42021-12-20 15:57:42.433root 11241100x8000000000000000767082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4e0f4946c54cd42021-12-20 15:57:42.433root 11241100x8000000000000000767083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4129df21aabf3b72021-12-20 15:57:42.434root 11241100x8000000000000000767084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c2926c5ae1c9bf2021-12-20 15:57:42.434root 11241100x8000000000000000767085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c766ce0a0ed44e092021-12-20 15:57:42.435root 11241100x8000000000000000767086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16724ae36f93fb1c2021-12-20 15:57:42.435root 11241100x8000000000000000767087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa442642626705a22021-12-20 15:57:42.435root 11241100x8000000000000000767088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1ee2ba7446132d2021-12-20 15:57:42.435root 11241100x8000000000000000767089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e071075a1d25522021-12-20 15:57:42.436root 11241100x8000000000000000767090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839e38db2dcea4572021-12-20 15:57:42.924root 11241100x8000000000000000767091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cfcd9b8dcb12e02021-12-20 15:57:42.924root 11241100x8000000000000000767092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eec926f5f4efeda2021-12-20 15:57:42.924root 11241100x8000000000000000767093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22279f844bc854e2021-12-20 15:57:42.924root 11241100x8000000000000000767094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e9d70367b34da42021-12-20 15:57:42.924root 11241100x8000000000000000767095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3838528b79d8de22021-12-20 15:57:42.925root 11241100x8000000000000000767096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e8fc982806f0882021-12-20 15:57:42.925root 11241100x8000000000000000767097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9383cb74fb81722021-12-20 15:57:42.925root 11241100x8000000000000000767098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bdf2afc9ebf4b02021-12-20 15:57:42.925root 11241100x8000000000000000767099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2838b3fc419ea7642021-12-20 15:57:42.925root 11241100x8000000000000000767100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0899da40c43039762021-12-20 15:57:42.925root 11241100x8000000000000000767101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d495f964411cf0dd2021-12-20 15:57:42.925root 11241100x8000000000000000767102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5737f954393352052021-12-20 15:57:42.925root 11241100x8000000000000000767103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5034e48f143e9ebc2021-12-20 15:57:42.925root 11241100x8000000000000000767104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387ddaf5290e65a32021-12-20 15:57:42.926root 11241100x8000000000000000767105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c4a445c25753062021-12-20 15:57:42.926root 11241100x8000000000000000767106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa15e42b82b968022021-12-20 15:57:42.926root 11241100x8000000000000000767107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f7ff15631844422021-12-20 15:57:42.926root 11241100x8000000000000000767108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e968d01d4f5e75ff2021-12-20 15:57:42.926root 11241100x8000000000000000767109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c5a4f9b74b7e132021-12-20 15:57:42.926root 11241100x8000000000000000767110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131c2338b28c60252021-12-20 15:57:42.926root 11241100x8000000000000000767111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea5316ba52bd76c2021-12-20 15:57:42.926root 11241100x8000000000000000767112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896b2b3e639a4d6e2021-12-20 15:57:42.926root 11241100x8000000000000000767113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2820467999a976642021-12-20 15:57:42.926root 11241100x8000000000000000767114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fb9f100f63ddc62021-12-20 15:57:42.926root 11241100x8000000000000000767115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe15fc85174b945a2021-12-20 15:57:42.926root 11241100x8000000000000000767116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558b1ab05ae630042021-12-20 15:57:42.927root 11241100x8000000000000000767117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c07ce12470dedc92021-12-20 15:57:42.927root 11241100x8000000000000000767118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0420f51358125d642021-12-20 15:57:42.927root 11241100x8000000000000000767119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1f6dd05c4e1d022021-12-20 15:57:42.927root 11241100x8000000000000000767120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e2a5d42f876a4d2021-12-20 15:57:42.927root 11241100x8000000000000000767121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eafed1f684ef412021-12-20 15:57:42.927root 11241100x8000000000000000767122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ea03b08e69ba0e2021-12-20 15:57:42.927root 11241100x8000000000000000767123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fc97fa8f167a382021-12-20 15:57:42.928root 11241100x8000000000000000767124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41e5b24cf4a4c742021-12-20 15:57:42.928root 11241100x8000000000000000767125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37f22618fe406072021-12-20 15:57:42.928root 11241100x8000000000000000767126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b2c2ab9e4d84c62021-12-20 15:57:42.928root 11241100x8000000000000000767127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809063d5b12594262021-12-20 15:57:42.928root 11241100x8000000000000000767128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3e813f716efade2021-12-20 15:57:42.928root 11241100x8000000000000000767129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a22549644033bbc2021-12-20 15:57:42.928root 11241100x8000000000000000767130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc352505751e3102021-12-20 15:57:42.928root 11241100x8000000000000000767131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9616da2d01f69ad92021-12-20 15:57:42.928root 11241100x8000000000000000767132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2acb53e548571232021-12-20 15:57:42.928root 11241100x8000000000000000767133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5947440e8fd551a32021-12-20 15:57:42.929root 11241100x8000000000000000767134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6477dcbc0b5c57e62021-12-20 15:57:42.929root 11241100x8000000000000000767135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1ca714e046d8972021-12-20 15:57:42.929root 354300x8000000000000000767136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.203{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51430-false10.0.1.12-8000- 11241100x8000000000000000767137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8321384d38f2891d2021-12-20 15:57:43.204root 11241100x8000000000000000767138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e7f2844b3b23632021-12-20 15:57:43.204root 11241100x8000000000000000767139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a768b3521a46fcb52021-12-20 15:57:43.204root 11241100x8000000000000000767140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bed60630dcc478e2021-12-20 15:57:43.204root 11241100x8000000000000000767141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa095ce1f42472482021-12-20 15:57:43.204root 11241100x8000000000000000767142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5d3b84b77032702021-12-20 15:57:43.204root 11241100x8000000000000000767143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71732b136833594a2021-12-20 15:57:43.204root 11241100x8000000000000000767144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6edf09c8067c502021-12-20 15:57:43.204root 11241100x8000000000000000767145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a80a9d8e7c2e4ec2021-12-20 15:57:43.204root 11241100x8000000000000000767146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f33567c931e5a52021-12-20 15:57:43.204root 11241100x8000000000000000767147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc89edd3ef54f2782021-12-20 15:57:43.204root 11241100x8000000000000000767148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.204{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6d76ab24fc01282021-12-20 15:57:43.204root 11241100x8000000000000000767149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9b1975897c35862021-12-20 15:57:43.205root 11241100x8000000000000000767150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846fe7b8b865b4c32021-12-20 15:57:43.205root 11241100x8000000000000000767151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41a74509e6cb1702021-12-20 15:57:43.205root 11241100x8000000000000000767152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5fb4f39a6fe05d2021-12-20 15:57:43.205root 11241100x8000000000000000767153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0422a9d8eb7e2f392021-12-20 15:57:43.205root 11241100x8000000000000000767154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f11a5860b59e47e2021-12-20 15:57:43.205root 11241100x8000000000000000767155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef743d11ae7683d62021-12-20 15:57:43.205root 11241100x8000000000000000767156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8941ecdf9ec0d72021-12-20 15:57:43.205root 11241100x8000000000000000767157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6b1d2039268ac12021-12-20 15:57:43.205root 11241100x8000000000000000767158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20677ffdcac5f442021-12-20 15:57:43.205root 11241100x8000000000000000767159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acecdef43b9e9bae2021-12-20 15:57:43.205root 11241100x8000000000000000767160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.205{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab20e3f0e27859c2021-12-20 15:57:43.205root 11241100x8000000000000000767161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cb2c7419e2cb952021-12-20 15:57:43.206root 11241100x8000000000000000767162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6f435e84728b7d2021-12-20 15:57:43.206root 11241100x8000000000000000767163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28a9839ab3d91702021-12-20 15:57:43.206root 11241100x8000000000000000767164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54476ae97db565af2021-12-20 15:57:43.206root 11241100x8000000000000000767165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3951d7e0568a45502021-12-20 15:57:43.206root 11241100x8000000000000000767166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a71ed09845cf2ae2021-12-20 15:57:43.206root 11241100x8000000000000000767167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9498040e9560e0af2021-12-20 15:57:43.206root 11241100x8000000000000000767168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6179721b313d992021-12-20 15:57:43.206root 11241100x8000000000000000767169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd1a6af4f2c43082021-12-20 15:57:43.206root 11241100x8000000000000000767170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f940346c6eb4aa2021-12-20 15:57:43.206root 11241100x8000000000000000767171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90eb5cd1d52fe4d72021-12-20 15:57:43.206root 11241100x8000000000000000767172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2431313eeec7aa02021-12-20 15:57:43.206root 11241100x8000000000000000767173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba6a6d03d558b632021-12-20 15:57:43.206root 11241100x8000000000000000767174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ea0c63e881b8962021-12-20 15:57:43.206root 11241100x8000000000000000767175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4e2d5bdfdb6ac82021-12-20 15:57:43.206root 11241100x8000000000000000767176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.206{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f71897dd76fd8b62021-12-20 15:57:43.206root 11241100x8000000000000000767177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.207{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a8aeb46733f1b62021-12-20 15:57:43.207root 11241100x8000000000000000767178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.207{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9a0410938f34b22021-12-20 15:57:43.207root 11241100x8000000000000000767179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.207{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7f88e58f1541272021-12-20 15:57:43.207root 11241100x8000000000000000767180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.207{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef797f2d9add17542021-12-20 15:57:43.207root 11241100x8000000000000000767181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.207{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6381b476473bf5e32021-12-20 15:57:43.207root 11241100x8000000000000000767182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.207{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fb8580529a36062021-12-20 15:57:43.207root 11241100x8000000000000000767183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.207{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14cab1e59388e712021-12-20 15:57:43.207root 11241100x8000000000000000767184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.207{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d946106fcc25602021-12-20 15:57:43.207root 11241100x8000000000000000767185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f20ec0b6f945672021-12-20 15:57:43.675root 11241100x8000000000000000767186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260d1b5fd89af0632021-12-20 15:57:43.675root 11241100x8000000000000000767187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70009d84aec45cfa2021-12-20 15:57:43.675root 11241100x8000000000000000767188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f386a1d18bb841642021-12-20 15:57:43.675root 11241100x8000000000000000767189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2660b3e955bb9fa42021-12-20 15:57:43.675root 11241100x8000000000000000767190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222e6ba1eacc56db2021-12-20 15:57:43.675root 11241100x8000000000000000767191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174125bda31b59f02021-12-20 15:57:43.675root 11241100x8000000000000000767192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323a8048ea6a89832021-12-20 15:57:43.675root 11241100x8000000000000000767193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44d67c52444118b2021-12-20 15:57:43.676root 11241100x8000000000000000767194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e525c2c3d68fff02021-12-20 15:57:43.676root 11241100x8000000000000000767195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76da50267eb7ab4d2021-12-20 15:57:43.676root 11241100x8000000000000000767196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85895be41047f9d52021-12-20 15:57:43.676root 11241100x8000000000000000767197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7578cd983acb9b2021-12-20 15:57:43.676root 11241100x8000000000000000767198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eebc28f53eefa6d2021-12-20 15:57:43.676root 11241100x8000000000000000767199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c9741e4b7c99a82021-12-20 15:57:43.676root 11241100x8000000000000000767200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e601365adbbf8652021-12-20 15:57:43.676root 11241100x8000000000000000767201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b0a66c8d8fb8082021-12-20 15:57:43.676root 11241100x8000000000000000767202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b2bf75acfc14c22021-12-20 15:57:43.676root 11241100x8000000000000000767203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfe4f542522edaf2021-12-20 15:57:43.676root 11241100x8000000000000000767204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd9356c4f23c99c2021-12-20 15:57:43.676root 11241100x8000000000000000767205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b15c87f87ae3cc72021-12-20 15:57:43.677root 11241100x8000000000000000767206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5285168cfeae2c7e2021-12-20 15:57:43.677root 11241100x8000000000000000767207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e8f37ba5b2e1f42021-12-20 15:57:43.677root 11241100x8000000000000000767208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8996c63a45cb048d2021-12-20 15:57:43.677root 11241100x8000000000000000767209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f0934282da69432021-12-20 15:57:43.677root 11241100x8000000000000000767210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3dfaa661e056132021-12-20 15:57:43.677root 11241100x8000000000000000767211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc29ec77afe7e8b2021-12-20 15:57:43.677root 11241100x8000000000000000767212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a888ec09002397dd2021-12-20 15:57:43.677root 11241100x8000000000000000767213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f647ca3df7eeef22021-12-20 15:57:43.677root 11241100x8000000000000000767214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3ce97d5beda2a12021-12-20 15:57:43.677root 11241100x8000000000000000767215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0b2efd4229da912021-12-20 15:57:43.677root 11241100x8000000000000000767216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a712c2c8d64ba9522021-12-20 15:57:43.677root 11241100x8000000000000000767217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3abbad2e7124532021-12-20 15:57:43.677root 11241100x8000000000000000767218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fef57178a3fd4eb2021-12-20 15:57:43.678root 11241100x8000000000000000767219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003d13aa15f9c27c2021-12-20 15:57:43.678root 11241100x8000000000000000767220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:43.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37bdaa9d8c1d4dc2021-12-20 15:57:43.678root 11241100x8000000000000000767221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2edb1b421e161412021-12-20 15:57:44.174root 11241100x8000000000000000767222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdeddf9df29a86f2021-12-20 15:57:44.174root 11241100x8000000000000000767223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e145270cbdce6a12021-12-20 15:57:44.174root 11241100x8000000000000000767224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f89b9d52a6fe8b2021-12-20 15:57:44.174root 11241100x8000000000000000767225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453c690c00f975652021-12-20 15:57:44.174root 11241100x8000000000000000767226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e7779398f23e832021-12-20 15:57:44.175root 11241100x8000000000000000767227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ba983547f8fb322021-12-20 15:57:44.175root 11241100x8000000000000000767228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbcc56e894666182021-12-20 15:57:44.175root 11241100x8000000000000000767229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec5de1fd24572562021-12-20 15:57:44.175root 11241100x8000000000000000767230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ce0b6882015a842021-12-20 15:57:44.175root 11241100x8000000000000000767231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00554ea7623893192021-12-20 15:57:44.175root 11241100x8000000000000000767232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087555b6b2ec17882021-12-20 15:57:44.175root 11241100x8000000000000000767233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea449fd30b8560cf2021-12-20 15:57:44.175root 11241100x8000000000000000767234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28ea22c5dd6c90f2021-12-20 15:57:44.175root 11241100x8000000000000000767235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e46e57314599ca2021-12-20 15:57:44.175root 11241100x8000000000000000767236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aafb5b248a4e72c2021-12-20 15:57:44.176root 11241100x8000000000000000767237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf73467769191252021-12-20 15:57:44.176root 11241100x8000000000000000767238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fba8f49e3771af2021-12-20 15:57:44.176root 11241100x8000000000000000767239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e962a03f98defb2021-12-20 15:57:44.176root 11241100x8000000000000000767240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7425960a3f4912192021-12-20 15:57:44.176root 11241100x8000000000000000767241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31449f165c5735752021-12-20 15:57:44.176root 11241100x8000000000000000767242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341c1b2e9ae6ff2a2021-12-20 15:57:44.176root 11241100x8000000000000000767243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4e1f8202f513692021-12-20 15:57:44.176root 11241100x8000000000000000767244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa5d89f958cc38c2021-12-20 15:57:44.177root 11241100x8000000000000000767245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cb974d4829a2ee2021-12-20 15:57:44.177root 11241100x8000000000000000767246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc9a8f4cbf4894c2021-12-20 15:57:44.177root 11241100x8000000000000000767247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffd97f3b70e2daf2021-12-20 15:57:44.177root 11241100x8000000000000000767248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f42d2cc14031e912021-12-20 15:57:44.177root 11241100x8000000000000000767249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376aeb4d68546fdf2021-12-20 15:57:44.177root 11241100x8000000000000000767250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d5a42bf9d789bb2021-12-20 15:57:44.177root 11241100x8000000000000000767251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d41ef1780d41722021-12-20 15:57:44.177root 11241100x8000000000000000767252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b0645d8e57d24b2021-12-20 15:57:44.177root 11241100x8000000000000000767253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87435a1ba490137c2021-12-20 15:57:44.177root 11241100x8000000000000000767254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc33a9cee7c20152021-12-20 15:57:44.177root 11241100x8000000000000000767255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee69964836870b942021-12-20 15:57:44.177root 11241100x8000000000000000767256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b5c4745250fa42021-12-20 15:57:44.177root 11241100x8000000000000000767257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120863859b9318772021-12-20 15:57:44.177root 11241100x8000000000000000767258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903aaf527e22716e2021-12-20 15:57:44.177root 11241100x8000000000000000767259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b34e75902bd03182021-12-20 15:57:44.177root 11241100x8000000000000000767260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef68a761948ec212021-12-20 15:57:44.178root 11241100x8000000000000000767261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a925d468cb2a2dd2021-12-20 15:57:44.178root 11241100x8000000000000000767262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e82bbb74d7c20d2021-12-20 15:57:44.178root 11241100x8000000000000000767263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4bee67cb9139072021-12-20 15:57:44.178root 11241100x8000000000000000767264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a7f1dac71ad76c2021-12-20 15:57:44.178root 11241100x8000000000000000767265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f241636c2cf00a42021-12-20 15:57:44.178root 11241100x8000000000000000767266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373df48c8c6c84942021-12-20 15:57:44.178root 11241100x8000000000000000767267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4575f39f64d24dbc2021-12-20 15:57:44.178root 11241100x8000000000000000767268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9995d4b2182bf13c2021-12-20 15:57:44.178root 11241100x8000000000000000767269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efd5e2b8e4fd7c82021-12-20 15:57:44.674root 11241100x8000000000000000767270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b590932c9ba48692021-12-20 15:57:44.674root 11241100x8000000000000000767271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7161bfe398ad34362021-12-20 15:57:44.674root 11241100x8000000000000000767272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ea9292890c4c0a2021-12-20 15:57:44.674root 11241100x8000000000000000767273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b5e3a3d0963e3a2021-12-20 15:57:44.674root 11241100x8000000000000000767274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3640740fa2e0f3292021-12-20 15:57:44.674root 11241100x8000000000000000767275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505d71357e2701652021-12-20 15:57:44.675root 11241100x8000000000000000767276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1eea32585eccf22021-12-20 15:57:44.675root 11241100x8000000000000000767277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc4973cd50a6c9b2021-12-20 15:57:44.675root 11241100x8000000000000000767278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b64c1d5e190c132021-12-20 15:57:44.675root 11241100x8000000000000000767279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c0c201c3b9be8c2021-12-20 15:57:44.675root 11241100x8000000000000000767280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2277694f63fd21d82021-12-20 15:57:44.675root 11241100x8000000000000000767281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017c0cae1cbb5a512021-12-20 15:57:44.675root 11241100x8000000000000000767282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d560e5e3d0b0d1112021-12-20 15:57:44.675root 11241100x8000000000000000767283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b43e74c52ca2fa2021-12-20 15:57:44.675root 11241100x8000000000000000767284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491e930171da279c2021-12-20 15:57:44.675root 11241100x8000000000000000767285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e848a4eed84356f2021-12-20 15:57:44.675root 11241100x8000000000000000767286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd1d3d958c8b5fd2021-12-20 15:57:44.675root 11241100x8000000000000000767287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ca99743bcb420c2021-12-20 15:57:44.675root 11241100x8000000000000000767288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799150131b2ae392021-12-20 15:57:44.675root 11241100x8000000000000000767289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205ad0200eb1c50c2021-12-20 15:57:44.675root 11241100x8000000000000000767290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7ddfb5a89f85522021-12-20 15:57:44.676root 11241100x8000000000000000767291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24485092b5a6c2012021-12-20 15:57:44.676root 11241100x8000000000000000767292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fd3649dc93f61e2021-12-20 15:57:44.676root 11241100x8000000000000000767293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6553ff0d5312b92021-12-20 15:57:44.676root 11241100x8000000000000000767294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35cb7172cbcd1c62021-12-20 15:57:44.676root 11241100x8000000000000000767295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa68ffaa1540ed12021-12-20 15:57:44.676root 11241100x8000000000000000767296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48e13728937fbf72021-12-20 15:57:44.676root 11241100x8000000000000000767297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3ebc743bd7943c2021-12-20 15:57:44.676root 11241100x8000000000000000767298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5177bdd9d7c923962021-12-20 15:57:44.676root 11241100x8000000000000000767299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f94235304634b02021-12-20 15:57:44.676root 11241100x8000000000000000767300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339979ada24257842021-12-20 15:57:44.676root 11241100x8000000000000000767301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02ead516de854142021-12-20 15:57:44.676root 11241100x8000000000000000767302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eab96372b539b02021-12-20 15:57:44.677root 11241100x8000000000000000767303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8e06afc9504ce32021-12-20 15:57:44.677root 11241100x8000000000000000767304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f115c58c30769f612021-12-20 15:57:44.677root 11241100x8000000000000000767305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7d264b379a29a72021-12-20 15:57:44.677root 11241100x8000000000000000767306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1034ace37d3a00b22021-12-20 15:57:44.677root 11241100x8000000000000000767307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07d269ba0a55e732021-12-20 15:57:44.677root 11241100x8000000000000000767308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ade43d085b16f672021-12-20 15:57:44.677root 11241100x8000000000000000767309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba95e9dd3a91c21f2021-12-20 15:57:44.677root 11241100x8000000000000000767310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d6ca396b4838e72021-12-20 15:57:44.677root 11241100x8000000000000000767311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d465a2388cde32302021-12-20 15:57:45.175root 11241100x8000000000000000767312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9d9eccfe646db72021-12-20 15:57:45.175root 11241100x8000000000000000767313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823e4fedbaac68802021-12-20 15:57:45.175root 11241100x8000000000000000767314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27060c01ac0aa91a2021-12-20 15:57:45.175root 11241100x8000000000000000767315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08ba9392f6879482021-12-20 15:57:45.175root 11241100x8000000000000000767316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af30d812b7b1b2062021-12-20 15:57:45.175root 11241100x8000000000000000767317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95140e2689a213812021-12-20 15:57:45.175root 11241100x8000000000000000767318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad3d1cf96ef816b2021-12-20 15:57:45.175root 11241100x8000000000000000767319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b441598b25f8e8ba2021-12-20 15:57:45.175root 11241100x8000000000000000767320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf27d6f0410848182021-12-20 15:57:45.176root 11241100x8000000000000000767321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125293746b39cce12021-12-20 15:57:45.176root 11241100x8000000000000000767322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714b1e39f60df07f2021-12-20 15:57:45.176root 11241100x8000000000000000767323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eeab08f2f2ffd122021-12-20 15:57:45.176root 11241100x8000000000000000767324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954590303bbd041a2021-12-20 15:57:45.176root 11241100x8000000000000000767325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473faf61c97ab74d2021-12-20 15:57:45.176root 11241100x8000000000000000767326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d58efc9717a46e72021-12-20 15:57:45.176root 11241100x8000000000000000767327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c01cefc84dacc972021-12-20 15:57:45.176root 11241100x8000000000000000767328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961b84344e69b1f52021-12-20 15:57:45.176root 11241100x8000000000000000767329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be29a81ab4138072021-12-20 15:57:45.177root 11241100x8000000000000000767330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56491b627386d64d2021-12-20 15:57:45.177root 11241100x8000000000000000767331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059d2da885550fa72021-12-20 15:57:45.177root 11241100x8000000000000000767332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618a8b5839ae2b932021-12-20 15:57:45.177root 11241100x8000000000000000767333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ca3f58dacb81e82021-12-20 15:57:45.177root 11241100x8000000000000000767334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dde6909fe4cfdd2021-12-20 15:57:45.177root 11241100x8000000000000000767335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03faf553339672b72021-12-20 15:57:45.177root 11241100x8000000000000000767336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dc92b177f7fc462021-12-20 15:57:45.177root 11241100x8000000000000000767337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802e3dd8122997422021-12-20 15:57:45.177root 11241100x8000000000000000767338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8f7b6ad60fa2d22021-12-20 15:57:45.178root 11241100x8000000000000000767339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b802a52e4a707ccf2021-12-20 15:57:45.178root 11241100x8000000000000000767340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9412a488e863496c2021-12-20 15:57:45.178root 11241100x8000000000000000767341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cea5d3c387cbacc2021-12-20 15:57:45.178root 11241100x8000000000000000767342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabb202f555469b42021-12-20 15:57:45.178root 11241100x8000000000000000767343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafb7570437b41492021-12-20 15:57:45.178root 11241100x8000000000000000767344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1c5d9699ed18782021-12-20 15:57:45.178root 11241100x8000000000000000767345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b742a27ad266b1a62021-12-20 15:57:45.178root 11241100x8000000000000000767346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474c153a232695822021-12-20 15:57:45.178root 11241100x8000000000000000767347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863d6efe733964d62021-12-20 15:57:45.674root 11241100x8000000000000000767348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eebed05fd4cba672021-12-20 15:57:45.674root 11241100x8000000000000000767349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77e152da4fbee052021-12-20 15:57:45.674root 11241100x8000000000000000767350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f662ee230517149c2021-12-20 15:57:45.674root 11241100x8000000000000000767351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc379c42460db192021-12-20 15:57:45.674root 11241100x8000000000000000767352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ccd5602b48661e2021-12-20 15:57:45.675root 11241100x8000000000000000767353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e62b72e6ea976cc2021-12-20 15:57:45.675root 11241100x8000000000000000767354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1895aa1f67231ae2021-12-20 15:57:45.675root 11241100x8000000000000000767355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf473b102a8c11e22021-12-20 15:57:45.675root 11241100x8000000000000000767356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0cfeae35479ceb2021-12-20 15:57:45.675root 11241100x8000000000000000767357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e7fa3d97e3119f2021-12-20 15:57:45.675root 11241100x8000000000000000767358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66635405775f048c2021-12-20 15:57:45.675root 11241100x8000000000000000767359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351fcb702e260a0b2021-12-20 15:57:45.675root 11241100x8000000000000000767360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45281deabd566f382021-12-20 15:57:45.675root 11241100x8000000000000000767361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15cb585605216612021-12-20 15:57:45.675root 11241100x8000000000000000767362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f47ac4e12792f12021-12-20 15:57:45.675root 11241100x8000000000000000767363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93be86fdb2e505c2021-12-20 15:57:45.675root 11241100x8000000000000000767364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785a55bf235c309f2021-12-20 15:57:45.676root 11241100x8000000000000000767365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335e48129bb7ad5f2021-12-20 15:57:45.676root 11241100x8000000000000000767366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9e3fe554ed9d9e2021-12-20 15:57:45.677root 11241100x8000000000000000767367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebdb9c325f77d9b2021-12-20 15:57:45.677root 11241100x8000000000000000767368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895db87ea57739dd2021-12-20 15:57:45.677root 11241100x8000000000000000767369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619948d4056d0e832021-12-20 15:57:45.677root 11241100x8000000000000000767370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d336d08002d878b2021-12-20 15:57:45.677root 11241100x8000000000000000767371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5593f8ac4cddf02021-12-20 15:57:45.677root 11241100x8000000000000000767372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cd51025337ccd62021-12-20 15:57:45.678root 11241100x8000000000000000767373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325f62f4db8c21da2021-12-20 15:57:45.678root 11241100x8000000000000000767374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3891bba3e2f720872021-12-20 15:57:45.678root 11241100x8000000000000000767375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca756e2053f36192021-12-20 15:57:45.678root 11241100x8000000000000000767376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0503fd931895f43f2021-12-20 15:57:45.678root 11241100x8000000000000000767377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a97941f3d861e052021-12-20 15:57:45.678root 11241100x8000000000000000767378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5ee7dfb16767e62021-12-20 15:57:45.678root 11241100x8000000000000000767379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3fcef5bc2852b62021-12-20 15:57:45.678root 11241100x8000000000000000767380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dc1330803d72f32021-12-20 15:57:45.678root 11241100x8000000000000000767381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6353a53970277a2021-12-20 15:57:45.678root 11241100x8000000000000000767382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59968875d25655fe2021-12-20 15:57:45.679root 11241100x8000000000000000767383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f76a4cc1879bdb2021-12-20 15:57:45.679root 11241100x8000000000000000767384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582d602f985fa4b52021-12-20 15:57:45.679root 11241100x8000000000000000767385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23aef4f1e6f2b2242021-12-20 15:57:45.679root 11241100x8000000000000000767386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e0991e35e8459e2021-12-20 15:57:45.679root 11241100x8000000000000000767387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281894599da78ee12021-12-20 15:57:45.679root 11241100x8000000000000000767388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668f8e9b21e49512021-12-20 15:57:45.679root 11241100x8000000000000000767389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fbe2455a4365a52021-12-20 15:57:45.679root 11241100x8000000000000000767390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b1999e4a95099e2021-12-20 15:57:45.679root 11241100x8000000000000000767391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff941cb48e5fd9e52021-12-20 15:57:46.174root 11241100x8000000000000000767392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de67ca67a435c1d72021-12-20 15:57:46.174root 11241100x8000000000000000767393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b33cfa292da7362021-12-20 15:57:46.174root 11241100x8000000000000000767394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba328f5fc2b290212021-12-20 15:57:46.174root 11241100x8000000000000000767395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46d4f18e6ebf1802021-12-20 15:57:46.174root 11241100x8000000000000000767396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244608226d47fb632021-12-20 15:57:46.174root 11241100x8000000000000000767397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6db010d6e8b5bd92021-12-20 15:57:46.174root 11241100x8000000000000000767398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a889d68f36be3e1b2021-12-20 15:57:46.175root 11241100x8000000000000000767399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e0c24f397158692021-12-20 15:57:46.175root 11241100x8000000000000000767400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87461c13dceb87a62021-12-20 15:57:46.175root 11241100x8000000000000000767401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22690ab91cdcf4a52021-12-20 15:57:46.175root 11241100x8000000000000000767402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fd2c4cb4d6b83b2021-12-20 15:57:46.176root 11241100x8000000000000000767403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77845aaf5e82cf32021-12-20 15:57:46.176root 11241100x8000000000000000767404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4df492d7d820922021-12-20 15:57:46.176root 11241100x8000000000000000767405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f05d84441c06fc92021-12-20 15:57:46.176root 11241100x8000000000000000767406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2d2ec526b1a7882021-12-20 15:57:46.176root 11241100x8000000000000000767407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01d8031bf2f3a362021-12-20 15:57:46.176root 11241100x8000000000000000767408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4406dc48957858242021-12-20 15:57:46.176root 11241100x8000000000000000767409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308a37228c2153dd2021-12-20 15:57:46.176root 11241100x8000000000000000767410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4bf0eb1469888b2021-12-20 15:57:46.176root 11241100x8000000000000000767411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6734684efcaa2ad2021-12-20 15:57:46.176root 11241100x8000000000000000767412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bf793080b6a52d2021-12-20 15:57:46.177root 11241100x8000000000000000767413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfa463b9fa6f68e2021-12-20 15:57:46.177root 11241100x8000000000000000767414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b9cbac12a911802021-12-20 15:57:46.177root 11241100x8000000000000000767415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e78d276df1ecc612021-12-20 15:57:46.177root 11241100x8000000000000000767416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8083b42bc146ad2021-12-20 15:57:46.177root 11241100x8000000000000000767417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b8617ef85212b82021-12-20 15:57:46.177root 11241100x8000000000000000767418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a6d455294936742021-12-20 15:57:46.177root 11241100x8000000000000000767419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f24577eab2e3092021-12-20 15:57:46.177root 11241100x8000000000000000767420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7f97e2df87081b2021-12-20 15:57:46.177root 11241100x8000000000000000767421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468af3b24ffb86162021-12-20 15:57:46.177root 11241100x8000000000000000767422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067e91f237ef804d2021-12-20 15:57:46.177root 11241100x8000000000000000767423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7beb4f0c66b22962021-12-20 15:57:46.177root 11241100x8000000000000000767424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc818e95b36f94fa2021-12-20 15:57:46.177root 11241100x8000000000000000767425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cff69b8c729e422021-12-20 15:57:46.177root 11241100x8000000000000000767426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11634665d30b8e0b2021-12-20 15:57:46.178root 11241100x8000000000000000767427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd4db1c4ef3fb6b2021-12-20 15:57:46.178root 11241100x8000000000000000767428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92911469ddede56c2021-12-20 15:57:46.178root 11241100x8000000000000000767429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07036e3ea3601c2b2021-12-20 15:57:46.178root 11241100x8000000000000000767430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcf5b4ff726f2e52021-12-20 15:57:46.178root 11241100x8000000000000000767431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f60f2a94a16cca02021-12-20 15:57:46.178root 11241100x8000000000000000767432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573c7b15e0225d0c2021-12-20 15:57:46.178root 11241100x8000000000000000767433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c768e528efd5642021-12-20 15:57:46.179root 11241100x8000000000000000767434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a6ee7eebb3d8192021-12-20 15:57:46.179root 11241100x8000000000000000767435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1e6e1abe84ac452021-12-20 15:57:46.179root 11241100x8000000000000000767436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19b89918e25ccad2021-12-20 15:57:46.674root 11241100x8000000000000000767437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4e660625f423682021-12-20 15:57:46.674root 11241100x8000000000000000767438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae70bf8794bd0182021-12-20 15:57:46.675root 11241100x8000000000000000767439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3329440e38b7cd1f2021-12-20 15:57:46.675root 11241100x8000000000000000767440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfda1f5f323a0b142021-12-20 15:57:46.675root 11241100x8000000000000000767441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48b270ce07032852021-12-20 15:57:46.675root 11241100x8000000000000000767442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a1386da7ef38b72021-12-20 15:57:46.675root 11241100x8000000000000000767443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06a6f563406d5b92021-12-20 15:57:46.675root 11241100x8000000000000000767444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7424b6cbaac9302021-12-20 15:57:46.676root 11241100x8000000000000000767445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0744c4b1296f220b2021-12-20 15:57:46.676root 11241100x8000000000000000767446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c473862132fc889d2021-12-20 15:57:46.676root 11241100x8000000000000000767447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024fc2d321ca4a8d2021-12-20 15:57:46.676root 11241100x8000000000000000767448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce16d3e6ba7a13e62021-12-20 15:57:46.676root 11241100x8000000000000000767449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc90f99b818720202021-12-20 15:57:46.676root 11241100x8000000000000000767450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edff6c23732303452021-12-20 15:57:46.676root 11241100x8000000000000000767451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9f3fc6248c17062021-12-20 15:57:46.676root 11241100x8000000000000000767452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f7f8c54e59c4c72021-12-20 15:57:46.677root 11241100x8000000000000000767453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7aa3d3894f53fa2021-12-20 15:57:46.677root 11241100x8000000000000000767454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1279e851067b37212021-12-20 15:57:46.677root 11241100x8000000000000000767455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5831913bea4bd92021-12-20 15:57:46.677root 11241100x8000000000000000767456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd23c9ddff9b52712021-12-20 15:57:46.677root 11241100x8000000000000000767457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a800dc0e3e360a152021-12-20 15:57:46.677root 11241100x8000000000000000767458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1c738cb00a0c462021-12-20 15:57:46.677root 11241100x8000000000000000767459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bce91ad5b3f1fc72021-12-20 15:57:46.678root 11241100x8000000000000000767460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45a5d577380f9592021-12-20 15:57:46.678root 11241100x8000000000000000767461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a456b633b650f3762021-12-20 15:57:46.678root 11241100x8000000000000000767462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f4850d3317e1972021-12-20 15:57:46.678root 11241100x8000000000000000767463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a6b4bae6d8fcae2021-12-20 15:57:46.678root 11241100x8000000000000000767464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c10b72eef5e1e12021-12-20 15:57:46.678root 11241100x8000000000000000767465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138f5af12664c2502021-12-20 15:57:46.678root 11241100x8000000000000000767466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0395a4a0906c192021-12-20 15:57:46.678root 11241100x8000000000000000767467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e798c63c1e5f4c2021-12-20 15:57:46.678root 11241100x8000000000000000767468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8fc1aa509eda582021-12-20 15:57:46.678root 11241100x8000000000000000767469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b37a08722b0282021-12-20 15:57:46.679root 11241100x8000000000000000767470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23334a8c33954e052021-12-20 15:57:46.679root 11241100x8000000000000000767471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b62db57e6059e32021-12-20 15:57:46.679root 11241100x8000000000000000767472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc1edfbefe90be92021-12-20 15:57:46.679root 11241100x8000000000000000767473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab25e961933c1bad2021-12-20 15:57:46.679root 11241100x8000000000000000767474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0486aa84dda480472021-12-20 15:57:47.174root 11241100x8000000000000000767475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719e635b4fb3bb7f2021-12-20 15:57:47.174root 11241100x8000000000000000767476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad0d779fed7d5e72021-12-20 15:57:47.174root 11241100x8000000000000000767477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac41c3decfe875a22021-12-20 15:57:47.174root 11241100x8000000000000000767478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccbea0b055fd4c22021-12-20 15:57:47.174root 11241100x8000000000000000767479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12808247c3707a122021-12-20 15:57:47.174root 11241100x8000000000000000767480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b0c98abfc6e56a2021-12-20 15:57:47.175root 11241100x8000000000000000767481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7febb76e452da4732021-12-20 15:57:47.175root 11241100x8000000000000000767482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970e1feba27ded0c2021-12-20 15:57:47.175root 11241100x8000000000000000767483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c844f225465ef0422021-12-20 15:57:47.175root 11241100x8000000000000000767484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b23771dda8f1802021-12-20 15:57:47.175root 11241100x8000000000000000767485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb49df8be64b25602021-12-20 15:57:47.175root 11241100x8000000000000000767486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fa1132d18017a62021-12-20 15:57:47.175root 11241100x8000000000000000767487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9926c4ef0b59f62021-12-20 15:57:47.175root 11241100x8000000000000000767488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce47e22d9b8d0ff32021-12-20 15:57:47.175root 11241100x8000000000000000767489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96006a2c1431c4b42021-12-20 15:57:47.176root 11241100x8000000000000000767490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fa031edc0a0a102021-12-20 15:57:47.176root 11241100x8000000000000000767491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc4d3b566a9e9802021-12-20 15:57:47.176root 11241100x8000000000000000767492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba4181d0edc1c4e2021-12-20 15:57:47.176root 11241100x8000000000000000767493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962b9b18bcb59ebf2021-12-20 15:57:47.176root 11241100x8000000000000000767494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43966fa903bb77b42021-12-20 15:57:47.177root 11241100x8000000000000000767495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f5bbcb8359ab562021-12-20 15:57:47.177root 11241100x8000000000000000767496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a1bcfc80fee0bb2021-12-20 15:57:47.177root 11241100x8000000000000000767497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d498062d6cd36992021-12-20 15:57:47.177root 11241100x8000000000000000767498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc991d51b724b3cc2021-12-20 15:57:47.177root 11241100x8000000000000000767499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a556c71f473c6f02021-12-20 15:57:47.177root 11241100x8000000000000000767500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cede489acc4a6872021-12-20 15:57:47.177root 11241100x8000000000000000767501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c44a7844ee6c222021-12-20 15:57:47.177root 11241100x8000000000000000767502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd21ada0ab7fa8e2021-12-20 15:57:47.177root 11241100x8000000000000000767503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39633d7e2246db532021-12-20 15:57:47.177root 11241100x8000000000000000767504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d54b297365f76b32021-12-20 15:57:47.177root 11241100x8000000000000000767505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797e653cf0a545c32021-12-20 15:57:47.177root 11241100x8000000000000000767506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec518af552f2e4e32021-12-20 15:57:47.177root 11241100x8000000000000000767507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea53ee28025543b52021-12-20 15:57:47.177root 11241100x8000000000000000767508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e68e862f0383da2021-12-20 15:57:47.177root 11241100x8000000000000000767509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e69ee0bd0b1f0e12021-12-20 15:57:47.178root 11241100x8000000000000000767510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e7ffed9adf8b282021-12-20 15:57:47.178root 11241100x8000000000000000767511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ccbad35503bfa12021-12-20 15:57:47.178root 11241100x8000000000000000767512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b846d71f8bfc2a802021-12-20 15:57:47.178root 11241100x8000000000000000767513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b437fb97d345d7eb2021-12-20 15:57:47.178root 11241100x8000000000000000767514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27dfa532a8a8e992021-12-20 15:57:47.178root 11241100x8000000000000000767515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79363a2cfd4607d92021-12-20 15:57:47.178root 11241100x8000000000000000767516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a53c20d71ca6b572021-12-20 15:57:47.178root 11241100x8000000000000000767517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cf31ed18e45b0e2021-12-20 15:57:47.178root 11241100x8000000000000000767518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb1baf40cbff5fe2021-12-20 15:57:47.178root 11241100x8000000000000000767519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb74d536043837c52021-12-20 15:57:47.178root 11241100x8000000000000000767520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f03d9899d05c40e2021-12-20 15:57:47.178root 11241100x8000000000000000767521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409bf4eba7bb5c8e2021-12-20 15:57:47.674root 11241100x8000000000000000767522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bd4ba8f9d82fe42021-12-20 15:57:47.674root 11241100x8000000000000000767523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cb64f62a7ffe3e2021-12-20 15:57:47.674root 11241100x8000000000000000767524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275265ed6957258b2021-12-20 15:57:47.674root 11241100x8000000000000000767525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174ce756c6fa2ef42021-12-20 15:57:47.674root 11241100x8000000000000000767526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bbae4792090a3d2021-12-20 15:57:47.676root 11241100x8000000000000000767527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a0c01a70039ae02021-12-20 15:57:47.676root 11241100x8000000000000000767528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d159ce44c9434f192021-12-20 15:57:47.676root 11241100x8000000000000000767529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69471fd3b785d092021-12-20 15:57:47.676root 11241100x8000000000000000767530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53f9c54cbeb25eb2021-12-20 15:57:47.676root 11241100x8000000000000000767531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e8a61f9b361b312021-12-20 15:57:47.676root 11241100x8000000000000000767532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447c98ac242ce1c32021-12-20 15:57:47.677root 11241100x8000000000000000767533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd79e41eca87c7e72021-12-20 15:57:47.677root 11241100x8000000000000000767534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8fdcf673c5be8b2021-12-20 15:57:47.677root 11241100x8000000000000000767535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfd73622bd6d8812021-12-20 15:57:47.677root 11241100x8000000000000000767536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a505e4cd561d358d2021-12-20 15:57:47.677root 11241100x8000000000000000767537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3006232e3fe5183e2021-12-20 15:57:47.677root 11241100x8000000000000000767538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf36951fc697d6952021-12-20 15:57:47.677root 11241100x8000000000000000767539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098ad48158403e2d2021-12-20 15:57:47.677root 11241100x8000000000000000767540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a146de666c9bc3002021-12-20 15:57:47.677root 11241100x8000000000000000767541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111626198e8b68ca2021-12-20 15:57:47.677root 11241100x8000000000000000767542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca6dea7d6336b142021-12-20 15:57:47.677root 11241100x8000000000000000767543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f37c4be79fb96282021-12-20 15:57:47.677root 11241100x8000000000000000767544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddfbc82505a9db72021-12-20 15:57:47.677root 11241100x8000000000000000767545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1143656a9a2d87f2021-12-20 15:57:47.677root 11241100x8000000000000000767546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d293863f5382ef1f2021-12-20 15:57:47.678root 11241100x8000000000000000767547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad66fd8d122aa53f2021-12-20 15:57:47.678root 11241100x8000000000000000767548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caea47cee77a775e2021-12-20 15:57:47.678root 11241100x8000000000000000767549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5108cdd0b7406fd62021-12-20 15:57:47.678root 11241100x8000000000000000767550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7496b3576fae67592021-12-20 15:57:47.678root 11241100x8000000000000000767551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b75641e32b235422021-12-20 15:57:47.678root 11241100x8000000000000000767552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b3d7d8d00afbbb2021-12-20 15:57:47.678root 11241100x8000000000000000767553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc778ae171573af52021-12-20 15:57:47.678root 11241100x8000000000000000767554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720050e8baf014d82021-12-20 15:57:47.678root 11241100x8000000000000000767555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd72e70b7a540092021-12-20 15:57:47.678root 11241100x8000000000000000767556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83276c6e2d415422021-12-20 15:57:47.678root 11241100x8000000000000000767557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8dee545ede7d612021-12-20 15:57:47.678root 11241100x8000000000000000767558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da113a76e9753ac2021-12-20 15:57:47.678root 11241100x8000000000000000767559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1742420b17e17a82021-12-20 15:57:47.678root 11241100x8000000000000000767560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e39238a828eeda2021-12-20 15:57:47.678root 11241100x8000000000000000767561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:47.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5a2dc8dd1844c02021-12-20 15:57:47.679root 11241100x8000000000000000767562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e34edcabbc46e42021-12-20 15:57:48.174root 11241100x8000000000000000767563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff5d6af01dbb8552021-12-20 15:57:48.174root 11241100x8000000000000000767564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03a6a509f9cf0c62021-12-20 15:57:48.174root 11241100x8000000000000000767565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e761c220fa31aaf32021-12-20 15:57:48.174root 11241100x8000000000000000767566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a726518801140d2021-12-20 15:57:48.174root 11241100x8000000000000000767567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e4937f35edd50e2021-12-20 15:57:48.174root 11241100x8000000000000000767568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eed1a5a0d16be82021-12-20 15:57:48.174root 11241100x8000000000000000767569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1133a6d747d49f8c2021-12-20 15:57:48.174root 11241100x8000000000000000767570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf11a83c2d97fa9e2021-12-20 15:57:48.174root 11241100x8000000000000000767571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d467925c98158f2021-12-20 15:57:48.174root 11241100x8000000000000000767572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63ee500d234fb682021-12-20 15:57:48.174root 11241100x8000000000000000767573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b37129428cef1e2021-12-20 15:57:48.175root 11241100x8000000000000000767574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c21c7cc2ae5d672021-12-20 15:57:48.175root 11241100x8000000000000000767575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e51ff52fef37b42021-12-20 15:57:48.175root 11241100x8000000000000000767576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e986845a1a99d62021-12-20 15:57:48.175root 11241100x8000000000000000767577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7543fad1b049cd12021-12-20 15:57:48.175root 11241100x8000000000000000767578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4906e8c4e3f8d0302021-12-20 15:57:48.175root 11241100x8000000000000000767579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbd0140442daac12021-12-20 15:57:48.175root 11241100x8000000000000000767580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e089306a5597db72021-12-20 15:57:48.175root 11241100x8000000000000000767581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345d3b6e2e9406232021-12-20 15:57:48.175root 11241100x8000000000000000767582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07ba2620bc02ba92021-12-20 15:57:48.175root 11241100x8000000000000000767583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606bf766e5b3c1fd2021-12-20 15:57:48.175root 11241100x8000000000000000767584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77739ef9ef700782021-12-20 15:57:48.175root 11241100x8000000000000000767585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35163730beb218072021-12-20 15:57:48.176root 11241100x8000000000000000767586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108855caa37ce2f22021-12-20 15:57:48.176root 11241100x8000000000000000767587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cec45ef7cae6e92021-12-20 15:57:48.176root 11241100x8000000000000000767588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ebebe16ce1f11a2021-12-20 15:57:48.176root 11241100x8000000000000000767589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b6190e8f957ce92021-12-20 15:57:48.176root 11241100x8000000000000000767590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ba108f759405c42021-12-20 15:57:48.176root 11241100x8000000000000000767591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72876e70803f92172021-12-20 15:57:48.176root 11241100x8000000000000000767592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3e6de3a31989b72021-12-20 15:57:48.176root 11241100x8000000000000000767593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c00a2d4a93d9e802021-12-20 15:57:48.176root 11241100x8000000000000000767594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5eb9125bf60d3b2021-12-20 15:57:48.176root 11241100x8000000000000000767595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c4c5d70e7762042021-12-20 15:57:48.176root 11241100x8000000000000000767596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2409d6fae4809cf2021-12-20 15:57:48.176root 11241100x8000000000000000767597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e08fec241c3f6a2021-12-20 15:57:48.177root 11241100x8000000000000000767598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576256796d5474202021-12-20 15:57:48.177root 11241100x8000000000000000767599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6d50cb9ae22bfd2021-12-20 15:57:48.177root 11241100x8000000000000000767600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdbb9e5665bd1f52021-12-20 15:57:48.177root 11241100x8000000000000000767601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21ee45b641f9a102021-12-20 15:57:48.177root 11241100x8000000000000000767602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940a1c0b5da62e0e2021-12-20 15:57:48.177root 11241100x8000000000000000767603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b121e3291bb069942021-12-20 15:57:48.177root 11241100x8000000000000000767604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b3edb8fa7f8ffb2021-12-20 15:57:48.177root 11241100x8000000000000000767605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40f60cd7b29babc2021-12-20 15:57:48.177root 11241100x8000000000000000767606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913eb6bb09d62ef72021-12-20 15:57:48.177root 11241100x8000000000000000767607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39441780c9f8c4dd2021-12-20 15:57:48.178root 11241100x8000000000000000767608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3761e04e76c0b82021-12-20 15:57:48.178root 11241100x8000000000000000767609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e609e36f4a7148bd2021-12-20 15:57:48.178root 11241100x8000000000000000767610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909ebd3e016eaac62021-12-20 15:57:48.178root 11241100x8000000000000000767611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cbbab22cc2be822021-12-20 15:57:48.178root 11241100x8000000000000000767612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5868130334db3c2021-12-20 15:57:48.178root 11241100x8000000000000000767613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e759e6220b1e47412021-12-20 15:57:48.178root 11241100x8000000000000000767614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d434fd8c00819a32021-12-20 15:57:48.178root 11241100x8000000000000000767615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd4ff6759f2d6c52021-12-20 15:57:48.674root 11241100x8000000000000000767616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc929161e915f2e2021-12-20 15:57:48.674root 11241100x8000000000000000767617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a891a73cb5e0242a2021-12-20 15:57:48.674root 11241100x8000000000000000767618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7a9979359a478c2021-12-20 15:57:48.675root 11241100x8000000000000000767619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ac97fa776f59672021-12-20 15:57:48.675root 11241100x8000000000000000767620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29f7ff46ef505cd2021-12-20 15:57:48.675root 11241100x8000000000000000767621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b148ad0b8cda3f2021-12-20 15:57:48.675root 11241100x8000000000000000767622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d137902eb4ae933a2021-12-20 15:57:48.675root 11241100x8000000000000000767623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813f992ba87ff3532021-12-20 15:57:48.675root 11241100x8000000000000000767624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa3a217091906ce2021-12-20 15:57:48.675root 11241100x8000000000000000767625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21add47b41bd039a2021-12-20 15:57:48.675root 11241100x8000000000000000767626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434ff71f1a31f72d2021-12-20 15:57:48.675root 11241100x8000000000000000767627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b78ffde79c99fc2021-12-20 15:57:48.675root 11241100x8000000000000000767628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba62b7961e26f972021-12-20 15:57:48.675root 11241100x8000000000000000767629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185bce7b7478048a2021-12-20 15:57:48.675root 11241100x8000000000000000767630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c2e4ccb2d447612021-12-20 15:57:48.675root 11241100x8000000000000000767631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19552ffe12b66072021-12-20 15:57:48.675root 11241100x8000000000000000767632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9e5da4e73c4fc12021-12-20 15:57:48.675root 11241100x8000000000000000767633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64430afd9147abdf2021-12-20 15:57:48.676root 11241100x8000000000000000767634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa10be4c7ee5df8b2021-12-20 15:57:48.676root 11241100x8000000000000000767635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111e7aaff887d85d2021-12-20 15:57:48.676root 11241100x8000000000000000767636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a3e04086cf33472021-12-20 15:57:48.676root 11241100x8000000000000000767637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c134cc65b05208e2021-12-20 15:57:48.676root 11241100x8000000000000000767638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711f2a7a9c8216942021-12-20 15:57:48.676root 11241100x8000000000000000767639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c004b69bdc21372021-12-20 15:57:48.676root 11241100x8000000000000000767640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4de3d6b95f9cae2021-12-20 15:57:48.676root 11241100x8000000000000000767641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf5ea9eef830192021-12-20 15:57:48.676root 11241100x8000000000000000767642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48161e6b5f7993492021-12-20 15:57:48.676root 11241100x8000000000000000767643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11754427477b9a912021-12-20 15:57:48.676root 11241100x8000000000000000767644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6da52b3f0d1d262021-12-20 15:57:48.676root 11241100x8000000000000000767645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c8b9e2b74bc0a52021-12-20 15:57:48.676root 11241100x8000000000000000767646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa0dbb59ac7028c2021-12-20 15:57:48.676root 11241100x8000000000000000767647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcc0989eb11e2912021-12-20 15:57:48.677root 11241100x8000000000000000767648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e70e2d5c746b062021-12-20 15:57:48.677root 11241100x8000000000000000767649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceacdf4e7825f52a2021-12-20 15:57:48.677root 11241100x8000000000000000767650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b520a496b305d4732021-12-20 15:57:48.677root 11241100x8000000000000000767651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5ac9d865bf36f22021-12-20 15:57:48.677root 11241100x8000000000000000767652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0688197f48233af2021-12-20 15:57:48.677root 11241100x8000000000000000767653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623d6ea9e5919d112021-12-20 15:57:49.174root 11241100x8000000000000000767654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e443a15f22c05e2021-12-20 15:57:49.175root 11241100x8000000000000000767655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4e658bdb26b0522021-12-20 15:57:49.175root 11241100x8000000000000000767656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376134486c8bd1942021-12-20 15:57:49.175root 11241100x8000000000000000767657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2843c959bb56402021-12-20 15:57:49.175root 11241100x8000000000000000767658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b482cf3686a97452021-12-20 15:57:49.175root 11241100x8000000000000000767659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14233afa3057563e2021-12-20 15:57:49.175root 11241100x8000000000000000767660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c7c487aaa69cef2021-12-20 15:57:49.175root 11241100x8000000000000000767661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e584582f3ddccec2021-12-20 15:57:49.175root 11241100x8000000000000000767662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2484f6ee4b68954e2021-12-20 15:57:49.175root 11241100x8000000000000000767663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c673996a0b554d252021-12-20 15:57:49.175root 11241100x8000000000000000767664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3185fe21204f77702021-12-20 15:57:49.175root 11241100x8000000000000000767665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d1a27dab2cac982021-12-20 15:57:49.175root 11241100x8000000000000000767666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f06d8ebe3d96462021-12-20 15:57:49.176root 11241100x8000000000000000767667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4851eabea481edf2021-12-20 15:57:49.176root 11241100x8000000000000000767668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21707169bfbe69812021-12-20 15:57:49.176root 11241100x8000000000000000767669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adc83f39bdaf2c62021-12-20 15:57:49.176root 11241100x8000000000000000767670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0bc39bc9796e5a2021-12-20 15:57:49.176root 11241100x8000000000000000767671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7c698b413e269f2021-12-20 15:57:49.176root 11241100x8000000000000000767672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe67eae01f97f372021-12-20 15:57:49.176root 11241100x8000000000000000767673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331d8fabe526a7fd2021-12-20 15:57:49.176root 11241100x8000000000000000767674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adecea33e91f8b4f2021-12-20 15:57:49.176root 11241100x8000000000000000767675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f663ab5e03748e2021-12-20 15:57:49.176root 11241100x8000000000000000767676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cce0ac028aeef142021-12-20 15:57:49.176root 11241100x8000000000000000767677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fe7763ee6a88c92021-12-20 15:57:49.176root 11241100x8000000000000000767678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fed0b1443111a9b2021-12-20 15:57:49.177root 11241100x8000000000000000767679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9950d58ecbadbc2021-12-20 15:57:49.177root 11241100x8000000000000000767680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef99288d6612481f2021-12-20 15:57:49.177root 11241100x8000000000000000767681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c935d049c2d7b5072021-12-20 15:57:49.177root 11241100x8000000000000000767682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a78f0d5a77a82302021-12-20 15:57:49.177root 11241100x8000000000000000767683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6df1f55a7d2db922021-12-20 15:57:49.177root 11241100x8000000000000000767684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116963b3ae58c71e2021-12-20 15:57:49.177root 11241100x8000000000000000767685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e835a76e29873dc72021-12-20 15:57:49.177root 11241100x8000000000000000767686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cf3adfa6d1700b2021-12-20 15:57:49.177root 11241100x8000000000000000767687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d73353819d0e112021-12-20 15:57:49.178root 11241100x8000000000000000767688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde08577595e731a2021-12-20 15:57:49.178root 354300x8000000000000000767689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.200{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51432-false10.0.1.12-8000- 11241100x8000000000000000767690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9b39558d935f042021-12-20 15:57:49.674root 11241100x8000000000000000767691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a4f2502284c3f92021-12-20 15:57:49.674root 11241100x8000000000000000767692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1896c85126069c7f2021-12-20 15:57:49.674root 11241100x8000000000000000767693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0e3c4c1545ca62021-12-20 15:57:49.674root 11241100x8000000000000000767694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11f383bce3283532021-12-20 15:57:49.674root 11241100x8000000000000000767695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5f780a77e483d12021-12-20 15:57:49.674root 11241100x8000000000000000767696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb154c7ed4832db2021-12-20 15:57:49.674root 11241100x8000000000000000767697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40fea81db2e61d52021-12-20 15:57:49.675root 11241100x8000000000000000767698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0b885c43ce3f3d2021-12-20 15:57:49.675root 11241100x8000000000000000767699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ee213f13d84a992021-12-20 15:57:49.675root 11241100x8000000000000000767700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef15360bc0c6101b2021-12-20 15:57:49.675root 11241100x8000000000000000767701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ff8fa927ffcd9c2021-12-20 15:57:49.675root 11241100x8000000000000000767702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0f6a92f7e59fde2021-12-20 15:57:49.675root 11241100x8000000000000000767703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab427d3cdf4679932021-12-20 15:57:49.676root 11241100x8000000000000000767704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5de5712833e9382021-12-20 15:57:49.676root 11241100x8000000000000000767705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b761d671e9191fb92021-12-20 15:57:49.676root 11241100x8000000000000000767706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1e9ee9004e0bc82021-12-20 15:57:49.676root 11241100x8000000000000000767707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5932751b8d42ccf12021-12-20 15:57:49.676root 11241100x8000000000000000767708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f53061637c02ea62021-12-20 15:57:49.676root 11241100x8000000000000000767709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4365de7c196c90aa2021-12-20 15:57:49.676root 11241100x8000000000000000767710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea47b816233ea84f2021-12-20 15:57:49.677root 11241100x8000000000000000767711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e864af9f6bf050862021-12-20 15:57:49.677root 11241100x8000000000000000767712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32de124232de32e2021-12-20 15:57:49.677root 11241100x8000000000000000767713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35aa27649cf50722021-12-20 15:57:49.677root 11241100x8000000000000000767714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc77c3693fd8e2e2021-12-20 15:57:49.677root 11241100x8000000000000000767715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37eda86ee8e9bc422021-12-20 15:57:49.680root 11241100x8000000000000000767716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadf552e259fdddc2021-12-20 15:57:49.680root 11241100x8000000000000000767717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a40d5a2ecd2deb2021-12-20 15:57:49.680root 11241100x8000000000000000767718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b9f9b837154eea2021-12-20 15:57:49.680root 11241100x8000000000000000767719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9aac558efaa78ec2021-12-20 15:57:49.680root 11241100x8000000000000000767720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b443122889fe18512021-12-20 15:57:49.680root 11241100x8000000000000000767721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c1f6f76f7402d12021-12-20 15:57:49.681root 11241100x8000000000000000767722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95ed92255425db02021-12-20 15:57:49.681root 11241100x8000000000000000767723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cff92d528164bf2021-12-20 15:57:49.681root 11241100x8000000000000000767724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14057f908a603882021-12-20 15:57:49.681root 11241100x8000000000000000767725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c6fd2d2dbf71312021-12-20 15:57:49.681root 11241100x8000000000000000767726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9c57e6ab330e072021-12-20 15:57:49.681root 11241100x8000000000000000767727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1a266a06f92d9e2021-12-20 15:57:49.681root 11241100x8000000000000000767728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66820ef3b7f6b3a12021-12-20 15:57:49.682root 11241100x8000000000000000767729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe36dea6f246a142021-12-20 15:57:49.682root 11241100x8000000000000000767730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9566723ac5553b2021-12-20 15:57:49.682root 11241100x8000000000000000767731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ef5b66ff0fa4d42021-12-20 15:57:49.682root 11241100x8000000000000000767732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc22f7cfb1383ef2021-12-20 15:57:49.682root 11241100x8000000000000000767733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe65c2fbf5a15e72021-12-20 15:57:49.682root 11241100x8000000000000000767734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbbb1766a046f522021-12-20 15:57:49.682root 11241100x8000000000000000767735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b53925355bac2422021-12-20 15:57:49.682root 11241100x8000000000000000767736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84d563cf94930002021-12-20 15:57:49.682root 11241100x8000000000000000767737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5a14aaefcb50242021-12-20 15:57:50.174root 11241100x8000000000000000767738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798313547648b1cc2021-12-20 15:57:50.174root 11241100x8000000000000000767739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd09853ff2dbe2b2021-12-20 15:57:50.174root 11241100x8000000000000000767740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad289dd070181cea2021-12-20 15:57:50.175root 11241100x8000000000000000767741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d250a922b3426a2021-12-20 15:57:50.175root 11241100x8000000000000000767742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493b3f6142675d492021-12-20 15:57:50.175root 11241100x8000000000000000767743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12f5f87d5d2b6bc2021-12-20 15:57:50.175root 11241100x8000000000000000767744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066e7d1b3803d7762021-12-20 15:57:50.175root 11241100x8000000000000000767745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dac8216bb6302b92021-12-20 15:57:50.175root 11241100x8000000000000000767746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e4edd1c76473972021-12-20 15:57:50.175root 11241100x8000000000000000767747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b142e89ed5d1d832021-12-20 15:57:50.176root 11241100x8000000000000000767748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9044ca6587898ddd2021-12-20 15:57:50.176root 11241100x8000000000000000767749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4126e46a2533c1e2021-12-20 15:57:50.176root 11241100x8000000000000000767750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7118b606e4da5cc2021-12-20 15:57:50.176root 11241100x8000000000000000767751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83886e5a394ecc112021-12-20 15:57:50.176root 11241100x8000000000000000767752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae64ff7ada3b3ec2021-12-20 15:57:50.176root 11241100x8000000000000000767753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a429e570f88b0c2021-12-20 15:57:50.176root 11241100x8000000000000000767754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12aa69e086e688612021-12-20 15:57:50.176root 11241100x8000000000000000767755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8207e400634009a02021-12-20 15:57:50.176root 11241100x8000000000000000767756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221aaf7f6e4219032021-12-20 15:57:50.177root 11241100x8000000000000000767757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9821d694968c702021-12-20 15:57:50.177root 11241100x8000000000000000767758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaea4ff55f3e83d2021-12-20 15:57:50.177root 11241100x8000000000000000767759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cbe3ef3c2237d32021-12-20 15:57:50.177root 11241100x8000000000000000767760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f957ec8dc340dd9d2021-12-20 15:57:50.177root 11241100x8000000000000000767761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed70c43c1484a122021-12-20 15:57:50.177root 11241100x8000000000000000767762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6e36bae00c83862021-12-20 15:57:50.177root 11241100x8000000000000000767763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5707417dcf5a4c22021-12-20 15:57:50.177root 11241100x8000000000000000767764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bf2d336f9dbf192021-12-20 15:57:50.178root 11241100x8000000000000000767765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffca35170b157822021-12-20 15:57:50.178root 11241100x8000000000000000767766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c33db63f8f80cc2021-12-20 15:57:50.179root 11241100x8000000000000000767767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e65893dc7fff55b2021-12-20 15:57:50.179root 11241100x8000000000000000767768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b2d1aa1997621f2021-12-20 15:57:50.179root 11241100x8000000000000000767769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3d39d2ba2ffaaf2021-12-20 15:57:50.179root 11241100x8000000000000000767770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2086a3e603e011372021-12-20 15:57:50.179root 11241100x8000000000000000767771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0137120c69333c532021-12-20 15:57:50.179root 11241100x8000000000000000767772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a759c497ecbc1772021-12-20 15:57:50.179root 11241100x8000000000000000767773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7efd4f03dd9e3d2021-12-20 15:57:50.180root 11241100x8000000000000000767774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195ff90b66d544a32021-12-20 15:57:50.180root 11241100x8000000000000000767775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af7a10cac238fa2021-12-20 15:57:50.180root 11241100x8000000000000000767776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b2330e05ce84952021-12-20 15:57:50.181root 11241100x8000000000000000767777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22050c371e5f20e52021-12-20 15:57:50.181root 11241100x8000000000000000767778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19762d0303baec3e2021-12-20 15:57:50.182root 11241100x8000000000000000767779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35909a4790dbe062021-12-20 15:57:50.182root 11241100x8000000000000000767780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daecd992927d6b7e2021-12-20 15:57:50.182root 11241100x8000000000000000767781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a20f3d249873f922021-12-20 15:57:50.183root 11241100x8000000000000000767782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a953d2b967afd12021-12-20 15:57:50.183root 11241100x8000000000000000767783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7985d1555d6fcd5d2021-12-20 15:57:50.184root 11241100x8000000000000000767784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee5e630208841ad2021-12-20 15:57:50.674root 11241100x8000000000000000767785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2867118660af460b2021-12-20 15:57:50.674root 11241100x8000000000000000767786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcc6fe6d741e4262021-12-20 15:57:50.674root 11241100x8000000000000000767787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b4f49cf10d1de62021-12-20 15:57:50.674root 11241100x8000000000000000767788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338530c75f333c552021-12-20 15:57:50.675root 11241100x8000000000000000767789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e6ab7db52ecaab2021-12-20 15:57:50.675root 11241100x8000000000000000767790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ac3ae089088b822021-12-20 15:57:50.675root 11241100x8000000000000000767791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4718008f419f49b42021-12-20 15:57:50.675root 11241100x8000000000000000767792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ec660bd210184a2021-12-20 15:57:50.675root 11241100x8000000000000000767793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b270d7c033e74f02021-12-20 15:57:50.675root 11241100x8000000000000000767794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04469469637626472021-12-20 15:57:50.676root 11241100x8000000000000000767795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d062e5e9cb02562021-12-20 15:57:50.676root 11241100x8000000000000000767796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d940491574fe40002021-12-20 15:57:50.676root 11241100x8000000000000000767797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b753a4090837c3d12021-12-20 15:57:50.676root 11241100x8000000000000000767798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22e4a3b5f97854e2021-12-20 15:57:50.676root 11241100x8000000000000000767799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f55afb021f33972021-12-20 15:57:50.676root 11241100x8000000000000000767800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff52d15fe59742c82021-12-20 15:57:50.676root 11241100x8000000000000000767801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b69a2d8a3bbe6d82021-12-20 15:57:50.676root 11241100x8000000000000000767802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718ce24050c631d72021-12-20 15:57:50.677root 11241100x8000000000000000767803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14cc9f32429e68a2021-12-20 15:57:50.677root 11241100x8000000000000000767804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89e86ad62880f632021-12-20 15:57:50.677root 11241100x8000000000000000767805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56046dae22f0bb272021-12-20 15:57:50.677root 11241100x8000000000000000767806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7470f3e7cc1f992021-12-20 15:57:50.677root 11241100x8000000000000000767807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0ef7dc8539ce222021-12-20 15:57:50.677root 11241100x8000000000000000767808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb23fd769a6695b2021-12-20 15:57:50.677root 11241100x8000000000000000767809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ce3269fccd552e2021-12-20 15:57:50.678root 11241100x8000000000000000767810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42180b56406a2da2021-12-20 15:57:50.678root 11241100x8000000000000000767811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e8daa6739caa0b2021-12-20 15:57:50.678root 11241100x8000000000000000767812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3751f9b7b181d42021-12-20 15:57:50.678root 11241100x8000000000000000767813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08591ada061d1b442021-12-20 15:57:50.678root 11241100x8000000000000000767814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfbefe51b7c01352021-12-20 15:57:50.678root 11241100x8000000000000000767815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cacbbeda34e8ab2021-12-20 15:57:50.679root 11241100x8000000000000000767816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfffc19377586972021-12-20 15:57:50.679root 11241100x8000000000000000767817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0014954f0d784ef32021-12-20 15:57:50.680root 11241100x8000000000000000767818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6866801d77143d9d2021-12-20 15:57:50.681root 11241100x8000000000000000767819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bb14c737fb96de2021-12-20 15:57:50.682root 11241100x8000000000000000767820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3032bb00c82f6d492021-12-20 15:57:50.682root 11241100x8000000000000000767821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a969ee54fc0d541b2021-12-20 15:57:50.683root 11241100x8000000000000000767822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32bfe3059d2ea672021-12-20 15:57:50.684root 11241100x8000000000000000767823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acc9a31e2dc88c72021-12-20 15:57:50.684root 11241100x8000000000000000767824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75ae39eb36fc6172021-12-20 15:57:50.685root 11241100x8000000000000000767825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141463225b1b4ba52021-12-20 15:57:50.685root 11241100x8000000000000000767826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee36bf5dce97dd4d2021-12-20 15:57:50.685root 11241100x8000000000000000767827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591fb79d08e51e322021-12-20 15:57:50.685root 11241100x8000000000000000767828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:50.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b7dec00cc3ca552021-12-20 15:57:50.685root 11241100x8000000000000000767829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afeab517ebc3df52021-12-20 15:57:51.174root 11241100x8000000000000000767830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0624512aeb846d572021-12-20 15:57:51.174root 11241100x8000000000000000767831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a1ca2b1e49ed012021-12-20 15:57:51.174root 11241100x8000000000000000767832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12822f678ad35ca2021-12-20 15:57:51.174root 11241100x8000000000000000767833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4798b44b7f6b3e272021-12-20 15:57:51.174root 11241100x8000000000000000767834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abe8defdc825cbf2021-12-20 15:57:51.174root 11241100x8000000000000000767835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c77ee19d6e465282021-12-20 15:57:51.174root 11241100x8000000000000000767836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5162c62ec07c67202021-12-20 15:57:51.174root 11241100x8000000000000000767837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27aea4a9d80b968e2021-12-20 15:57:51.175root 11241100x8000000000000000767838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043dd157f2e89c392021-12-20 15:57:51.175root 11241100x8000000000000000767839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11045ca277c77b0b2021-12-20 15:57:51.175root 11241100x8000000000000000767840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f993f3c7b709b0b2021-12-20 15:57:51.175root 11241100x8000000000000000767841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27e1b46748206fa2021-12-20 15:57:51.175root 11241100x8000000000000000767842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca54583a467d7e12021-12-20 15:57:51.175root 11241100x8000000000000000767843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28eaa4e576a813aa2021-12-20 15:57:51.175root 11241100x8000000000000000767844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba65841f335147e62021-12-20 15:57:51.175root 11241100x8000000000000000767845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456a03e015a86f4b2021-12-20 15:57:51.175root 11241100x8000000000000000767846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863ce2cd70a6fbe42021-12-20 15:57:51.176root 11241100x8000000000000000767847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dfa1caa2f9eb202021-12-20 15:57:51.176root 11241100x8000000000000000767848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0e9b8bebff2a042021-12-20 15:57:51.176root 11241100x8000000000000000767849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45730186751dee3e2021-12-20 15:57:51.176root 11241100x8000000000000000767850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0524acdd56bb43fc2021-12-20 15:57:51.176root 11241100x8000000000000000767851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036c3afbca845eb92021-12-20 15:57:51.176root 11241100x8000000000000000767852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef1cfb54a7ad9d22021-12-20 15:57:51.176root 11241100x8000000000000000767853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd81931a27d3d1032021-12-20 15:57:51.176root 11241100x8000000000000000767854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddfe5b8ef8c36a52021-12-20 15:57:51.176root 11241100x8000000000000000767855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f860afdc3e4eaffc2021-12-20 15:57:51.177root 11241100x8000000000000000767856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dcbed3174f354a2021-12-20 15:57:51.177root 11241100x8000000000000000767857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798982c03404a2fd2021-12-20 15:57:51.177root 11241100x8000000000000000767858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33dedb2861bd7eb2021-12-20 15:57:51.177root 11241100x8000000000000000767859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c303b5075a5dd5482021-12-20 15:57:51.177root 11241100x8000000000000000767860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4bcb93c5902f912021-12-20 15:57:51.177root 11241100x8000000000000000767861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e85126dd85df82021-12-20 15:57:51.177root 11241100x8000000000000000767862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f355deda97828c3e2021-12-20 15:57:51.177root 11241100x8000000000000000767863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b31ab59d692bd3e2021-12-20 15:57:51.177root 11241100x8000000000000000767864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c46c1064940b0f2021-12-20 15:57:51.177root 11241100x8000000000000000767865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c350a572ab1cc02021-12-20 15:57:51.178root 11241100x8000000000000000767866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2174fa254aca6f2021-12-20 15:57:51.178root 11241100x8000000000000000767867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412af5603db67b422021-12-20 15:57:51.178root 11241100x8000000000000000767868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882e1e0d39ac374d2021-12-20 15:57:51.178root 11241100x8000000000000000767869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8baa99f8ef869d02021-12-20 15:57:51.178root 11241100x8000000000000000767870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa7d8fdce4efc112021-12-20 15:57:51.179root 11241100x8000000000000000767871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46514a9b6dc0e9b52021-12-20 15:57:51.179root 11241100x8000000000000000767872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c5a2d0c80b3fdd2021-12-20 15:57:51.179root 11241100x8000000000000000767873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a432c88818b8aa2f2021-12-20 15:57:51.179root 11241100x8000000000000000767874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3c35611375b6302021-12-20 15:57:51.179root 11241100x8000000000000000767875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198a2b4768f411052021-12-20 15:57:51.179root 11241100x8000000000000000767876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5594bbe683a960e2021-12-20 15:57:51.179root 11241100x8000000000000000767877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c629eb8f3e16ee1a2021-12-20 15:57:51.179root 11241100x8000000000000000767878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534f77c0944b1d192021-12-20 15:57:51.179root 11241100x8000000000000000767879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a7f3a7df7143e52021-12-20 15:57:51.180root 11241100x8000000000000000767880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b539a917eb78772021-12-20 15:57:51.180root 11241100x8000000000000000767881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103bb99f7d4ede8c2021-12-20 15:57:51.180root 11241100x8000000000000000767882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4706f5b338ccee2c2021-12-20 15:57:51.674root 11241100x8000000000000000767883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af6f73a3f6ee9c32021-12-20 15:57:51.674root 11241100x8000000000000000767884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ca6d063520f3e22021-12-20 15:57:51.674root 11241100x8000000000000000767885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d188ab3be6aa0282021-12-20 15:57:51.675root 11241100x8000000000000000767886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4815e4a43d03abb02021-12-20 15:57:51.675root 11241100x8000000000000000767887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6221dfd2baef5782021-12-20 15:57:51.675root 11241100x8000000000000000767888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a708d32acd16d1592021-12-20 15:57:51.675root 11241100x8000000000000000767889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968bf3a15427cdcc2021-12-20 15:57:51.675root 11241100x8000000000000000767890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d63b933720db172021-12-20 15:57:51.675root 11241100x8000000000000000767891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c60f7e9cf080872021-12-20 15:57:51.675root 11241100x8000000000000000767892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b2d5e6fb2b7682021-12-20 15:57:51.675root 11241100x8000000000000000767893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47d6814a75d0af02021-12-20 15:57:51.675root 11241100x8000000000000000767894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d885f31b3c202e2021-12-20 15:57:51.676root 11241100x8000000000000000767895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0825cc2e19d3e1d2021-12-20 15:57:51.676root 11241100x8000000000000000767896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1362791fa77ff02021-12-20 15:57:51.676root 11241100x8000000000000000767897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6743dcdfa2f62352021-12-20 15:57:51.676root 11241100x8000000000000000767898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e27609a0d8ac9a2021-12-20 15:57:51.676root 11241100x8000000000000000767899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b14afbb3d5bdc1d2021-12-20 15:57:51.677root 11241100x8000000000000000767900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b52706c238e1cc2021-12-20 15:57:51.677root 11241100x8000000000000000767901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b72fe5c8d32ad1e2021-12-20 15:57:51.677root 11241100x8000000000000000767902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b50baaa3463e7e02021-12-20 15:57:51.677root 11241100x8000000000000000767903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1523c2c64537b82021-12-20 15:57:51.677root 11241100x8000000000000000767904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63b13f305904abb2021-12-20 15:57:51.678root 11241100x8000000000000000767905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437afc533a8840e22021-12-20 15:57:51.678root 11241100x8000000000000000767906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65967d30d5ae3c1a2021-12-20 15:57:51.678root 11241100x8000000000000000767907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d88ad39d53fa142021-12-20 15:57:51.678root 11241100x8000000000000000767908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848c33f843ac53d22021-12-20 15:57:51.678root 11241100x8000000000000000767909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f88e2900c638f832021-12-20 15:57:51.678root 11241100x8000000000000000767910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c1ce442cb5fc802021-12-20 15:57:51.679root 11241100x8000000000000000767911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550b4497df18abcb2021-12-20 15:57:51.679root 11241100x8000000000000000767912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c58dfd5cfbe32012021-12-20 15:57:51.679root 11241100x8000000000000000767913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9dd89b16820c0c2021-12-20 15:57:51.679root 11241100x8000000000000000767914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4829b3a4ab1f3df2021-12-20 15:57:51.679root 11241100x8000000000000000767915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd438cbebaa395ba2021-12-20 15:57:51.679root 11241100x8000000000000000767916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6488994c7e5d8a92021-12-20 15:57:51.680root 11241100x8000000000000000767917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ae4a1ad3caf0302021-12-20 15:57:51.680root 11241100x8000000000000000767918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd65a31e7436cd1d2021-12-20 15:57:51.680root 11241100x8000000000000000767919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f00964f19b72efe2021-12-20 15:57:51.681root 11241100x8000000000000000767920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f23312372fbe862021-12-20 15:57:51.681root 11241100x8000000000000000767921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d2150056d447e02021-12-20 15:57:51.681root 11241100x8000000000000000767922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328503be0f11952e2021-12-20 15:57:51.682root 11241100x8000000000000000767923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:51.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a293c5b15e62156f2021-12-20 15:57:51.682root 11241100x8000000000000000767924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52dd85a2989b8d12021-12-20 15:57:52.175root 11241100x8000000000000000767925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0c6eabfeabacf72021-12-20 15:57:52.175root 11241100x8000000000000000767926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9c79d539a025dc2021-12-20 15:57:52.175root 11241100x8000000000000000767927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643a180db3978e562021-12-20 15:57:52.175root 11241100x8000000000000000767928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37a7b0fd2aca0102021-12-20 15:57:52.176root 11241100x8000000000000000767929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46400166d7efbab32021-12-20 15:57:52.176root 11241100x8000000000000000767930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ca7d8bc03d74d32021-12-20 15:57:52.176root 11241100x8000000000000000767931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5902c8737db6d95e2021-12-20 15:57:52.176root 11241100x8000000000000000767932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fd4080d5219f5e2021-12-20 15:57:52.177root 11241100x8000000000000000767933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d51982845acffb2021-12-20 15:57:52.177root 11241100x8000000000000000767934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b38a9a7fa611c942021-12-20 15:57:52.177root 11241100x8000000000000000767935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7e291bbc1080942021-12-20 15:57:52.177root 11241100x8000000000000000767936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c3d9d38624afe32021-12-20 15:57:52.177root 11241100x8000000000000000767937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88cb787161a91e52021-12-20 15:57:52.177root 11241100x8000000000000000767938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf65a9df1f751b92021-12-20 15:57:52.177root 11241100x8000000000000000767939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa842252fbf76622021-12-20 15:57:52.177root 11241100x8000000000000000767940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a256d3eff9c4402021-12-20 15:57:52.177root 11241100x8000000000000000767941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d415944dbb909acf2021-12-20 15:57:52.177root 11241100x8000000000000000767942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453ace4e9550acd32021-12-20 15:57:52.177root 11241100x8000000000000000767943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5958905c9a46380f2021-12-20 15:57:52.177root 11241100x8000000000000000767944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307b50db75be2bcb2021-12-20 15:57:52.178root 11241100x8000000000000000767945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399ce5824e6997fe2021-12-20 15:57:52.178root 11241100x8000000000000000767946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3309cd934f51c0dd2021-12-20 15:57:52.178root 11241100x8000000000000000767947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329d384660612ab52021-12-20 15:57:52.178root 11241100x8000000000000000767948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76367bc31fe1cae2021-12-20 15:57:52.178root 11241100x8000000000000000767949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c219c396f02686882021-12-20 15:57:52.178root 11241100x8000000000000000767950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b1876ffaba22f42021-12-20 15:57:52.178root 11241100x8000000000000000767951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaa4cdbce818f192021-12-20 15:57:52.178root 11241100x8000000000000000767952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdd6ed6d52176f02021-12-20 15:57:52.178root 11241100x8000000000000000767953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4763f353d44469d52021-12-20 15:57:52.178root 11241100x8000000000000000767954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9485c89a4702f2d42021-12-20 15:57:52.178root 11241100x8000000000000000767955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1691bc41d8e741cb2021-12-20 15:57:52.179root 11241100x8000000000000000767956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bca5f2bf2a4d962021-12-20 15:57:52.179root 11241100x8000000000000000767957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5415a11803943d2021-12-20 15:57:52.179root 11241100x8000000000000000767958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9df9ecf3f2c1fa82021-12-20 15:57:52.179root 11241100x8000000000000000767959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6979f0199c17da332021-12-20 15:57:52.179root 11241100x8000000000000000767960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5900b3708adbab032021-12-20 15:57:52.179root 11241100x8000000000000000767961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c657ac465290f9862021-12-20 15:57:52.180root 11241100x8000000000000000767962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4516e9fb428100d72021-12-20 15:57:52.674root 11241100x8000000000000000767963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eee574e41d072b72021-12-20 15:57:52.674root 11241100x8000000000000000767964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2d72311ae1a57a2021-12-20 15:57:52.674root 11241100x8000000000000000767965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5539ab4d602836c2021-12-20 15:57:52.674root 11241100x8000000000000000767966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9b32f1b625a86f2021-12-20 15:57:52.674root 11241100x8000000000000000767967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441902ce7fa8c2362021-12-20 15:57:52.674root 11241100x8000000000000000767968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c8f6f309cf4b642021-12-20 15:57:52.675root 11241100x8000000000000000767969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7809a16b2f7aea4b2021-12-20 15:57:52.675root 11241100x8000000000000000767970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2774f02a461e54a62021-12-20 15:57:52.675root 11241100x8000000000000000767971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575cb723507733bd2021-12-20 15:57:52.675root 11241100x8000000000000000767972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c161e49aa0015c12021-12-20 15:57:52.675root 11241100x8000000000000000767973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4677baad417860762021-12-20 15:57:52.675root 11241100x8000000000000000767974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb4acea21a48bab2021-12-20 15:57:52.676root 11241100x8000000000000000767975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2c3c52f3f8c8f72021-12-20 15:57:52.676root 11241100x8000000000000000767976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b04ac7e464079fd2021-12-20 15:57:52.677root 11241100x8000000000000000767977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9328cf4af36130612021-12-20 15:57:52.677root 11241100x8000000000000000767978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484fd543cfd038552021-12-20 15:57:52.677root 11241100x8000000000000000767979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444bc902d3c57fed2021-12-20 15:57:52.678root 11241100x8000000000000000767980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c0800333e7cb502021-12-20 15:57:52.679root 11241100x8000000000000000767981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba029ea4e35826312021-12-20 15:57:52.680root 11241100x8000000000000000767982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523df48d072ada922021-12-20 15:57:52.680root 11241100x8000000000000000767983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19f3584477bc28d2021-12-20 15:57:52.681root 11241100x8000000000000000767984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c5d53346d3559f2021-12-20 15:57:52.681root 11241100x8000000000000000767985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8983b0e1ad221d9a2021-12-20 15:57:52.681root 11241100x8000000000000000767986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0949547fdd050c2021-12-20 15:57:52.681root 11241100x8000000000000000767987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e01bc5476bb3012021-12-20 15:57:52.682root 11241100x8000000000000000767988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2da455a2fa8ab212021-12-20 15:57:52.682root 11241100x8000000000000000767989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ecd0d49236af522021-12-20 15:57:52.683root 11241100x8000000000000000767990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ffaac03f434de22021-12-20 15:57:52.683root 11241100x8000000000000000767991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e28e13a1ed58212021-12-20 15:57:52.683root 11241100x8000000000000000767992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7713310d8bc28b2a2021-12-20 15:57:52.683root 11241100x8000000000000000767993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac939030d0e7429a2021-12-20 15:57:52.683root 11241100x8000000000000000767994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b62569a314d376a2021-12-20 15:57:52.684root 11241100x8000000000000000767995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119e407c0aca0fa12021-12-20 15:57:52.684root 11241100x8000000000000000767996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d33cf2b11bc07172021-12-20 15:57:52.684root 11241100x8000000000000000767997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169489aba9f902082021-12-20 15:57:52.684root 11241100x8000000000000000767998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf7632c6026debd2021-12-20 15:57:52.685root 11241100x8000000000000000767999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f83d8475c669a12021-12-20 15:57:52.685root 11241100x8000000000000000768000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c386e49667173f82021-12-20 15:57:52.685root 11241100x8000000000000000768001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54df3a2107e228862021-12-20 15:57:52.685root 11241100x8000000000000000768002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd33d6b665f86032021-12-20 15:57:52.686root 11241100x8000000000000000768003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab296f3a1053fc412021-12-20 15:57:52.686root 11241100x8000000000000000768004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241712cfcfc456c42021-12-20 15:57:52.686root 11241100x8000000000000000768005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92c75994899202a2021-12-20 15:57:52.686root 11241100x8000000000000000768006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.687{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4376c9662495b432021-12-20 15:57:52.687root 11241100x8000000000000000768007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.687{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6b39218f3e31b32021-12-20 15:57:52.687root 11241100x8000000000000000768008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.687{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e2f8722ad840512021-12-20 15:57:52.687root 11241100x8000000000000000768009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.687{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430d01a224efbe9a2021-12-20 15:57:52.687root 11241100x8000000000000000768010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:52.688{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e6401aa41842352021-12-20 15:57:52.688root 11241100x8000000000000000768011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b626ff8d28c2de152021-12-20 15:57:53.174root 11241100x8000000000000000768012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5bd03b15d2ba922021-12-20 15:57:53.174root 11241100x8000000000000000768013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17230740b59e73d42021-12-20 15:57:53.174root 11241100x8000000000000000768014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4709e66c64ce00712021-12-20 15:57:53.175root 11241100x8000000000000000768015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825d147d2c2c07982021-12-20 15:57:53.175root 11241100x8000000000000000768016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4044e056322cc1a12021-12-20 15:57:53.175root 11241100x8000000000000000768017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecbffb7d9f8a52a2021-12-20 15:57:53.175root 11241100x8000000000000000768018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d90635de79820f22021-12-20 15:57:53.175root 11241100x8000000000000000768019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bececc085704422021-12-20 15:57:53.175root 11241100x8000000000000000768020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff4b19279f7c6ba2021-12-20 15:57:53.176root 11241100x8000000000000000768021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e005ffa80c431f2021-12-20 15:57:53.176root 11241100x8000000000000000768022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae4f8cf5e464f5d2021-12-20 15:57:53.176root 11241100x8000000000000000768023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0e29ace64cef4c2021-12-20 15:57:53.176root 11241100x8000000000000000768024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c088cdf0e1cf572021-12-20 15:57:53.176root 11241100x8000000000000000768025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f289d6f06bc5e76f2021-12-20 15:57:53.176root 11241100x8000000000000000768026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b8db44e572dd792021-12-20 15:57:53.176root 11241100x8000000000000000768027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f70d7e8fc934d22021-12-20 15:57:53.176root 11241100x8000000000000000768028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acde78a03ade50e12021-12-20 15:57:53.176root 11241100x8000000000000000768029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565d3b01d56444702021-12-20 15:57:53.176root 11241100x8000000000000000768030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ee2e17f1be7b872021-12-20 15:57:53.176root 11241100x8000000000000000768031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e17ec056757b2362021-12-20 15:57:53.177root 11241100x8000000000000000768032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a87ed8cd1862892021-12-20 15:57:53.177root 11241100x8000000000000000768033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50267544ac87be7d2021-12-20 15:57:53.178root 11241100x8000000000000000768034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374fd85a6d2574ac2021-12-20 15:57:53.178root 11241100x8000000000000000768035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f54924cf77048cb2021-12-20 15:57:53.178root 11241100x8000000000000000768036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1ae5f251b30be72021-12-20 15:57:53.178root 11241100x8000000000000000768037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e9f1b27002de362021-12-20 15:57:53.178root 11241100x8000000000000000768038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ec266039eaa66b2021-12-20 15:57:53.178root 11241100x8000000000000000768039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de90e06a2fda1eaa2021-12-20 15:57:53.179root 11241100x8000000000000000768040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f902bbf452c3202021-12-20 15:57:53.179root 11241100x8000000000000000768041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a01a535cbbda052021-12-20 15:57:53.179root 11241100x8000000000000000768042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb745ccb4482c5d72021-12-20 15:57:53.179root 11241100x8000000000000000768043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b0b4c2a7f0ac392021-12-20 15:57:53.179root 11241100x8000000000000000768044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b28c719979a906f2021-12-20 15:57:53.179root 11241100x8000000000000000768045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ae121bcfea221a2021-12-20 15:57:53.179root 11241100x8000000000000000768046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44154336c74ab6f72021-12-20 15:57:53.179root 11241100x8000000000000000768047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd44ee0800ad6c52021-12-20 15:57:53.179root 11241100x8000000000000000768048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b29375314c5ab72021-12-20 15:57:53.180root 11241100x8000000000000000768049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0eb6f3842d6fe52021-12-20 15:57:53.180root 11241100x8000000000000000768050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bc683f1b789cc92021-12-20 15:57:53.180root 11241100x8000000000000000768051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850272b2033504022021-12-20 15:57:53.180root 11241100x8000000000000000768052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1edb0de02feaac82021-12-20 15:57:53.180root 11241100x8000000000000000768053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f267f8f9aded5b0b2021-12-20 15:57:53.180root 11241100x8000000000000000768054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7b9465b148fb942021-12-20 15:57:53.674root 11241100x8000000000000000768055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c329b0eaf8c2b02021-12-20 15:57:53.674root 11241100x8000000000000000768056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7176d7f5b01d0b8b2021-12-20 15:57:53.674root 11241100x8000000000000000768057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdede9607b2e79fd2021-12-20 15:57:53.674root 11241100x8000000000000000768058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9d89489511b47e2021-12-20 15:57:53.674root 11241100x8000000000000000768059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3ddfea5d13f1422021-12-20 15:57:53.674root 11241100x8000000000000000768060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e652182aad528192021-12-20 15:57:53.674root 11241100x8000000000000000768061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845306d540a8fca12021-12-20 15:57:53.674root 11241100x8000000000000000768062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5581bb4dee6665582021-12-20 15:57:53.675root 11241100x8000000000000000768063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121d100f1301a7e92021-12-20 15:57:53.675root 11241100x8000000000000000768064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6a7a296624ea482021-12-20 15:57:53.675root 11241100x8000000000000000768065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0369e4396ae18e82021-12-20 15:57:53.675root 11241100x8000000000000000768066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b509a74b5a00e012021-12-20 15:57:53.675root 11241100x8000000000000000768067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddd80fe7c980a912021-12-20 15:57:53.676root 11241100x8000000000000000768068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38abeb1e319640252021-12-20 15:57:53.676root 11241100x8000000000000000768069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea868fe4ed6fc8e2021-12-20 15:57:53.676root 11241100x8000000000000000768070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31e5eb8738389582021-12-20 15:57:53.676root 11241100x8000000000000000768071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfaeeb6e335fa3d2021-12-20 15:57:53.677root 11241100x8000000000000000768072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a00a645f3051a0d2021-12-20 15:57:53.677root 11241100x8000000000000000768073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf726243a5b2a022021-12-20 15:57:53.678root 11241100x8000000000000000768074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf7931815a5c6002021-12-20 15:57:53.678root 11241100x8000000000000000768075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce919e3cec8b05a2021-12-20 15:57:53.678root 11241100x8000000000000000768076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d286f06d03e242021-12-20 15:57:53.679root 11241100x8000000000000000768077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7583e33fac3577b82021-12-20 15:57:53.679root 11241100x8000000000000000768078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825e6842902887bb2021-12-20 15:57:53.679root 11241100x8000000000000000768079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc20de06d129ee4e2021-12-20 15:57:53.679root 11241100x8000000000000000768080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad779455a292efd22021-12-20 15:57:53.680root 11241100x8000000000000000768081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c144e8122f4f6b2021-12-20 15:57:53.680root 11241100x8000000000000000768082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0a3e23fceee1262021-12-20 15:57:53.680root 11241100x8000000000000000768083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d2433526d6a4f42021-12-20 15:57:53.681root 11241100x8000000000000000768084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52b59d5856411bd2021-12-20 15:57:53.681root 11241100x8000000000000000768085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe5b327526a8e52021-12-20 15:57:53.681root 11241100x8000000000000000768086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600c924b9b06ba022021-12-20 15:57:53.681root 11241100x8000000000000000768087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362318fab43801482021-12-20 15:57:53.682root 11241100x8000000000000000768088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4095b5749ed9bbf12021-12-20 15:57:53.682root 11241100x8000000000000000768089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532420aa6ec81ce52021-12-20 15:57:53.682root 11241100x8000000000000000768090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76205e736e06a7e02021-12-20 15:57:53.682root 11241100x8000000000000000768091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c3d484298f61702021-12-20 15:57:53.683root 11241100x8000000000000000768092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156ebd58f053bfcc2021-12-20 15:57:53.684root 11241100x8000000000000000768093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266304a675c4cc042021-12-20 15:57:53.684root 11241100x8000000000000000768094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cecdbfaaaccf68b2021-12-20 15:57:53.684root 11241100x8000000000000000768095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a30662efb23132021-12-20 15:57:53.684root 11241100x8000000000000000768096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7668e870754702732021-12-20 15:57:53.684root 11241100x8000000000000000768097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bed8aa0c3656a02021-12-20 15:57:53.684root 11241100x8000000000000000768098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323cf89437cb989d2021-12-20 15:57:53.684root 11241100x8000000000000000768099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d46f238309afabc2021-12-20 15:57:53.684root 11241100x8000000000000000768100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2464920d135b9b2f2021-12-20 15:57:53.684root 11241100x8000000000000000768101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:53.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b65c09ee1e2adb2021-12-20 15:57:53.684root 11241100x8000000000000000768102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9888009b4e69d7412021-12-20 15:57:54.174root 11241100x8000000000000000768103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30e9f928362ac902021-12-20 15:57:54.174root 11241100x8000000000000000768104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7547968a4fd942c2021-12-20 15:57:54.174root 11241100x8000000000000000768105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e41309eb09958232021-12-20 15:57:54.174root 11241100x8000000000000000768106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96ab9c8832b56c92021-12-20 15:57:54.175root 11241100x8000000000000000768107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc8897cf90fcce02021-12-20 15:57:54.175root 11241100x8000000000000000768108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b80340bf6274982021-12-20 15:57:54.175root 11241100x8000000000000000768109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580ba5fa578211132021-12-20 15:57:54.175root 11241100x8000000000000000768110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806ba7fe6e2307da2021-12-20 15:57:54.175root 11241100x8000000000000000768111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256f5b50eec26d032021-12-20 15:57:54.175root 11241100x8000000000000000768112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb15ebaf1666f082021-12-20 15:57:54.175root 11241100x8000000000000000768113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2ecbbb24d3a18e2021-12-20 15:57:54.175root 11241100x8000000000000000768114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3165b4c7c51177cb2021-12-20 15:57:54.175root 11241100x8000000000000000768115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2880da79564648bb2021-12-20 15:57:54.175root 11241100x8000000000000000768116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256f3bcb8f4b458b2021-12-20 15:57:54.175root 11241100x8000000000000000768117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcc3b8554f97d352021-12-20 15:57:54.176root 11241100x8000000000000000768118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b3db4152c6eb672021-12-20 15:57:54.176root 11241100x8000000000000000768119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70486afc6548b6f22021-12-20 15:57:54.176root 11241100x8000000000000000768120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc776cdf8122a142021-12-20 15:57:54.176root 11241100x8000000000000000768121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978c73dbdaae29272021-12-20 15:57:54.176root 11241100x8000000000000000768122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21acd6679d8a1c4e2021-12-20 15:57:54.176root 11241100x8000000000000000768123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f30678a42bd1542021-12-20 15:57:54.176root 11241100x8000000000000000768124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ddd4b4d4189a3b2021-12-20 15:57:54.176root 11241100x8000000000000000768125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdf3aa1a36e24662021-12-20 15:57:54.176root 11241100x8000000000000000768126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f4d81bd63e77382021-12-20 15:57:54.176root 11241100x8000000000000000768127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8362b0ea17449f22021-12-20 15:57:54.177root 11241100x8000000000000000768128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e5c6cdd52e01572021-12-20 15:57:54.177root 11241100x8000000000000000768129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecbe08e4ece04992021-12-20 15:57:54.177root 11241100x8000000000000000768130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade21d313b031b282021-12-20 15:57:54.177root 11241100x8000000000000000768131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae6b418f2aaf8a22021-12-20 15:57:54.177root 11241100x8000000000000000768132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a2fd36097183a82021-12-20 15:57:54.177root 11241100x8000000000000000768133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae670a7e9782a162021-12-20 15:57:54.177root 11241100x8000000000000000768134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04162d7aff73f8e2021-12-20 15:57:54.178root 11241100x8000000000000000768135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feead72d7e99856f2021-12-20 15:57:54.178root 11241100x8000000000000000768136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282c0d23aa90eca52021-12-20 15:57:54.178root 11241100x8000000000000000768137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db95408cb3a7629a2021-12-20 15:57:54.178root 11241100x8000000000000000768138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd5e539d5341f832021-12-20 15:57:54.178root 11241100x8000000000000000768139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80e2d2b325a178e2021-12-20 15:57:54.178root 11241100x8000000000000000768140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4de32428af8dc2d2021-12-20 15:57:54.178root 11241100x8000000000000000768141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5461e715fb823d1a2021-12-20 15:57:54.178root 11241100x8000000000000000768142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845056c8f91a6b252021-12-20 15:57:54.178root 11241100x8000000000000000768143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9683b1c504c8ce682021-12-20 15:57:54.179root 11241100x8000000000000000768144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6663d6f373176872021-12-20 15:57:54.675root 11241100x8000000000000000768145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd3c1ab754cefd52021-12-20 15:57:54.675root 11241100x8000000000000000768146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1501ee50ee2f222021-12-20 15:57:54.675root 11241100x8000000000000000768147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab76f4276001f7482021-12-20 15:57:54.675root 11241100x8000000000000000768148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c84b086fd6bea22021-12-20 15:57:54.675root 11241100x8000000000000000768149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e9a6b24c3b88702021-12-20 15:57:54.675root 11241100x8000000000000000768150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b084173dc7106c2021-12-20 15:57:54.675root 11241100x8000000000000000768151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba45a2fefe491d72021-12-20 15:57:54.675root 11241100x8000000000000000768152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76925dc818a752c42021-12-20 15:57:54.676root 11241100x8000000000000000768153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48f35eecd520a4f2021-12-20 15:57:54.676root 11241100x8000000000000000768154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5e9687ca0fde632021-12-20 15:57:54.676root 11241100x8000000000000000768155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24a3ae7d84537dd2021-12-20 15:57:54.676root 11241100x8000000000000000768156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48d7b173efedc2a2021-12-20 15:57:54.676root 11241100x8000000000000000768157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42593beaa47d3d92021-12-20 15:57:54.676root 11241100x8000000000000000768158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a261b7334cffdd2021-12-20 15:57:54.676root 11241100x8000000000000000768159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956a333da833347d2021-12-20 15:57:54.676root 11241100x8000000000000000768160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5270c3e5abd41cee2021-12-20 15:57:54.676root 11241100x8000000000000000768161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40ea73b7b2acdae2021-12-20 15:57:54.677root 11241100x8000000000000000768162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70605c2eae15af92021-12-20 15:57:54.677root 11241100x8000000000000000768163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb0d1bee50b88952021-12-20 15:57:54.677root 11241100x8000000000000000768164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9384ade7f0f8b6d42021-12-20 15:57:54.677root 11241100x8000000000000000768165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5929c4d19898b1572021-12-20 15:57:54.677root 11241100x8000000000000000768166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536da5775fef12dd2021-12-20 15:57:54.677root 11241100x8000000000000000768167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1c3265e6abaaa72021-12-20 15:57:54.677root 11241100x8000000000000000768168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc94b4b1a2dd1b232021-12-20 15:57:54.677root 11241100x8000000000000000768169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f383ad48e577a72021-12-20 15:57:54.678root 11241100x8000000000000000768170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83b035816c42af92021-12-20 15:57:54.678root 11241100x8000000000000000768171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff07874896d59c3c2021-12-20 15:57:54.678root 11241100x8000000000000000768172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bf70d12b3a7eea2021-12-20 15:57:54.678root 11241100x8000000000000000768173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293069bd46f1dbf62021-12-20 15:57:54.678root 11241100x8000000000000000768174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4154e1f0d6a604f32021-12-20 15:57:54.678root 11241100x8000000000000000768175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381e2db81d201d612021-12-20 15:57:54.678root 11241100x8000000000000000768176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e3f78a97fd12202021-12-20 15:57:54.678root 11241100x8000000000000000768177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682b02ee1e8132c12021-12-20 15:57:54.679root 11241100x8000000000000000768178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dcf39fcdb99bd12021-12-20 15:57:54.679root 11241100x8000000000000000768179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b245e924c50ff70e2021-12-20 15:57:54.679root 11241100x8000000000000000768180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:54.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31083ed0753ee1a22021-12-20 15:57:54.679root 11241100x8000000000000000768181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b0f326bfd25e8a2021-12-20 15:57:55.174root 11241100x8000000000000000768182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a24945f5398e072021-12-20 15:57:55.174root 11241100x8000000000000000768183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129b20539bd2d41d2021-12-20 15:57:55.174root 11241100x8000000000000000768184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e305dbba4490ae232021-12-20 15:57:55.174root 11241100x8000000000000000768185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707d2091f9e770a22021-12-20 15:57:55.174root 11241100x8000000000000000768186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a16fb81e0f28292021-12-20 15:57:55.174root 11241100x8000000000000000768187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7585b37510e625e2021-12-20 15:57:55.174root 11241100x8000000000000000768188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bba67163bf0a2ef2021-12-20 15:57:55.175root 11241100x8000000000000000768189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ccf75a963ef3ac2021-12-20 15:57:55.175root 11241100x8000000000000000768190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2a47814b298ccb2021-12-20 15:57:55.175root 11241100x8000000000000000768191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef26373a94a137ed2021-12-20 15:57:55.175root 11241100x8000000000000000768192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8523b965fbba8182021-12-20 15:57:55.175root 11241100x8000000000000000768193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45060295c3ad5dad2021-12-20 15:57:55.175root 11241100x8000000000000000768194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15179c450b7aa0662021-12-20 15:57:55.175root 11241100x8000000000000000768195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848878778ac064872021-12-20 15:57:55.175root 11241100x8000000000000000768196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fb4ff0a7e5e6f22021-12-20 15:57:55.175root 11241100x8000000000000000768197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f62cf25d2cfebb2021-12-20 15:57:55.176root 11241100x8000000000000000768198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19674687ec4447822021-12-20 15:57:55.176root 11241100x8000000000000000768199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb11291c6165cef2021-12-20 15:57:55.176root 11241100x8000000000000000768200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef2489b8089ecf62021-12-20 15:57:55.176root 11241100x8000000000000000768201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a32bef8daf32bfc2021-12-20 15:57:55.176root 11241100x8000000000000000768202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abd3426a42bcc232021-12-20 15:57:55.176root 11241100x8000000000000000768203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a750970e8e2fb6fa2021-12-20 15:57:55.176root 11241100x8000000000000000768204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00f6f0d29ba35c52021-12-20 15:57:55.177root 11241100x8000000000000000768205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e88c8b322c195e2021-12-20 15:57:55.177root 11241100x8000000000000000768206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7154a8e40617b1972021-12-20 15:57:55.177root 11241100x8000000000000000768207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d18fabf3c7859e62021-12-20 15:57:55.177root 11241100x8000000000000000768208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f261486d223876912021-12-20 15:57:55.177root 11241100x8000000000000000768209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbcf395f3545fb92021-12-20 15:57:55.177root 11241100x8000000000000000768210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a28657718c9cc652021-12-20 15:57:55.177root 11241100x8000000000000000768211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ed6f3b5b10e5e12021-12-20 15:57:55.177root 11241100x8000000000000000768212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a475a0de729645402021-12-20 15:57:55.177root 11241100x8000000000000000768213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7037f66e1f6d7ab2021-12-20 15:57:55.177root 11241100x8000000000000000768214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfd852ec1dc48482021-12-20 15:57:55.178root 11241100x8000000000000000768215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1e95580b3f9e962021-12-20 15:57:55.178root 11241100x8000000000000000768216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3917b3a8ed4c8bc2021-12-20 15:57:55.178root 11241100x8000000000000000768217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f10ef0a54704962021-12-20 15:57:55.178root 11241100x8000000000000000768218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293a908d834ff8612021-12-20 15:57:55.178root 11241100x8000000000000000768219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3c7e98d7897bf32021-12-20 15:57:55.178root 11241100x8000000000000000768220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77aa2c696ae22ca2021-12-20 15:57:55.178root 11241100x8000000000000000768221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cab51a623b18002021-12-20 15:57:55.178root 11241100x8000000000000000768222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b27c97b7b73e8cf2021-12-20 15:57:55.178root 11241100x8000000000000000768223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61cbd43a27e12af2021-12-20 15:57:55.179root 11241100x8000000000000000768224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e98a2fc067149592021-12-20 15:57:55.179root 11241100x8000000000000000768225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8860c87c772ac352021-12-20 15:57:55.179root 11241100x8000000000000000768226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041e9ce72646159f2021-12-20 15:57:55.179root 11241100x8000000000000000768227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f589aaaeee1a2e72021-12-20 15:57:55.179root 354300x8000000000000000768228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.183{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51434-false10.0.1.12-8000- 11241100x8000000000000000768229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b93f52a8353c84b2021-12-20 15:57:55.674root 11241100x8000000000000000768230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb59eb3ae47204dd2021-12-20 15:57:55.674root 11241100x8000000000000000768231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe78a66f883ecc2a2021-12-20 15:57:55.675root 11241100x8000000000000000768232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c32ef4f089c9a72021-12-20 15:57:55.675root 11241100x8000000000000000768233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c31b95f017392a32021-12-20 15:57:55.675root 11241100x8000000000000000768234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f35beb789221ba2021-12-20 15:57:55.675root 11241100x8000000000000000768235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010ea893dceed44d2021-12-20 15:57:55.675root 11241100x8000000000000000768236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73226aa64da31ec82021-12-20 15:57:55.675root 11241100x8000000000000000768237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d424bba7c1987cff2021-12-20 15:57:55.675root 11241100x8000000000000000768238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0ae0a0fc1087402021-12-20 15:57:55.675root 11241100x8000000000000000768239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e9cf37381cc1b32021-12-20 15:57:55.676root 11241100x8000000000000000768240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51ca9f271774d972021-12-20 15:57:55.676root 11241100x8000000000000000768241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1187e2792b8382de2021-12-20 15:57:55.676root 11241100x8000000000000000768242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306c1404c2a746762021-12-20 15:57:55.676root 11241100x8000000000000000768243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9f5959db0553c12021-12-20 15:57:55.676root 11241100x8000000000000000768244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5575f19ef7e301152021-12-20 15:57:55.676root 11241100x8000000000000000768245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98cb6f58df7290d2021-12-20 15:57:55.676root 11241100x8000000000000000768246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cf02ec63174b512021-12-20 15:57:55.676root 11241100x8000000000000000768247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa52a1b3b028c0852021-12-20 15:57:55.677root 11241100x8000000000000000768248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff173749e3f78832021-12-20 15:57:55.677root 11241100x8000000000000000768249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fc206451a8091c2021-12-20 15:57:55.677root 11241100x8000000000000000768250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cfcbbb25c4444c2021-12-20 15:57:55.677root 11241100x8000000000000000768251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea60d16869b1e912021-12-20 15:57:55.677root 11241100x8000000000000000768252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309b978d8f8299962021-12-20 15:57:55.677root 11241100x8000000000000000768253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7ee0160cf3c7282021-12-20 15:57:55.677root 11241100x8000000000000000768254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a44d528e718813d2021-12-20 15:57:55.678root 11241100x8000000000000000768255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c6dd067ce604b12021-12-20 15:57:55.678root 11241100x8000000000000000768256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2681b4def8ef8a32021-12-20 15:57:55.678root 11241100x8000000000000000768257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dc6681619e864e2021-12-20 15:57:55.678root 11241100x8000000000000000768258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b88193cb47af462021-12-20 15:57:55.678root 11241100x8000000000000000768259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbfd320e3f812002021-12-20 15:57:55.678root 11241100x8000000000000000768260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e530f6e2d8e890892021-12-20 15:57:55.678root 11241100x8000000000000000768261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac586dde0c3931372021-12-20 15:57:55.678root 11241100x8000000000000000768262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce42e7251a0202532021-12-20 15:57:55.678root 11241100x8000000000000000768263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7518d6280d59a5d2021-12-20 15:57:55.679root 11241100x8000000000000000768264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf24244cd4dbf122021-12-20 15:57:55.679root 11241100x8000000000000000768265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b867d96c25e092f2021-12-20 15:57:55.679root 11241100x8000000000000000768266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48febd272719b6032021-12-20 15:57:55.679root 11241100x8000000000000000768267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7563fd17f4a65d9f2021-12-20 15:57:55.679root 11241100x8000000000000000768268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0b3c53afc0df302021-12-20 15:57:55.679root 11241100x8000000000000000768269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bc592743aa875d2021-12-20 15:57:55.679root 11241100x8000000000000000768270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623151c6753b79b72021-12-20 15:57:56.175root 11241100x8000000000000000768271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0903210f0f7dfd492021-12-20 15:57:56.175root 11241100x8000000000000000768272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d4a99f2de4335e2021-12-20 15:57:56.175root 11241100x8000000000000000768273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817425481ed6b4462021-12-20 15:57:56.175root 11241100x8000000000000000768274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303ab981696d97492021-12-20 15:57:56.175root 11241100x8000000000000000768275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72df099060d87f5f2021-12-20 15:57:56.175root 11241100x8000000000000000768276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bbc5f03db7650c2021-12-20 15:57:56.175root 11241100x8000000000000000768277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9766099928b07172021-12-20 15:57:56.175root 11241100x8000000000000000768278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b36bf6c9d73c702021-12-20 15:57:56.175root 11241100x8000000000000000768279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19ab04ce2b4890f2021-12-20 15:57:56.176root 11241100x8000000000000000768280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe83008277275c02021-12-20 15:57:56.176root 11241100x8000000000000000768281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fafb2033033d5e42021-12-20 15:57:56.176root 11241100x8000000000000000768282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5c0d7e53463fa12021-12-20 15:57:56.176root 11241100x8000000000000000768283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67490c61b836586e2021-12-20 15:57:56.176root 11241100x8000000000000000768284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7211e16bea1b65252021-12-20 15:57:56.176root 11241100x8000000000000000768285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da887a3051e10e1a2021-12-20 15:57:56.176root 11241100x8000000000000000768286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b900dfbeb114162021-12-20 15:57:56.176root 11241100x8000000000000000768287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413d59d3057914952021-12-20 15:57:56.176root 11241100x8000000000000000768288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a94db7296ee61c2021-12-20 15:57:56.176root 11241100x8000000000000000768289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62517b70ccec8b592021-12-20 15:57:56.176root 11241100x8000000000000000768290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221293fe35a1bb0f2021-12-20 15:57:56.176root 11241100x8000000000000000768291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e063b4377a112842021-12-20 15:57:56.177root 11241100x8000000000000000768292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e85cd74612831fb2021-12-20 15:57:56.177root 11241100x8000000000000000768293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869ee7385e9a7e0e2021-12-20 15:57:56.177root 11241100x8000000000000000768294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183e29129ad80f052021-12-20 15:57:56.177root 11241100x8000000000000000768295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4e6f54534795c02021-12-20 15:57:56.177root 11241100x8000000000000000768296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddbca94159d40e12021-12-20 15:57:56.177root 11241100x8000000000000000768297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612aee5d81d2be312021-12-20 15:57:56.177root 11241100x8000000000000000768298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecedd0ee0b42ebb82021-12-20 15:57:56.177root 11241100x8000000000000000768299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b2d0f785cd37072021-12-20 15:57:56.177root 11241100x8000000000000000768300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff930caa400988d2021-12-20 15:57:56.177root 11241100x8000000000000000768301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0872b5d86a4e52bd2021-12-20 15:57:56.177root 11241100x8000000000000000768302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893066aa598783392021-12-20 15:57:56.177root 11241100x8000000000000000768303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32172188fc052992021-12-20 15:57:56.178root 11241100x8000000000000000768304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940622bc3626e0dd2021-12-20 15:57:56.178root 11241100x8000000000000000768305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d59ab95330e722f2021-12-20 15:57:56.178root 11241100x8000000000000000768306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef924542457cfa192021-12-20 15:57:56.178root 11241100x8000000000000000768307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593ac058ae1fd8d22021-12-20 15:57:56.178root 11241100x8000000000000000768308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f6f3af1ca24b362021-12-20 15:57:56.674root 11241100x8000000000000000768309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218a2db43d374fb12021-12-20 15:57:56.674root 11241100x8000000000000000768310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab3fe3a9ac9a54c2021-12-20 15:57:56.674root 11241100x8000000000000000768311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f497e5b61c073f5e2021-12-20 15:57:56.674root 11241100x8000000000000000768312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb43bb57acf3f26a2021-12-20 15:57:56.674root 11241100x8000000000000000768313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033938d8a30800382021-12-20 15:57:56.674root 11241100x8000000000000000768314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bf2d4e57c899d72021-12-20 15:57:56.674root 11241100x8000000000000000768315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fac68766486722b2021-12-20 15:57:56.675root 11241100x8000000000000000768316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15b06243b2471232021-12-20 15:57:56.675root 11241100x8000000000000000768317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7446eb98a270c32021-12-20 15:57:56.675root 11241100x8000000000000000768318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed4b02e665e2d602021-12-20 15:57:56.675root 11241100x8000000000000000768319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efaeed8243f15622021-12-20 15:57:56.675root 11241100x8000000000000000768320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d859bb7d02dea59a2021-12-20 15:57:56.675root 11241100x8000000000000000768321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40f9934370c79762021-12-20 15:57:56.675root 11241100x8000000000000000768322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df2e7746b7237ee2021-12-20 15:57:56.675root 11241100x8000000000000000768323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83948e793a851ec2021-12-20 15:57:56.675root 11241100x8000000000000000768324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4f26c2f806fd462021-12-20 15:57:56.675root 11241100x8000000000000000768325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f02eca4cd9092882021-12-20 15:57:56.676root 11241100x8000000000000000768326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d8a0042e1a626a2021-12-20 15:57:56.676root 11241100x8000000000000000768327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b193c4fc751c2be82021-12-20 15:57:56.676root 11241100x8000000000000000768328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653d295bbb83b7832021-12-20 15:57:56.676root 11241100x8000000000000000768329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990359f0e695eac42021-12-20 15:57:56.676root 11241100x8000000000000000768330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d7d8879c3745bf2021-12-20 15:57:56.676root 11241100x8000000000000000768331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dc2ee6c5b514132021-12-20 15:57:56.676root 11241100x8000000000000000768332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2742c7fc442876f52021-12-20 15:57:56.677root 11241100x8000000000000000768333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b557696ddbdda37c2021-12-20 15:57:56.677root 11241100x8000000000000000768334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa85dec3595570c2021-12-20 15:57:56.677root 11241100x8000000000000000768335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c2813c422f0d762021-12-20 15:57:56.677root 11241100x8000000000000000768336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7f1c5225d7239c2021-12-20 15:57:56.677root 11241100x8000000000000000768337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6078f05bde1577862021-12-20 15:57:56.677root 11241100x8000000000000000768338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b22a4063323cb02021-12-20 15:57:56.677root 11241100x8000000000000000768339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05efed16c19334972021-12-20 15:57:56.677root 11241100x8000000000000000768340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4203bac312e47a52021-12-20 15:57:56.677root 11241100x8000000000000000768341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4beb5938425dc88a2021-12-20 15:57:56.677root 11241100x8000000000000000768342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf6b8e05b888ff72021-12-20 15:57:56.678root 11241100x8000000000000000768343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dbf13954e16f332021-12-20 15:57:56.678root 11241100x8000000000000000768344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1dfab3c671799d2021-12-20 15:57:56.678root 11241100x8000000000000000768345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6813150ee917ae1a2021-12-20 15:57:56.678root 11241100x8000000000000000768346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ca0a0662a79f612021-12-20 15:57:56.678root 11241100x8000000000000000768347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e7434f8681a3fc2021-12-20 15:57:56.678root 11241100x8000000000000000768348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5a2118b795b0be2021-12-20 15:57:56.678root 11241100x8000000000000000768349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6464308a2f17b1952021-12-20 15:57:56.678root 11241100x8000000000000000768350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d961c7c044ed9d2021-12-20 15:57:56.678root 11241100x8000000000000000768351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b3c6c9049d751b2021-12-20 15:57:57.174root 11241100x8000000000000000768352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d9f5f1aa52c07d2021-12-20 15:57:57.174root 11241100x8000000000000000768353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17688b2606cac5152021-12-20 15:57:57.174root 11241100x8000000000000000768354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df42901f74736472021-12-20 15:57:57.174root 11241100x8000000000000000768355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4cde26a4c1b3c72021-12-20 15:57:57.174root 11241100x8000000000000000768356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec67a75684af9752021-12-20 15:57:57.175root 11241100x8000000000000000768357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fad92ef67a362be2021-12-20 15:57:57.175root 11241100x8000000000000000768358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a663af3aa72c8b2021-12-20 15:57:57.175root 11241100x8000000000000000768359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2513d4d5e0b7484c2021-12-20 15:57:57.175root 11241100x8000000000000000768360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78cf9783f8e26a22021-12-20 15:57:57.175root 11241100x8000000000000000768361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b5419ff1807d4a2021-12-20 15:57:57.175root 11241100x8000000000000000768362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ae0665ff8453912021-12-20 15:57:57.175root 11241100x8000000000000000768363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2ece59d7fbaa592021-12-20 15:57:57.175root 11241100x8000000000000000768364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37ac92b9b233a102021-12-20 15:57:57.175root 11241100x8000000000000000768365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07edce4037ea9df2021-12-20 15:57:57.175root 11241100x8000000000000000768366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e570e89396483b182021-12-20 15:57:57.175root 11241100x8000000000000000768367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bad872228d652d2021-12-20 15:57:57.175root 11241100x8000000000000000768368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb0de8beec14c522021-12-20 15:57:57.175root 11241100x8000000000000000768369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23ddb28e23ff1882021-12-20 15:57:57.175root 11241100x8000000000000000768370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32762ce0f5bf5d6f2021-12-20 15:57:57.175root 11241100x8000000000000000768371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b407273b74b30a2021-12-20 15:57:57.176root 11241100x8000000000000000768372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b93acb930d5843f2021-12-20 15:57:57.176root 11241100x8000000000000000768373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ee78073ad293832021-12-20 15:57:57.176root 11241100x8000000000000000768374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffe3b543d53281c2021-12-20 15:57:57.176root 11241100x8000000000000000768375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6eb68633e238312021-12-20 15:57:57.176root 11241100x8000000000000000768376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3b0f564226a5d72021-12-20 15:57:57.176root 11241100x8000000000000000768377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07851ae656bdacbf2021-12-20 15:57:57.176root 11241100x8000000000000000768378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dced8076c875a32021-12-20 15:57:57.176root 11241100x8000000000000000768379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcf788ac68839472021-12-20 15:57:57.176root 11241100x8000000000000000768380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7a719d6f8edfaa2021-12-20 15:57:57.176root 11241100x8000000000000000768381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f6c9690710e2a12021-12-20 15:57:57.176root 11241100x8000000000000000768382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd564a4ba78afccb2021-12-20 15:57:57.176root 11241100x8000000000000000768383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc8a0eff901daf62021-12-20 15:57:57.176root 11241100x8000000000000000768384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0aa41f6bed3bc352021-12-20 15:57:57.177root 11241100x8000000000000000768385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d832b0dab2e54fc62021-12-20 15:57:57.177root 11241100x8000000000000000768386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15acd24c3715e99c2021-12-20 15:57:57.177root 11241100x8000000000000000768387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1524ea49b0d069bd2021-12-20 15:57:57.177root 11241100x8000000000000000768388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ba52b2b1a74042021-12-20 15:57:57.177root 11241100x8000000000000000768389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882f365db173db442021-12-20 15:57:57.178root 11241100x8000000000000000768390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063ad9f36b2fe11d2021-12-20 15:57:57.178root 11241100x8000000000000000768391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1070073ba22577e82021-12-20 15:57:57.178root 11241100x8000000000000000768392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0a76251fc8242b2021-12-20 15:57:57.178root 11241100x8000000000000000768393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5921582238d6a1e72021-12-20 15:57:57.178root 11241100x8000000000000000768394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77c7eb25a7dad672021-12-20 15:57:57.178root 11241100x8000000000000000768395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab794687a61d67312021-12-20 15:57:57.178root 11241100x8000000000000000768396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5a8ea8ec60f0a12021-12-20 15:57:57.179root 11241100x8000000000000000768397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b7fce1011720ba2021-12-20 15:57:57.179root 11241100x8000000000000000768398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490cfc038dfc10132021-12-20 15:57:57.674root 11241100x8000000000000000768399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e0982b022faf7d2021-12-20 15:57:57.674root 11241100x8000000000000000768400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fda7b4c2994dbe2021-12-20 15:57:57.674root 11241100x8000000000000000768401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca1d4082d753c382021-12-20 15:57:57.674root 11241100x8000000000000000768402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a4142003b1fc4e2021-12-20 15:57:57.674root 11241100x8000000000000000768403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6493a826b4991b2021-12-20 15:57:57.674root 11241100x8000000000000000768404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e1a9e43e953e562021-12-20 15:57:57.674root 11241100x8000000000000000768405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5d6c96bb645e802021-12-20 15:57:57.674root 11241100x8000000000000000768406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70e7888a18ad9a32021-12-20 15:57:57.675root 11241100x8000000000000000768407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64008ab340999f82021-12-20 15:57:57.675root 11241100x8000000000000000768408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dc8213699bd72f2021-12-20 15:57:57.675root 11241100x8000000000000000768409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcb1166fb0fb25b2021-12-20 15:57:57.675root 11241100x8000000000000000768410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fe5ba4e0f4a0df2021-12-20 15:57:57.675root 11241100x8000000000000000768411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbd8eceb006744d2021-12-20 15:57:57.675root 11241100x8000000000000000768412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77b48745de4aecf2021-12-20 15:57:57.675root 11241100x8000000000000000768413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd64fc00267fb9452021-12-20 15:57:57.675root 11241100x8000000000000000768414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81495b00d272f23a2021-12-20 15:57:57.675root 11241100x8000000000000000768415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2003b191d91b55b02021-12-20 15:57:57.675root 11241100x8000000000000000768416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4259926ae0f7efe92021-12-20 15:57:57.675root 11241100x8000000000000000768417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8611e35e8b6e7e702021-12-20 15:57:57.675root 11241100x8000000000000000768418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da61993a99edcfdd2021-12-20 15:57:57.675root 11241100x8000000000000000768419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a02bd2499d92472021-12-20 15:57:57.675root 11241100x8000000000000000768420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6073c9adab1b93e2021-12-20 15:57:57.675root 11241100x8000000000000000768421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d537e339e192292021-12-20 15:57:57.676root 11241100x8000000000000000768422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60afd119a72a3422021-12-20 15:57:57.676root 11241100x8000000000000000768423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a680e737822e142021-12-20 15:57:57.676root 11241100x8000000000000000768424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76bb92d3fcc64482021-12-20 15:57:57.676root 11241100x8000000000000000768425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27653cb1ea6d68cc2021-12-20 15:57:57.676root 11241100x8000000000000000768426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4e41b96a6e4ab52021-12-20 15:57:57.676root 11241100x8000000000000000768427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee8c3858448003b2021-12-20 15:57:57.676root 11241100x8000000000000000768428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45a13b568e6a9692021-12-20 15:57:57.676root 11241100x8000000000000000768429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0a150d68b951942021-12-20 15:57:57.676root 11241100x8000000000000000768430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc338a9e2cb7c0b2021-12-20 15:57:57.676root 11241100x8000000000000000768431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b894e71d49097e72021-12-20 15:57:57.676root 11241100x8000000000000000768432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22d7ea140bdb0572021-12-20 15:57:57.676root 11241100x8000000000000000768433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bec6e58c97a0652021-12-20 15:57:57.676root 11241100x8000000000000000768434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd9bc8a1965d4622021-12-20 15:57:57.676root 11241100x8000000000000000768435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e72e7bcc72b8092021-12-20 15:57:57.677root 11241100x8000000000000000768436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5eaae01dd46bcc2021-12-20 15:57:57.677root 11241100x8000000000000000768437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f288318d5063fe442021-12-20 15:57:57.677root 11241100x8000000000000000768438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec92b0289feeeda2021-12-20 15:57:57.677root 11241100x8000000000000000768439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7d4b1a86b12cbd2021-12-20 15:57:58.174root 11241100x8000000000000000768440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a79fe7a04e5c1592021-12-20 15:57:58.174root 11241100x8000000000000000768441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d757a222c37c9052021-12-20 15:57:58.174root 11241100x8000000000000000768442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0625f03af480ce32021-12-20 15:57:58.174root 11241100x8000000000000000768443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee732c45d09837a2021-12-20 15:57:58.174root 11241100x8000000000000000768444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b716c01618b5a9e2021-12-20 15:57:58.174root 11241100x8000000000000000768445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bef65a9b3416612021-12-20 15:57:58.174root 11241100x8000000000000000768446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02092e001794aac72021-12-20 15:57:58.174root 11241100x8000000000000000768447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd3a5b061190aac2021-12-20 15:57:58.175root 11241100x8000000000000000768448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa390011417ba9ab2021-12-20 15:57:58.175root 11241100x8000000000000000768449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917baf9eaef7fd542021-12-20 15:57:58.175root 11241100x8000000000000000768450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6faca21a46f15a92021-12-20 15:57:58.175root 11241100x8000000000000000768451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ef72bc739369e92021-12-20 15:57:58.175root 11241100x8000000000000000768452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f41fb9c4064f47a2021-12-20 15:57:58.175root 11241100x8000000000000000768453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163a995485f1aa852021-12-20 15:57:58.175root 11241100x8000000000000000768454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785add4452546a452021-12-20 15:57:58.175root 11241100x8000000000000000768455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23713de9c8d269cb2021-12-20 15:57:58.175root 11241100x8000000000000000768456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b4b08c1855c1fb2021-12-20 15:57:58.175root 11241100x8000000000000000768457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fd3d47c4e9e58f2021-12-20 15:57:58.175root 11241100x8000000000000000768458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94beec84083917cc2021-12-20 15:57:58.175root 11241100x8000000000000000768459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a281a3a4e7576092021-12-20 15:57:58.175root 11241100x8000000000000000768460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976abd0415e8a76b2021-12-20 15:57:58.175root 11241100x8000000000000000768461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569817723b0a45a52021-12-20 15:57:58.175root 11241100x8000000000000000768462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc871c4cb3fd6e8b2021-12-20 15:57:58.176root 11241100x8000000000000000768463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d387464394d34f2021-12-20 15:57:58.176root 11241100x8000000000000000768464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8984886b61abca2021-12-20 15:57:58.176root 11241100x8000000000000000768465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f416d067a0caa2462021-12-20 15:57:58.176root 11241100x8000000000000000768466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f89edd65f00501e2021-12-20 15:57:58.176root 11241100x8000000000000000768467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d18cc0c815188b62021-12-20 15:57:58.176root 11241100x8000000000000000768468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c67ae61ac266df2021-12-20 15:57:58.176root 11241100x8000000000000000768469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091d9a4d0fd9d1c32021-12-20 15:57:58.176root 11241100x8000000000000000768470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9524cac1c772502021-12-20 15:57:58.176root 11241100x8000000000000000768471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395dcbaa7d16927c2021-12-20 15:57:58.176root 11241100x8000000000000000768472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af32a86da4ac6622021-12-20 15:57:58.176root 11241100x8000000000000000768473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8844309f20c518f92021-12-20 15:57:58.177root 11241100x8000000000000000768474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a4834e8695ea6a2021-12-20 15:57:58.177root 11241100x8000000000000000768475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e801c96053c6132021-12-20 15:57:58.177root 11241100x8000000000000000768476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ad2df6a828aedf2021-12-20 15:57:58.177root 11241100x8000000000000000768477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f265c7a12336dc12021-12-20 15:57:58.177root 11241100x8000000000000000768478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b92d08cdbc35132021-12-20 15:57:58.177root 11241100x8000000000000000768479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9772c45e6523f6592021-12-20 15:57:58.177root 11241100x8000000000000000768480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f953117f197b552021-12-20 15:57:58.177root 11241100x8000000000000000768481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555433c7150db1782021-12-20 15:57:58.674root 11241100x8000000000000000768482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573c24a9a488bbfb2021-12-20 15:57:58.675root 11241100x8000000000000000768483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62ed03f87907b8f2021-12-20 15:57:58.675root 11241100x8000000000000000768484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91a9d61fcb6bd4d2021-12-20 15:57:58.675root 11241100x8000000000000000768485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8fa75f70486952021-12-20 15:57:58.675root 11241100x8000000000000000768486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e318932dccbd7862021-12-20 15:57:58.675root 11241100x8000000000000000768487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2c5fb0e02d95332021-12-20 15:57:58.675root 11241100x8000000000000000768488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078aaba24108e4d72021-12-20 15:57:58.675root 11241100x8000000000000000768489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb5fbc27019c29a2021-12-20 15:57:58.675root 11241100x8000000000000000768490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537983471cd61d942021-12-20 15:57:58.675root 11241100x8000000000000000768491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779b8f2f918e92322021-12-20 15:57:58.675root 11241100x8000000000000000768492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8f3ba68e14f9cd2021-12-20 15:57:58.675root 11241100x8000000000000000768493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b15a67c6896e952021-12-20 15:57:58.675root 11241100x8000000000000000768494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b477afee15b221912021-12-20 15:57:58.675root 11241100x8000000000000000768495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b4760b4069d1232021-12-20 15:57:58.675root 11241100x8000000000000000768496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b0920dcdc5a6f42021-12-20 15:57:58.675root 11241100x8000000000000000768497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e97a035290019742021-12-20 15:57:58.676root 11241100x8000000000000000768498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3120a859768989c02021-12-20 15:57:58.676root 11241100x8000000000000000768499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9490b20d4f6ca01b2021-12-20 15:57:58.676root 11241100x8000000000000000768500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b26db4dbb10a5962021-12-20 15:57:58.676root 11241100x8000000000000000768501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c204139d0ba5022021-12-20 15:57:58.676root 11241100x8000000000000000768502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4720aef7a953a5a2021-12-20 15:57:58.676root 11241100x8000000000000000768503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23eb5057da2e8ea42021-12-20 15:57:58.676root 11241100x8000000000000000768504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85bef460ebdd0b82021-12-20 15:57:58.676root 11241100x8000000000000000768505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae599d4ade424042021-12-20 15:57:58.676root 11241100x8000000000000000768506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106b7771c2bf6fb82021-12-20 15:57:58.676root 11241100x8000000000000000768507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadfb0fbecb4dfb62021-12-20 15:57:58.676root 11241100x8000000000000000768508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a68261f335a279b2021-12-20 15:57:58.676root 11241100x8000000000000000768509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3239bf892b61f992021-12-20 15:57:58.676root 11241100x8000000000000000768510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef2195005aa9c472021-12-20 15:57:58.677root 11241100x8000000000000000768511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b067204785866782021-12-20 15:57:58.677root 11241100x8000000000000000768512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8ec4b1dcbf8f322021-12-20 15:57:58.677root 11241100x8000000000000000768513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee92f3a5461e4c212021-12-20 15:57:58.677root 11241100x8000000000000000768514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ee2eeb455968782021-12-20 15:57:58.677root 11241100x8000000000000000768515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086e6000bb781b502021-12-20 15:57:58.677root 11241100x8000000000000000768516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cdcf9d59a53aa92021-12-20 15:57:58.677root 11241100x8000000000000000768517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c073dd6ae5bbec172021-12-20 15:57:58.677root 11241100x8000000000000000768518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abc40275d38f7902021-12-20 15:57:58.678root 11241100x8000000000000000768519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ac8874363ca9502021-12-20 15:57:58.678root 11241100x8000000000000000768520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbb2e397d96324a2021-12-20 15:57:59.174root 11241100x8000000000000000768521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a20e52ebd7187b22021-12-20 15:57:59.174root 11241100x8000000000000000768522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecdf03a54a8c97c2021-12-20 15:57:59.174root 11241100x8000000000000000768523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3965001ff9f717db2021-12-20 15:57:59.174root 11241100x8000000000000000768524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d751604c9390102021-12-20 15:57:59.174root 11241100x8000000000000000768525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8e94bc647c35f42021-12-20 15:57:59.174root 11241100x8000000000000000768526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2f61cb4039daf12021-12-20 15:57:59.174root 11241100x8000000000000000768527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8e565aac262e3c2021-12-20 15:57:59.174root 11241100x8000000000000000768528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31967e75d567ab112021-12-20 15:57:59.175root 11241100x8000000000000000768529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3c35536dced0812021-12-20 15:57:59.175root 11241100x8000000000000000768530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f50543d88510b52021-12-20 15:57:59.175root 11241100x8000000000000000768531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151b959f2804d5982021-12-20 15:57:59.175root 11241100x8000000000000000768532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6967b768ba4b9cb02021-12-20 15:57:59.175root 11241100x8000000000000000768533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acee789ec380a08e2021-12-20 15:57:59.175root 11241100x8000000000000000768534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ebe0bf501507a82021-12-20 15:57:59.175root 11241100x8000000000000000768535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0a7b7c997c65932021-12-20 15:57:59.175root 11241100x8000000000000000768536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa80e3556d4073d2021-12-20 15:57:59.175root 11241100x8000000000000000768537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808758e068b3ea4d2021-12-20 15:57:59.175root 11241100x8000000000000000768538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ad71b8f879bcf72021-12-20 15:57:59.176root 11241100x8000000000000000768539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0a790f673e209d2021-12-20 15:57:59.176root 11241100x8000000000000000768540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909cc5d17665e78b2021-12-20 15:57:59.176root 11241100x8000000000000000768541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064c384a157cfa282021-12-20 15:57:59.176root 11241100x8000000000000000768542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde57db139824a732021-12-20 15:57:59.176root 11241100x8000000000000000768543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a944e7c29ea6f92021-12-20 15:57:59.176root 11241100x8000000000000000768544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09d9403407598992021-12-20 15:57:59.176root 11241100x8000000000000000768545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf02aac7436b7492021-12-20 15:57:59.176root 11241100x8000000000000000768546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b77f7d7fa00cf272021-12-20 15:57:59.176root 11241100x8000000000000000768547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93e804c214c7e9e2021-12-20 15:57:59.177root 11241100x8000000000000000768548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8313a4734094c52021-12-20 15:57:59.177root 11241100x8000000000000000768549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c999eda3c0ea632021-12-20 15:57:59.177root 11241100x8000000000000000768550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ed59a270b9639e2021-12-20 15:57:59.177root 11241100x8000000000000000768551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41e996086d525422021-12-20 15:57:59.177root 11241100x8000000000000000768552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92651bbd40665c452021-12-20 15:57:59.177root 11241100x8000000000000000768553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4926bf93dc4e174d2021-12-20 15:57:59.177root 11241100x8000000000000000768554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d000b33fb71364e2021-12-20 15:57:59.177root 11241100x8000000000000000768555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7a581d4ef6c91d2021-12-20 15:57:59.177root 11241100x8000000000000000768556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b32701d1a5c2fc2021-12-20 15:57:59.177root 11241100x8000000000000000768557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1689a99440f6ed4d2021-12-20 15:57:59.177root 11241100x8000000000000000768558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80098788f1b4a52b2021-12-20 15:57:59.177root 11241100x8000000000000000768559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8270f35f99704a42021-12-20 15:57:59.177root 11241100x8000000000000000768560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6529e7edf7804e372021-12-20 15:57:59.178root 11241100x8000000000000000768561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92414a585cdc9ba32021-12-20 15:57:59.178root 11241100x8000000000000000768562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46344c1132737e492021-12-20 15:57:59.178root 11241100x8000000000000000768563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d65f423fdbe0b2021-12-20 15:57:59.178root 11241100x8000000000000000768564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f36b61f498341262021-12-20 15:57:59.178root 11241100x8000000000000000768565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c06933d5e52a1c2021-12-20 15:57:59.178root 11241100x8000000000000000768566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7bf5e6ecf5c5402021-12-20 15:57:59.674root 11241100x8000000000000000768567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51e13d28b423ad12021-12-20 15:57:59.674root 11241100x8000000000000000768568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c5f6a90bfc2d052021-12-20 15:57:59.674root 11241100x8000000000000000768569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d76b8e451fbb67b2021-12-20 15:57:59.674root 11241100x8000000000000000768570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3f4055e4b232462021-12-20 15:57:59.675root 11241100x8000000000000000768571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c256d3e240d92f2021-12-20 15:57:59.675root 11241100x8000000000000000768572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d629a0ffe5aeb1c02021-12-20 15:57:59.675root 11241100x8000000000000000768573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ee03530e7548202021-12-20 15:57:59.676root 11241100x8000000000000000768574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7745397c80eb43de2021-12-20 15:57:59.676root 11241100x8000000000000000768575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e707bcb387fbf5972021-12-20 15:57:59.676root 11241100x8000000000000000768576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f598ec66fb316d2021-12-20 15:57:59.677root 11241100x8000000000000000768577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6977af3ec7e9c6a2021-12-20 15:57:59.677root 11241100x8000000000000000768578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2705dc454bd14c92021-12-20 15:57:59.677root 11241100x8000000000000000768579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f88e2275f2fc1372021-12-20 15:57:59.677root 11241100x8000000000000000768580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf46df45c087d3a2021-12-20 15:57:59.677root 11241100x8000000000000000768581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090f4841ba5631902021-12-20 15:57:59.677root 11241100x8000000000000000768582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f918896b8862cb22021-12-20 15:57:59.677root 11241100x8000000000000000768583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28fa18bd795fa992021-12-20 15:57:59.677root 11241100x8000000000000000768584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e811e3e935005a92021-12-20 15:57:59.677root 11241100x8000000000000000768585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ee61bdee68cca02021-12-20 15:57:59.677root 11241100x8000000000000000768586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1f99c12ded0c062021-12-20 15:57:59.678root 11241100x8000000000000000768587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab97c70bac0eea52021-12-20 15:57:59.678root 11241100x8000000000000000768588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efdfdac872227c32021-12-20 15:57:59.678root 11241100x8000000000000000768589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b65e18d04b296f2021-12-20 15:57:59.678root 11241100x8000000000000000768590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4ddbf577f93a412021-12-20 15:57:59.678root 11241100x8000000000000000768591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3163ae6220d7be462021-12-20 15:57:59.678root 11241100x8000000000000000768592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85691546f9b3cdc82021-12-20 15:57:59.678root 11241100x8000000000000000768593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62209268abbd3c9c2021-12-20 15:57:59.678root 11241100x8000000000000000768594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a0441d7a7dd68a2021-12-20 15:57:59.678root 11241100x8000000000000000768595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8455f8041f792fe92021-12-20 15:57:59.678root 11241100x8000000000000000768596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2120f880be18c3952021-12-20 15:57:59.679root 11241100x8000000000000000768597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024962a7430916632021-12-20 15:57:59.679root 11241100x8000000000000000768598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afe34f2f50d56ba2021-12-20 15:57:59.679root 11241100x8000000000000000768599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5054ccaa6cac15352021-12-20 15:57:59.679root 11241100x8000000000000000768600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec392d0213919312021-12-20 15:57:59.679root 11241100x8000000000000000768601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21415531939033c02021-12-20 15:57:59.679root 11241100x8000000000000000768602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165bf4bbbfb94aa72021-12-20 15:57:59.679root 11241100x8000000000000000768603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f34322b27aba9e2021-12-20 15:57:59.679root 11241100x8000000000000000768604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4e75c5f99a9dcc2021-12-20 15:57:59.679root 11241100x8000000000000000768605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb78ba3d726304d72021-12-20 15:57:59.679root 11241100x8000000000000000768606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edce7ced06f1c322021-12-20 15:57:59.681root 11241100x8000000000000000768607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2548271d34f148b12021-12-20 15:57:59.681root 11241100x8000000000000000768608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe160189c88ed7d42021-12-20 15:57:59.681root 11241100x8000000000000000768609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7e83e5113585642021-12-20 15:57:59.681root 11241100x8000000000000000768610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:57:59.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4190c1afa7ece52021-12-20 15:57:59.681root 11241100x8000000000000000768611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc35b554c4926092021-12-20 15:58:00.174root 11241100x8000000000000000768612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e12901c799e91a2021-12-20 15:58:00.174root 11241100x8000000000000000768613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c877ad6e5bb61cd2021-12-20 15:58:00.174root 11241100x8000000000000000768614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d21d44c95109c52021-12-20 15:58:00.174root 11241100x8000000000000000768615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b82e0a3d26beaf2021-12-20 15:58:00.174root 11241100x8000000000000000768616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4522f12494fd092021-12-20 15:58:00.174root 11241100x8000000000000000768617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6859692bd289ff92021-12-20 15:58:00.174root 11241100x8000000000000000768618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e95bd317f0b33f2021-12-20 15:58:00.174root 11241100x8000000000000000768619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f897ebd89f2da7262021-12-20 15:58:00.175root 11241100x8000000000000000768659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:06.067{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:58:06.067root 354300x8000000000000000768660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:06.251{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51438-false10.0.1.12-8000- 11241100x8000000000000000768661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e4d0c848b36d532021-12-20 15:58:06.424root 11241100x8000000000000000768662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495c8d0dc8fea6672021-12-20 15:58:06.424root 11241100x8000000000000000768663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a231948a146c3fc12021-12-20 15:58:06.924root 11241100x8000000000000000768664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89931b6179de5f982021-12-20 15:58:06.924root 11241100x8000000000000000768665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336394866194775a2021-12-20 15:58:07.424root 11241100x8000000000000000768666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3c3cbfcd40d7082021-12-20 15:58:07.424root 11241100x8000000000000000768667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46fedfa2f6c17392021-12-20 15:58:07.924root 11241100x8000000000000000768668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230794131b5b98662021-12-20 15:58:07.924root 11241100x8000000000000000768669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6381d8c583d77c2021-12-20 15:58:08.424root 11241100x8000000000000000768670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194ce79517fb24832021-12-20 15:58:08.424root 11241100x8000000000000000768671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f4f0727e730e432021-12-20 15:58:08.924root 11241100x8000000000000000768672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e646fe48b0092dd2021-12-20 15:58:08.924root 23542300x8000000000000000768673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:09.060{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000768674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bbb928478be4192021-12-20 15:58:09.424root 11241100x8000000000000000768675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1476c201279f6c2021-12-20 15:58:09.424root 11241100x8000000000000000768676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc139a406c037032021-12-20 15:58:09.424root 11241100x8000000000000000768677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31dd10586d8dc842021-12-20 15:58:09.924root 11241100x8000000000000000768678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0bcd83896403672021-12-20 15:58:09.924root 11241100x8000000000000000768679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af992fc665f885ab2021-12-20 15:58:09.924root 11241100x8000000000000000768680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb8e81b347c21a2021-12-20 15:58:10.424root 11241100x8000000000000000768681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd83964529b8738b2021-12-20 15:58:10.424root 11241100x8000000000000000768682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9d7ab560d492072021-12-20 15:58:10.424root 11241100x8000000000000000768683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ef36d6f98e03402021-12-20 15:58:10.924root 11241100x8000000000000000768684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f697cae8ae0d962021-12-20 15:58:10.924root 11241100x8000000000000000768685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa7904e354d656e2021-12-20 15:58:10.924root 11241100x8000000000000000768686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf11e109cf10bba2021-12-20 15:58:11.424root 11241100x8000000000000000768687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a467fc0e0ba0f1772021-12-20 15:58:11.424root 11241100x8000000000000000768688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dac252b941c1212021-12-20 15:58:11.424root 11241100x8000000000000000768689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6906d2bc27c4f92021-12-20 15:58:11.924root 11241100x8000000000000000768690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b49974a2805dd392021-12-20 15:58:11.924root 11241100x8000000000000000768691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d215c45bd204fa2021-12-20 15:58:11.924root 354300x8000000000000000768692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:12.060{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51440-false10.0.1.12-8000- 11241100x8000000000000000768693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bccfa9cb6ad5cab2021-12-20 15:58:12.424root 11241100x8000000000000000768694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2953f3fa5f8b62292021-12-20 15:58:12.424root 11241100x8000000000000000768695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c606b27dcbc74172021-12-20 15:58:12.424root 11241100x8000000000000000768696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e01236930710cf72021-12-20 15:58:12.424root 11241100x8000000000000000768697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9e1ed7ec311ef12021-12-20 15:58:12.924root 11241100x8000000000000000768698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81ad67c358df4df2021-12-20 15:58:12.924root 11241100x8000000000000000768699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3b299ed86bbf2c2021-12-20 15:58:12.924root 11241100x8000000000000000768700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168a97135844e6bc2021-12-20 15:58:12.924root 11241100x8000000000000000768701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0e5fe30ca7a5e02021-12-20 15:58:13.424root 11241100x8000000000000000768702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81be148cbec38122021-12-20 15:58:13.424root 11241100x8000000000000000768703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93044553f872c6172021-12-20 15:58:13.424root 11241100x8000000000000000768704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1628e3c1d2b76a3d2021-12-20 15:58:13.424root 11241100x8000000000000000768705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9897bde43aac34422021-12-20 15:58:13.924root 11241100x8000000000000000768706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b055e4ce78928f032021-12-20 15:58:13.924root 11241100x8000000000000000768707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ed6a322c22a10e2021-12-20 15:58:13.924root 11241100x8000000000000000768708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df289f3fd0e720a42021-12-20 15:58:13.924root 11241100x8000000000000000768709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bbec9d5c5944e42021-12-20 15:58:14.424root 11241100x8000000000000000768710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740a286a4ea6d6b12021-12-20 15:58:14.424root 11241100x8000000000000000768711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be8c93eb9779e552021-12-20 15:58:14.424root 11241100x8000000000000000768712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86421d4b092ab86b2021-12-20 15:58:14.424root 11241100x8000000000000000768713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febe6c73c241bb952021-12-20 15:58:14.924root 11241100x8000000000000000768714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc422e8cc5a188e72021-12-20 15:58:14.924root 11241100x8000000000000000768715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6855baf25c6ca9002021-12-20 15:58:14.924root 11241100x8000000000000000768716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f7bb3341a6162e2021-12-20 15:58:14.924root 11241100x8000000000000000768717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bc9cefbe1ad8e82021-12-20 15:58:15.424root 11241100x8000000000000000768718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c0460db679dec62021-12-20 15:58:15.424root 11241100x8000000000000000768719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79080136f26ff6632021-12-20 15:58:15.424root 11241100x8000000000000000768720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c68c9744ea06bc2021-12-20 15:58:15.424root 11241100x8000000000000000768721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d43cbe58ac0ed12021-12-20 15:58:15.924root 11241100x8000000000000000768722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8f72cea529a33b2021-12-20 15:58:15.924root 11241100x8000000000000000768723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ece0a2aa5c72812021-12-20 15:58:15.924root 11241100x8000000000000000768724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace8c9890d7127322021-12-20 15:58:15.924root 154100x8000000000000000768725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.311{ec2c97d1-a818-61c0-6874-29d361550000}10222/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000768726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.312{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4328e094844206562021-12-20 15:58:16.312root 11241100x8000000000000000768727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.312{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192a5d5c416cae9d2021-12-20 15:58:16.312root 11241100x8000000000000000768728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.312{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcf88e4ff46d4c12021-12-20 15:58:16.312root 11241100x8000000000000000768729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.313{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643036f6fe7411252021-12-20 15:58:16.313root 11241100x8000000000000000768730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.313{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4000807e631534f22021-12-20 15:58:16.313root 534500x8000000000000000768731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.321{ec2c97d1-a818-61c0-6874-29d361550000}10222/bin/psroot 11241100x8000000000000000768732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37bc16ddf6fe05b2021-12-20 15:58:16.674root 11241100x8000000000000000768733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1dce152f49544c2021-12-20 15:58:16.674root 11241100x8000000000000000768734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31acbe8f96ed42952021-12-20 15:58:16.674root 11241100x8000000000000000768735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1415a862d654ad6e2021-12-20 15:58:16.674root 11241100x8000000000000000768736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09760d28b3ce6a132021-12-20 15:58:16.674root 11241100x8000000000000000768737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70d617a83507b7a2021-12-20 15:58:16.675root 354300x8000000000000000768738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.090{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51442-false10.0.1.12-8000- 11241100x8000000000000000768739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.091{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5519f251d894b862021-12-20 15:58:17.091root 11241100x8000000000000000768740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.091{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fef206fc3d1fd52021-12-20 15:58:17.091root 11241100x8000000000000000768741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.091{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9f593e886979472021-12-20 15:58:17.091root 11241100x8000000000000000768742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.091{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64b3b667343c3642021-12-20 15:58:17.091root 11241100x8000000000000000768743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.092{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131c9353be0a8f752021-12-20 15:58:17.092root 11241100x8000000000000000768744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.092{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6535d8e8e2fcc3a2021-12-20 15:58:17.092root 11241100x8000000000000000768745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.092{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44caa7da7576d8f72021-12-20 15:58:17.092root 11241100x8000000000000000768746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.092{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d1b9a5c0bc508c2021-12-20 15:58:17.092root 11241100x8000000000000000768747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.092{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73cb3f5573c5f6d2021-12-20 15:58:17.092root 11241100x8000000000000000768748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b9211f1745fed42021-12-20 15:58:17.424root 11241100x8000000000000000768749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b102858a1b9ba92021-12-20 15:58:17.424root 11241100x8000000000000000768750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487626360cf5bc6d2021-12-20 15:58:17.424root 11241100x8000000000000000768751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ed0421755d508a2021-12-20 15:58:17.424root 11241100x8000000000000000768752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439a2db52575ef552021-12-20 15:58:17.424root 11241100x8000000000000000768753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4a9892205575992021-12-20 15:58:17.424root 11241100x8000000000000000768754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab74e1fbc4432d8d2021-12-20 15:58:17.424root 11241100x8000000000000000768755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea5fd3dcdf232572021-12-20 15:58:17.924root 11241100x8000000000000000768756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed93a1f4e6f40b822021-12-20 15:58:17.924root 11241100x8000000000000000768757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31d33c65b6c3fef2021-12-20 15:58:17.924root 11241100x8000000000000000768758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356c04eb5eb7abe82021-12-20 15:58:17.924root 11241100x8000000000000000768759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4d9cad56b0ba882021-12-20 15:58:17.924root 11241100x8000000000000000768760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3e557e4f29f64e2021-12-20 15:58:17.924root 11241100x8000000000000000768761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bbb4d4d8c7685c2021-12-20 15:58:17.924root 11241100x8000000000000000768762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4096912b940f072021-12-20 15:58:18.424root 11241100x8000000000000000768763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f48aedc80cc8ab2021-12-20 15:58:18.424root 11241100x8000000000000000768764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3a3b93a0c1d0872021-12-20 15:58:18.424root 11241100x8000000000000000768765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7b2fd2e10aa1a52021-12-20 15:58:18.424root 11241100x8000000000000000768766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de30edf77d98b422021-12-20 15:58:18.424root 11241100x8000000000000000768767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e659c0a3b02ccfb42021-12-20 15:58:18.424root 11241100x8000000000000000768768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ea2bd74bbfe8b82021-12-20 15:58:18.424root 11241100x8000000000000000768769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4c90493dc164e92021-12-20 15:58:18.924root 11241100x8000000000000000768770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb423d93c4dad4b2021-12-20 15:58:18.924root 11241100x8000000000000000768771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9036a39bffc8c9ca2021-12-20 15:58:18.924root 11241100x8000000000000000768772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ca24ceac8ffdcf2021-12-20 15:58:18.924root 11241100x8000000000000000768773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9881e9c1a982982021-12-20 15:58:18.924root 11241100x8000000000000000768774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05268dadf3fb8b0f2021-12-20 15:58:18.925root 11241100x8000000000000000768775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22645475777e196d2021-12-20 15:58:18.925root 11241100x8000000000000000768776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d2702157713d5a2021-12-20 15:58:19.424root 11241100x8000000000000000768777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bc3509f81e1c0a2021-12-20 15:58:19.424root 11241100x8000000000000000768778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb43d8ae9976ea62021-12-20 15:58:19.424root 11241100x8000000000000000768779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4477fadbc942aad72021-12-20 15:58:19.424root 11241100x8000000000000000768780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db6301bc809845d2021-12-20 15:58:19.424root 11241100x8000000000000000768781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d625d155593b4e2021-12-20 15:58:19.424root 11241100x8000000000000000768782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e465762089bd2472021-12-20 15:58:19.424root 11241100x8000000000000000768783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d46a5f4c5d84ca02021-12-20 15:58:19.924root 11241100x8000000000000000768784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9370e522a4ce7452021-12-20 15:58:19.924root 11241100x8000000000000000768785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77be45951cff58c42021-12-20 15:58:19.924root 11241100x8000000000000000768786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a08ce15e72cd13e2021-12-20 15:58:19.924root 11241100x8000000000000000768787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7075da551f3aa6bd2021-12-20 15:58:19.924root 11241100x8000000000000000768788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5287c15e40679e2021-12-20 15:58:19.924root 11241100x8000000000000000768789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604fde7b0a328a3c2021-12-20 15:58:19.924root 354300x8000000000000000768790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.058{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46146-false10.0.1.12-8089- 11241100x8000000000000000768791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb2bcd34755dc2d2021-12-20 15:58:20.424root 11241100x8000000000000000768792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acea933fb897a9f2021-12-20 15:58:20.424root 11241100x8000000000000000768793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133738e0ab1527f22021-12-20 15:58:20.424root 11241100x8000000000000000768794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f669dce98538832021-12-20 15:58:20.424root 11241100x8000000000000000768795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e350a523822840a2021-12-20 15:58:20.424root 11241100x8000000000000000768796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1687f603eed153d52021-12-20 15:58:20.424root 11241100x8000000000000000768797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2379ee4177cf33c2021-12-20 15:58:20.424root 11241100x8000000000000000768798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777443cadaedb09f2021-12-20 15:58:20.424root 11241100x8000000000000000768799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43be118b2cb16812021-12-20 15:58:20.924root 11241100x8000000000000000768800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba45ad4fa0752bc72021-12-20 15:58:20.924root 11241100x8000000000000000768801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e606e351817c94492021-12-20 15:58:20.924root 11241100x8000000000000000768802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7badaa6e780d7e02021-12-20 15:58:20.924root 11241100x8000000000000000768803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc96524adaa40fe2021-12-20 15:58:20.924root 11241100x8000000000000000768804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc47d623fcd81d6e2021-12-20 15:58:20.924root 11241100x8000000000000000768805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e79560457f49812021-12-20 15:58:20.924root 11241100x8000000000000000768806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6851673b4571efb2021-12-20 15:58:20.924root 11241100x8000000000000000768807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e272c4c7d5e4672021-12-20 15:58:21.424root 11241100x8000000000000000768808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbdf5722e0e02f12021-12-20 15:58:21.424root 11241100x8000000000000000768809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d40a4099058d562021-12-20 15:58:21.424root 11241100x8000000000000000768810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cd836463b1806a2021-12-20 15:58:21.424root 11241100x8000000000000000768811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11aff0ee02ba1ea2021-12-20 15:58:21.424root 11241100x8000000000000000768812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa31deb53ee4a1f72021-12-20 15:58:21.424root 11241100x8000000000000000768813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72458bfc0d5efb012021-12-20 15:58:21.424root 11241100x8000000000000000768814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d83f20c8552bfb42021-12-20 15:58:21.425root 11241100x8000000000000000768815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8db34f5d31b5c462021-12-20 15:58:21.924root 11241100x8000000000000000768816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b25a910ceacd5e2021-12-20 15:58:21.924root 11241100x8000000000000000768817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e22f459ec4a4cc2021-12-20 15:58:21.924root 11241100x8000000000000000768818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60615efcc8e5bd582021-12-20 15:58:21.924root 11241100x8000000000000000768819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fad0a1e198fad832021-12-20 15:58:21.924root 11241100x8000000000000000768820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e7ba2e3cb46f7e2021-12-20 15:58:21.924root 11241100x8000000000000000768821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7655041f6367fa742021-12-20 15:58:21.924root 11241100x8000000000000000768822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0bc9f5e14325312021-12-20 15:58:21.924root 11241100x8000000000000000768823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d61e64a7a539c62021-12-20 15:58:22.424root 11241100x8000000000000000768824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e81bfbd367d93bd2021-12-20 15:58:22.424root 11241100x8000000000000000768825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb137c3959160ee02021-12-20 15:58:22.424root 11241100x8000000000000000768826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cb0f93bbadafff2021-12-20 15:58:22.424root 11241100x8000000000000000768827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f945bbed743352582021-12-20 15:58:22.424root 11241100x8000000000000000768828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eeee811fb372b8c2021-12-20 15:58:22.424root 11241100x8000000000000000768829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21e4dd9e3c08c5a2021-12-20 15:58:22.424root 11241100x8000000000000000768830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65d700594ced6ef2021-12-20 15:58:22.425root 11241100x8000000000000000768831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448eb8625c9619d12021-12-20 15:58:22.924root 11241100x8000000000000000768832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e55789f5d1cf1e2021-12-20 15:58:22.924root 11241100x8000000000000000768833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434008089d2318fc2021-12-20 15:58:22.924root 11241100x8000000000000000768834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38d1498c82ed3c12021-12-20 15:58:22.924root 11241100x8000000000000000768835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69f4f18096032bf2021-12-20 15:58:22.924root 11241100x8000000000000000768836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e3577980daa8b12021-12-20 15:58:22.924root 11241100x8000000000000000768837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feef3f9bffe8d85e2021-12-20 15:58:22.925root 11241100x8000000000000000768838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0364e5a970e96c2c2021-12-20 15:58:22.925root 354300x8000000000000000768839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.056{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51446-false10.0.1.12-8000- 11241100x8000000000000000768840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beed4026abe01c592021-12-20 15:58:23.424root 11241100x8000000000000000768841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49266313fe09c7e32021-12-20 15:58:23.424root 11241100x8000000000000000768842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187a2a0274f336d22021-12-20 15:58:23.424root 11241100x8000000000000000768843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2e453395d3d5e22021-12-20 15:58:23.424root 11241100x8000000000000000768844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e3b99ecec224e92021-12-20 15:58:23.425root 11241100x8000000000000000768845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e056e777220883112021-12-20 15:58:23.425root 11241100x8000000000000000768846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df88691610d49de2021-12-20 15:58:23.425root 11241100x8000000000000000768847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3002ac5540f152282021-12-20 15:58:23.425root 11241100x8000000000000000768848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f3eecccb7aa8e62021-12-20 15:58:23.425root 11241100x8000000000000000768849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016eaeb3f01be62a2021-12-20 15:58:23.924root 11241100x8000000000000000768850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaafd52981ed6a02021-12-20 15:58:23.924root 11241100x8000000000000000768851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17eb5cc28184d7682021-12-20 15:58:23.924root 11241100x8000000000000000768852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d3b92912a460142021-12-20 15:58:23.924root 11241100x8000000000000000768853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea8b267141f75e62021-12-20 15:58:23.924root 11241100x8000000000000000768854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f3e0aa727868d92021-12-20 15:58:23.924root 11241100x8000000000000000768855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d493459a71a90a562021-12-20 15:58:23.924root 11241100x8000000000000000768856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2579afbce65252152021-12-20 15:58:23.924root 11241100x8000000000000000768857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca70c0a5130aac32021-12-20 15:58:23.924root 11241100x8000000000000000768858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f429b24c104e2afd2021-12-20 15:58:24.424root 11241100x8000000000000000768859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8c2901430d0da32021-12-20 15:58:24.424root 11241100x8000000000000000768860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b626b7b7cbf61a272021-12-20 15:58:24.424root 11241100x8000000000000000768861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9abe5f246ae2852021-12-20 15:58:24.424root 11241100x8000000000000000768862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853d3c284142906a2021-12-20 15:58:24.424root 11241100x8000000000000000768863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8836327982e815dd2021-12-20 15:58:24.424root 11241100x8000000000000000768864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67f9921691026872021-12-20 15:58:24.425root 11241100x8000000000000000768865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24edb1750e0336562021-12-20 15:58:24.425root 11241100x8000000000000000768866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93443a94daf912c02021-12-20 15:58:24.425root 11241100x8000000000000000768867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd6b8773fc995682021-12-20 15:58:24.924root 11241100x8000000000000000768868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bde60da66d229b12021-12-20 15:58:24.924root 11241100x8000000000000000768869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a04bf2f20450942021-12-20 15:58:24.924root 11241100x8000000000000000768870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cfc9233c4441872021-12-20 15:58:24.924root 11241100x8000000000000000768871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f612f304c601fe2021-12-20 15:58:24.924root 11241100x8000000000000000768872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71569de2b09b67a02021-12-20 15:58:24.924root 11241100x8000000000000000768873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee9ed62458d71bc2021-12-20 15:58:24.924root 11241100x8000000000000000768874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7067a15f19ddf212021-12-20 15:58:24.925root 11241100x8000000000000000768875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6b9a724a4516882021-12-20 15:58:24.925root 11241100x8000000000000000768876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12a568d7fd4541a2021-12-20 15:58:25.424root 11241100x8000000000000000768877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7533501348d7ace92021-12-20 15:58:25.424root 11241100x8000000000000000768878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685fb8d1c04b9cc12021-12-20 15:58:25.424root 11241100x8000000000000000768879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e5ac8fdd4f731a2021-12-20 15:58:25.424root 11241100x8000000000000000768880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed5316b0716046b2021-12-20 15:58:25.425root 11241100x8000000000000000768881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d19611956356fc2021-12-20 15:58:25.425root 11241100x8000000000000000768882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9285918e555fe72021-12-20 15:58:25.425root 11241100x8000000000000000768883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f452af44aa2d7d2021-12-20 15:58:25.425root 11241100x8000000000000000768884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518c55724f0727bf2021-12-20 15:58:25.425root 11241100x8000000000000000768885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaa78931895bb9d2021-12-20 15:58:25.925root 11241100x8000000000000000768886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba8d18bd67764c32021-12-20 15:58:25.926root 11241100x8000000000000000768887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ab45b1dc43a7c62021-12-20 15:58:25.926root 11241100x8000000000000000768888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef328e3a2cb872b2021-12-20 15:58:25.926root 11241100x8000000000000000768889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0785b2f79cbf2b82021-12-20 15:58:25.926root 11241100x8000000000000000768890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2d3adc5d8f83762021-12-20 15:58:25.926root 11241100x8000000000000000768891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f6f852a58c2e802021-12-20 15:58:25.926root 11241100x8000000000000000768892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce83acc0cb2d47b2021-12-20 15:58:25.927root 11241100x8000000000000000768893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036137443dc312ef2021-12-20 15:58:25.927root 11241100x8000000000000000768894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70252dca9c68513b2021-12-20 15:58:26.424root 11241100x8000000000000000768895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0029a86a3a6406632021-12-20 15:58:26.424root 11241100x8000000000000000768896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6715fc327c0e9b12021-12-20 15:58:26.424root 11241100x8000000000000000768897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6f19ac9063d3f92021-12-20 15:58:26.424root 11241100x8000000000000000768898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e98b8c935b35cae2021-12-20 15:58:26.424root 11241100x8000000000000000768899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcabf105356a5452021-12-20 15:58:26.424root 11241100x8000000000000000768900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ccc3f5603e24972021-12-20 15:58:26.424root 11241100x8000000000000000768901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec2dc832612f02a2021-12-20 15:58:26.425root 11241100x8000000000000000768902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a08c6b883575dfc2021-12-20 15:58:26.425root 11241100x8000000000000000768903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c00bc1298c4fd8a2021-12-20 15:58:26.924root 11241100x8000000000000000768904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797c1bd3c984d5812021-12-20 15:58:26.924root 11241100x8000000000000000768905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d26f8f72db475fb2021-12-20 15:58:26.924root 11241100x8000000000000000768906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834e923407506fbb2021-12-20 15:58:26.925root 11241100x8000000000000000768907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eac42cd9fa61ab62021-12-20 15:58:26.925root 11241100x8000000000000000768908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfff9b8f3b9b5022021-12-20 15:58:26.925root 11241100x8000000000000000768909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8795544d62275b192021-12-20 15:58:26.925root 11241100x8000000000000000768910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60641be727ad16462021-12-20 15:58:26.925root 11241100x8000000000000000768911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbefa67969f495122021-12-20 15:58:26.925root 11241100x8000000000000000768912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa88247a4e8ca4e42021-12-20 15:58:27.424root 11241100x8000000000000000768913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93c11d4e3ccba7b2021-12-20 15:58:27.424root 11241100x8000000000000000768914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafe1e0a60e026c32021-12-20 15:58:27.424root 11241100x8000000000000000768915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad8f6065ae1afd42021-12-20 15:58:27.425root 11241100x8000000000000000768916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fc56f4c4a556352021-12-20 15:58:27.425root 11241100x8000000000000000768917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f314bea2cdb1f7a2021-12-20 15:58:27.425root 11241100x8000000000000000768918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7dc338e89b77442021-12-20 15:58:27.425root 11241100x8000000000000000768919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930bcec2a6e7c8712021-12-20 15:58:27.426root 11241100x8000000000000000768920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bc53ee6920da422021-12-20 15:58:27.426root 11241100x8000000000000000768921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a70911fee802dfb2021-12-20 15:58:27.924root 11241100x8000000000000000768922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c240d8039d8a3722021-12-20 15:58:27.924root 11241100x8000000000000000768923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18834caceafb929b2021-12-20 15:58:27.924root 11241100x8000000000000000768924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbb03ec1a506e622021-12-20 15:58:27.924root 11241100x8000000000000000768925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0043c938b84dac12021-12-20 15:58:27.925root 11241100x8000000000000000768926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0448389b029d49912021-12-20 15:58:27.925root 11241100x8000000000000000768927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bf7bf6bb37febe2021-12-20 15:58:27.925root 11241100x8000000000000000768928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f872effe9cb1802021-12-20 15:58:27.926root 11241100x8000000000000000768929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6080a23071e6622021-12-20 15:58:27.926root 11241100x8000000000000000768930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d6969c9c7793b52021-12-20 15:58:28.424root 11241100x8000000000000000768931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112f8e0d5ca880572021-12-20 15:58:28.424root 11241100x8000000000000000768932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b063f107944b742021-12-20 15:58:28.424root 11241100x8000000000000000768933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed09f953890083232021-12-20 15:58:28.424root 11241100x8000000000000000768934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8600bc33416c222021-12-20 15:58:28.424root 11241100x8000000000000000768935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83be68039bd9bb5f2021-12-20 15:58:28.424root 11241100x8000000000000000768936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4883ed592960bcb82021-12-20 15:58:28.424root 11241100x8000000000000000768937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f403ea62e58ded62021-12-20 15:58:28.424root 11241100x8000000000000000768938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e47f36b0ea2f0cc2021-12-20 15:58:28.425root 11241100x8000000000000000768939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cf7c94ef93fd9e2021-12-20 15:58:28.924root 11241100x8000000000000000768940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebb787221f030c02021-12-20 15:58:28.924root 11241100x8000000000000000768941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f928db92bc47a52021-12-20 15:58:28.924root 11241100x8000000000000000768942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e499019606af5f2021-12-20 15:58:28.924root 11241100x8000000000000000768943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce792ce1774a3272021-12-20 15:58:28.924root 11241100x8000000000000000768944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17e1e0fba58dddd2021-12-20 15:58:28.924root 11241100x8000000000000000768945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a7315d88e6f4e32021-12-20 15:58:28.924root 11241100x8000000000000000768946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fa4c1f7b4c2a212021-12-20 15:58:28.925root 11241100x8000000000000000768947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3d23817a163aac2021-12-20 15:58:28.925root 354300x8000000000000000768948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.032{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51448-false10.0.1.12-8000- 11241100x8000000000000000768949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc81ec1e610d5612021-12-20 15:58:29.424root 11241100x8000000000000000768950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619390436df6f40f2021-12-20 15:58:29.424root 11241100x8000000000000000768951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49d83a7532d4c1a2021-12-20 15:58:29.424root 11241100x8000000000000000768952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2ca5e95d6abdf82021-12-20 15:58:29.424root 11241100x8000000000000000768953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18faf979742ff0e62021-12-20 15:58:29.424root 11241100x8000000000000000768954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2526d7e8ed3e16f72021-12-20 15:58:29.424root 11241100x8000000000000000768955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc37b0236842b37f2021-12-20 15:58:29.424root 11241100x8000000000000000768956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fac7696567af132021-12-20 15:58:29.424root 11241100x8000000000000000768957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1ae72f00b2a8ad2021-12-20 15:58:29.425root 11241100x8000000000000000768958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdae2fd07dae93b2021-12-20 15:58:29.425root 11241100x8000000000000000768959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e1bccc7ec4b97c2021-12-20 15:58:29.924root 11241100x8000000000000000768960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c67b0f59e2194372021-12-20 15:58:29.924root 11241100x8000000000000000768961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ddd5b20203a8dd2021-12-20 15:58:29.924root 11241100x8000000000000000768962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a13b37fbdf889402021-12-20 15:58:29.924root 11241100x8000000000000000768963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39812fcdf932897c2021-12-20 15:58:29.924root 11241100x8000000000000000768964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9aac91c21d89a792021-12-20 15:58:29.924root 11241100x8000000000000000768965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b688cdd524f23d2021-12-20 15:58:29.925root 11241100x8000000000000000768966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7bce545c5236be2021-12-20 15:58:29.925root 11241100x8000000000000000768967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23a60596a77ad0a2021-12-20 15:58:29.925root 11241100x8000000000000000768968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3333c1f21ba48212021-12-20 15:58:29.926root 11241100x8000000000000000768969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa3a980ac1518022021-12-20 15:58:30.424root 11241100x8000000000000000768970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5430c9f5dd63d9362021-12-20 15:58:30.424root 11241100x8000000000000000768971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac4a47081c0e5bf2021-12-20 15:58:30.424root 11241100x8000000000000000768972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeb543152f7bf6f2021-12-20 15:58:30.424root 11241100x8000000000000000768973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9568b767db9791642021-12-20 15:58:30.425root 11241100x8000000000000000768974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179381e854f23aa62021-12-20 15:58:30.425root 11241100x8000000000000000768975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216637fad7b42d252021-12-20 15:58:30.425root 11241100x8000000000000000768976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71159ff841e0ac8f2021-12-20 15:58:30.425root 11241100x8000000000000000768977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c65d587b4d0c662021-12-20 15:58:30.425root 11241100x8000000000000000768978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16de42eda3d2d5a2021-12-20 15:58:30.425root 11241100x8000000000000000768979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e602654cd5bc6ea52021-12-20 15:58:30.924root 11241100x8000000000000000768980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446a29c443bccebf2021-12-20 15:58:30.924root 11241100x8000000000000000768981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d634deb0a8fbbed2021-12-20 15:58:30.925root 11241100x8000000000000000768982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3beba0e07a6dfeb32021-12-20 15:58:30.925root 11241100x8000000000000000768983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9b1c8739359baf2021-12-20 15:58:30.925root 11241100x8000000000000000768984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62653492383dc5892021-12-20 15:58:30.925root 11241100x8000000000000000768985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26d65c5567c115f2021-12-20 15:58:30.926root 11241100x8000000000000000768986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869b4c97ce9e57712021-12-20 15:58:30.926root 11241100x8000000000000000768987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79ba919b640e4372021-12-20 15:58:30.926root 11241100x8000000000000000768988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bca4847c8ffeff22021-12-20 15:58:30.927root 11241100x8000000000000000768989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff4c81920467ad92021-12-20 15:58:31.424root 11241100x8000000000000000768990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0ec3a9fc850ebc2021-12-20 15:58:31.424root 11241100x8000000000000000768991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3615cfc762f53fc2021-12-20 15:58:31.424root 11241100x8000000000000000768992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea242492595749b2021-12-20 15:58:31.424root 11241100x8000000000000000768993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114444d6910aa8bc2021-12-20 15:58:31.424root 11241100x8000000000000000768994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39293e9f2d8abf8c2021-12-20 15:58:31.424root 11241100x8000000000000000768995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fe873c6af87b042021-12-20 15:58:31.424root 11241100x8000000000000000768996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b025cacb9601b7272021-12-20 15:58:31.425root 11241100x8000000000000000768997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7139a43b2d2a702021-12-20 15:58:31.425root 11241100x8000000000000000768998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d188b9b3667f292021-12-20 15:58:31.425root 11241100x8000000000000000768999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fd9f78a08d946a2021-12-20 15:58:31.924root 11241100x8000000000000000769000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af9f0257a2e5ae92021-12-20 15:58:31.924root 11241100x8000000000000000769001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194f11dc80364d782021-12-20 15:58:31.924root 11241100x8000000000000000769002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f249138fd3d9c182021-12-20 15:58:31.924root 11241100x8000000000000000769003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1c77010bd1ef0e2021-12-20 15:58:31.924root 11241100x8000000000000000769004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f653263206a547c02021-12-20 15:58:31.924root 11241100x8000000000000000769005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93e875dd0fb40db2021-12-20 15:58:31.924root 11241100x8000000000000000769006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f2f79357d98c762021-12-20 15:58:31.924root 11241100x8000000000000000769007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf6815ef9bf1e8e2021-12-20 15:58:31.925root 11241100x8000000000000000769008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca2a3b3b64a3e832021-12-20 15:58:31.925root 11241100x8000000000000000769009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be68fdcb9ceb1e52021-12-20 15:58:32.424root 11241100x8000000000000000769010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0718a698e8cb35ee2021-12-20 15:58:32.424root 11241100x8000000000000000769011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e0b3c7264057ab2021-12-20 15:58:32.424root 11241100x8000000000000000769012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55a4a7a33f6fbb62021-12-20 15:58:32.424root 11241100x8000000000000000769013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2a3d2d956902072021-12-20 15:58:32.425root 11241100x8000000000000000769014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5641abec1232002021-12-20 15:58:32.425root 11241100x8000000000000000769015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080a5a2e153995a42021-12-20 15:58:32.425root 11241100x8000000000000000769016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23499db9ad7088be2021-12-20 15:58:32.425root 11241100x8000000000000000769017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b9f4a2530669e82021-12-20 15:58:32.425root 11241100x8000000000000000769018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c030cd0025633e42021-12-20 15:58:32.425root 11241100x8000000000000000769019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b661f3d71e9765c2021-12-20 15:58:32.924root 11241100x8000000000000000769020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a9e83cd1aadd882021-12-20 15:58:32.924root 11241100x8000000000000000769021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d7c2beae7619b02021-12-20 15:58:32.924root 11241100x8000000000000000769022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e12cff2b55c4eeb2021-12-20 15:58:32.924root 11241100x8000000000000000769023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a43813e1df8c922021-12-20 15:58:32.925root 11241100x8000000000000000769024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58479a74182c8b302021-12-20 15:58:32.925root 11241100x8000000000000000769025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e789583940ada42021-12-20 15:58:32.925root 11241100x8000000000000000769026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f28f59b6b8aff62021-12-20 15:58:32.925root 11241100x8000000000000000769027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5200a638d090b32021-12-20 15:58:32.925root 11241100x8000000000000000769028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb10ea698f83438f2021-12-20 15:58:32.925root 11241100x8000000000000000769029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41628970c1724ce92021-12-20 15:58:33.424root 11241100x8000000000000000769030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16c93a6cd0703902021-12-20 15:58:33.424root 11241100x8000000000000000769031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257ed2a1f72b41b62021-12-20 15:58:33.424root 11241100x8000000000000000769032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af0c25b1a4cda262021-12-20 15:58:33.424root 11241100x8000000000000000769033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58001b1fe12f71632021-12-20 15:58:33.424root 11241100x8000000000000000769034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a25b4bc56b2358c2021-12-20 15:58:33.424root 11241100x8000000000000000769035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75ade30e472c0c22021-12-20 15:58:33.424root 11241100x8000000000000000769036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d26ebe2108021a42021-12-20 15:58:33.424root 11241100x8000000000000000769037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab2050920dc5bfd2021-12-20 15:58:33.424root 11241100x8000000000000000769038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d985d5b518c356d82021-12-20 15:58:33.425root 11241100x8000000000000000769039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f11ce0e07844c12021-12-20 15:58:33.924root 11241100x8000000000000000769040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a142b4f707b4662021-12-20 15:58:33.924root 11241100x8000000000000000769041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d59eb8ff65cbd992021-12-20 15:58:33.924root 11241100x8000000000000000769042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbba1b5f03d71e952021-12-20 15:58:33.924root 11241100x8000000000000000769043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a4e3c64a6418152021-12-20 15:58:33.925root 11241100x8000000000000000769044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa641f1d733c1ca2021-12-20 15:58:33.925root 11241100x8000000000000000769045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a6c303033cf0ba2021-12-20 15:58:33.925root 11241100x8000000000000000769046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b0c37683e17032021-12-20 15:58:33.925root 11241100x8000000000000000769047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af65ee930c9992d72021-12-20 15:58:33.925root 11241100x8000000000000000769048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1593000873c823dd2021-12-20 15:58:33.925root 11241100x8000000000000000769049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487c578e66631c612021-12-20 15:58:34.424root 11241100x8000000000000000769050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b52301628e7be102021-12-20 15:58:34.424root 11241100x8000000000000000769051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4921061be2827a2021-12-20 15:58:34.424root 11241100x8000000000000000769052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9768dc7cb470dab2021-12-20 15:58:34.424root 11241100x8000000000000000769053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0f95c6dc5a50042021-12-20 15:58:34.425root 11241100x8000000000000000769054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818b4e522487ef4e2021-12-20 15:58:34.425root 11241100x8000000000000000769055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1721bb7e35b0f5142021-12-20 15:58:34.425root 11241100x8000000000000000769056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2c89e28610e0982021-12-20 15:58:34.425root 11241100x8000000000000000769057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89b150c358e28e32021-12-20 15:58:34.425root 11241100x8000000000000000769058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e14bc5f894057232021-12-20 15:58:34.425root 11241100x8000000000000000769059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63166bb46dd11d8d2021-12-20 15:58:34.924root 11241100x8000000000000000769060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9cd16da388b2892021-12-20 15:58:34.924root 11241100x8000000000000000769061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c629124b2219bc7d2021-12-20 15:58:34.924root 11241100x8000000000000000769062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8818534e7fe767fb2021-12-20 15:58:34.924root 11241100x8000000000000000769063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d641de5422228b52021-12-20 15:58:34.924root 11241100x8000000000000000769064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d02a0be5ec5581c2021-12-20 15:58:34.924root 11241100x8000000000000000769065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc762b5f0150cba2021-12-20 15:58:34.924root 11241100x8000000000000000769066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf70b8e925189b72021-12-20 15:58:34.925root 11241100x8000000000000000769067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9945d4f848a152aa2021-12-20 15:58:34.925root 11241100x8000000000000000769068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348797070227679e2021-12-20 15:58:34.925root 354300x8000000000000000769069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.008{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51450-false10.0.1.12-8000- 11241100x8000000000000000769070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daca06d3cbc73e92021-12-20 15:58:35.424root 11241100x8000000000000000769071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66085f9e42a5fc312021-12-20 15:58:35.424root 11241100x8000000000000000769072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df62b16e895cf692021-12-20 15:58:35.424root 11241100x8000000000000000769073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41693cec3dbba54f2021-12-20 15:58:35.424root 11241100x8000000000000000769074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f57d022ab6ac71d2021-12-20 15:58:35.424root 11241100x8000000000000000769075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1de1ff595a17632021-12-20 15:58:35.425root 11241100x8000000000000000769076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60373be12b89e0f2021-12-20 15:58:35.425root 11241100x8000000000000000769077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab24e088a46f27a2021-12-20 15:58:35.425root 11241100x8000000000000000769078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90be4aa5c24936a2021-12-20 15:58:35.425root 11241100x8000000000000000769079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c66694df2bcc932021-12-20 15:58:35.425root 11241100x8000000000000000769080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ffdd43126b688d2021-12-20 15:58:35.425root 11241100x8000000000000000769081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2643c6213c046c702021-12-20 15:58:35.924root 11241100x8000000000000000769082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e52272e095e68ff2021-12-20 15:58:35.924root 11241100x8000000000000000769083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5f5cf744a19ee72021-12-20 15:58:35.924root 11241100x8000000000000000769084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d0729dc37d170c2021-12-20 15:58:35.924root 11241100x8000000000000000769085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3a616c2f4355c72021-12-20 15:58:35.925root 11241100x8000000000000000769086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e693d79fb364df2021-12-20 15:58:35.925root 11241100x8000000000000000769087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6e6f9268bf19e52021-12-20 15:58:35.925root 11241100x8000000000000000769088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879cdac48f8acf182021-12-20 15:58:35.925root 11241100x8000000000000000769089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf5ce69539cb90f2021-12-20 15:58:35.925root 11241100x8000000000000000769090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac4d549330c7ea32021-12-20 15:58:35.925root 11241100x8000000000000000769091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15955ab1cf4620722021-12-20 15:58:35.925root 11241100x8000000000000000769092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.067{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:58:36.067root 11241100x8000000000000000769093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a8506b0c9e39832021-12-20 15:58:36.424root 11241100x8000000000000000769094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d092cc04204dff2021-12-20 15:58:36.424root 11241100x8000000000000000769095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e525750fbaf551082021-12-20 15:58:36.424root 11241100x8000000000000000769096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8164a8c4bcee85902021-12-20 15:58:36.424root 11241100x8000000000000000769097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c566923934fe79782021-12-20 15:58:36.424root 11241100x8000000000000000769098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d388d5a05c4a792021-12-20 15:58:36.424root 11241100x8000000000000000769099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d980069f26ce82b62021-12-20 15:58:36.424root 11241100x8000000000000000769100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070fe75654fe09eb2021-12-20 15:58:36.425root 11241100x8000000000000000769101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018875ede376ef9b2021-12-20 15:58:36.425root 11241100x8000000000000000769102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480e6624b010e89b2021-12-20 15:58:36.425root 11241100x8000000000000000769103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cd0284f995906e2021-12-20 15:58:36.425root 11241100x8000000000000000769104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208ab00d79bc36c42021-12-20 15:58:36.425root 11241100x8000000000000000769105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5134e09e30572f12021-12-20 15:58:36.924root 11241100x8000000000000000769106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c9562ff57459482021-12-20 15:58:36.924root 11241100x8000000000000000769107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c35a2654b6b4032021-12-20 15:58:36.924root 11241100x8000000000000000769108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96327d135a3aa552021-12-20 15:58:36.924root 11241100x8000000000000000769109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db737102b07ecf512021-12-20 15:58:36.924root 11241100x8000000000000000769110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9219759660bff68f2021-12-20 15:58:36.924root 11241100x8000000000000000769111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a4730d1cde39f32021-12-20 15:58:36.924root 11241100x8000000000000000769112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16130254472c5b072021-12-20 15:58:36.925root 11241100x8000000000000000769113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f17a97ea4dd04b32021-12-20 15:58:36.925root 11241100x8000000000000000769114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea5f80ccd09f2ba2021-12-20 15:58:36.925root 11241100x8000000000000000769115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e085838edc61948b2021-12-20 15:58:36.925root 11241100x8000000000000000769116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f329a0701826a0912021-12-20 15:58:36.925root 11241100x8000000000000000769117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dd94f23bad0b432021-12-20 15:58:37.424root 11241100x8000000000000000769118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bf6312617e90c02021-12-20 15:58:37.424root 11241100x8000000000000000769119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1073c31d33f29cb2021-12-20 15:58:37.424root 11241100x8000000000000000769120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801885008ed1b7432021-12-20 15:58:37.424root 11241100x8000000000000000769121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e38dc4487dbd412021-12-20 15:58:37.424root 11241100x8000000000000000769122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731873d997c2dc7d2021-12-20 15:58:37.424root 11241100x8000000000000000769123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb9377c221a67532021-12-20 15:58:37.425root 11241100x8000000000000000769124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32120ce0cf60c0992021-12-20 15:58:37.425root 11241100x8000000000000000769125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938016351689b5262021-12-20 15:58:37.425root 11241100x8000000000000000769126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b2bcbc9041bacc2021-12-20 15:58:37.425root 11241100x8000000000000000769127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674580721fe5d9eb2021-12-20 15:58:37.425root 11241100x8000000000000000769128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c6e0a8ffb82fbc2021-12-20 15:58:37.425root 11241100x8000000000000000769129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5ad8be0fe3a7452021-12-20 15:58:37.924root 11241100x8000000000000000769130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee98e66a1531d64c2021-12-20 15:58:37.924root 11241100x8000000000000000769131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc194f62c63281d2021-12-20 15:58:37.924root 11241100x8000000000000000769132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fa504d324831de2021-12-20 15:58:37.925root 11241100x8000000000000000769133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58cb1c3fd30ff1f2021-12-20 15:58:37.925root 11241100x8000000000000000769134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1f46f5e545f17f2021-12-20 15:58:37.925root 11241100x8000000000000000769135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ecc9b988f0436c2021-12-20 15:58:37.925root 11241100x8000000000000000769136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f78e68586c640a2021-12-20 15:58:37.926root 11241100x8000000000000000769137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eede4dc2e8b418122021-12-20 15:58:37.926root 11241100x8000000000000000769138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcd928689f138c12021-12-20 15:58:37.926root 11241100x8000000000000000769139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8965f8dd178540d2021-12-20 15:58:37.926root 11241100x8000000000000000769140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ee8b9bd633213c2021-12-20 15:58:37.926root 11241100x8000000000000000769141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de05175d9fa04d52021-12-20 15:58:38.424root 11241100x8000000000000000769142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3786ac34b16d3f62021-12-20 15:58:38.424root 11241100x8000000000000000769143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90770da03a1a6c462021-12-20 15:58:38.424root 11241100x8000000000000000769144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8031fcf5bdce86432021-12-20 15:58:38.425root 11241100x8000000000000000769145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c8eaec8fe776322021-12-20 15:58:38.425root 11241100x8000000000000000769146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f34e0b4b35e20a22021-12-20 15:58:38.425root 11241100x8000000000000000769147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a16d7749aa0d79c2021-12-20 15:58:38.426root 11241100x8000000000000000769148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6eb6d55a062e0c2021-12-20 15:58:38.426root 11241100x8000000000000000769149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a14c434ba178e732021-12-20 15:58:38.426root 11241100x8000000000000000769150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbe6af0a34454472021-12-20 15:58:38.426root 11241100x8000000000000000769151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857e316d400fa9f72021-12-20 15:58:38.426root 11241100x8000000000000000769152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d32d9d2f0e151a2021-12-20 15:58:38.426root 11241100x8000000000000000769153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3965453ff1498bd02021-12-20 15:58:38.924root 11241100x8000000000000000769154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadf51df3e7c29882021-12-20 15:58:38.924root 11241100x8000000000000000769155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bbbd44443b5d452021-12-20 15:58:38.924root 11241100x8000000000000000769156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b41b16ebc99201b2021-12-20 15:58:38.924root 11241100x8000000000000000769157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0133f89988afe4f42021-12-20 15:58:38.924root 11241100x8000000000000000769158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d9ee221c546e172021-12-20 15:58:38.924root 11241100x8000000000000000769159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e77a16a0aa66e52021-12-20 15:58:38.924root 11241100x8000000000000000769160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e284b0c99f0b30042021-12-20 15:58:38.925root 11241100x8000000000000000769161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9633aee67b8e36a2021-12-20 15:58:38.925root 11241100x8000000000000000769162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bb4a9a2003df3d2021-12-20 15:58:38.925root 11241100x8000000000000000769163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7580bb1649ab0de2021-12-20 15:58:38.925root 11241100x8000000000000000769164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7420465ceeca54f52021-12-20 15:58:38.925root 23542300x8000000000000000769165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.029{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000769166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b9ac62f0c72ab12021-12-20 15:58:39.424root 11241100x8000000000000000769167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b902e598403b6ee2021-12-20 15:58:39.424root 11241100x8000000000000000769168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a00674d9005eaff2021-12-20 15:58:39.424root 11241100x8000000000000000769169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9643c1ec142ffc082021-12-20 15:58:39.424root 11241100x8000000000000000769170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685504d044405de62021-12-20 15:58:39.424root 11241100x8000000000000000769171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d2f53b01973fac2021-12-20 15:58:39.424root 11241100x8000000000000000769172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf875ac8369128a02021-12-20 15:58:39.425root 11241100x8000000000000000769173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7d9050ef26673b2021-12-20 15:58:39.425root 11241100x8000000000000000769174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19192a42b07318e62021-12-20 15:58:39.425root 11241100x8000000000000000769175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e1f63e7601285e2021-12-20 15:58:39.425root 11241100x8000000000000000769176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d765544f1cb89b062021-12-20 15:58:39.425root 11241100x8000000000000000769177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a228268d7bcfe0f2021-12-20 15:58:39.425root 11241100x8000000000000000769178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313b9d8a5915139d2021-12-20 15:58:39.425root 11241100x8000000000000000769179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85bb8ae942ec53d2021-12-20 15:58:39.924root 11241100x8000000000000000769180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3de297d7b4062c22021-12-20 15:58:39.924root 11241100x8000000000000000769181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fd7629b4c4f72b2021-12-20 15:58:39.924root 11241100x8000000000000000769182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767426d6414c06b22021-12-20 15:58:39.925root 11241100x8000000000000000769183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02de7f0a146be8102021-12-20 15:58:39.925root 11241100x8000000000000000769184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b878226b0fe4f6192021-12-20 15:58:39.926root 11241100x8000000000000000769185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cadd54111ec33052021-12-20 15:58:39.926root 11241100x8000000000000000769186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281883b8baeed8732021-12-20 15:58:39.927root 11241100x8000000000000000769187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aac851b9d9908d42021-12-20 15:58:39.927root 11241100x8000000000000000769188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaab1716009acb8d2021-12-20 15:58:39.927root 11241100x8000000000000000769189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e521fdca8f04a932021-12-20 15:58:39.927root 11241100x8000000000000000769190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1702296bdb52b9582021-12-20 15:58:39.928root 11241100x8000000000000000769191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c97dfa4e07024372021-12-20 15:58:39.928root 354300x8000000000000000769192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.048{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51452-false10.0.1.12-8000- 11241100x8000000000000000769193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d1bd81de16749e2021-12-20 15:58:40.424root 11241100x8000000000000000769194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16873f7432cf31f2021-12-20 15:58:40.424root 11241100x8000000000000000769195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7373b6f6f09f1b02021-12-20 15:58:40.424root 11241100x8000000000000000769196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5715bbcd23a2bd82021-12-20 15:58:40.425root 11241100x8000000000000000769197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2b39af419f5d632021-12-20 15:58:40.425root 11241100x8000000000000000769198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684742f1de715c542021-12-20 15:58:40.425root 11241100x8000000000000000769199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7645690252ba97f42021-12-20 15:58:40.425root 11241100x8000000000000000769200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1805e59626cd68f2021-12-20 15:58:40.425root 11241100x8000000000000000769201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6125176aed4c451f2021-12-20 15:58:40.425root 11241100x8000000000000000769202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d07f32dd8cde4162021-12-20 15:58:40.425root 11241100x8000000000000000769203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bb2d1d69f7c8792021-12-20 15:58:40.425root 11241100x8000000000000000769204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cc7bd50c3fa9062021-12-20 15:58:40.426root 11241100x8000000000000000769205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8d9ad2df79bb822021-12-20 15:58:40.426root 11241100x8000000000000000769206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47921c4348eef2612021-12-20 15:58:40.426root 11241100x8000000000000000769207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee97fceacfd4b072021-12-20 15:58:40.924root 11241100x8000000000000000769208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52e465c4e2864062021-12-20 15:58:40.924root 11241100x8000000000000000769209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693e38796bb8e5062021-12-20 15:58:40.924root 11241100x8000000000000000769210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad03d27ad2b0450a2021-12-20 15:58:40.924root 11241100x8000000000000000769211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90086179fe5d86ff2021-12-20 15:58:40.924root 11241100x8000000000000000769212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb153e882b059c72021-12-20 15:58:40.924root 11241100x8000000000000000769213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787a4d29ed26b8df2021-12-20 15:58:40.925root 11241100x8000000000000000769214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aea436ef2642932021-12-20 15:58:40.925root 11241100x8000000000000000769215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20764199a5dcf81b2021-12-20 15:58:40.925root 11241100x8000000000000000769216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cef04020f64b5eb2021-12-20 15:58:40.925root 11241100x8000000000000000769217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83606344237818722021-12-20 15:58:40.926root 11241100x8000000000000000769218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad13b9facc723c3c2021-12-20 15:58:40.926root 11241100x8000000000000000769219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488de181c49873bf2021-12-20 15:58:40.926root 11241100x8000000000000000769220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1699afdd5da24fb22021-12-20 15:58:40.926root 11241100x8000000000000000769221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42694259be3e27f42021-12-20 15:58:41.424root 11241100x8000000000000000769222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81eedc9e2d8de2652021-12-20 15:58:41.424root 11241100x8000000000000000769223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805a9f0059f06fd02021-12-20 15:58:41.424root 11241100x8000000000000000769224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a11036b3ce19972021-12-20 15:58:41.424root 11241100x8000000000000000769225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6e3953a7535fdb2021-12-20 15:58:41.424root 11241100x8000000000000000769226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfd5a28308595da2021-12-20 15:58:41.425root 11241100x8000000000000000769227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9003ccfa33beeb2021-12-20 15:58:41.425root 11241100x8000000000000000769228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7b7a173e74c9052021-12-20 15:58:41.425root 11241100x8000000000000000769229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab4ff7e32df06772021-12-20 15:58:41.425root 11241100x8000000000000000769230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a142b04c3de20b22021-12-20 15:58:41.425root 11241100x8000000000000000769231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4e2856fa423b6e2021-12-20 15:58:41.425root 11241100x8000000000000000769232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62793709c14f5ec2021-12-20 15:58:41.425root 11241100x8000000000000000769233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bccec2370c0bc42021-12-20 15:58:41.425root 11241100x8000000000000000769234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0746fb6b47e503512021-12-20 15:58:41.425root 11241100x8000000000000000769235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eac3fbcc482c5d62021-12-20 15:58:41.924root 11241100x8000000000000000769236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b1b0b4423860532021-12-20 15:58:41.924root 11241100x8000000000000000769237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a20b40b8af656282021-12-20 15:58:41.924root 11241100x8000000000000000769238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f375fde63e971f2021-12-20 15:58:41.924root 11241100x8000000000000000769239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a851bd8f2f1d652021-12-20 15:58:41.924root 11241100x8000000000000000769240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b67ef4ae04a05d2021-12-20 15:58:41.924root 11241100x8000000000000000769241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b9dba75049eadd2021-12-20 15:58:41.925root 11241100x8000000000000000769242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee14d24218759b92021-12-20 15:58:41.925root 11241100x8000000000000000769243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f64f3cd66c284b2021-12-20 15:58:41.925root 11241100x8000000000000000769244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d332e85a1d155a2021-12-20 15:58:41.925root 11241100x8000000000000000769245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185aed367cb49ac12021-12-20 15:58:41.925root 11241100x8000000000000000769246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d476bdcb3b694c2021-12-20 15:58:41.925root 11241100x8000000000000000769247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0e479e1e7086772021-12-20 15:58:41.925root 11241100x8000000000000000769248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb212cd18bb7f5f2021-12-20 15:58:41.925root 11241100x8000000000000000769249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7074d5b85c4ff2c32021-12-20 15:58:42.424root 11241100x8000000000000000769250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c05887065c9d08d2021-12-20 15:58:42.424root 11241100x8000000000000000769251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e63249c0db8b6d2021-12-20 15:58:42.424root 11241100x8000000000000000769252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e253e39dfb9f2002021-12-20 15:58:42.424root 11241100x8000000000000000769253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb422d2e38bf7212021-12-20 15:58:42.424root 11241100x8000000000000000769254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b794ef8d0758b7a42021-12-20 15:58:42.424root 11241100x8000000000000000769255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46d572e266efac12021-12-20 15:58:42.424root 11241100x8000000000000000769256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a718277a018e3c142021-12-20 15:58:42.424root 11241100x8000000000000000769257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2011cbd90735c5a2021-12-20 15:58:42.424root 11241100x8000000000000000769258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600820f0e6fe341d2021-12-20 15:58:42.425root 11241100x8000000000000000769259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2101dba8b6eaa42021-12-20 15:58:42.425root 11241100x8000000000000000769260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0137d1b86327b06d2021-12-20 15:58:42.425root 11241100x8000000000000000769261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc22e59b4a2f0d512021-12-20 15:58:42.426root 11241100x8000000000000000769262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35f70c54e1bf7802021-12-20 15:58:42.426root 11241100x8000000000000000769263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49705b8709c04a9f2021-12-20 15:58:42.426root 11241100x8000000000000000769264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02944af5a0798072021-12-20 15:58:42.426root 11241100x8000000000000000769265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79c8a514c3a9d0e2021-12-20 15:58:42.426root 11241100x8000000000000000769266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea178775615812c2021-12-20 15:58:42.426root 11241100x8000000000000000769267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab839503197132d2021-12-20 15:58:42.426root 11241100x8000000000000000769268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d586279450e6a0a2021-12-20 15:58:42.427root 11241100x8000000000000000769269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e19c3b2515e4342021-12-20 15:58:42.427root 11241100x8000000000000000769270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1136be62040294642021-12-20 15:58:42.427root 11241100x8000000000000000769271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0bad04e1ed93f12021-12-20 15:58:42.427root 11241100x8000000000000000769272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a7fdf1116408472021-12-20 15:58:42.427root 354300x8000000000000000769273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.772{ec2c97d1-67bd-61c0-dd22-90e9f0550000}2444/snap/amazon-ssm-agent/4046/ssm-agent-workerroottcptruefalse10.0.1.25-42516-false169.254.169.254-80- 11241100x8000000000000000769274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.773{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c93e8bb1c130fd2021-12-20 15:58:42.773root 11241100x8000000000000000769275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.773{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47d6737280b75c42021-12-20 15:58:42.773root 11241100x8000000000000000769276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33899f85117581b2021-12-20 15:58:42.774root 11241100x8000000000000000769277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a11da07cbd2d042021-12-20 15:58:42.774root 11241100x8000000000000000769278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7393e19f5564f12021-12-20 15:58:42.774root 11241100x8000000000000000769279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2e5e1df48dbb9f2021-12-20 15:58:42.774root 11241100x8000000000000000769280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a27d29149d3ff22021-12-20 15:58:42.774root 11241100x8000000000000000769281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21aa4275652fed22021-12-20 15:58:42.774root 11241100x8000000000000000769282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa1d21f4f8fef412021-12-20 15:58:42.774root 11241100x8000000000000000769283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f6d3a7225fc3552021-12-20 15:58:42.774root 11241100x8000000000000000769284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2299d7a5b44327a2021-12-20 15:58:42.774root 11241100x8000000000000000769285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5069f7382bdb1f62021-12-20 15:58:42.774root 11241100x8000000000000000769286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd52489a8b452622021-12-20 15:58:42.774root 11241100x8000000000000000769287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e76bc7e27e1b9e2021-12-20 15:58:42.774root 11241100x8000000000000000769288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.774{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f625882604e6b9f22021-12-20 15:58:42.774root 354300x8000000000000000769289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.808{ec2c97d1-67bd-61c0-dd22-90e9f0550000}2444/snap/amazon-ssm-agent/4046/ssm-agent-workerroottcptruefalse10.0.1.25-42520-false169.254.169.254-80- 354300x8000000000000000769290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:42.905{ec2c97d1-67bd-61c0-dd22-90e9f0550000}2444/snap/amazon-ssm-agent/4046/ssm-agent-workerroottcptruefalse10.0.1.25-42522-false169.254.169.254-80- 11241100x8000000000000000769291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f115c949c6614f652021-12-20 15:58:43.174root 11241100x8000000000000000769292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2771d098384ae12021-12-20 15:58:43.174root 11241100x8000000000000000769293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f020fc5dcdcc6a182021-12-20 15:58:43.174root 11241100x8000000000000000769294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21af3b718749434f2021-12-20 15:58:43.175root 11241100x8000000000000000769295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eea2c59ad6b673c2021-12-20 15:58:43.175root 11241100x8000000000000000769296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fee5e0bfe52817e2021-12-20 15:58:43.175root 11241100x8000000000000000769297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638b1d71e10f398a2021-12-20 15:58:43.175root 11241100x8000000000000000769298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babfe24d52ea571c2021-12-20 15:58:43.175root 11241100x8000000000000000769299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fe326091fab1522021-12-20 15:58:43.175root 11241100x8000000000000000769300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d646b460dd82812021-12-20 15:58:43.175root 11241100x8000000000000000769301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ddfa9d6ec68a392021-12-20 15:58:43.175root 11241100x8000000000000000769302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5269503aa0e289a42021-12-20 15:58:43.175root 11241100x8000000000000000769303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb51047e4bcb0ba22021-12-20 15:58:43.175root 11241100x8000000000000000769304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed33838a27812d2d2021-12-20 15:58:43.175root 11241100x8000000000000000769305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5499bdea614597a02021-12-20 15:58:43.175root 11241100x8000000000000000769306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90fd3eaccdb9fc82021-12-20 15:58:43.176root 11241100x8000000000000000769307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c6d4a7a96290e62021-12-20 15:58:43.176root 11241100x8000000000000000769308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fd4fd9fa279d762021-12-20 15:58:43.674root 11241100x8000000000000000769309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a524d7f188a9bcc2021-12-20 15:58:43.674root 11241100x8000000000000000769310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777ba2fe6c3597282021-12-20 15:58:43.674root 11241100x8000000000000000769311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b9e8b8f94d50672021-12-20 15:58:43.674root 11241100x8000000000000000769312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe334f750d3f23e2021-12-20 15:58:43.674root 11241100x8000000000000000769313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ad34d4989545e02021-12-20 15:58:43.674root 11241100x8000000000000000769314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eced18a2e70ec4952021-12-20 15:58:43.674root 11241100x8000000000000000769315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85944cea87248e9f2021-12-20 15:58:43.675root 11241100x8000000000000000769316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5197d71cabbb69252021-12-20 15:58:43.675root 11241100x8000000000000000769317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d8d37f0d48896a2021-12-20 15:58:43.675root 11241100x8000000000000000769318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d925dc62c1bb1c22021-12-20 15:58:43.675root 11241100x8000000000000000769319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c30f1b4f7279622021-12-20 15:58:43.675root 11241100x8000000000000000769320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6e0fdbca70e29a2021-12-20 15:58:43.675root 11241100x8000000000000000769321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00ca925daf666922021-12-20 15:58:43.675root 11241100x8000000000000000769322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90a0596ba2318c22021-12-20 15:58:43.675root 11241100x8000000000000000769323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d4f49a000582322021-12-20 15:58:43.675root 11241100x8000000000000000769324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:43.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e7f83551482f892021-12-20 15:58:43.675root 11241100x8000000000000000769325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eceb58249ef6cd2021-12-20 15:58:44.174root 11241100x8000000000000000769326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942f781f0c79c76f2021-12-20 15:58:44.174root 11241100x8000000000000000769327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba63f7adb9dbd322021-12-20 15:58:44.174root 11241100x8000000000000000769328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb83b74df239f2c72021-12-20 15:58:44.174root 11241100x8000000000000000769329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0125a2f7cd0bbb2021-12-20 15:58:44.175root 11241100x8000000000000000769330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b49fd61881e71fe2021-12-20 15:58:44.175root 11241100x8000000000000000769331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6cb273abbe3ff22021-12-20 15:58:44.175root 11241100x8000000000000000769332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213bb63b6249edde2021-12-20 15:58:44.175root 11241100x8000000000000000769333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c20f33002029f42021-12-20 15:58:44.175root 11241100x8000000000000000769334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391e0427efa2833f2021-12-20 15:58:44.175root 11241100x8000000000000000769335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1ea402d67093242021-12-20 15:58:44.175root 11241100x8000000000000000769336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeaeba577ed5c622021-12-20 15:58:44.175root 11241100x8000000000000000769337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228de460ca768e852021-12-20 15:58:44.175root 11241100x8000000000000000769338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f2263a7e201be22021-12-20 15:58:44.176root 11241100x8000000000000000769339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c4a8565e05d7a22021-12-20 15:58:44.176root 11241100x8000000000000000769340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f71aec0e9010f72021-12-20 15:58:44.176root 11241100x8000000000000000769341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec94e460eebde6d12021-12-20 15:58:44.176root 11241100x8000000000000000769342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732d5995d3b1c5242021-12-20 15:58:44.674root 11241100x8000000000000000769343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e473a2509add7d2021-12-20 15:58:44.674root 11241100x8000000000000000769344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747f8d238bdabb0f2021-12-20 15:58:44.674root 11241100x8000000000000000769345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3628c13c1b2cd70e2021-12-20 15:58:44.674root 11241100x8000000000000000769346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cb90dfbc687c6d2021-12-20 15:58:44.674root 11241100x8000000000000000769347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf10efad0424bc82021-12-20 15:58:44.674root 11241100x8000000000000000769348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced25512fb46557e2021-12-20 15:58:44.674root 11241100x8000000000000000769349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4a9bc8a8d7657a2021-12-20 15:58:44.675root 11241100x8000000000000000769350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4e52fab83733082021-12-20 15:58:44.675root 11241100x8000000000000000769351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c5e440963aca962021-12-20 15:58:44.675root 11241100x8000000000000000769352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2bee94edf2718c2021-12-20 15:58:44.675root 11241100x8000000000000000769353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9e9e222d6b8ec32021-12-20 15:58:44.675root 11241100x8000000000000000769354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4894ce7a72bfbd2021-12-20 15:58:44.675root 11241100x8000000000000000769355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990c967a0efb10ec2021-12-20 15:58:44.675root 11241100x8000000000000000769356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2463f9d7821119e2021-12-20 15:58:44.675root 11241100x8000000000000000769357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d6e6413edc50082021-12-20 15:58:44.676root 11241100x8000000000000000769358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b66b3edd42ae452021-12-20 15:58:44.676root 11241100x8000000000000000769359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a9a38761fe22212021-12-20 15:58:45.174root 11241100x8000000000000000769360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3b44092331a16d2021-12-20 15:58:45.175root 11241100x8000000000000000769361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94adf6f402af3462021-12-20 15:58:45.175root 11241100x8000000000000000769362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b875d8ba7821e71a2021-12-20 15:58:45.175root 11241100x8000000000000000769363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da01790244807e052021-12-20 15:58:45.176root 11241100x8000000000000000769364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df57f825a24f2de2021-12-20 15:58:45.176root 11241100x8000000000000000769365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93976d2a64155c42021-12-20 15:58:45.176root 11241100x8000000000000000769366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c3bb066a8eaaf42021-12-20 15:58:45.176root 11241100x8000000000000000769367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f4f0fd34ca23ef2021-12-20 15:58:45.177root 11241100x8000000000000000769368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c356ad8be5bca4be2021-12-20 15:58:45.177root 11241100x8000000000000000769369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ef40036c0afcb72021-12-20 15:58:45.177root 11241100x8000000000000000769370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a1c41a10f63e9b2021-12-20 15:58:45.177root 11241100x8000000000000000769371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d053f3cb8f5df8c2021-12-20 15:58:45.177root 11241100x8000000000000000769372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af48bb0328215762021-12-20 15:58:45.178root 11241100x8000000000000000769373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253bac61c518d8c92021-12-20 15:58:45.178root 11241100x8000000000000000769374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c633dd856c595032021-12-20 15:58:45.178root 11241100x8000000000000000769375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbe56398df41d072021-12-20 15:58:45.179root 11241100x8000000000000000769376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bb48942aaa68312021-12-20 15:58:45.674root 11241100x8000000000000000769377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e56abf666d32912021-12-20 15:58:45.674root 11241100x8000000000000000769378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c569af21b2e170252021-12-20 15:58:45.674root 11241100x8000000000000000769379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c975663eb57bbf2021-12-20 15:58:45.675root 11241100x8000000000000000769380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e08d442bafb5642021-12-20 15:58:45.675root 11241100x8000000000000000769381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79916988d7c0e582021-12-20 15:58:45.675root 11241100x8000000000000000769382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128ee836e01f28082021-12-20 15:58:45.675root 11241100x8000000000000000769383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5807094d75a5b7c02021-12-20 15:58:45.676root 11241100x8000000000000000769384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a316ebd3da90e0c2021-12-20 15:58:45.676root 11241100x8000000000000000769385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f25058eb7901e42021-12-20 15:58:45.676root 11241100x8000000000000000769386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f377e250e010ed202021-12-20 15:58:45.676root 11241100x8000000000000000769387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f95ce8b7ed8f5a02021-12-20 15:58:45.676root 11241100x8000000000000000769388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871c6f3de009e5422021-12-20 15:58:45.676root 11241100x8000000000000000769389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e722e5c7257d8d662021-12-20 15:58:45.677root 11241100x8000000000000000769390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b674882592061e52021-12-20 15:58:45.677root 11241100x8000000000000000769391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9038ae913842872021-12-20 15:58:45.677root 11241100x8000000000000000769392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3891fe5e01f31c2021-12-20 15:58:45.677root 354300x8000000000000000769393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.047{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51462-false10.0.1.12-8000- 11241100x8000000000000000769394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11f320c60caee902021-12-20 15:58:46.048root 11241100x8000000000000000769395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699324bd5bb01bae2021-12-20 15:58:46.048root 11241100x8000000000000000769396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed59da6ac0617502021-12-20 15:58:46.048root 11241100x8000000000000000769397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c62e5a60e28b0b2021-12-20 15:58:46.048root 11241100x8000000000000000769398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f41a914e75ad052021-12-20 15:58:46.048root 11241100x8000000000000000769399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a31ce01eaf70732021-12-20 15:58:46.048root 11241100x8000000000000000769400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3fbdae2e934d852021-12-20 15:58:46.049root 11241100x8000000000000000769401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0654a479729156f72021-12-20 15:58:46.049root 11241100x8000000000000000769402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be51293dbd908032021-12-20 15:58:46.049root 11241100x8000000000000000769403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c1288e36b780812021-12-20 15:58:46.049root 11241100x8000000000000000769404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4604396db54dd962021-12-20 15:58:46.049root 11241100x8000000000000000769405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887cf0f5ba92ed122021-12-20 15:58:46.049root 11241100x8000000000000000769406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f6db0309dbe29b2021-12-20 15:58:46.049root 11241100x8000000000000000769407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f66cf82a7703622021-12-20 15:58:46.049root 11241100x8000000000000000769408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe48662bb2c1bb552021-12-20 15:58:46.049root 11241100x8000000000000000769409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb0a97f52df59c72021-12-20 15:58:46.049root 11241100x8000000000000000769410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b112a79f2421e1222021-12-20 15:58:46.049root 11241100x8000000000000000769411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb7e2e5289836f62021-12-20 15:58:46.050root 11241100x8000000000000000769412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858d24e2458a9ffe2021-12-20 15:58:46.050root 11241100x8000000000000000769413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5be1d9f6d47cf1d2021-12-20 15:58:46.050root 11241100x8000000000000000769414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c82b0057cc18902021-12-20 15:58:46.050root 11241100x8000000000000000769415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2308252085c29b282021-12-20 15:58:46.050root 11241100x8000000000000000769416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ec5ca02dae46652021-12-20 15:58:46.424root 11241100x8000000000000000769417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5def6d5fdb2d8e2021-12-20 15:58:46.424root 11241100x8000000000000000769418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a4d8635455827f2021-12-20 15:58:46.425root 11241100x8000000000000000769419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0651a78899c1ebd92021-12-20 15:58:46.425root 11241100x8000000000000000769420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a5606a4f1de4be2021-12-20 15:58:46.425root 11241100x8000000000000000769421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cad21a92be3fb9b2021-12-20 15:58:46.425root 11241100x8000000000000000769422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f3e3091326a8442021-12-20 15:58:46.425root 11241100x8000000000000000769423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d77bfb12e86a0d2021-12-20 15:58:46.425root 11241100x8000000000000000769424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f0fbf575410f602021-12-20 15:58:46.426root 11241100x8000000000000000769425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce2bdaa160861ba2021-12-20 15:58:46.426root 11241100x8000000000000000769426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77892edac12aceb42021-12-20 15:58:46.426root 11241100x8000000000000000769427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c11de4c2f3d8ffe2021-12-20 15:58:46.426root 11241100x8000000000000000769428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b7ac1140475d0c2021-12-20 15:58:46.426root 11241100x8000000000000000769429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486095a12ef955412021-12-20 15:58:46.426root 11241100x8000000000000000769430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afb064389f4061d2021-12-20 15:58:46.426root 11241100x8000000000000000769431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0b2f09f53709a12021-12-20 15:58:46.426root 11241100x8000000000000000769432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67deb3f170492e392021-12-20 15:58:46.426root 11241100x8000000000000000769433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d94de14697f9272021-12-20 15:58:46.427root 11241100x8000000000000000769434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dea4356fb730f422021-12-20 15:58:46.924root 11241100x8000000000000000769435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56fc3c11a48207f2021-12-20 15:58:46.924root 11241100x8000000000000000769436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58256e1b1a6e462d2021-12-20 15:58:46.924root 11241100x8000000000000000769437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e34e63eedd26f22021-12-20 15:58:46.924root 11241100x8000000000000000769438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e7f75d5df4aee62021-12-20 15:58:46.925root 11241100x8000000000000000769439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c75cd23092cac22021-12-20 15:58:46.925root 11241100x8000000000000000769440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fec3bbb2d99d5fa2021-12-20 15:58:46.925root 11241100x8000000000000000769441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded5631c42302e902021-12-20 15:58:46.925root 11241100x8000000000000000769442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44383957b32b21192021-12-20 15:58:46.925root 11241100x8000000000000000769443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62e8c73ebcd78912021-12-20 15:58:46.925root 11241100x8000000000000000769444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e171a3885aa966362021-12-20 15:58:46.925root 11241100x8000000000000000769445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24691a12834847232021-12-20 15:58:46.925root 11241100x8000000000000000769446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006fef735d1376522021-12-20 15:58:46.925root 11241100x8000000000000000769447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a75118e975c2112021-12-20 15:58:46.925root 11241100x8000000000000000769448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761474cd2f74d8122021-12-20 15:58:46.925root 11241100x8000000000000000769449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774d4917f08d219a2021-12-20 15:58:46.925root 11241100x8000000000000000769450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dd08857b38f3962021-12-20 15:58:46.925root 11241100x8000000000000000769451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134b721b0b366fc62021-12-20 15:58:46.925root 11241100x8000000000000000769452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfda3d2c064cd9452021-12-20 15:58:47.425root 11241100x8000000000000000769453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993d50056d9f38d52021-12-20 15:58:47.425root 11241100x8000000000000000769454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d667c908b4ec831a2021-12-20 15:58:47.425root 11241100x8000000000000000769455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ece96bc03fa9c42021-12-20 15:58:47.425root 11241100x8000000000000000769456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef079918aeea2a552021-12-20 15:58:47.425root 11241100x8000000000000000769457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8233b79bab356b492021-12-20 15:58:47.425root 11241100x8000000000000000769458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbe0d3e95560b9e2021-12-20 15:58:47.425root 11241100x8000000000000000769459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edacd48a1e503c32021-12-20 15:58:47.425root 11241100x8000000000000000769460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4119037f6dfb4c22021-12-20 15:58:47.426root 11241100x8000000000000000769461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cf4da7f7f7773f2021-12-20 15:58:47.426root 11241100x8000000000000000769462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3757fa357a68faa12021-12-20 15:58:47.426root 11241100x8000000000000000769463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506c090c33ab75132021-12-20 15:58:47.427root 11241100x8000000000000000769464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266628986b133a862021-12-20 15:58:47.427root 11241100x8000000000000000769465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62817572750d2052021-12-20 15:58:47.427root 11241100x8000000000000000769466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d04723d860b2902021-12-20 15:58:47.427root 11241100x8000000000000000769467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91308570075a42e82021-12-20 15:58:47.427root 11241100x8000000000000000769468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7de0849a7ed9ad22021-12-20 15:58:47.427root 11241100x8000000000000000769469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97b26497e9d24082021-12-20 15:58:47.427root 11241100x8000000000000000769470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e819e0a0cffad2021-12-20 15:58:47.924root 11241100x8000000000000000769471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6f414764bddced2021-12-20 15:58:47.924root 11241100x8000000000000000769472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6c8a14136b34662021-12-20 15:58:47.924root 11241100x8000000000000000769473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebabc80aef1b95132021-12-20 15:58:47.924root 11241100x8000000000000000769474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452caf24731e13442021-12-20 15:58:47.925root 11241100x8000000000000000769475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500d40328fcbcf752021-12-20 15:58:47.925root 11241100x8000000000000000769476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c232666f9346976f2021-12-20 15:58:47.925root 11241100x8000000000000000769477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652627058e704a2f2021-12-20 15:58:47.925root 11241100x8000000000000000769478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb51c50ba0ade8b42021-12-20 15:58:47.925root 11241100x8000000000000000769479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847c0359ffb68f692021-12-20 15:58:47.925root 11241100x8000000000000000769480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b57c11b224aa1c22021-12-20 15:58:47.925root 11241100x8000000000000000769481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d10369f5ae772702021-12-20 15:58:47.925root 11241100x8000000000000000769482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d70b56da5b50792021-12-20 15:58:47.925root 11241100x8000000000000000769483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd2ab632fc9338f2021-12-20 15:58:47.925root 11241100x8000000000000000769484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322ed9cd0fde4c492021-12-20 15:58:47.925root 11241100x8000000000000000769485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db78b7ab2fd34b32021-12-20 15:58:47.925root 11241100x8000000000000000769486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003d937c9b58d2a32021-12-20 15:58:47.926root 11241100x8000000000000000769487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b037c7143d804a2021-12-20 15:58:47.926root 11241100x8000000000000000769488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd92447e4aaff192021-12-20 15:58:48.424root 11241100x8000000000000000769489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96b791567aa8e832021-12-20 15:58:48.424root 11241100x8000000000000000769490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca01aec440347af2021-12-20 15:58:48.424root 11241100x8000000000000000769491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55af91d698e458f32021-12-20 15:58:48.424root 11241100x8000000000000000769492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8b7e36705b2b6f2021-12-20 15:58:48.425root 11241100x8000000000000000769493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cc5ef7ec8d3e342021-12-20 15:58:48.425root 11241100x8000000000000000769494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37358593061ef9892021-12-20 15:58:48.425root 11241100x8000000000000000769495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450d598ec5ed23452021-12-20 15:58:48.425root 11241100x8000000000000000769496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1cdcb2663103972021-12-20 15:58:48.425root 11241100x8000000000000000769497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460c6525f844f18f2021-12-20 15:58:48.425root 11241100x8000000000000000769498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ce170a2517be0b2021-12-20 15:58:48.425root 11241100x8000000000000000769499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4157c2d97f915f2a2021-12-20 15:58:48.425root 11241100x8000000000000000769500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535e0d6c1290d5d22021-12-20 15:58:48.425root 11241100x8000000000000000769501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f179e276ff9211962021-12-20 15:58:48.425root 11241100x8000000000000000769502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9b0d9a7b7c5a882021-12-20 15:58:48.425root 11241100x8000000000000000769503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631b88294953ee9d2021-12-20 15:58:48.425root 11241100x8000000000000000769504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed556f28ac74a802021-12-20 15:58:48.425root 11241100x8000000000000000769505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f15a74a439211fa2021-12-20 15:58:48.425root 11241100x8000000000000000769506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f771f748d88e35042021-12-20 15:58:48.924root 11241100x8000000000000000769507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fe12e3c92faa302021-12-20 15:58:48.924root 11241100x8000000000000000769508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf956209140940d2021-12-20 15:58:48.924root 11241100x8000000000000000769509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2703531a395f5a9b2021-12-20 15:58:48.924root 11241100x8000000000000000769510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2192c3c19bad4f2021-12-20 15:58:48.924root 11241100x8000000000000000769511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b56b6d01705502b2021-12-20 15:58:48.924root 11241100x8000000000000000769512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f72e86c89a206b2021-12-20 15:58:48.925root 11241100x8000000000000000769513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc6a270b13f08d42021-12-20 15:58:48.925root 11241100x8000000000000000769514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe0fe2b246b8f782021-12-20 15:58:48.925root 11241100x8000000000000000769515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6b7eadb9bd0872021-12-20 15:58:48.925root 11241100x8000000000000000769516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f32c4cd8f97a4f2021-12-20 15:58:48.925root 11241100x8000000000000000769517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896879bebbff46db2021-12-20 15:58:48.925root 11241100x8000000000000000769518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d50d09d52f94762021-12-20 15:58:48.925root 11241100x8000000000000000769519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c147978635eeed092021-12-20 15:58:48.925root 11241100x8000000000000000769520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d863a611dc577a62021-12-20 15:58:48.925root 11241100x8000000000000000769521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a52b17fb631442b2021-12-20 15:58:48.925root 11241100x8000000000000000769522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d235d809e59e657f2021-12-20 15:58:48.925root 11241100x8000000000000000769523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74392f515c2efc92021-12-20 15:58:48.925root 11241100x8000000000000000769524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e35a62b9983b05b2021-12-20 15:58:49.424root 11241100x8000000000000000769525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9567c4d0b2860b052021-12-20 15:58:49.424root 11241100x8000000000000000769526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4802240f5210502021-12-20 15:58:49.424root 11241100x8000000000000000769527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4cc3d865c365bc2021-12-20 15:58:49.424root 11241100x8000000000000000769528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72170a80b712c9f2021-12-20 15:58:49.424root 11241100x8000000000000000769529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1f0ca9f4f5053e2021-12-20 15:58:49.424root 11241100x8000000000000000769530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4398f09d8fd7ac02021-12-20 15:58:49.424root 11241100x8000000000000000769531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525e341bba33123c2021-12-20 15:58:49.424root 11241100x8000000000000000769532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1580dddb4fdaca612021-12-20 15:58:49.424root 11241100x8000000000000000769533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0470929efbfedf142021-12-20 15:58:49.424root 11241100x8000000000000000769534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51804299c7460e42021-12-20 15:58:49.424root 11241100x8000000000000000769535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d373264584c3552021-12-20 15:58:49.424root 11241100x8000000000000000769536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b413ea54e6e17bba2021-12-20 15:58:49.425root 11241100x8000000000000000769537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14e43c4f6b3de032021-12-20 15:58:49.425root 11241100x8000000000000000769538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8500f047eb65109c2021-12-20 15:58:49.425root 11241100x8000000000000000769539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c52c5cc1457e522021-12-20 15:58:49.425root 11241100x8000000000000000769540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf3d94f8c03124c2021-12-20 15:58:49.425root 11241100x8000000000000000769541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338a16df9c8101a52021-12-20 15:58:49.425root 11241100x8000000000000000769542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4425be5453e8cedc2021-12-20 15:58:49.425root 11241100x8000000000000000769543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093f662f942dfe5e2021-12-20 15:58:49.425root 11241100x8000000000000000769544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeeb4226be322842021-12-20 15:58:49.425root 11241100x8000000000000000769545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b721261ed0234442021-12-20 15:58:49.924root 11241100x8000000000000000769546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7862477b9b6722df2021-12-20 15:58:49.924root 11241100x8000000000000000769547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8ad13f0ba6cb352021-12-20 15:58:49.924root 11241100x8000000000000000769548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae3cd7a85ba8ed62021-12-20 15:58:49.924root 11241100x8000000000000000769549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0226ab78dcdcfaff2021-12-20 15:58:49.924root 11241100x8000000000000000769550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25a3d5b3bd4c66e2021-12-20 15:58:49.924root 11241100x8000000000000000769551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca98a6f2e25013f32021-12-20 15:58:49.924root 11241100x8000000000000000769552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb96c7402e40acd2021-12-20 15:58:49.924root 11241100x8000000000000000769553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1964436c655c02bd2021-12-20 15:58:49.925root 11241100x8000000000000000769554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045c4d182c9d826c2021-12-20 15:58:49.925root 11241100x8000000000000000769555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c48667976dc7432021-12-20 15:58:49.925root 11241100x8000000000000000769556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa562d9ef9c2c4272021-12-20 15:58:49.925root 11241100x8000000000000000769557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb3c344c7f16a762021-12-20 15:58:49.925root 11241100x8000000000000000769558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239dede7588e17d02021-12-20 15:58:49.925root 11241100x8000000000000000769559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cc15738c8c032f2021-12-20 15:58:49.925root 11241100x8000000000000000769560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3d7c9ba5f313a02021-12-20 15:58:49.925root 11241100x8000000000000000769561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ec5e5a2aa97d2a2021-12-20 15:58:49.925root 11241100x8000000000000000769562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a308b68ceac6562021-12-20 15:58:49.925root 11241100x8000000000000000769563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7888803fce4d032021-12-20 15:58:50.424root 11241100x8000000000000000769564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8e897e2c7917992021-12-20 15:58:50.424root 11241100x8000000000000000769565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109089705f52c7d62021-12-20 15:58:50.424root 11241100x8000000000000000769566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb6197f6eab5cf12021-12-20 15:58:50.424root 11241100x8000000000000000769567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ac3b75f5216ad02021-12-20 15:58:50.424root 11241100x8000000000000000769568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d91b20a18f8edf2021-12-20 15:58:50.425root 11241100x8000000000000000769569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1646db96b08da02f2021-12-20 15:58:50.425root 11241100x8000000000000000769570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a472dc53eb7db59b2021-12-20 15:58:50.425root 11241100x8000000000000000769571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f49ac54bae5c5152021-12-20 15:58:50.425root 11241100x8000000000000000769572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4866103c4963432021-12-20 15:58:50.425root 11241100x8000000000000000769573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344d3029d1396fa62021-12-20 15:58:50.425root 11241100x8000000000000000769574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad7a5aa23175aeb2021-12-20 15:58:50.425root 11241100x8000000000000000769575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b023b78223e5a8e2021-12-20 15:58:50.425root 11241100x8000000000000000769576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50aec24f901ede852021-12-20 15:58:50.425root 11241100x8000000000000000769577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b898639515a9a42021-12-20 15:58:50.425root 11241100x8000000000000000769578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3236c2dbd207b5142021-12-20 15:58:50.425root 11241100x8000000000000000769579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef89b463af4c2442021-12-20 15:58:50.425root 11241100x8000000000000000769580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0c01a3963f559d2021-12-20 15:58:50.425root 11241100x8000000000000000769581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51612675713e71072021-12-20 15:58:50.924root 11241100x8000000000000000769582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90918cf6a9df1feb2021-12-20 15:58:50.924root 11241100x8000000000000000769583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b203daec789e86ac2021-12-20 15:58:50.924root 11241100x8000000000000000769584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d0a49a737863e32021-12-20 15:58:50.924root 11241100x8000000000000000769585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede11f8553b7bd112021-12-20 15:58:50.924root 11241100x8000000000000000769586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31c69da529a09632021-12-20 15:58:50.924root 11241100x8000000000000000769587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8476f9985149c9352021-12-20 15:58:50.924root 11241100x8000000000000000769588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a9355a3757de022021-12-20 15:58:50.924root 11241100x8000000000000000769589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94357784471896d2021-12-20 15:58:50.925root 11241100x8000000000000000769590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a7feb71a70e25b2021-12-20 15:58:50.925root 11241100x8000000000000000769591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3fa8d994f275102021-12-20 15:58:50.925root 11241100x8000000000000000769592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614895aefa01fd5a2021-12-20 15:58:50.925root 11241100x8000000000000000769593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f6c107727bbd7a2021-12-20 15:58:50.925root 11241100x8000000000000000769594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052bed7445c7d47a2021-12-20 15:58:50.925root 11241100x8000000000000000769595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae240e8cb0d30d22021-12-20 15:58:50.925root 11241100x8000000000000000769596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036ebc4a11c16a1d2021-12-20 15:58:50.925root 11241100x8000000000000000769597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044d5cfb9d3972622021-12-20 15:58:50.925root 11241100x8000000000000000769598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812ba37f77b72a402021-12-20 15:58:50.925root 11241100x8000000000000000769599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb6d7dd90f9452f2021-12-20 15:58:51.424root 11241100x8000000000000000769600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03c813c915d25002021-12-20 15:58:51.424root 11241100x8000000000000000769601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828096fd9800a01a2021-12-20 15:58:51.424root 11241100x8000000000000000769602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f155e9cee0745a2021-12-20 15:58:51.424root 11241100x8000000000000000769603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d594cc8fba40fa062021-12-20 15:58:51.425root 11241100x8000000000000000769604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b09767f14251e2a2021-12-20 15:58:51.425root 11241100x8000000000000000769605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf996f3b523bdfb2021-12-20 15:58:51.425root 11241100x8000000000000000769606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97b0a9a58cab5922021-12-20 15:58:51.425root 11241100x8000000000000000769607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab2cab18b88612b2021-12-20 15:58:51.425root 11241100x8000000000000000769608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5753b9ea90575b5a2021-12-20 15:58:51.425root 11241100x8000000000000000769609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a154f41556dcaf022021-12-20 15:58:51.425root 11241100x8000000000000000769610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf91bb2a7cd257d2021-12-20 15:58:51.425root 11241100x8000000000000000769611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661db2c26fdf3b672021-12-20 15:58:51.425root 11241100x8000000000000000769612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad47d1406b44047b2021-12-20 15:58:51.425root 11241100x8000000000000000769613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fe6b27b2af4e562021-12-20 15:58:51.425root 11241100x8000000000000000769614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da04ea4484b445292021-12-20 15:58:51.425root 11241100x8000000000000000769615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbcd751764617c82021-12-20 15:58:51.425root 11241100x8000000000000000769616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fc8e06d0146eb02021-12-20 15:58:51.425root 11241100x8000000000000000769617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedc242330d73ac32021-12-20 15:58:51.924root 11241100x8000000000000000769618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c57f84b6c395a82021-12-20 15:58:51.924root 11241100x8000000000000000769619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b0602d77e8c56a2021-12-20 15:58:51.924root 11241100x8000000000000000769620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd89e5bcd8633b2b2021-12-20 15:58:51.924root 11241100x8000000000000000769621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf6194faa4319412021-12-20 15:58:51.924root 11241100x8000000000000000769622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5caac13c3db67c62021-12-20 15:58:51.925root 11241100x8000000000000000769623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df404fe4fe81ff6c2021-12-20 15:58:51.925root 11241100x8000000000000000769624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe5a274a1f805312021-12-20 15:58:51.925root 11241100x8000000000000000769625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccebe877cf3d378f2021-12-20 15:58:51.925root 11241100x8000000000000000769626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1ccab05e88303e2021-12-20 15:58:51.925root 11241100x8000000000000000769627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca30f7ef608f97d92021-12-20 15:58:51.925root 11241100x8000000000000000769628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e54dd6d1a5b9ea92021-12-20 15:58:51.925root 11241100x8000000000000000769629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ec047edca0ac9e2021-12-20 15:58:51.925root 11241100x8000000000000000769630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d847ac5e92ac8f972021-12-20 15:58:51.925root 11241100x8000000000000000769631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdde7fd2f53422342021-12-20 15:58:51.925root 11241100x8000000000000000769632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba4bd5d894bd97a2021-12-20 15:58:51.925root 11241100x8000000000000000769633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1f0a5a7b16ffe22021-12-20 15:58:51.925root 11241100x8000000000000000769634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2111ad6e5851712021-12-20 15:58:51.925root 354300x8000000000000000769635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.020{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51464-false10.0.1.12-8000- 11241100x8000000000000000769636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a48a8c6e4ab4c12021-12-20 15:58:52.424root 11241100x8000000000000000769637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ec5de75967e2bf2021-12-20 15:58:52.425root 11241100x8000000000000000769638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d537a932b92e46c2021-12-20 15:58:52.425root 11241100x8000000000000000769639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d401f4b6c44f9dbc2021-12-20 15:58:52.425root 11241100x8000000000000000769640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b984a2f7d51cdca2021-12-20 15:58:52.425root 11241100x8000000000000000769641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bf9a4752f02bcf2021-12-20 15:58:52.425root 11241100x8000000000000000769642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a683b85bcb4f422021-12-20 15:58:52.425root 11241100x8000000000000000769643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d086abcffef8e1a2021-12-20 15:58:52.425root 11241100x8000000000000000769644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c5643f7dc931372021-12-20 15:58:52.426root 11241100x8000000000000000769645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f732e8a1c6c48182021-12-20 15:58:52.426root 11241100x8000000000000000769646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1fdc4dea691a062021-12-20 15:58:52.426root 11241100x8000000000000000769647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d324c4c89a08482021-12-20 15:58:52.426root 11241100x8000000000000000769648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f010ab444ff937352021-12-20 15:58:52.426root 11241100x8000000000000000769649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f616932ed6c4d52021-12-20 15:58:52.427root 11241100x8000000000000000769650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd00814c589a3482021-12-20 15:58:52.427root 11241100x8000000000000000769651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9dbc8bcbd13a952021-12-20 15:58:52.427root 11241100x8000000000000000769652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6bf00b73994e532021-12-20 15:58:52.427root 11241100x8000000000000000769653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1f4acc4b559dfd2021-12-20 15:58:52.427root 11241100x8000000000000000769654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b9c7789ecfbfe92021-12-20 15:58:52.427root 11241100x8000000000000000769655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e5c5c8ae08fb5f2021-12-20 15:58:52.924root 11241100x8000000000000000769656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3148290df2bb6c2021-12-20 15:58:52.924root 11241100x8000000000000000769657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1edd4e073f2d8e2021-12-20 15:58:52.924root 11241100x8000000000000000769658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9381ed57f034bd5e2021-12-20 15:58:52.924root 11241100x8000000000000000769659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5d90d4ea7ff7462021-12-20 15:58:52.925root 11241100x8000000000000000769660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb8c0ed401884372021-12-20 15:58:52.925root 11241100x8000000000000000769661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4813fd69257e5ae2021-12-20 15:58:52.925root 11241100x8000000000000000769662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cfbfb6a5ad7d4c2021-12-20 15:58:52.925root 11241100x8000000000000000769663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b31a519bd149282021-12-20 15:58:52.925root 11241100x8000000000000000769664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c6cb1eec8b36352021-12-20 15:58:52.925root 11241100x8000000000000000769665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b031ce33ae84664a2021-12-20 15:58:52.925root 11241100x8000000000000000769666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88d2051ece414df2021-12-20 15:58:52.925root 11241100x8000000000000000769667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cb598becd8cf912021-12-20 15:58:52.925root 11241100x8000000000000000769668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53abe9a00792b9aa2021-12-20 15:58:52.925root 11241100x8000000000000000769669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6b4a0c75f9fe162021-12-20 15:58:52.925root 11241100x8000000000000000769670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120c1affa7a52b762021-12-20 15:58:52.925root 11241100x8000000000000000769671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a075a9cb20e3d2c02021-12-20 15:58:52.925root 11241100x8000000000000000769672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f36c07d8b73da092021-12-20 15:58:52.925root 11241100x8000000000000000769673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9557899d2ffaa2bb2021-12-20 15:58:52.925root 11241100x8000000000000000769674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0ffedcb01b946f2021-12-20 15:58:53.424root 11241100x8000000000000000769675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9007e0c94eefa862021-12-20 15:58:53.424root 11241100x8000000000000000769676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f69dc678f0f8c12021-12-20 15:58:53.424root 11241100x8000000000000000769677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed71e95630bd73f2021-12-20 15:58:53.424root 11241100x8000000000000000769678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ef8ad40fad8a2c2021-12-20 15:58:53.425root 11241100x8000000000000000769679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04abf61631f279c2021-12-20 15:58:53.425root 11241100x8000000000000000769680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9467a437a41e12a82021-12-20 15:58:53.425root 11241100x8000000000000000769681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eb29840366e5642021-12-20 15:58:53.425root 11241100x8000000000000000769682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cd98085d43ce5d2021-12-20 15:58:53.425root 11241100x8000000000000000769683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7973e7d6c5cea44a2021-12-20 15:58:53.425root 11241100x8000000000000000769684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c357872240441a2021-12-20 15:58:53.425root 11241100x8000000000000000769685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b220b71461a6582021-12-20 15:58:53.425root 11241100x8000000000000000769686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219894b214928ca02021-12-20 15:58:53.425root 11241100x8000000000000000769687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8516b7366c528ace2021-12-20 15:58:53.425root 11241100x8000000000000000769688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7413652afc0b9e2021-12-20 15:58:53.425root 11241100x8000000000000000769689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c408984492e43c2021-12-20 15:58:53.425root 11241100x8000000000000000769690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdbac8c4973274c2021-12-20 15:58:53.425root 11241100x8000000000000000769691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5fa0bf31216f5a2021-12-20 15:58:53.425root 11241100x8000000000000000769692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec8f23813631e4f2021-12-20 15:58:53.425root 11241100x8000000000000000769693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558ca5b7672559232021-12-20 15:58:53.924root 11241100x8000000000000000769694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a8e10e4a6a37fd2021-12-20 15:58:53.924root 11241100x8000000000000000769695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d618d8cbe3b8a5ce2021-12-20 15:58:53.924root 11241100x8000000000000000769696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145a7b3c5ed3aef52021-12-20 15:58:53.924root 11241100x8000000000000000769697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870a399ea99ad51d2021-12-20 15:58:53.925root 11241100x8000000000000000769698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7690e0da482362612021-12-20 15:58:53.925root 11241100x8000000000000000769699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fba6a0fc5a7b0322021-12-20 15:58:53.925root 11241100x8000000000000000769700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ad22f52c7a11a72021-12-20 15:58:53.925root 11241100x8000000000000000769701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c5486135547aa62021-12-20 15:58:53.925root 11241100x8000000000000000769702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba1601476953dd12021-12-20 15:58:53.925root 11241100x8000000000000000769703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e7c8d7042123672021-12-20 15:58:53.925root 11241100x8000000000000000769704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1f85315c2a91a32021-12-20 15:58:53.925root 11241100x8000000000000000769705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44eb87a6a6b140b12021-12-20 15:58:53.925root 11241100x8000000000000000769706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e330095203fc552021-12-20 15:58:53.925root 11241100x8000000000000000769707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d2da8055ea2d9a2021-12-20 15:58:53.925root 11241100x8000000000000000769708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e806eba590bfb42021-12-20 15:58:53.926root 11241100x8000000000000000769709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f047ab4f77a1832021-12-20 15:58:53.926root 11241100x8000000000000000769710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3c3148f1947eaa2021-12-20 15:58:53.926root 11241100x8000000000000000769711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc634b04730b55482021-12-20 15:58:53.926root 11241100x8000000000000000769712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89a1fbaf0cdaa292021-12-20 15:58:54.424root 11241100x8000000000000000769713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541babf6780f5af32021-12-20 15:58:54.424root 11241100x8000000000000000769714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c65a9348c1e9792021-12-20 15:58:54.424root 11241100x8000000000000000769715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f772a419d594d4e52021-12-20 15:58:54.424root 11241100x8000000000000000769716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ea567c21f02a342021-12-20 15:58:54.425root 11241100x8000000000000000769717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ecbf7bfefae12e2021-12-20 15:58:54.425root 11241100x8000000000000000769718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33822401ec9c8c072021-12-20 15:58:54.425root 11241100x8000000000000000769719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d36ac0e4ba4b752021-12-20 15:58:54.425root 11241100x8000000000000000769720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1c74ea2393baec2021-12-20 15:58:54.425root 11241100x8000000000000000769721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb49f0db68dc8b92021-12-20 15:58:54.425root 11241100x8000000000000000769722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d0270811852bf02021-12-20 15:58:54.425root 11241100x8000000000000000769723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c2923061d94ad12021-12-20 15:58:54.425root 11241100x8000000000000000769724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bb0b063134c86f2021-12-20 15:58:54.425root 11241100x8000000000000000769725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c53784f2594b2e2021-12-20 15:58:54.425root 11241100x8000000000000000769726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5d6ff494bb74912021-12-20 15:58:54.425root 11241100x8000000000000000769727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aba33e4f6d08bb32021-12-20 15:58:54.425root 11241100x8000000000000000769728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3243bf2a8ee4d5c02021-12-20 15:58:54.425root 11241100x8000000000000000769729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621f8cbe452095132021-12-20 15:58:54.425root 11241100x8000000000000000769730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d638ad76165ce82021-12-20 15:58:54.425root 11241100x8000000000000000769731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d19c2306b857ac2021-12-20 15:58:54.924root 11241100x8000000000000000769732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bec0090011bc2e2021-12-20 15:58:54.924root 11241100x8000000000000000769733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce74ae7501522ae2021-12-20 15:58:54.924root 11241100x8000000000000000769734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6505be994480d5952021-12-20 15:58:54.924root 11241100x8000000000000000769735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48d15a126ff3f692021-12-20 15:58:54.924root 11241100x8000000000000000769736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7274566df311172021-12-20 15:58:54.924root 11241100x8000000000000000769737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df56f7af766e3982021-12-20 15:58:54.924root 11241100x8000000000000000769738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfcc6a9287f0d5d2021-12-20 15:58:54.925root 11241100x8000000000000000769739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ce9ee31629c4102021-12-20 15:58:54.925root 11241100x8000000000000000769740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c814233d0b382f2021-12-20 15:58:54.925root 11241100x8000000000000000769741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcc62f520c0f8ef2021-12-20 15:58:54.925root 11241100x8000000000000000769742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a629aee393054cc2021-12-20 15:58:54.925root 11241100x8000000000000000769743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd29d3f76a4c2fc2021-12-20 15:58:54.925root 11241100x8000000000000000769744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0a74a76743f5a52021-12-20 15:58:54.925root 11241100x8000000000000000769745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501685bb264a7d582021-12-20 15:58:54.925root 11241100x8000000000000000769746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a466845e7352ed3d2021-12-20 15:58:54.925root 11241100x8000000000000000769747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e12aa776de4a4612021-12-20 15:58:54.925root 11241100x8000000000000000769748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bcd925bc52bede2021-12-20 15:58:54.925root 11241100x8000000000000000769749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511f340f8c96a0102021-12-20 15:58:54.925root 11241100x8000000000000000769750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837efb3c99bea20f2021-12-20 15:58:55.424root 11241100x8000000000000000769751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299bcd7e3682e94b2021-12-20 15:58:55.424root 11241100x8000000000000000769752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479fbac9cb2a27e32021-12-20 15:58:55.424root 11241100x8000000000000000769753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e2b22db837865d2021-12-20 15:58:55.424root 11241100x8000000000000000769754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c313b03226451d6c2021-12-20 15:58:55.425root 11241100x8000000000000000769755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46ba72eb27854a32021-12-20 15:58:55.425root 11241100x8000000000000000769756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194c8f4b6de80fa62021-12-20 15:58:55.425root 11241100x8000000000000000769757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d63215213abde362021-12-20 15:58:55.425root 11241100x8000000000000000769758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874c81eeec901bb32021-12-20 15:58:55.425root 11241100x8000000000000000769759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522b0c0a5aef3a802021-12-20 15:58:55.425root 11241100x8000000000000000769760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133f249b8747475e2021-12-20 15:58:55.425root 11241100x8000000000000000769761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2059de175167b1d22021-12-20 15:58:55.425root 11241100x8000000000000000769762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c25ccbae0614802021-12-20 15:58:55.425root 11241100x8000000000000000769763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a92c4205eca6ed82021-12-20 15:58:55.425root 11241100x8000000000000000769764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2851f3bec0c95ca92021-12-20 15:58:55.425root 11241100x8000000000000000769765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebf7db61f78410b2021-12-20 15:58:55.425root 11241100x8000000000000000769766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac5b3c8f46b9892021-12-20 15:58:55.425root 11241100x8000000000000000769767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedd177d373afcf92021-12-20 15:58:55.425root 11241100x8000000000000000769768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f960a218c3f36772021-12-20 15:58:55.425root 11241100x8000000000000000769769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7b14224b0405c22021-12-20 15:58:55.924root 11241100x8000000000000000769770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6cc3a6c467aa662021-12-20 15:58:55.924root 11241100x8000000000000000769771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4eed0f480c5ea02021-12-20 15:58:55.924root 11241100x8000000000000000769772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b054bb75a5fb9e922021-12-20 15:58:55.924root 11241100x8000000000000000769773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff5389c8ca0d7d72021-12-20 15:58:55.924root 11241100x8000000000000000769774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342289afc069c02a2021-12-20 15:58:55.924root 11241100x8000000000000000769775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510bb32ca7a2c6ef2021-12-20 15:58:55.924root 11241100x8000000000000000769776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b3b342ec9f86662021-12-20 15:58:55.924root 11241100x8000000000000000769777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f9058d82e07ebb2021-12-20 15:58:55.924root 11241100x8000000000000000769778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ffd1dfe562b8742021-12-20 15:58:55.924root 11241100x8000000000000000769779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c5a8ea847590f22021-12-20 15:58:55.925root 11241100x8000000000000000769780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe57ac37c4b5a5bd2021-12-20 15:58:55.925root 11241100x8000000000000000769781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a015fa818e0c2d542021-12-20 15:58:55.925root 11241100x8000000000000000769782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f29de3bc65aa3f2021-12-20 15:58:55.925root 11241100x8000000000000000769783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2d592b4dca0b8d2021-12-20 15:58:55.925root 11241100x8000000000000000769784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bf3a6b6f91aa552021-12-20 15:58:55.925root 11241100x8000000000000000769785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462c4d3302b7e2ca2021-12-20 15:58:55.925root 11241100x8000000000000000769786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ef0fb03839ef902021-12-20 15:58:55.925root 11241100x8000000000000000769787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a490e13f9fb2a6c2021-12-20 15:58:55.925root 11241100x8000000000000000769788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2366a33d5e76567c2021-12-20 15:58:56.424root 11241100x8000000000000000769789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722c5cab0169d4f62021-12-20 15:58:56.424root 11241100x8000000000000000769790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e395dd769ba1a9f32021-12-20 15:58:56.425root 11241100x8000000000000000769791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11610ed2db7218162021-12-20 15:58:56.425root 11241100x8000000000000000769792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f775e547882222021-12-20 15:58:56.425root 11241100x8000000000000000769793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8e6b0aa1ecd8072021-12-20 15:58:56.425root 11241100x8000000000000000769794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f08368f50bef152021-12-20 15:58:56.425root 11241100x8000000000000000769795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ea5c6ea5cf0742021-12-20 15:58:56.425root 11241100x8000000000000000769796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946d3cce6dfad6ec2021-12-20 15:58:56.426root 11241100x8000000000000000769797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf10cd363cac41272021-12-20 15:58:56.426root 11241100x8000000000000000769798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4811d12e7b3b72c12021-12-20 15:58:56.426root 11241100x8000000000000000769799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2daecf40cc2f34352021-12-20 15:58:56.426root 11241100x8000000000000000769800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fb6055b7c56aad2021-12-20 15:58:56.426root 11241100x8000000000000000769801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ba192e909080832021-12-20 15:58:56.426root 11241100x8000000000000000769802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddf5feed762bf262021-12-20 15:58:56.426root 11241100x8000000000000000769803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e28ccbba71a19a2021-12-20 15:58:56.426root 11241100x8000000000000000769804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16b0d9b855dfe732021-12-20 15:58:56.426root 11241100x8000000000000000769805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5e639da81fd9122021-12-20 15:58:56.426root 11241100x8000000000000000769806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40bd338f3a7ac4e2021-12-20 15:58:56.427root 11241100x8000000000000000769807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56620a96e9128ec2021-12-20 15:58:56.924root 11241100x8000000000000000769808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d07f7a4e95e82c2021-12-20 15:58:56.924root 11241100x8000000000000000769809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fadff87069e7fa2021-12-20 15:58:56.924root 11241100x8000000000000000769810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4002c4c3c4cfbaf2021-12-20 15:58:56.925root 11241100x8000000000000000769811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56e22b2e70ea1872021-12-20 15:58:56.925root 11241100x8000000000000000769812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa981a0bc2e736702021-12-20 15:58:56.925root 11241100x8000000000000000769813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98aad7b40de807a02021-12-20 15:58:56.925root 11241100x8000000000000000769814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd1a6cfa329ee352021-12-20 15:58:56.925root 11241100x8000000000000000769815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b024f9d0690386e2021-12-20 15:58:56.925root 11241100x8000000000000000769816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af6669220a54ef12021-12-20 15:58:56.926root 11241100x8000000000000000769817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9531fa7d09f03c32021-12-20 15:58:56.926root 11241100x8000000000000000769818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56c5e7b345503cc2021-12-20 15:58:56.926root 11241100x8000000000000000769819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d78135d1c630732021-12-20 15:58:56.926root 11241100x8000000000000000769820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b1b460e26a57832021-12-20 15:58:56.926root 11241100x8000000000000000769821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1259678bac720d2021-12-20 15:58:56.926root 11241100x8000000000000000769822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54d2b5605382b922021-12-20 15:58:56.926root 11241100x8000000000000000769823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c939697e7d82d82021-12-20 15:58:56.926root 11241100x8000000000000000769824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f2760ca2eb5ebd2021-12-20 15:58:56.926root 11241100x8000000000000000769825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2904ff583b30d21a2021-12-20 15:58:56.926root 11241100x8000000000000000769826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d813f65a13e62c2021-12-20 15:58:56.926root 354300x8000000000000000769827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.246{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51466-false10.0.1.12-8000- 11241100x8000000000000000769828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.247{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973b124f435c0c2d2021-12-20 15:58:57.247root 11241100x8000000000000000769829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.247{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ccc816e540b7892021-12-20 15:58:57.247root 11241100x8000000000000000769830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.247{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c42e72c0c975172021-12-20 15:58:57.247root 11241100x8000000000000000769831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.247{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec554c9d2f3534a2021-12-20 15:58:57.247root 11241100x8000000000000000769832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.247{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71be4d56d1f467142021-12-20 15:58:57.247root 11241100x8000000000000000769833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.247{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aebb6d3a0eab6932021-12-20 15:58:57.247root 11241100x8000000000000000769834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.247{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6246e26b5ed1382f2021-12-20 15:58:57.247root 11241100x8000000000000000769835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.247{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40f45460d9050e82021-12-20 15:58:57.247root 11241100x8000000000000000769836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.247{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb8d56e995fde1e2021-12-20 15:58:57.247root 11241100x8000000000000000769837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.247{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a924ff97f37d04272021-12-20 15:58:57.247root 11241100x8000000000000000769838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555f7e291ccdb9632021-12-20 15:58:57.248root 11241100x8000000000000000769839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d25330ec78f2a42021-12-20 15:58:57.248root 11241100x8000000000000000769840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b563299c533e4c142021-12-20 15:58:57.248root 11241100x8000000000000000769841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6258be9754f39a2021-12-20 15:58:57.248root 11241100x8000000000000000769842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1988cf6607f496eb2021-12-20 15:58:57.248root 11241100x8000000000000000769843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b70c1e4cda4f2c2021-12-20 15:58:57.248root 11241100x8000000000000000769844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bef2eefd6fb6272021-12-20 15:58:57.248root 11241100x8000000000000000769845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3f7d6615bb85d52021-12-20 15:58:57.248root 11241100x8000000000000000769846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938c24a9a092ed602021-12-20 15:58:57.248root 11241100x8000000000000000769847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5474cac29fb8642021-12-20 15:58:57.248root 11241100x8000000000000000769848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.249{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c720db54bcf5a952021-12-20 15:58:57.249root 11241100x8000000000000000769849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.249{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68bb533327c8e272021-12-20 15:58:57.249root 11241100x8000000000000000769850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.249{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f356b463b781e852021-12-20 15:58:57.249root 11241100x8000000000000000769851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.249{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a6d59a4cb3242e2021-12-20 15:58:57.249root 11241100x8000000000000000769852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe01a6c2cf2e55542021-12-20 15:58:57.674root 11241100x8000000000000000769853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deb7e7e1ac1139f2021-12-20 15:58:57.674root 11241100x8000000000000000769854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925ef9028127d7ac2021-12-20 15:58:57.674root 11241100x8000000000000000769855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b423b4770c6c358b2021-12-20 15:58:57.675root 11241100x8000000000000000769856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e354401e2e0ef612021-12-20 15:58:57.675root 11241100x8000000000000000769857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e912926a43c2ddb02021-12-20 15:58:57.675root 11241100x8000000000000000769858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7159a5bde714fe2021-12-20 15:58:57.675root 11241100x8000000000000000769859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457c3b8a5e955a212021-12-20 15:58:57.675root 11241100x8000000000000000769860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbc4f09f2590ff22021-12-20 15:58:57.676root 11241100x8000000000000000769861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6739e859378027f92021-12-20 15:58:57.676root 11241100x8000000000000000769862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebf06b21c4c94872021-12-20 15:58:57.676root 11241100x8000000000000000769863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c52a76fd9a8d2e32021-12-20 15:58:57.676root 11241100x8000000000000000769864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f8649acf5ab28a2021-12-20 15:58:57.676root 11241100x8000000000000000769865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe6b7509cc3361b2021-12-20 15:58:57.677root 11241100x8000000000000000769866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d801d6eb43e595b2021-12-20 15:58:57.677root 11241100x8000000000000000769867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34705f362da073af2021-12-20 15:58:57.677root 11241100x8000000000000000769868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70481191e89949bb2021-12-20 15:58:57.677root 11241100x8000000000000000769869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c390319e52a22f002021-12-20 15:58:57.678root 11241100x8000000000000000769870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee848726720d8d032021-12-20 15:58:57.678root 11241100x8000000000000000769871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecfb6a8f5517afb2021-12-20 15:58:57.678root 11241100x8000000000000000769872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70120cf954900cb02021-12-20 15:58:58.174root 11241100x8000000000000000769873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaccaff27b15d8b2021-12-20 15:58:58.174root 11241100x8000000000000000769874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c536cc0dd8143f212021-12-20 15:58:58.174root 11241100x8000000000000000769875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83386842bcba7f02021-12-20 15:58:58.174root 11241100x8000000000000000769876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c805e6bcf3d8de2021-12-20 15:58:58.175root 11241100x8000000000000000769877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f408a50579eae5f2021-12-20 15:58:58.175root 11241100x8000000000000000769878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86df4241c64e98132021-12-20 15:58:58.175root 11241100x8000000000000000769879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf962ac7746be18a2021-12-20 15:58:58.175root 11241100x8000000000000000769880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac87b36c124cf7e2021-12-20 15:58:58.175root 11241100x8000000000000000769881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5f76893ee140d92021-12-20 15:58:58.175root 11241100x8000000000000000769882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a2c9955d3f35af2021-12-20 15:58:58.176root 11241100x8000000000000000769883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c08cbe9de4d65f2021-12-20 15:58:58.176root 11241100x8000000000000000769884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978266a2cd44cfb22021-12-20 15:58:58.176root 11241100x8000000000000000769885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6e2ba7222f99fe2021-12-20 15:58:58.177root 11241100x8000000000000000769886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70aa4efb8770d982021-12-20 15:58:58.177root 11241100x8000000000000000769887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bf14b54921751e2021-12-20 15:58:58.177root 11241100x8000000000000000769888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8f3b4bb1daacfd2021-12-20 15:58:58.178root 11241100x8000000000000000769889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a77d30b2d06166f2021-12-20 15:58:58.178root 11241100x8000000000000000769890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a85dd82027af602021-12-20 15:58:58.178root 11241100x8000000000000000769891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b67bd6e014c91b2021-12-20 15:58:58.178root 11241100x8000000000000000769892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a712d1950593d992021-12-20 15:58:58.674root 11241100x8000000000000000769893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15409a74c9f3ece92021-12-20 15:58:58.674root 11241100x8000000000000000769894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cac34cd16d087d02021-12-20 15:58:58.675root 11241100x8000000000000000769895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d772a6fede94a8842021-12-20 15:58:58.675root 11241100x8000000000000000769896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cd494aa703eec12021-12-20 15:58:58.676root 11241100x8000000000000000769897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0609aaeb2ba9722021-12-20 15:58:58.677root 11241100x8000000000000000769898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eeec0b493e66ff72021-12-20 15:58:58.677root 11241100x8000000000000000769899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf58e47490efcab12021-12-20 15:58:58.677root 11241100x8000000000000000769900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9764594068dcc62b2021-12-20 15:58:58.677root 11241100x8000000000000000769901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3775073a68c80432021-12-20 15:58:58.677root 11241100x8000000000000000769902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23540e22d80ac6142021-12-20 15:58:58.677root 11241100x8000000000000000769903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236aca3d36104bbf2021-12-20 15:58:58.677root 11241100x8000000000000000769904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2fd614824df62c2021-12-20 15:58:58.678root 11241100x8000000000000000769905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ee3bc266ec53582021-12-20 15:58:58.678root 11241100x8000000000000000769906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfafec7ac087f7c2021-12-20 15:58:58.678root 11241100x8000000000000000769907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67824fbf3f036eba2021-12-20 15:58:58.678root 11241100x8000000000000000769908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe115b226be51862021-12-20 15:58:58.678root 11241100x8000000000000000769909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b039a476b4cedbd32021-12-20 15:58:58.678root 11241100x8000000000000000769910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa2a3e58491f26d2021-12-20 15:58:58.678root 11241100x8000000000000000769911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020a0495e0107caf2021-12-20 15:58:58.678root 11241100x8000000000000000769912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6cea4661a3ce022021-12-20 15:58:59.174root 11241100x8000000000000000769913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac6a7d223b16d9f2021-12-20 15:58:59.175root 11241100x8000000000000000769914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6705a9851df9c0662021-12-20 15:58:59.175root 11241100x8000000000000000769915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe261518f04613b2021-12-20 15:58:59.175root 11241100x8000000000000000769916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ca65b79c5e0c012021-12-20 15:58:59.175root 11241100x8000000000000000769917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5894e35d1c609bf92021-12-20 15:58:59.175root 11241100x8000000000000000769918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e8e29e809c36a02021-12-20 15:58:59.176root 11241100x8000000000000000769919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7132671b127aa282021-12-20 15:58:59.176root 11241100x8000000000000000769920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3bd732612f89822021-12-20 15:58:59.176root 11241100x8000000000000000769921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f96151aa104cb32021-12-20 15:58:59.176root 11241100x8000000000000000769922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59da511d77f07d602021-12-20 15:58:59.176root 11241100x8000000000000000769923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ac39c71ac43c1a2021-12-20 15:58:59.176root 11241100x8000000000000000769924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3cf654d479aa562021-12-20 15:58:59.176root 11241100x8000000000000000769925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459df3e1ec2c94412021-12-20 15:58:59.176root 11241100x8000000000000000769926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e49ddf8ff9122b2021-12-20 15:58:59.177root 11241100x8000000000000000769927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d5fef17872c412021-12-20 15:58:59.177root 11241100x8000000000000000769928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3a8d89ef383c232021-12-20 15:58:59.177root 11241100x8000000000000000769929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d1ad34f2b36dae2021-12-20 15:58:59.177root 11241100x8000000000000000769930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392e4b4def7b3ece2021-12-20 15:58:59.177root 11241100x8000000000000000769931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc763bb004209c82021-12-20 15:58:59.177root 11241100x8000000000000000769932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d35f8148d6c5e2a2021-12-20 15:58:59.674root 11241100x8000000000000000769933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2172e1a7cc506d252021-12-20 15:58:59.674root 11241100x8000000000000000769934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a758b0696675f4a22021-12-20 15:58:59.674root 11241100x8000000000000000769935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c127f4373765cece2021-12-20 15:58:59.675root 11241100x8000000000000000769936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24023f58a29ba8c82021-12-20 15:58:59.675root 11241100x8000000000000000769937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78a7a72536e46522021-12-20 15:58:59.675root 11241100x8000000000000000769938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a10062f009ac0c12021-12-20 15:58:59.675root 11241100x8000000000000000769939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7e7d549a6f027d2021-12-20 15:58:59.675root 11241100x8000000000000000769940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfbb1b09e4a31cc2021-12-20 15:58:59.675root 11241100x8000000000000000769941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59329da9f84a1cc32021-12-20 15:58:59.675root 11241100x8000000000000000769942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3c616662cdf1032021-12-20 15:58:59.675root 11241100x8000000000000000769943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f98468ccb5a43a2021-12-20 15:58:59.675root 11241100x8000000000000000769944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5777ff961bb87be92021-12-20 15:58:59.675root 11241100x8000000000000000769945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09ce93de782ffd62021-12-20 15:58:59.676root 11241100x8000000000000000769946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801356dce4d14f822021-12-20 15:58:59.676root 11241100x8000000000000000769947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0289e121bf8438682021-12-20 15:58:59.676root 11241100x8000000000000000769948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fea282c7a88e412021-12-20 15:58:59.676root 11241100x8000000000000000769949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b71c30d94e5b2c32021-12-20 15:58:59.676root 11241100x8000000000000000769950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37baa383d727e43e2021-12-20 15:58:59.676root 11241100x8000000000000000769951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:58:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad03d5cbd23b90cc2021-12-20 15:58:59.676root 11241100x8000000000000000769952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3e67788988f26e2021-12-20 15:59:00.174root 11241100x8000000000000000769953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14832c2b2bf56712021-12-20 15:59:00.174root 11241100x8000000000000000769954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc1a2399031caab2021-12-20 15:59:00.175root 11241100x8000000000000000769955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05fac46161aa36c2021-12-20 15:59:00.175root 11241100x8000000000000000769956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c70b3108b18b61f2021-12-20 15:59:00.175root 11241100x8000000000000000769957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83df81d6cacba8db2021-12-20 15:59:00.175root 11241100x8000000000000000769958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd12bdc976224812021-12-20 15:59:00.175root 11241100x8000000000000000769959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6302d938c0523c02021-12-20 15:59:00.175root 11241100x8000000000000000769960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecd7d798cbd1a182021-12-20 15:59:00.175root 11241100x8000000000000000769961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a182d7dec1aab4c2021-12-20 15:59:00.175root 11241100x8000000000000000769962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5e7e78aa123ce02021-12-20 15:59:00.175root 11241100x8000000000000000769963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9765e71abe2fa2d12021-12-20 15:59:00.175root 11241100x8000000000000000769964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0884d2a710fbdc402021-12-20 15:59:00.175root 11241100x8000000000000000769965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7181ce3e229c52d2021-12-20 15:59:00.176root 11241100x8000000000000000769966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8ceb730e96afb52021-12-20 15:59:00.176root 11241100x8000000000000000769967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa74e0333067b0432021-12-20 15:59:00.176root 11241100x8000000000000000769968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d08893192b4fab2021-12-20 15:59:00.176root 11241100x8000000000000000769969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8537aa79d2e317d72021-12-20 15:59:00.176root 11241100x8000000000000000769970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1b2235ec668c622021-12-20 15:59:00.176root 11241100x8000000000000000769971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b822b14ce4fd442021-12-20 15:59:00.176root 11241100x8000000000000000769972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fe230cac00ffc72021-12-20 15:59:00.176root 11241100x8000000000000000769973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd59e65fb37203062021-12-20 15:59:00.674root 11241100x8000000000000000769974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f24ec61898ada42021-12-20 15:59:00.674root 11241100x8000000000000000769975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e07c04569ef30152021-12-20 15:59:00.674root 11241100x8000000000000000769976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179153cb11fb20342021-12-20 15:59:00.674root 11241100x8000000000000000769977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50affff09aa5ef152021-12-20 15:59:00.674root 11241100x8000000000000000769978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8803e4e4a49fa3a2021-12-20 15:59:00.674root 11241100x8000000000000000769979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1121fd2394305b2021-12-20 15:59:00.674root 11241100x8000000000000000769980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ea8d00c3c726f22021-12-20 15:59:00.674root 11241100x8000000000000000769981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797e0b6f888c69b32021-12-20 15:59:00.674root 11241100x8000000000000000769982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ea493c72ad2aa52021-12-20 15:59:00.675root 11241100x8000000000000000769983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455c6256ec4855dc2021-12-20 15:59:00.675root 11241100x8000000000000000769984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d24d52dd3861072021-12-20 15:59:00.675root 11241100x8000000000000000769985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d65507d73039f4b2021-12-20 15:59:00.675root 11241100x8000000000000000769986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38272587a13e6d9f2021-12-20 15:59:00.675root 11241100x8000000000000000769987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b68c26ce1c4721b2021-12-20 15:59:00.675root 11241100x8000000000000000769988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b6b9c5ba8fecc42021-12-20 15:59:00.675root 11241100x8000000000000000769989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207254e7f63e25452021-12-20 15:59:00.675root 11241100x8000000000000000769990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f417fd03f7dd7f522021-12-20 15:59:00.675root 11241100x8000000000000000769991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f3b50f5ffe48262021-12-20 15:59:00.676root 11241100x8000000000000000769992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4073578053f0d32021-12-20 15:59:00.676root 11241100x8000000000000000769993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7370ddce42fb7ca2021-12-20 15:59:00.676root 11241100x8000000000000000769994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff9c4d3fc4163dd2021-12-20 15:59:01.174root 11241100x8000000000000000769995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340d4defc4663c202021-12-20 15:59:01.174root 11241100x8000000000000000769996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98790a2f2e75c2342021-12-20 15:59:01.174root 11241100x8000000000000000769997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21ea64b7953793c2021-12-20 15:59:01.174root 11241100x8000000000000000769998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1f8f5fd31927fb2021-12-20 15:59:01.174root 11241100x8000000000000000769999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265558e07dbc66da2021-12-20 15:59:01.174root 11241100x8000000000000000770000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7053e1d71fa0a3942021-12-20 15:59:01.175root 11241100x8000000000000000770001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a19e716a7f8c192021-12-20 15:59:01.175root 11241100x8000000000000000770002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70975dfe0a2fea12021-12-20 15:59:01.175root 11241100x8000000000000000770003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e77de8daf79c542021-12-20 15:59:01.175root 11241100x8000000000000000770004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8095981b6f8db4b2021-12-20 15:59:01.175root 11241100x8000000000000000770005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7148a59872d6de772021-12-20 15:59:01.175root 11241100x8000000000000000770006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58b9e7c2f34adb42021-12-20 15:59:01.175root 11241100x8000000000000000770007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729cdfc131f32fbf2021-12-20 15:59:01.175root 11241100x8000000000000000770008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ed96f36881e3942021-12-20 15:59:01.175root 11241100x8000000000000000770009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d34a3bcfbefffd2021-12-20 15:59:01.175root 11241100x8000000000000000770010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c64927cd4e63872021-12-20 15:59:01.175root 11241100x8000000000000000770011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1121022b7329f5192021-12-20 15:59:01.175root 11241100x8000000000000000770012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d27325b92bbbff82021-12-20 15:59:01.175root 11241100x8000000000000000770013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1544f057458c9ef82021-12-20 15:59:01.175root 11241100x8000000000000000770014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2289225a888cd9ad2021-12-20 15:59:01.674root 11241100x8000000000000000770015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cfa99e251bd2322021-12-20 15:59:01.674root 11241100x8000000000000000770016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8262b22e44a52af12021-12-20 15:59:01.674root 11241100x8000000000000000770017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554e8b3599ecb8802021-12-20 15:59:01.674root 11241100x8000000000000000770018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1037f851b1e75e9a2021-12-20 15:59:01.674root 11241100x8000000000000000770019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9f90d2e26794b72021-12-20 15:59:01.675root 11241100x8000000000000000770020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc37b00d669cdd92021-12-20 15:59:01.675root 11241100x8000000000000000770021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17da4d8ec0c60b2a2021-12-20 15:59:01.675root 11241100x8000000000000000770022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91859d91de1d70b52021-12-20 15:59:01.675root 11241100x8000000000000000770023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aad2084141f96dd2021-12-20 15:59:01.675root 11241100x8000000000000000770024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328827683dd7b9872021-12-20 15:59:01.675root 11241100x8000000000000000770025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715eb807d47ca45d2021-12-20 15:59:01.675root 11241100x8000000000000000770026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bfcc217b3057c62021-12-20 15:59:01.675root 11241100x8000000000000000770027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b350592f6f2cba972021-12-20 15:59:01.675root 11241100x8000000000000000770028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4322cf33e1970d4a2021-12-20 15:59:01.675root 11241100x8000000000000000770029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d5aedfa70b0be32021-12-20 15:59:01.675root 11241100x8000000000000000770030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5b7e6e8bfc8dac2021-12-20 15:59:01.675root 11241100x8000000000000000770031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a134e78cc88c6b2021-12-20 15:59:01.675root 11241100x8000000000000000770032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d9f619cd231c7c2021-12-20 15:59:01.675root 11241100x8000000000000000770033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371e43d99cd826692021-12-20 15:59:01.675root 11241100x8000000000000000770034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc3b544752a9f832021-12-20 15:59:02.174root 11241100x8000000000000000770035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ced9375821a02582021-12-20 15:59:02.174root 11241100x8000000000000000770036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d238b62c8b2fb102021-12-20 15:59:02.174root 11241100x8000000000000000770037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f551ca9969112312021-12-20 15:59:02.174root 11241100x8000000000000000770038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb352002ece4bb62021-12-20 15:59:02.174root 11241100x8000000000000000770039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87b36155c0597ab2021-12-20 15:59:02.174root 11241100x8000000000000000770040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2199c5517ea7fff82021-12-20 15:59:02.175root 11241100x8000000000000000770041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc945e43b4365482021-12-20 15:59:02.175root 11241100x8000000000000000770042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4635d450a4bc19572021-12-20 15:59:02.175root 11241100x8000000000000000770043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45f541d682e9b6a2021-12-20 15:59:02.175root 11241100x8000000000000000770044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c032c7ed16f71ca62021-12-20 15:59:02.175root 11241100x8000000000000000770045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18ef68dc06f3d4a2021-12-20 15:59:02.175root 11241100x8000000000000000770046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b6130dff4b48662021-12-20 15:59:02.175root 11241100x8000000000000000770047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab553dd807622a62021-12-20 15:59:02.175root 11241100x8000000000000000770048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19431b861f3b5942021-12-20 15:59:02.175root 11241100x8000000000000000770049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b247251ff3a62b2021-12-20 15:59:02.175root 11241100x8000000000000000770050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314b7d9aa87d14102021-12-20 15:59:02.175root 11241100x8000000000000000770051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96de291505516802021-12-20 15:59:02.175root 11241100x8000000000000000770052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dcbaf56a7760672021-12-20 15:59:02.175root 11241100x8000000000000000770053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac53e01360fbbf9e2021-12-20 15:59:02.175root 11241100x8000000000000000770054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6844660590d20f212021-12-20 15:59:02.674root 11241100x8000000000000000770055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be1999e560938302021-12-20 15:59:02.674root 11241100x8000000000000000770056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc96ecd6c90413a52021-12-20 15:59:02.674root 11241100x8000000000000000770057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6862f6b54545d3a52021-12-20 15:59:02.674root 11241100x8000000000000000770058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7707caeda8133eb2021-12-20 15:59:02.674root 11241100x8000000000000000770059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c289eeca9733e11d2021-12-20 15:59:02.674root 11241100x8000000000000000770060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8a11031ae1cbc02021-12-20 15:59:02.674root 11241100x8000000000000000770061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af3da3fb4e2a8892021-12-20 15:59:02.674root 11241100x8000000000000000770062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eb28ab9ee4cf752021-12-20 15:59:02.674root 11241100x8000000000000000770063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eef3c68ec64966f2021-12-20 15:59:02.674root 11241100x8000000000000000770064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885f5b10513714932021-12-20 15:59:02.675root 11241100x8000000000000000770065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6807fec7648955d22021-12-20 15:59:02.675root 11241100x8000000000000000770066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9049d88346e6dea2021-12-20 15:59:02.675root 11241100x8000000000000000770067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06709deb82594982021-12-20 15:59:02.675root 11241100x8000000000000000770068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4efb051d7a524412021-12-20 15:59:02.675root 11241100x8000000000000000770069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9583b13eacb618ac2021-12-20 15:59:02.675root 11241100x8000000000000000770070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0817ee7e4672ff32021-12-20 15:59:02.675root 11241100x8000000000000000770071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9c4232cf035fcd2021-12-20 15:59:02.675root 11241100x8000000000000000770072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6409d0aea9e930b2021-12-20 15:59:02.675root 11241100x8000000000000000770073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f346362edf6725e72021-12-20 15:59:02.675root 354300x8000000000000000770074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.159{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51468-false10.0.1.12-8000- 11241100x8000000000000000770075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.160{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51403fea9bb8e87e2021-12-20 15:59:03.160root 11241100x8000000000000000770076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.160{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13b23a4b0e9babd2021-12-20 15:59:03.160root 11241100x8000000000000000770077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcb2e16663bc94f2021-12-20 15:59:03.161root 11241100x8000000000000000770078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea24f0f0d5f2f70e2021-12-20 15:59:03.161root 11241100x8000000000000000770079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e967a7febb7af5b2021-12-20 15:59:03.161root 11241100x8000000000000000770080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9499207bc86742252021-12-20 15:59:03.161root 11241100x8000000000000000770081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee54a04ebbb3e0e2021-12-20 15:59:03.161root 11241100x8000000000000000770082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9260759e8fa1f85e2021-12-20 15:59:03.161root 11241100x8000000000000000770083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0196d8a7238f9322021-12-20 15:59:03.161root 11241100x8000000000000000770084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d106897adb6ed42021-12-20 15:59:03.161root 11241100x8000000000000000770085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed73eaf3c7b72132021-12-20 15:59:03.161root 11241100x8000000000000000770086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfa8233015990332021-12-20 15:59:03.161root 11241100x8000000000000000770087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9673dc81a9e2b1912021-12-20 15:59:03.161root 11241100x8000000000000000770088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cf6b1bea6a9cc82021-12-20 15:59:03.161root 11241100x8000000000000000770089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.161{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060269e750bdced92021-12-20 15:59:03.161root 11241100x8000000000000000770090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.162{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5600442cb93447f72021-12-20 15:59:03.162root 11241100x8000000000000000770091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.162{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4dbf067de1d1352021-12-20 15:59:03.162root 11241100x8000000000000000770092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.162{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d3592cda9bb2692021-12-20 15:59:03.162root 11241100x8000000000000000770093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.162{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78d1edf24eef55e2021-12-20 15:59:03.162root 11241100x8000000000000000770094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.162{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6af877d9c642f62021-12-20 15:59:03.162root 534500x8000000000000000770095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.206{ec2c97d1-67ad-61c0-c8ca-1059e4550000}459/lib/systemd/systemd-journaldroot 11241100x8000000000000000770096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30d4cc99d43e7b22021-12-20 15:59:03.424root 11241100x8000000000000000770097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafd34aade72cead2021-12-20 15:59:03.424root 11241100x8000000000000000770098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a83f4702b8b95f2021-12-20 15:59:03.424root 11241100x8000000000000000770099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cab50c580a29062021-12-20 15:59:03.425root 11241100x8000000000000000770100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2eb92043fdbd0a2021-12-20 15:59:03.425root 11241100x8000000000000000770101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86291730bfdeff5d2021-12-20 15:59:03.425root 11241100x8000000000000000770102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b309bf52d3e32522021-12-20 15:59:03.425root 11241100x8000000000000000770103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708d79d0b9972a802021-12-20 15:59:03.425root 11241100x8000000000000000770104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed5bf6b2e34190b2021-12-20 15:59:03.425root 11241100x8000000000000000770105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d53d97267824d3a2021-12-20 15:59:03.425root 11241100x8000000000000000770106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b438e46420c5022021-12-20 15:59:03.425root 11241100x8000000000000000770107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898dc9de493b341d2021-12-20 15:59:03.425root 11241100x8000000000000000770108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78c191c060976632021-12-20 15:59:03.425root 11241100x8000000000000000770109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f8e6af6cbc18a02021-12-20 15:59:03.425root 11241100x8000000000000000770110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a478c63deb0d6e2021-12-20 15:59:03.426root 11241100x8000000000000000770111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b94a44a7de516c02021-12-20 15:59:03.426root 11241100x8000000000000000770112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0ecfe24cbf186a2021-12-20 15:59:03.426root 11241100x8000000000000000770113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f848700f0805f3a72021-12-20 15:59:03.426root 11241100x8000000000000000770114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad497b29299cc472021-12-20 15:59:03.426root 11241100x8000000000000000770115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d99d72b5cfba892021-12-20 15:59:03.426root 11241100x8000000000000000770116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdade5ab149bd1fb2021-12-20 15:59:03.426root 11241100x8000000000000000770117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c6d241bfa86d872021-12-20 15:59:03.426root 11241100x8000000000000000770118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a44d5edb629f2f62021-12-20 15:59:03.427root 11241100x8000000000000000770119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52bc9ecde46d0882021-12-20 15:59:03.924root 11241100x8000000000000000770120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6cf651c4649f602021-12-20 15:59:03.924root 11241100x8000000000000000770121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c902a86e25c19eed2021-12-20 15:59:03.924root 11241100x8000000000000000770122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412ab3babddd69dd2021-12-20 15:59:03.924root 11241100x8000000000000000770123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b3aad866c319a32021-12-20 15:59:03.925root 11241100x8000000000000000770124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbb6f04f6e0d0e82021-12-20 15:59:03.925root 11241100x8000000000000000770125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d23d9020d07c39b2021-12-20 15:59:03.925root 11241100x8000000000000000770126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d3896c5e5bf4022021-12-20 15:59:03.925root 11241100x8000000000000000770127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ffa27bf0530b242021-12-20 15:59:03.925root 11241100x8000000000000000770128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10155c1184c3e2662021-12-20 15:59:03.925root 11241100x8000000000000000770129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f3bcc7b95ac34a2021-12-20 15:59:03.925root 11241100x8000000000000000770130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf2e7a1f5fa91aa2021-12-20 15:59:03.925root 11241100x8000000000000000770131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3942db27a54bb47a2021-12-20 15:59:03.925root 11241100x8000000000000000770132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412bb0afa3b7128b2021-12-20 15:59:03.925root 11241100x8000000000000000770133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cc00cddf9bcba32021-12-20 15:59:03.925root 11241100x8000000000000000770134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee6e90e1fbbf7562021-12-20 15:59:03.925root 11241100x8000000000000000770135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8b291795433c932021-12-20 15:59:03.925root 11241100x8000000000000000770136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ffccfc7696b54e2021-12-20 15:59:03.925root 11241100x8000000000000000770137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4944b2d65a67cc212021-12-20 15:59:03.926root 11241100x8000000000000000770138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e81c012264e9682021-12-20 15:59:03.926root 11241100x8000000000000000770139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e103b40def77b582021-12-20 15:59:03.926root 11241100x8000000000000000770140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f165f01edd42472021-12-20 15:59:03.926root 11241100x8000000000000000770141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5456900378a436122021-12-20 15:59:04.424root 11241100x8000000000000000770142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926b9b2a18e66bec2021-12-20 15:59:04.424root 11241100x8000000000000000770143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26dda6a63249a3d2021-12-20 15:59:04.424root 11241100x8000000000000000770144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1acf30de3e4a7f52021-12-20 15:59:04.424root 11241100x8000000000000000770145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328a05ebc6d52f62021-12-20 15:59:04.425root 11241100x8000000000000000770146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fd5533235e1abe2021-12-20 15:59:04.425root 11241100x8000000000000000770147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918ef3b7ce663bee2021-12-20 15:59:04.425root 11241100x8000000000000000770148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbedcbe0480052c2021-12-20 15:59:04.425root 11241100x8000000000000000770149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0c6d13579933692021-12-20 15:59:04.425root 11241100x8000000000000000770150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e024624fb377f0f32021-12-20 15:59:04.425root 11241100x8000000000000000770151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb76a5603bfd4fa52021-12-20 15:59:04.425root 11241100x8000000000000000770152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0d2de2c240e38d2021-12-20 15:59:04.425root 11241100x8000000000000000770153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044159067067759a2021-12-20 15:59:04.425root 11241100x8000000000000000770154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9682012b2707a262021-12-20 15:59:04.425root 11241100x8000000000000000770155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6853ecb7e4af4f762021-12-20 15:59:04.425root 11241100x8000000000000000770156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9eae13522caaa92021-12-20 15:59:04.425root 11241100x8000000000000000770157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c271d21c2ffc8e2021-12-20 15:59:04.425root 11241100x8000000000000000770158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedd8727f864d2632021-12-20 15:59:04.425root 11241100x8000000000000000770159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6f19e0d521c8132021-12-20 15:59:04.425root 11241100x8000000000000000770160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1ee4856c1ff6212021-12-20 15:59:04.426root 11241100x8000000000000000770161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab2d2ad27c152ab2021-12-20 15:59:04.426root 11241100x8000000000000000770162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed567820693c15b2021-12-20 15:59:04.426root 11241100x8000000000000000770163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535c18f1eeb6c2ec2021-12-20 15:59:04.924root 11241100x8000000000000000770164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06827282bc8961a2021-12-20 15:59:04.924root 11241100x8000000000000000770165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d4e9b9fd09ea4d2021-12-20 15:59:04.925root 11241100x8000000000000000770166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa72e07e52fc0fd2021-12-20 15:59:04.925root 11241100x8000000000000000770167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6013d0d1c023c562021-12-20 15:59:04.925root 11241100x8000000000000000770168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a202deee6d301d2021-12-20 15:59:04.925root 11241100x8000000000000000770169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d2ba215f6027502021-12-20 15:59:04.926root 11241100x8000000000000000770170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7c2afdf83cfd862021-12-20 15:59:04.926root 11241100x8000000000000000770171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c7281163a406c42021-12-20 15:59:04.926root 11241100x8000000000000000770172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46613b003c579fcd2021-12-20 15:59:04.926root 11241100x8000000000000000770173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e073479609d87a2021-12-20 15:59:04.926root 11241100x8000000000000000770174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b63d5095dd568132021-12-20 15:59:04.926root 11241100x8000000000000000770175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8a8d433a7007162021-12-20 15:59:04.926root 11241100x8000000000000000770176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c73c235b016c8492021-12-20 15:59:04.926root 11241100x8000000000000000770177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d294a65a420501a72021-12-20 15:59:04.927root 11241100x8000000000000000770178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ec75372aded8d72021-12-20 15:59:04.927root 11241100x8000000000000000770179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c000d1636625fd572021-12-20 15:59:04.927root 11241100x8000000000000000770180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7327f99ff7535032021-12-20 15:59:04.927root 11241100x8000000000000000770181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb82e206645461582021-12-20 15:59:04.927root 11241100x8000000000000000770182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8717af14bb65e2232021-12-20 15:59:04.927root 11241100x8000000000000000770183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1cf47d23562a282021-12-20 15:59:04.927root 11241100x8000000000000000770184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af16c10126bbefcf2021-12-20 15:59:04.927root 11241100x8000000000000000770185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a005e7edfe5a0a2021-12-20 15:59:04.927root 11241100x8000000000000000770186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3768371e2eb01852021-12-20 15:59:04.927root 11241100x8000000000000000770187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6eab8cc249393272021-12-20 15:59:04.927root 11241100x8000000000000000770188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16949d9dc941f7232021-12-20 15:59:04.927root 11241100x8000000000000000770189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6648023aaf021d0f2021-12-20 15:59:05.424root 11241100x8000000000000000770190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb60e3c17d7bab592021-12-20 15:59:05.424root 11241100x8000000000000000770191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b56d666b0fc72e2021-12-20 15:59:05.424root 11241100x8000000000000000770192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9813cbbfc7d4032021-12-20 15:59:05.424root 11241100x8000000000000000770193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fe96c0fe7deff72021-12-20 15:59:05.424root 11241100x8000000000000000770194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e318939d1a9d6c82021-12-20 15:59:05.424root 11241100x8000000000000000770195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acd6f2fa7b74b652021-12-20 15:59:05.425root 11241100x8000000000000000770196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b4590122fb965a2021-12-20 15:59:05.425root 11241100x8000000000000000770197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58acfdd4b4211c4c2021-12-20 15:59:05.425root 11241100x8000000000000000770198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe7deda7ecce1c32021-12-20 15:59:05.425root 11241100x8000000000000000770199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c5412f492965322021-12-20 15:59:05.425root 11241100x8000000000000000770200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad2ffb75446d1512021-12-20 15:59:05.425root 11241100x8000000000000000770201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac7831d0bec69972021-12-20 15:59:05.425root 11241100x8000000000000000770202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4fb05de917f7c42021-12-20 15:59:05.425root 11241100x8000000000000000770203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1643d62dc1a77f622021-12-20 15:59:05.425root 11241100x8000000000000000770204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f30194f0b0ce6d2021-12-20 15:59:05.425root 11241100x8000000000000000770205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e3fa31331a7b062021-12-20 15:59:05.425root 11241100x8000000000000000770206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c48801e1f9eb2622021-12-20 15:59:05.425root 11241100x8000000000000000770207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2c4cea1d10b2592021-12-20 15:59:05.425root 11241100x8000000000000000770208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63043d4ae34f370d2021-12-20 15:59:05.425root 11241100x8000000000000000770209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693045f88ddb09c12021-12-20 15:59:05.426root 11241100x8000000000000000770210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5089636244070e7a2021-12-20 15:59:05.426root 11241100x8000000000000000770211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c0c0117528d3ab2021-12-20 15:59:05.924root 11241100x8000000000000000770212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f2ff5629d09ed22021-12-20 15:59:05.924root 11241100x8000000000000000770213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a4fbb3279b79682021-12-20 15:59:05.924root 11241100x8000000000000000770214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d621d09cb006a72021-12-20 15:59:05.924root 11241100x8000000000000000770215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2395ffb4e8accf9d2021-12-20 15:59:05.925root 11241100x8000000000000000770216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43afa41df8eade202021-12-20 15:59:05.925root 11241100x8000000000000000770217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0831138b48500002021-12-20 15:59:05.925root 11241100x8000000000000000770218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c0201ba70589652021-12-20 15:59:05.925root 11241100x8000000000000000770219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bef7837e35149072021-12-20 15:59:05.925root 11241100x8000000000000000770220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de26ab3cdb1bfbc2021-12-20 15:59:05.925root 11241100x8000000000000000770221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3460aa6ebac8ca12021-12-20 15:59:05.925root 11241100x8000000000000000770222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0830b0d53b44b482021-12-20 15:59:05.925root 11241100x8000000000000000770223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bcff1dc9bda2502021-12-20 15:59:05.925root 11241100x8000000000000000770224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a396beca9f157f2021-12-20 15:59:05.925root 11241100x8000000000000000770225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb4ca287202e3252021-12-20 15:59:05.925root 11241100x8000000000000000770226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ad81490f5ae3132021-12-20 15:59:05.925root 11241100x8000000000000000770227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54573e1dc238c15e2021-12-20 15:59:05.925root 11241100x8000000000000000770228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2705783ae45cd4812021-12-20 15:59:05.925root 11241100x8000000000000000770229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e4aa467dc0f0d02021-12-20 15:59:05.925root 11241100x8000000000000000770230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c19de7b677ba2b02021-12-20 15:59:05.926root 11241100x8000000000000000770231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1435db6dbc8538a22021-12-20 15:59:05.926root 11241100x8000000000000000770232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70abcd8255de73b82021-12-20 15:59:05.926root 11241100x8000000000000000770233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:59:06.068root 11241100x8000000000000000770234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7993a1ae89b1dd9b2021-12-20 15:59:06.424root 11241100x8000000000000000770235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36b19b6b27cc7a32021-12-20 15:59:06.424root 11241100x8000000000000000770236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b93ae7cad51cc382021-12-20 15:59:06.424root 11241100x8000000000000000770237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc3394f0a1ea3062021-12-20 15:59:06.424root 11241100x8000000000000000770238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ff1a9ab5c3cfa62021-12-20 15:59:06.424root 11241100x8000000000000000770239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315139f663ee019c2021-12-20 15:59:06.425root 11241100x8000000000000000770240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aed63ec2aff4b82021-12-20 15:59:06.425root 11241100x8000000000000000770241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1072d3103b764f2021-12-20 15:59:06.425root 11241100x8000000000000000770242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b1526355a6f7eb2021-12-20 15:59:06.425root 11241100x8000000000000000770243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e313dd3ef6854c8b2021-12-20 15:59:06.425root 11241100x8000000000000000770244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95512f9a6af8a8de2021-12-20 15:59:06.425root 11241100x8000000000000000770245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a08dd0b35c12812021-12-20 15:59:06.425root 11241100x8000000000000000770246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311a44fa6fc55db52021-12-20 15:59:06.425root 11241100x8000000000000000770247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34e37da65df99582021-12-20 15:59:06.425root 11241100x8000000000000000770248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f51362ec8c5eb3e2021-12-20 15:59:06.426root 11241100x8000000000000000770249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad61ded3ea45019d2021-12-20 15:59:06.426root 11241100x8000000000000000770250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69e2a0c52becb4b2021-12-20 15:59:06.426root 11241100x8000000000000000770251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4d6b830a6dbe102021-12-20 15:59:06.426root 11241100x8000000000000000770252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6e8bef56bf79fb2021-12-20 15:59:06.426root 11241100x8000000000000000770253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dfade884bdee3c2021-12-20 15:59:06.427root 11241100x8000000000000000770254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703887a4b4c7fd792021-12-20 15:59:06.427root 11241100x8000000000000000770255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecac5d735f9eed92021-12-20 15:59:06.427root 11241100x8000000000000000770256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c0a2fabc2ec8cc2021-12-20 15:59:06.427root 11241100x8000000000000000770257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a46f5600c009b512021-12-20 15:59:06.924root 11241100x8000000000000000770258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00977455663347292021-12-20 15:59:06.924root 11241100x8000000000000000770259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e66b60e0fcbe16f2021-12-20 15:59:06.924root 11241100x8000000000000000770260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b60a479276bd4b2021-12-20 15:59:06.924root 11241100x8000000000000000770261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb76f5468247ed82021-12-20 15:59:06.924root 11241100x8000000000000000770262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e3a1df060c991c2021-12-20 15:59:06.924root 11241100x8000000000000000770263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca84aa8b863cd342021-12-20 15:59:06.924root 11241100x8000000000000000770264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d8fc8c3c7fa6882021-12-20 15:59:06.924root 11241100x8000000000000000770265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e40594ff6d3d5ae2021-12-20 15:59:06.925root 11241100x8000000000000000770266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad07171ddefaa4622021-12-20 15:59:06.925root 11241100x8000000000000000770267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e12a32014b47e2b2021-12-20 15:59:06.925root 11241100x8000000000000000770268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17849dbdd23f62122021-12-20 15:59:06.925root 11241100x8000000000000000770269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20656cedac6b908a2021-12-20 15:59:06.925root 11241100x8000000000000000770270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d646a33383cc0ce2021-12-20 15:59:06.926root 11241100x8000000000000000770271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315fbd69a874255c2021-12-20 15:59:06.926root 11241100x8000000000000000770272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8d0a13df9c21da2021-12-20 15:59:06.926root 11241100x8000000000000000770273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fefec0b41c905b2021-12-20 15:59:06.926root 11241100x8000000000000000770274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c04f97a65af69dc2021-12-20 15:59:06.926root 11241100x8000000000000000770275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e672876389b8472021-12-20 15:59:06.926root 11241100x8000000000000000770276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc0f20602e8ed7f2021-12-20 15:59:06.926root 11241100x8000000000000000770277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204e9298ecd10bcd2021-12-20 15:59:06.926root 11241100x8000000000000000770278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c065d8dc87d0f3b2021-12-20 15:59:06.927root 11241100x8000000000000000770279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126655bcb4e406e02021-12-20 15:59:06.927root 11241100x8000000000000000770280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc04d876e309fe72021-12-20 15:59:06.927root 11241100x8000000000000000770281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e601d120f458eb2021-12-20 15:59:06.927root 11241100x8000000000000000770282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeaf5c7a134917be2021-12-20 15:59:06.927root 11241100x8000000000000000770283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6e7bf0bb5572a02021-12-20 15:59:06.927root 11241100x8000000000000000770284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901f08116616c5d22021-12-20 15:59:06.927root 11241100x8000000000000000770285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2d7351767c643d2021-12-20 15:59:06.927root 11241100x8000000000000000770286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da628fadb7c10202021-12-20 15:59:06.927root 11241100x8000000000000000770287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7702744f4166a41d2021-12-20 15:59:07.424root 11241100x8000000000000000770288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f00ab78713ff9c2021-12-20 15:59:07.424root 11241100x8000000000000000770289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9064f29b6b9d782021-12-20 15:59:07.424root 11241100x8000000000000000770290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab75eb47767ba962021-12-20 15:59:07.424root 11241100x8000000000000000770291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e4d2d141a008122021-12-20 15:59:07.424root 11241100x8000000000000000770292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cf29d5a5afb0912021-12-20 15:59:07.424root 11241100x8000000000000000770293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8142d28166382942021-12-20 15:59:07.424root 11241100x8000000000000000770294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c3eed74b6d15942021-12-20 15:59:07.425root 11241100x8000000000000000770295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267e19f115845e122021-12-20 15:59:07.425root 11241100x8000000000000000770296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210d19ea071be33d2021-12-20 15:59:07.425root 11241100x8000000000000000770297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54e37dc8bb752832021-12-20 15:59:07.425root 11241100x8000000000000000770298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ac8c295c4b7c292021-12-20 15:59:07.425root 11241100x8000000000000000770299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569f5660c81d1c612021-12-20 15:59:07.425root 11241100x8000000000000000770300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fade61419aa24902021-12-20 15:59:07.425root 11241100x8000000000000000770301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6ffe1b6bc7156c2021-12-20 15:59:07.425root 11241100x8000000000000000770302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecb3c0a7f7083c32021-12-20 15:59:07.425root 11241100x8000000000000000770303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee4799df730de472021-12-20 15:59:07.426root 11241100x8000000000000000770304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f09d8e7df487a22021-12-20 15:59:07.426root 11241100x8000000000000000770305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e0c34c065987152021-12-20 15:59:07.426root 11241100x8000000000000000770306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819516320db12d152021-12-20 15:59:07.426root 11241100x8000000000000000770307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310a6e6e898ebc122021-12-20 15:59:07.426root 11241100x8000000000000000770308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03131fdaaa5f805c2021-12-20 15:59:07.426root 11241100x8000000000000000770309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77478bdc1327fe32021-12-20 15:59:07.426root 11241100x8000000000000000770310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c0cab20942e4652021-12-20 15:59:07.426root 11241100x8000000000000000770311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903ada8d116ae8c52021-12-20 15:59:07.426root 11241100x8000000000000000770312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c6ac3dd2f552b72021-12-20 15:59:07.924root 11241100x8000000000000000770313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe73d5af774f2412021-12-20 15:59:07.924root 11241100x8000000000000000770314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497ccaed64eb9e482021-12-20 15:59:07.924root 11241100x8000000000000000770315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7412b344ec33ca92021-12-20 15:59:07.924root 11241100x8000000000000000770316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651344360e2f69ce2021-12-20 15:59:07.924root 11241100x8000000000000000770317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707e164f36fafc8e2021-12-20 15:59:07.924root 11241100x8000000000000000770318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d103898e35b1feee2021-12-20 15:59:07.924root 11241100x8000000000000000770319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aca24f9cad36d602021-12-20 15:59:07.924root 11241100x8000000000000000770320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5774276fbe5cb55a2021-12-20 15:59:07.924root 11241100x8000000000000000770321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e20492cbc18ba5f2021-12-20 15:59:07.925root 11241100x8000000000000000770322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2764062c9e2f9642021-12-20 15:59:07.925root 11241100x8000000000000000770323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865909d9d2595ebe2021-12-20 15:59:07.925root 11241100x8000000000000000770324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b101d18a366be82021-12-20 15:59:07.925root 11241100x8000000000000000770325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb99ba6d50f294c2021-12-20 15:59:07.925root 11241100x8000000000000000770326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119a0b9aa12c3f642021-12-20 15:59:07.925root 11241100x8000000000000000770327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dd2a2cf717919a2021-12-20 15:59:07.925root 11241100x8000000000000000770328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009296875f81a2002021-12-20 15:59:07.925root 11241100x8000000000000000770329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2314ba169fa2386d2021-12-20 15:59:07.925root 11241100x8000000000000000770330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b2e41df5b12c122021-12-20 15:59:07.925root 11241100x8000000000000000770331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593052dd8a5d4b422021-12-20 15:59:07.926root 11241100x8000000000000000770332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad542b77cf91c4a2021-12-20 15:59:07.926root 11241100x8000000000000000770333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9df9bc2b5382fa62021-12-20 15:59:07.926root 11241100x8000000000000000770334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49e55995267b6802021-12-20 15:59:07.926root 11241100x8000000000000000770335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635e706e9168ee5b2021-12-20 15:59:07.926root 11241100x8000000000000000770336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3dfed00c7172922021-12-20 15:59:07.926root 11241100x8000000000000000770337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20110648968a6b292021-12-20 15:59:07.926root 11241100x8000000000000000770338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd973a58d20019a2021-12-20 15:59:07.926root 11241100x8000000000000000770339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95da0d92e70178a82021-12-20 15:59:07.926root 11241100x8000000000000000770340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7424737bd782690c2021-12-20 15:59:07.926root 11241100x8000000000000000770341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3426277497254d52021-12-20 15:59:07.927root 11241100x8000000000000000770342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebda89a6d1fec292021-12-20 15:59:07.927root 11241100x8000000000000000770343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c387aaa8a71af8d2021-12-20 15:59:07.927root 11241100x8000000000000000770344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d02e25603ae42e02021-12-20 15:59:07.927root 11241100x8000000000000000770345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e5c30f9f19ffbb2021-12-20 15:59:07.927root 11241100x8000000000000000770346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f90e06d1f292d02021-12-20 15:59:07.927root 11241100x8000000000000000770347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae03bbdc42fa1e292021-12-20 15:59:07.927root 11241100x8000000000000000770348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766b7aeccd2d15482021-12-20 15:59:07.927root 11241100x8000000000000000770349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafd19d9334128a2021-12-20 15:59:07.927root 11241100x8000000000000000770350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9be3952764353c2021-12-20 15:59:07.928root 11241100x8000000000000000770351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1416fc50c2607cd2021-12-20 15:59:07.928root 11241100x8000000000000000770352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdbb257f67c2e9a2021-12-20 15:59:07.928root 11241100x8000000000000000770353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91f18da57a11afb2021-12-20 15:59:07.928root 11241100x8000000000000000770354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33530a5d7dfe7c7d2021-12-20 15:59:08.424root 11241100x8000000000000000770355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe571536182a20832021-12-20 15:59:08.424root 11241100x8000000000000000770356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34d0981bd7d45292021-12-20 15:59:08.424root 11241100x8000000000000000770357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d5720384ab414a2021-12-20 15:59:08.424root 11241100x8000000000000000770358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef205d1c219f0352021-12-20 15:59:08.425root 11241100x8000000000000000770359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c247016e2bc14222021-12-20 15:59:08.425root 11241100x8000000000000000770360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a716f413f2ee7022021-12-20 15:59:08.425root 11241100x8000000000000000770361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e8511970396d532021-12-20 15:59:08.425root 11241100x8000000000000000770362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b336aedf7487a83c2021-12-20 15:59:08.425root 11241100x8000000000000000770363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9df43cfddd2f442021-12-20 15:59:08.425root 11241100x8000000000000000770364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33e5cdb39b82ffd2021-12-20 15:59:08.425root 11241100x8000000000000000770365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04a3fc9a63466fa2021-12-20 15:59:08.425root 11241100x8000000000000000770366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ddfe8e4ab5dfb92021-12-20 15:59:08.425root 11241100x8000000000000000770367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daeafb286d17f072021-12-20 15:59:08.426root 11241100x8000000000000000770368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fada8ed28a683e2021-12-20 15:59:08.426root 11241100x8000000000000000770369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6dab40678862a92021-12-20 15:59:08.426root 11241100x8000000000000000770370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4845604e202b412021-12-20 15:59:08.426root 11241100x8000000000000000770371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42f606fe1253e892021-12-20 15:59:08.426root 11241100x8000000000000000770372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44f3f812c519eec2021-12-20 15:59:08.426root 11241100x8000000000000000770373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2c015c1735fcf12021-12-20 15:59:08.426root 11241100x8000000000000000770374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7b5fd6551e6eca2021-12-20 15:59:08.426root 11241100x8000000000000000770375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83183ad233264512021-12-20 15:59:08.426root 11241100x8000000000000000770376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2eeef398b708f0e2021-12-20 15:59:08.426root 11241100x8000000000000000770377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2981054eb1ff21922021-12-20 15:59:08.924root 11241100x8000000000000000770378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8962a1407a496d192021-12-20 15:59:08.924root 11241100x8000000000000000770379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e19b41e8d0ffc32021-12-20 15:59:08.924root 11241100x8000000000000000770380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb6312e267a8c312021-12-20 15:59:08.924root 11241100x8000000000000000770381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b1bced7585730a2021-12-20 15:59:08.925root 11241100x8000000000000000770382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5731d5802a0ed4862021-12-20 15:59:08.925root 11241100x8000000000000000770383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edf9cb317583bd12021-12-20 15:59:08.925root 11241100x8000000000000000770384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17ec04d932cde9a2021-12-20 15:59:08.925root 11241100x8000000000000000770385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7841fceb697af72021-12-20 15:59:08.925root 11241100x8000000000000000770386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883d94c4a7bbe10a2021-12-20 15:59:08.925root 11241100x8000000000000000770387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c709876f14e0c232021-12-20 15:59:08.925root 11241100x8000000000000000770388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6da0dc6363d85b2021-12-20 15:59:08.925root 11241100x8000000000000000770389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5c4212a314578b2021-12-20 15:59:08.925root 11241100x8000000000000000770390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7496a05e3975ca762021-12-20 15:59:08.925root 11241100x8000000000000000770391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb3f1a09fbb09eb2021-12-20 15:59:08.925root 11241100x8000000000000000770392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0425dee4b5a2ba52021-12-20 15:59:08.925root 11241100x8000000000000000770393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff509ae178942f5c2021-12-20 15:59:08.925root 11241100x8000000000000000770394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e966dc0103c4b072021-12-20 15:59:08.926root 11241100x8000000000000000770395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38231aab292aaa652021-12-20 15:59:08.926root 11241100x8000000000000000770396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82038b452e59d3a2021-12-20 15:59:08.926root 11241100x8000000000000000770397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c18ce516632fcbd2021-12-20 15:59:08.926root 11241100x8000000000000000770398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00877ea0372d20792021-12-20 15:59:08.926root 11241100x8000000000000000770399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6deff7d739c877e2021-12-20 15:59:08.926root 23542300x8000000000000000770400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000770401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.155{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51470-false10.0.1.12-8000- 11241100x8000000000000000770402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061462cebdc401fd2021-12-20 15:59:09.424root 11241100x8000000000000000770403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72be3a75d871c66d2021-12-20 15:59:09.424root 11241100x8000000000000000770404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6624497f1a28041f2021-12-20 15:59:09.424root 11241100x8000000000000000770405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f7565a4d0b0d8b2021-12-20 15:59:09.424root 11241100x8000000000000000770406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6217653acdbb0e4f2021-12-20 15:59:09.425root 11241100x8000000000000000770407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2bb2ed5258d5022021-12-20 15:59:09.425root 11241100x8000000000000000770408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e8dddc7d94168d2021-12-20 15:59:09.425root 11241100x8000000000000000770409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cfdbc155ad389c2021-12-20 15:59:09.425root 11241100x8000000000000000770410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbd93d3951ec1332021-12-20 15:59:09.425root 11241100x8000000000000000770411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6c4988f0483cbf2021-12-20 15:59:09.425root 11241100x8000000000000000770412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d680d77f1d7e902021-12-20 15:59:09.425root 11241100x8000000000000000770413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b9502597f0982a2021-12-20 15:59:09.425root 11241100x8000000000000000770414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f9e1fac2b888b92021-12-20 15:59:09.425root 11241100x8000000000000000770415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5986144b68f512902021-12-20 15:59:09.425root 11241100x8000000000000000770416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878ecbcb005da4742021-12-20 15:59:09.425root 11241100x8000000000000000770417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba740c933f787d1c2021-12-20 15:59:09.426root 11241100x8000000000000000770418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776615ae2af6f5fe2021-12-20 15:59:09.426root 11241100x8000000000000000770419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052cd33039c2941b2021-12-20 15:59:09.426root 11241100x8000000000000000770420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f419358e529456c72021-12-20 15:59:09.426root 11241100x8000000000000000770421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5ce5b83b989bde2021-12-20 15:59:09.426root 11241100x8000000000000000770422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d36ca48ae573c122021-12-20 15:59:09.426root 11241100x8000000000000000770423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411d9edb54d8502b2021-12-20 15:59:09.426root 11241100x8000000000000000770424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3b933df49839cd2021-12-20 15:59:09.426root 11241100x8000000000000000770425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dd50ddbde7fc772021-12-20 15:59:09.426root 11241100x8000000000000000770426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4a2199323e16742021-12-20 15:59:09.426root 11241100x8000000000000000770427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca8ce2b9f50f8552021-12-20 15:59:09.924root 11241100x8000000000000000770428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2da49559ae5a5b2021-12-20 15:59:09.924root 11241100x8000000000000000770429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bd25c10af049ec2021-12-20 15:59:09.924root 11241100x8000000000000000770430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f60d97637e759902021-12-20 15:59:09.924root 11241100x8000000000000000770431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0bdcc5fbc81dcc2021-12-20 15:59:09.924root 11241100x8000000000000000770432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5686348dee4bb5a62021-12-20 15:59:09.924root 11241100x8000000000000000770433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ae42563f0b0a642021-12-20 15:59:09.924root 11241100x8000000000000000770434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8effaae11167d7e12021-12-20 15:59:09.924root 11241100x8000000000000000770435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd794aba957720bc2021-12-20 15:59:09.924root 11241100x8000000000000000770436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94370102f6e2d48c2021-12-20 15:59:09.925root 11241100x8000000000000000770437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9041f139ff41d6cf2021-12-20 15:59:09.925root 11241100x8000000000000000770438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cce8176680077f2021-12-20 15:59:09.925root 11241100x8000000000000000770439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff1ea1f1904af0a2021-12-20 15:59:09.925root 11241100x8000000000000000770440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7589f5788fa12d12021-12-20 15:59:09.925root 11241100x8000000000000000770441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a123eae1e79f06712021-12-20 15:59:09.925root 11241100x8000000000000000770442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb643684b0fd4992021-12-20 15:59:09.925root 11241100x8000000000000000770443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea5ee71ed148ad72021-12-20 15:59:09.925root 11241100x8000000000000000770444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d3d79946801aa42021-12-20 15:59:09.926root 11241100x8000000000000000770445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bd65dfaca5ef222021-12-20 15:59:09.926root 11241100x8000000000000000770446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75338c1a0a08de12021-12-20 15:59:09.926root 11241100x8000000000000000770447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465fa8c50634aa662021-12-20 15:59:09.926root 11241100x8000000000000000770448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f9783ab6a4a7552021-12-20 15:59:09.926root 11241100x8000000000000000770449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8cd0d8b9d8cd042021-12-20 15:59:09.926root 11241100x8000000000000000770450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4370e2ce2bf9fed2021-12-20 15:59:09.926root 11241100x8000000000000000770451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44057ab2a7972ec32021-12-20 15:59:09.926root 11241100x8000000000000000770452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2deeb954d605642021-12-20 15:59:09.926root 11241100x8000000000000000770453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58372c974e6dbbe2021-12-20 15:59:09.927root 11241100x8000000000000000770454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f6af14a29acd882021-12-20 15:59:09.927root 11241100x8000000000000000770455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036c6bfd30150b5d2021-12-20 15:59:09.927root 11241100x8000000000000000770456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642696e96f39b25b2021-12-20 15:59:10.424root 11241100x8000000000000000770457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d0eb47bbf1bf8e2021-12-20 15:59:10.424root 11241100x8000000000000000770458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e0af428bc4eb9e2021-12-20 15:59:10.424root 11241100x8000000000000000770459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a95e305ed2d8192021-12-20 15:59:10.424root 11241100x8000000000000000770460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984b99a9719a001c2021-12-20 15:59:10.425root 11241100x8000000000000000770461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d149040976e55cc12021-12-20 15:59:10.425root 11241100x8000000000000000770462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7556617bebe4c1582021-12-20 15:59:10.425root 11241100x8000000000000000770463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6e49558d78571e2021-12-20 15:59:10.425root 11241100x8000000000000000770464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c60db7d88edfcb2021-12-20 15:59:10.425root 11241100x8000000000000000770465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9dc0f49bc4d11a2021-12-20 15:59:10.425root 11241100x8000000000000000770466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9559f573a59d432021-12-20 15:59:10.425root 11241100x8000000000000000770467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdba70ddc717ca82021-12-20 15:59:10.425root 11241100x8000000000000000770468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e21cc00546a7002021-12-20 15:59:10.425root 11241100x8000000000000000770469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29505fecadf35cab2021-12-20 15:59:10.425root 11241100x8000000000000000770470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d736b23ccd35d0d82021-12-20 15:59:10.425root 11241100x8000000000000000770471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa59ccb774e2ce602021-12-20 15:59:10.425root 11241100x8000000000000000770472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd7b96a89c1740b2021-12-20 15:59:10.425root 11241100x8000000000000000770473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfe8be3db595e372021-12-20 15:59:10.425root 11241100x8000000000000000770474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16188799b09022382021-12-20 15:59:10.425root 11241100x8000000000000000770475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12dc6bd61d656c42021-12-20 15:59:10.426root 11241100x8000000000000000770476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dc53d04f274ab82021-12-20 15:59:10.426root 11241100x8000000000000000770477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec698502d99da222021-12-20 15:59:10.426root 11241100x8000000000000000770478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde07335096941202021-12-20 15:59:10.426root 11241100x8000000000000000770479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cf7063700728762021-12-20 15:59:10.426root 11241100x8000000000000000770480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751cbb980f58af782021-12-20 15:59:10.426root 11241100x8000000000000000770481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595e18dc11c63d062021-12-20 15:59:10.924root 11241100x8000000000000000770482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd34b96cd4416f252021-12-20 15:59:10.924root 11241100x8000000000000000770483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0208ee2eaa2d907f2021-12-20 15:59:10.924root 11241100x8000000000000000770484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d9b334d61d489e2021-12-20 15:59:10.924root 11241100x8000000000000000770485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c712745dda9295ba2021-12-20 15:59:10.925root 11241100x8000000000000000770486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09c68424f1bdc3d2021-12-20 15:59:10.925root 11241100x8000000000000000770487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b8a46b6426c8962021-12-20 15:59:10.925root 11241100x8000000000000000770488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c3bf2121427bc62021-12-20 15:59:10.925root 11241100x8000000000000000770489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad6c46729f014ba2021-12-20 15:59:10.925root 11241100x8000000000000000770490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514c33224d4a1f5d2021-12-20 15:59:10.925root 11241100x8000000000000000770491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5123b2e4d426ff092021-12-20 15:59:10.925root 11241100x8000000000000000770492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11942df1fd2d34a22021-12-20 15:59:10.925root 11241100x8000000000000000770493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278c3a365a7a2be12021-12-20 15:59:10.925root 11241100x8000000000000000770494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987c11922f76fbab2021-12-20 15:59:10.925root 11241100x8000000000000000770495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b939b5fb1a13b82021-12-20 15:59:10.926root 11241100x8000000000000000770496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58add95106ba05812021-12-20 15:59:10.926root 11241100x8000000000000000770497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8533a718a32817fc2021-12-20 15:59:10.926root 11241100x8000000000000000770498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1887fb69e560332021-12-20 15:59:10.926root 11241100x8000000000000000770499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087b50077082ccb72021-12-20 15:59:10.926root 11241100x8000000000000000770500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1776fb1f201daf62021-12-20 15:59:10.926root 11241100x8000000000000000770501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8c03349be5240b2021-12-20 15:59:10.926root 11241100x8000000000000000770502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321b726e55b9bc872021-12-20 15:59:10.926root 11241100x8000000000000000770503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87968f4e730195f12021-12-20 15:59:10.926root 11241100x8000000000000000770504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bc1a11c7b91b962021-12-20 15:59:10.927root 11241100x8000000000000000770505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae7c0e2c757c50b2021-12-20 15:59:10.927root 11241100x8000000000000000770506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c0f4097a19ee252021-12-20 15:59:10.927root 11241100x8000000000000000770507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2312feea468859fb2021-12-20 15:59:11.424root 11241100x8000000000000000770508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4350cc1887c0bd2021-12-20 15:59:11.424root 11241100x8000000000000000770509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e94d3cc28f55ba2021-12-20 15:59:11.424root 11241100x8000000000000000770510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6d4442a2c68e8d2021-12-20 15:59:11.424root 11241100x8000000000000000770511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e651f1d9e1c4202021-12-20 15:59:11.424root 11241100x8000000000000000770512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d1e527fecd19e42021-12-20 15:59:11.424root 11241100x8000000000000000770513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a82c3ce30285d482021-12-20 15:59:11.425root 11241100x8000000000000000770514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a1dd762f70cc4f2021-12-20 15:59:11.425root 11241100x8000000000000000770515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe4bbe34a1eaf3e2021-12-20 15:59:11.425root 11241100x8000000000000000770516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8d2cee3f7b06ff2021-12-20 15:59:11.425root 11241100x8000000000000000770517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8ae85972c4361a2021-12-20 15:59:11.425root 11241100x8000000000000000770518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf61fcb775bc739b2021-12-20 15:59:11.425root 11241100x8000000000000000770519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d21139e00d96282021-12-20 15:59:11.425root 11241100x8000000000000000770520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dc4e62db85d9d72021-12-20 15:59:11.425root 11241100x8000000000000000770521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b624a3c7300227b12021-12-20 15:59:11.426root 11241100x8000000000000000770522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16b499852cab01e2021-12-20 15:59:11.426root 11241100x8000000000000000770523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abfc4472bdabb1e2021-12-20 15:59:11.426root 11241100x8000000000000000770524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21310d95d9beaa942021-12-20 15:59:11.426root 11241100x8000000000000000770525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2895c11560bf5d352021-12-20 15:59:11.426root 11241100x8000000000000000770526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f426f0e918b6ca42021-12-20 15:59:11.426root 11241100x8000000000000000770527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f78ba74db6deaa2021-12-20 15:59:11.426root 11241100x8000000000000000770528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a8da4e458fd3932021-12-20 15:59:11.426root 11241100x8000000000000000770529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8002d7270bd090c12021-12-20 15:59:11.427root 11241100x8000000000000000770530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c386e26fb6c03512021-12-20 15:59:11.427root 11241100x8000000000000000770531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed176710256b2dfe2021-12-20 15:59:11.427root 11241100x8000000000000000770532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533280576e7ec2412021-12-20 15:59:11.427root 11241100x8000000000000000770533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21f128b77b6e3a22021-12-20 15:59:11.427root 11241100x8000000000000000770534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa400560cdd60122021-12-20 15:59:11.427root 11241100x8000000000000000770535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aeed2c3ade2c422021-12-20 15:59:11.427root 11241100x8000000000000000770536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4054ffa458dd93f82021-12-20 15:59:11.427root 11241100x8000000000000000770537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287bc27c2ceaa31f2021-12-20 15:59:11.924root 11241100x8000000000000000770538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd98c30f5338074f2021-12-20 15:59:11.924root 11241100x8000000000000000770539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83381a1d5dd363db2021-12-20 15:59:11.924root 11241100x8000000000000000770540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d21fffa70033ce2021-12-20 15:59:11.925root 11241100x8000000000000000770541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bbe68e317755612021-12-20 15:59:11.925root 11241100x8000000000000000770542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f0e7cdac83f85d2021-12-20 15:59:11.925root 11241100x8000000000000000770543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209da3710f2de4d12021-12-20 15:59:11.925root 11241100x8000000000000000770544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fd0850baffe9782021-12-20 15:59:11.925root 11241100x8000000000000000770545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b383f3bc0232f42021-12-20 15:59:11.925root 11241100x8000000000000000770546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8fa841a7e8e5d02021-12-20 15:59:11.925root 11241100x8000000000000000770547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec2e563f69f90712021-12-20 15:59:11.925root 11241100x8000000000000000770548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d28d3af28379cb2021-12-20 15:59:11.925root 11241100x8000000000000000770549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940776055f7d0dda2021-12-20 15:59:11.925root 11241100x8000000000000000770550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0440d84505a48f92021-12-20 15:59:11.926root 11241100x8000000000000000770551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507ebfc31ef2c1632021-12-20 15:59:11.926root 11241100x8000000000000000770552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bd038117314f402021-12-20 15:59:11.926root 11241100x8000000000000000770553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02583c45a803ea7a2021-12-20 15:59:11.926root 11241100x8000000000000000770554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7095ef57b11dca182021-12-20 15:59:11.926root 11241100x8000000000000000770555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7191b6f6625f90072021-12-20 15:59:11.926root 11241100x8000000000000000770556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35f2bf7af7d4ee62021-12-20 15:59:11.926root 11241100x8000000000000000770557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090150173fafee822021-12-20 15:59:11.926root 11241100x8000000000000000770558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b6a6f318936a6f2021-12-20 15:59:11.926root 11241100x8000000000000000770559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11727c5cfba5c342021-12-20 15:59:11.926root 11241100x8000000000000000770560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b2b30224505dc02021-12-20 15:59:11.927root 11241100x8000000000000000770561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9047b6f554cc52e2021-12-20 15:59:11.927root 11241100x8000000000000000770562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5179563ac83e83672021-12-20 15:59:11.927root 11241100x8000000000000000770563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8606a6d1da10d46c2021-12-20 15:59:11.927root 11241100x8000000000000000770564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8bf0f12b9bc3f12021-12-20 15:59:12.424root 11241100x8000000000000000770565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638baacaebf051732021-12-20 15:59:12.424root 11241100x8000000000000000770566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cf4ed485efade02021-12-20 15:59:12.424root 11241100x8000000000000000770567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4363abc05b170db92021-12-20 15:59:12.425root 11241100x8000000000000000770568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ef23ae8e1c85a22021-12-20 15:59:12.425root 11241100x8000000000000000770569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942e8c6214d2866c2021-12-20 15:59:12.425root 11241100x8000000000000000770570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055cfa2a753a28d72021-12-20 15:59:12.425root 11241100x8000000000000000770571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e31b675abf4514c2021-12-20 15:59:12.425root 11241100x8000000000000000770572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d8c6cfdb70d4982021-12-20 15:59:12.425root 11241100x8000000000000000770573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfa64fdf93abbc92021-12-20 15:59:12.425root 11241100x8000000000000000770574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d4bbb557a713fc2021-12-20 15:59:12.425root 11241100x8000000000000000770575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b214ec2291abd4ee2021-12-20 15:59:12.426root 11241100x8000000000000000770576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7799aad694928be2021-12-20 15:59:12.426root 11241100x8000000000000000770577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63531aa392d6dc52021-12-20 15:59:12.426root 11241100x8000000000000000770578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bb6a9b7b58a0852021-12-20 15:59:12.426root 11241100x8000000000000000770579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa35960ebec28002021-12-20 15:59:12.426root 11241100x8000000000000000770580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be56ec1617caf3222021-12-20 15:59:12.426root 11241100x8000000000000000770581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65511b36185392a82021-12-20 15:59:12.426root 11241100x8000000000000000770582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1dec63cc4e532b2021-12-20 15:59:12.426root 11241100x8000000000000000770583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1ac11bfdce340f2021-12-20 15:59:12.426root 11241100x8000000000000000770584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0469937f880e5f52021-12-20 15:59:12.426root 11241100x8000000000000000770585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831a2e974a5d405b2021-12-20 15:59:12.427root 11241100x8000000000000000770586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623c283ffea1f57f2021-12-20 15:59:12.427root 11241100x8000000000000000770587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9aedca94ac31b052021-12-20 15:59:12.427root 11241100x8000000000000000770588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384864a9a6089aaf2021-12-20 15:59:12.427root 11241100x8000000000000000770589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac7e75ff6ab21e32021-12-20 15:59:12.427root 11241100x8000000000000000770590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470048c55f723b742021-12-20 15:59:12.427root 11241100x8000000000000000770591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7494db88612891c52021-12-20 15:59:12.427root 11241100x8000000000000000770592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133656aa9ccdbd3b2021-12-20 15:59:12.924root 11241100x8000000000000000770593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886f3017690cb39d2021-12-20 15:59:12.924root 11241100x8000000000000000770594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0153e7a108815ed82021-12-20 15:59:12.924root 11241100x8000000000000000770595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2a6f603cba80cf2021-12-20 15:59:12.924root 11241100x8000000000000000770596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5416e095feb8ec982021-12-20 15:59:12.924root 11241100x8000000000000000770597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dc54dfbf5f93d62021-12-20 15:59:12.925root 11241100x8000000000000000770598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcaf6606fd91abca2021-12-20 15:59:12.925root 11241100x8000000000000000770599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9b765bc03cb4e52021-12-20 15:59:12.925root 11241100x8000000000000000770600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38f89aa533081292021-12-20 15:59:12.925root 11241100x8000000000000000770601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5491d978dbaaad2021-12-20 15:59:12.925root 11241100x8000000000000000770602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b819b1d0f38ceec2021-12-20 15:59:12.925root 11241100x8000000000000000770603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631bd1ef9743776e2021-12-20 15:59:12.925root 11241100x8000000000000000770604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4463b244aac537a2021-12-20 15:59:12.925root 11241100x8000000000000000770605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f91fe58e574a672021-12-20 15:59:12.925root 11241100x8000000000000000770606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4124958f5d0447e42021-12-20 15:59:12.925root 11241100x8000000000000000770607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290f1737d2e62b662021-12-20 15:59:12.926root 11241100x8000000000000000770608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bef5c9feb12c0b2021-12-20 15:59:12.926root 11241100x8000000000000000770609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1327fdef2d129e122021-12-20 15:59:12.926root 11241100x8000000000000000770610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec07cc9b7d5e28fb2021-12-20 15:59:12.926root 11241100x8000000000000000770611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd008e8e33fc4f522021-12-20 15:59:12.926root 11241100x8000000000000000770612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b7e363da1489f52021-12-20 15:59:12.926root 11241100x8000000000000000770613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab764c423ae9abf62021-12-20 15:59:12.926root 11241100x8000000000000000770614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b43f8b6f1a5c12021-12-20 15:59:12.927root 11241100x8000000000000000770615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada3f7fa40ef39c52021-12-20 15:59:12.927root 11241100x8000000000000000770616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa9e9db5b6abff02021-12-20 15:59:12.927root 11241100x8000000000000000770617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4fa673e9d8bc212021-12-20 15:59:13.424root 11241100x8000000000000000770618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53618bd85a5ec7412021-12-20 15:59:13.425root 11241100x8000000000000000770619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d463a5d102447192021-12-20 15:59:13.425root 11241100x8000000000000000770620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a80c86a0e71b1142021-12-20 15:59:13.425root 11241100x8000000000000000770621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304acf6f0625c4972021-12-20 15:59:13.425root 11241100x8000000000000000770622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b386d4e87a9091a2021-12-20 15:59:13.425root 11241100x8000000000000000770623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089739b0c15c56932021-12-20 15:59:13.425root 11241100x8000000000000000770624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c91fe9d2a35a722021-12-20 15:59:13.425root 11241100x8000000000000000770625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2984e8e620cba5c82021-12-20 15:59:13.426root 11241100x8000000000000000770626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf022f6bc8f1875b2021-12-20 15:59:13.426root 11241100x8000000000000000770627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08e811441a010262021-12-20 15:59:13.426root 11241100x8000000000000000770628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e629d1edd3d904a22021-12-20 15:59:13.426root 11241100x8000000000000000770629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2072e9cbff9cf5812021-12-20 15:59:13.426root 11241100x8000000000000000770630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd90429afd1d58e02021-12-20 15:59:13.426root 11241100x8000000000000000770631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcb2a93a73f5cdf2021-12-20 15:59:13.426root 11241100x8000000000000000770632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fb70f5a308d78b2021-12-20 15:59:13.427root 11241100x8000000000000000770633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6df1c1a625635f82021-12-20 15:59:13.427root 11241100x8000000000000000770634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23307232a1576cb52021-12-20 15:59:13.428root 11241100x8000000000000000770635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5240cc51672ae732021-12-20 15:59:13.428root 11241100x8000000000000000770636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208ecbd677cffa242021-12-20 15:59:13.428root 11241100x8000000000000000770637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49c8febd815e6482021-12-20 15:59:13.428root 11241100x8000000000000000770638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf2278fa9ab076a2021-12-20 15:59:13.428root 11241100x8000000000000000770639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2e7d8f690ba8652021-12-20 15:59:13.428root 11241100x8000000000000000770640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7946561adec81d92021-12-20 15:59:13.428root 11241100x8000000000000000770641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba21c3839c8f23d52021-12-20 15:59:13.429root 11241100x8000000000000000770642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23d9a6786abd8e32021-12-20 15:59:13.924root 11241100x8000000000000000770643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cc9a0eca50d1952021-12-20 15:59:13.924root 11241100x8000000000000000770644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764cf2bb702c5b772021-12-20 15:59:13.924root 11241100x8000000000000000770645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2d08949840d6ff2021-12-20 15:59:13.924root 11241100x8000000000000000770646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb3a74a0344b9202021-12-20 15:59:13.924root 11241100x8000000000000000770647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae91a2e7712a31a2021-12-20 15:59:13.924root 11241100x8000000000000000770648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0547840664f1911c2021-12-20 15:59:13.925root 11241100x8000000000000000770649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd2231b70710c462021-12-20 15:59:13.925root 11241100x8000000000000000770650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a6230b3e99700f2021-12-20 15:59:13.925root 11241100x8000000000000000770651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb404d6fdf1a38d2021-12-20 15:59:13.925root 11241100x8000000000000000770652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1bfb1aa481a9772021-12-20 15:59:13.925root 11241100x8000000000000000770653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e4f35f198c5d362021-12-20 15:59:13.925root 11241100x8000000000000000770654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1783a331177e72f2021-12-20 15:59:13.925root 11241100x8000000000000000770655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6de218ae1fd52e2021-12-20 15:59:13.925root 11241100x8000000000000000770656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13fa632bb7f18262021-12-20 15:59:13.925root 11241100x8000000000000000770657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e76bcb4ac48edd2021-12-20 15:59:13.925root 11241100x8000000000000000770658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea29dc6da9e6a3b2021-12-20 15:59:13.926root 11241100x8000000000000000770659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b8bad2b30559a12021-12-20 15:59:13.926root 11241100x8000000000000000770660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a68824ecd6ab622021-12-20 15:59:13.926root 11241100x8000000000000000770661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce2c5d3bfbcd2c42021-12-20 15:59:13.926root 11241100x8000000000000000770662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc68cec49701674c2021-12-20 15:59:13.926root 11241100x8000000000000000770663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248f6d179317f7262021-12-20 15:59:13.926root 11241100x8000000000000000770664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e856ec7c868d2d2021-12-20 15:59:13.926root 11241100x8000000000000000770665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e137366bd554fe2021-12-20 15:59:13.926root 11241100x8000000000000000770666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49cdbc95d622d502021-12-20 15:59:13.926root 11241100x8000000000000000770667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6576d39b453fd7fb2021-12-20 15:59:13.926root 11241100x8000000000000000770668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf60fb2cb572cb82021-12-20 15:59:14.424root 11241100x8000000000000000770669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d479b7091ea9bac92021-12-20 15:59:14.424root 11241100x8000000000000000770670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf844a0ca4962562021-12-20 15:59:14.424root 11241100x8000000000000000770671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053de951acffa43c2021-12-20 15:59:14.424root 11241100x8000000000000000770672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e10dcdb7e0645a2021-12-20 15:59:14.425root 11241100x8000000000000000770673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217cfb0fa4460b352021-12-20 15:59:14.425root 11241100x8000000000000000770674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77515b3fb3ed99dd2021-12-20 15:59:14.425root 11241100x8000000000000000770675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d081da7dec71336e2021-12-20 15:59:14.425root 11241100x8000000000000000770676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f720ef3ae5bf08632021-12-20 15:59:14.425root 11241100x8000000000000000770677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36575881e03ed012021-12-20 15:59:14.425root 11241100x8000000000000000770678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82009c0b156ab8ed2021-12-20 15:59:14.425root 11241100x8000000000000000770679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e24038fff6e54ca2021-12-20 15:59:14.425root 11241100x8000000000000000770680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751b5fe8365412ce2021-12-20 15:59:14.425root 11241100x8000000000000000770681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7a44f89830d8a92021-12-20 15:59:14.425root 11241100x8000000000000000770682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d105be6affa5469c2021-12-20 15:59:14.425root 11241100x8000000000000000770683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c00bcdf33cd96302021-12-20 15:59:14.425root 11241100x8000000000000000770684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529d890d5bbf743c2021-12-20 15:59:14.425root 11241100x8000000000000000770685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2b7ce9d5becd962021-12-20 15:59:14.425root 11241100x8000000000000000770686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e057afc564a44ba2021-12-20 15:59:14.425root 11241100x8000000000000000770687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b0ff1991bb7e732021-12-20 15:59:14.426root 11241100x8000000000000000770688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ce26834abc97942021-12-20 15:59:14.426root 11241100x8000000000000000770689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b985d0403ea4a252021-12-20 15:59:14.426root 11241100x8000000000000000770690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711763c07a56be732021-12-20 15:59:14.426root 11241100x8000000000000000770691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e37c23beb8747f12021-12-20 15:59:14.426root 11241100x8000000000000000770692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8306d608abe1f59c2021-12-20 15:59:14.426root 11241100x8000000000000000770693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cb169ae00db35b2021-12-20 15:59:14.924root 11241100x8000000000000000770694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e61057e5d9d7fd2021-12-20 15:59:14.924root 11241100x8000000000000000770695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fc9fc959bd54632021-12-20 15:59:14.925root 11241100x8000000000000000770696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8e9c8582ad85902021-12-20 15:59:14.925root 11241100x8000000000000000770697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb037c6a6db274e42021-12-20 15:59:14.925root 11241100x8000000000000000770698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8da2f8ee4ea8302021-12-20 15:59:14.926root 11241100x8000000000000000770699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bcadec9645de242021-12-20 15:59:14.926root 11241100x8000000000000000770700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987fe64453d965b32021-12-20 15:59:14.926root 11241100x8000000000000000770701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac51fb9c1a2cdd7c2021-12-20 15:59:14.926root 11241100x8000000000000000770702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c82b4dea1b0ed82021-12-20 15:59:14.926root 11241100x8000000000000000770703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d350f1f49c950472021-12-20 15:59:14.927root 11241100x8000000000000000770704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a56689c8acc36192021-12-20 15:59:14.927root 11241100x8000000000000000770705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da74c7b8cbc7f1dc2021-12-20 15:59:14.927root 11241100x8000000000000000770706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4bb1b2f14425992021-12-20 15:59:14.927root 11241100x8000000000000000770707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ab16a62bf56d452021-12-20 15:59:14.929root 11241100x8000000000000000770708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b51629a798ea70c2021-12-20 15:59:14.929root 11241100x8000000000000000770709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889e7e940734150e2021-12-20 15:59:14.929root 11241100x8000000000000000770710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f490033a83548f352021-12-20 15:59:14.929root 11241100x8000000000000000770711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06258ab5985cf2e02021-12-20 15:59:14.929root 11241100x8000000000000000770712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863cfa5f1e84a46f2021-12-20 15:59:14.929root 11241100x8000000000000000770713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031a12074af1b8b72021-12-20 15:59:14.930root 11241100x8000000000000000770714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd5a3b6f2c569c72021-12-20 15:59:14.930root 11241100x8000000000000000770715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6739012dd90bc92021-12-20 15:59:14.930root 11241100x8000000000000000770716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90c39dc5456ec742021-12-20 15:59:14.930root 11241100x8000000000000000770717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d650ecf6468d3d92021-12-20 15:59:14.930root 354300x8000000000000000770718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.136{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51472-false10.0.1.12-8000- 11241100x8000000000000000770719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78cd04076cedeca2021-12-20 15:59:15.424root 11241100x8000000000000000770720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8efdbfa193360f42021-12-20 15:59:15.424root 11241100x8000000000000000770721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d69eb57a5f9e1b02021-12-20 15:59:15.425root 11241100x8000000000000000770722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79043553ac134bb42021-12-20 15:59:15.425root 11241100x8000000000000000770723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532c21e1995010a52021-12-20 15:59:15.425root 11241100x8000000000000000770724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c566dc482111862021-12-20 15:59:15.425root 11241100x8000000000000000770725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdb626dcced11662021-12-20 15:59:15.425root 11241100x8000000000000000770726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9900a78bd25991d2021-12-20 15:59:15.425root 11241100x8000000000000000770727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f10c8af51f8ce72021-12-20 15:59:15.425root 11241100x8000000000000000770728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bddf9ef24c967f2021-12-20 15:59:15.425root 11241100x8000000000000000770729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c289f15508f66d642021-12-20 15:59:15.425root 11241100x8000000000000000770730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152c721544aa3e5d2021-12-20 15:59:15.425root 11241100x8000000000000000770731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d70fa7cdce08d82021-12-20 15:59:15.426root 11241100x8000000000000000770732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3abbd6503260d42021-12-20 15:59:15.426root 11241100x8000000000000000770733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92555b4ad7b9f8682021-12-20 15:59:15.426root 11241100x8000000000000000770734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48738196bcc7dff2021-12-20 15:59:15.426root 11241100x8000000000000000770735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bdf1fc518a0de62021-12-20 15:59:15.426root 11241100x8000000000000000770736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf61c5ac549dce72021-12-20 15:59:15.426root 11241100x8000000000000000770737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9ad9baf7504d3d2021-12-20 15:59:15.426root 11241100x8000000000000000770738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ffa117fe6b6b0c2021-12-20 15:59:15.426root 11241100x8000000000000000770739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8ca3f1e2e034f32021-12-20 15:59:15.426root 11241100x8000000000000000770740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40169143eb4d2cf2021-12-20 15:59:15.426root 11241100x8000000000000000770741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffbe8c625641f5b2021-12-20 15:59:15.426root 11241100x8000000000000000770742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c60f610141c3f982021-12-20 15:59:15.426root 11241100x8000000000000000770743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facd0d128db052aa2021-12-20 15:59:15.427root 11241100x8000000000000000770744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1afd8717b6a5db72021-12-20 15:59:15.427root 11241100x8000000000000000770745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8790c3485b3077e2021-12-20 15:59:15.924root 11241100x8000000000000000770746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac77dd043e1f82e2021-12-20 15:59:15.924root 11241100x8000000000000000770747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba9d01d42b509a72021-12-20 15:59:15.924root 11241100x8000000000000000770748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b54fd998b0507d2021-12-20 15:59:15.924root 11241100x8000000000000000770749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494096e4512f16dc2021-12-20 15:59:15.925root 11241100x8000000000000000770750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fda209bb40601ce2021-12-20 15:59:15.925root 11241100x8000000000000000770751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c198b342050aad2021-12-20 15:59:15.925root 11241100x8000000000000000770752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39ecf1a81de42b12021-12-20 15:59:15.925root 11241100x8000000000000000770753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85cfa7fc15185ae2021-12-20 15:59:15.925root 11241100x8000000000000000770754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc0f3218cebb0b22021-12-20 15:59:15.925root 11241100x8000000000000000770755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1db04ee2c0e759b2021-12-20 15:59:15.925root 11241100x8000000000000000770756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ba22b6c0a4bef92021-12-20 15:59:15.925root 11241100x8000000000000000770757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491cdb3dfdffc77a2021-12-20 15:59:15.925root 11241100x8000000000000000770758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fc6ee27f50c41c2021-12-20 15:59:15.925root 11241100x8000000000000000770759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494b41ba6f1340aa2021-12-20 15:59:15.925root 11241100x8000000000000000770760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c498bfa604926e12021-12-20 15:59:15.925root 11241100x8000000000000000770761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ddc6e858e0a1e12021-12-20 15:59:15.925root 11241100x8000000000000000770762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2999371132c19b8d2021-12-20 15:59:15.925root 11241100x8000000000000000770763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c1429db8205f862021-12-20 15:59:15.925root 11241100x8000000000000000770764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8b601967f5cec52021-12-20 15:59:15.925root 11241100x8000000000000000770765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9d0ae0645026892021-12-20 15:59:15.926root 11241100x8000000000000000770766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f965a10d0a65c55e2021-12-20 15:59:15.926root 11241100x8000000000000000770767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdb62f71af4971d2021-12-20 15:59:15.926root 11241100x8000000000000000770768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d180838524e250762021-12-20 15:59:15.926root 11241100x8000000000000000770769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebb522b8e3f6d302021-12-20 15:59:15.926root 11241100x8000000000000000770770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140f6a105fe9e8c62021-12-20 15:59:15.926root 11241100x8000000000000000770771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79498ddda90aa75c2021-12-20 15:59:15.926root 11241100x8000000000000000770772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5cb8421b82bb122021-12-20 15:59:16.424root 11241100x8000000000000000770773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d59a047862c4852021-12-20 15:59:16.424root 11241100x8000000000000000770774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6f38bd5d9b554c2021-12-20 15:59:16.424root 11241100x8000000000000000770775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf87dba27001cb62021-12-20 15:59:16.424root 11241100x8000000000000000770776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ff627dc3198a4a2021-12-20 15:59:16.424root 11241100x8000000000000000770777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca83bba2cc3f39a42021-12-20 15:59:16.424root 11241100x8000000000000000770778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7126801a55abafc02021-12-20 15:59:16.424root 11241100x8000000000000000770779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8f20a58d0788782021-12-20 15:59:16.425root 11241100x8000000000000000770780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8473d98f95b79b572021-12-20 15:59:16.425root 11241100x8000000000000000770781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6115c3e2cc8e31a72021-12-20 15:59:16.425root 11241100x8000000000000000770782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc1575181e8e2f32021-12-20 15:59:16.425root 11241100x8000000000000000770783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025df4cdb79ce5212021-12-20 15:59:16.425root 11241100x8000000000000000770784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49de1bdc3abcbc292021-12-20 15:59:16.425root 11241100x8000000000000000770785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8579e4749af3042021-12-20 15:59:16.425root 11241100x8000000000000000770786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bda303713a721d62021-12-20 15:59:16.425root 11241100x8000000000000000770787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b71d8c470b5fcbd2021-12-20 15:59:16.425root 11241100x8000000000000000770788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efaada9962011662021-12-20 15:59:16.425root 11241100x8000000000000000770789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb934ef598db883a2021-12-20 15:59:16.425root 11241100x8000000000000000770790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb3a9b2dddb03972021-12-20 15:59:16.426root 11241100x8000000000000000770791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaa4781c68529ca2021-12-20 15:59:16.426root 11241100x8000000000000000770792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c180cf30d4aea92021-12-20 15:59:16.426root 11241100x8000000000000000770793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee9369ddbe778052021-12-20 15:59:16.426root 11241100x8000000000000000770794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2504b12ee466a582021-12-20 15:59:16.426root 11241100x8000000000000000770795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c672f147dd0f243c2021-12-20 15:59:16.426root 11241100x8000000000000000770796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b7eda4dda895ee2021-12-20 15:59:16.426root 11241100x8000000000000000770797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2b3ec4e18b6d872021-12-20 15:59:16.426root 11241100x8000000000000000770798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00f23ddbd0180f12021-12-20 15:59:16.426root 11241100x8000000000000000770799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb80614811bf1a162021-12-20 15:59:16.426root 11241100x8000000000000000770800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0377a46874f6a872021-12-20 15:59:16.426root 11241100x8000000000000000770801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a96f77ab39f33832021-12-20 15:59:16.427root 11241100x8000000000000000770802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e80a3a3449b7292021-12-20 15:59:16.427root 11241100x8000000000000000770803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbc290d7d73ef662021-12-20 15:59:16.427root 11241100x8000000000000000770804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a8d0a8db72d8422021-12-20 15:59:16.427root 11241100x8000000000000000770805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8221d5c1f7d875672021-12-20 15:59:16.924root 11241100x8000000000000000770806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eac16bb25ad0ad92021-12-20 15:59:16.924root 11241100x8000000000000000770807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158090899d9efad92021-12-20 15:59:16.924root 11241100x8000000000000000770808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bdf7247afd65b82021-12-20 15:59:16.924root 11241100x8000000000000000770809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856695ad8b126ab22021-12-20 15:59:16.925root 11241100x8000000000000000770810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b2bc602cc5623d2021-12-20 15:59:16.925root 11241100x8000000000000000770811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10281711641fb8bf2021-12-20 15:59:16.925root 11241100x8000000000000000770812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6ad47bc3e1f7272021-12-20 15:59:16.925root 11241100x8000000000000000770813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65864eb93320bee2021-12-20 15:59:16.925root 11241100x8000000000000000770814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb378a640f32d662021-12-20 15:59:16.925root 11241100x8000000000000000770815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f223afbae97cee072021-12-20 15:59:16.925root 11241100x8000000000000000770816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a3098ce57af1a32021-12-20 15:59:16.925root 11241100x8000000000000000770817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58efff066ee30ba42021-12-20 15:59:16.925root 11241100x8000000000000000770818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defce928c7aa5b3e2021-12-20 15:59:16.925root 11241100x8000000000000000770819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a928a210f7f906cc2021-12-20 15:59:16.925root 11241100x8000000000000000770820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32456aa76424a452021-12-20 15:59:16.925root 11241100x8000000000000000770821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b6156d0cbe13c32021-12-20 15:59:16.925root 11241100x8000000000000000770822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91793f3fd9699bf2021-12-20 15:59:16.925root 11241100x8000000000000000770823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbb487366b8b93d2021-12-20 15:59:16.925root 11241100x8000000000000000770824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba74b73fccf712f2021-12-20 15:59:16.925root 11241100x8000000000000000770825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975bb322d62af8ce2021-12-20 15:59:16.926root 11241100x8000000000000000770826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db937cc06a943102021-12-20 15:59:16.926root 11241100x8000000000000000770827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14946bc909561f032021-12-20 15:59:16.926root 11241100x8000000000000000770828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cc82072f0c92152021-12-20 15:59:16.926root 11241100x8000000000000000770829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524d5ff7842361b12021-12-20 15:59:16.926root 11241100x8000000000000000770830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6902c5f5a986a4d2021-12-20 15:59:16.926root 154100x8000000000000000770831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.322{ec2c97d1-a855-61c0-68e4-9f1753560000}10224/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000770832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.324{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cb09985ea381672021-12-20 15:59:17.324root 11241100x8000000000000000770833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f755aebe9b9d3c6a2021-12-20 15:59:17.325root 11241100x8000000000000000770834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61add82c6e4e0e212021-12-20 15:59:17.325root 11241100x8000000000000000770835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbfbd014413c4e22021-12-20 15:59:17.325root 11241100x8000000000000000770836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a10de80978e50422021-12-20 15:59:17.325root 11241100x8000000000000000770837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6341d6fc40ea04172021-12-20 15:59:17.325root 11241100x8000000000000000770838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412e9a818880ac792021-12-20 15:59:17.325root 11241100x8000000000000000770839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12c65051f584ccd2021-12-20 15:59:17.325root 11241100x8000000000000000770840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.326{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1634c20930bdc2ac2021-12-20 15:59:17.326root 11241100x8000000000000000770841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.326{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ffe318b3840a6b2021-12-20 15:59:17.326root 11241100x8000000000000000770842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.326{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d85e4b2204170292021-12-20 15:59:17.326root 11241100x8000000000000000770843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.327{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ab363f25b74402021-12-20 15:59:17.327root 11241100x8000000000000000770844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.327{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cd4e5621f171d02021-12-20 15:59:17.327root 11241100x8000000000000000770845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.327{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc758fdc63703f52021-12-20 15:59:17.327root 11241100x8000000000000000770846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.327{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768dedba6e6e65732021-12-20 15:59:17.327root 11241100x8000000000000000770847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.327{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54216b4ac1f2bc72021-12-20 15:59:17.327root 11241100x8000000000000000770848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.327{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fe231c312d98f32021-12-20 15:59:17.327root 11241100x8000000000000000770849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.328{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3876ecbf95598e092021-12-20 15:59:17.328root 11241100x8000000000000000770850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.328{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a63178e9442756b2021-12-20 15:59:17.328root 11241100x8000000000000000770851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.328{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1721ebde7a28c72021-12-20 15:59:17.328root 11241100x8000000000000000770852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.328{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12610b6a33247f9b2021-12-20 15:59:17.328root 11241100x8000000000000000770853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.328{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e4727ddb06c5002021-12-20 15:59:17.328root 11241100x8000000000000000770854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.328{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9c6babf090ae9e2021-12-20 15:59:17.328root 11241100x8000000000000000770855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.329{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bafe4db3ac49792021-12-20 15:59:17.329root 11241100x8000000000000000770856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.329{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c1877a45625fee2021-12-20 15:59:17.329root 11241100x8000000000000000770857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.329{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782367a4438fa3bc2021-12-20 15:59:17.329root 11241100x8000000000000000770858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.329{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574a46ea98a681c52021-12-20 15:59:17.329root 534500x8000000000000000770859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.333{ec2c97d1-a855-61c0-68e4-9f1753560000}10224/bin/psroot 11241100x8000000000000000770860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4578bf964cdcd1692021-12-20 15:59:17.674root 11241100x8000000000000000770861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5462efaace224b522021-12-20 15:59:17.674root 11241100x8000000000000000770862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea8ea4c33dc95302021-12-20 15:59:17.674root 11241100x8000000000000000770863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecb34bba950dd322021-12-20 15:59:17.674root 11241100x8000000000000000770864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47739976687019f82021-12-20 15:59:17.674root 11241100x8000000000000000770865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f778ad88e2d177b2021-12-20 15:59:17.674root 11241100x8000000000000000770866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d6bf562f66a6902021-12-20 15:59:17.675root 11241100x8000000000000000770867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5f7b9333406e7c2021-12-20 15:59:17.675root 11241100x8000000000000000770868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb6104c678530892021-12-20 15:59:17.675root 11241100x8000000000000000770869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf92ce1d129a2f32021-12-20 15:59:17.675root 11241100x8000000000000000770870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6c30c78aec1e762021-12-20 15:59:17.675root 11241100x8000000000000000770871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e724a909adb4c52021-12-20 15:59:17.675root 11241100x8000000000000000770872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a8e3f0019b4dc52021-12-20 15:59:17.675root 11241100x8000000000000000770873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cefe7ed0a0bf6262021-12-20 15:59:17.676root 11241100x8000000000000000770874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6056a69bac8b64592021-12-20 15:59:17.676root 11241100x8000000000000000770875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96cf40b42f8c2a22021-12-20 15:59:17.676root 11241100x8000000000000000770876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffae558ba08e1512021-12-20 15:59:17.676root 11241100x8000000000000000770877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3509e6355a24632021-12-20 15:59:17.676root 11241100x8000000000000000770878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0b864701d228472021-12-20 15:59:17.676root 11241100x8000000000000000770879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba9a63f9fba1e802021-12-20 15:59:17.676root 11241100x8000000000000000770880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db2d4ad3e987aa22021-12-20 15:59:17.676root 11241100x8000000000000000770881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345c7c57bad159ce2021-12-20 15:59:17.676root 11241100x8000000000000000770882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e47d96fa52352fd2021-12-20 15:59:17.677root 11241100x8000000000000000770883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843c91f65cb9ce1e2021-12-20 15:59:17.677root 11241100x8000000000000000770884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd6a8f8176a512a2021-12-20 15:59:17.677root 11241100x8000000000000000770885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8087839c0bd88e792021-12-20 15:59:17.677root 11241100x8000000000000000770886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de72821d1217acd2021-12-20 15:59:17.677root 11241100x8000000000000000770887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71032cc49e6f7c52021-12-20 15:59:17.677root 11241100x8000000000000000770888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb59fe4cece0b5d2021-12-20 15:59:17.677root 11241100x8000000000000000770889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f36805a73bfccf2021-12-20 15:59:17.677root 11241100x8000000000000000770890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64d2a2e8e8d600c2021-12-20 15:59:17.677root 11241100x8000000000000000770891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa834996d5e570812021-12-20 15:59:17.677root 11241100x8000000000000000770892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0ca93ec60fabf22021-12-20 15:59:17.677root 11241100x8000000000000000770893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839bbfb2000255d02021-12-20 15:59:17.678root 11241100x8000000000000000770894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbbbc689899c7e82021-12-20 15:59:17.678root 11241100x8000000000000000770895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7ba4a9f0e3aa1f2021-12-20 15:59:17.678root 11241100x8000000000000000770896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9422af4236535b612021-12-20 15:59:17.678root 11241100x8000000000000000770897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38456d93018491802021-12-20 15:59:17.678root 11241100x8000000000000000770898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372bc82c553f398b2021-12-20 15:59:17.678root 11241100x8000000000000000770899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37f66417b529dd82021-12-20 15:59:17.678root 11241100x8000000000000000770900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d141ad9113aaf7e2021-12-20 15:59:17.678root 11241100x8000000000000000770901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7239afe24d1fd52021-12-20 15:59:17.678root 11241100x8000000000000000770902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d92466f57cac6c2021-12-20 15:59:17.678root 11241100x8000000000000000770903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4322f5c6ac27d792021-12-20 15:59:17.679root 11241100x8000000000000000770904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c9e6422deb1a9e2021-12-20 15:59:17.679root 11241100x8000000000000000770905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f0852eea9b13782021-12-20 15:59:17.679root 11241100x8000000000000000770906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5f11dc033a53032021-12-20 15:59:17.679root 11241100x8000000000000000770907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204f7a157b8d91612021-12-20 15:59:17.679root 11241100x8000000000000000770908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18f6b69201c3f512021-12-20 15:59:17.679root 11241100x8000000000000000770909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d993bb1169bf02442021-12-20 15:59:17.679root 11241100x8000000000000000770910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c180cc92a9211be2021-12-20 15:59:17.679root 11241100x8000000000000000770911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e85434ae09c5d3d2021-12-20 15:59:17.680root 11241100x8000000000000000770912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836abb8ed2747b332021-12-20 15:59:17.681root 11241100x8000000000000000770913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c1b4d3012a491f2021-12-20 15:59:17.681root 11241100x8000000000000000770914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436f939268892fb32021-12-20 15:59:17.681root 11241100x8000000000000000770915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc022c55ade5d5e22021-12-20 15:59:17.682root 11241100x8000000000000000770916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b423c625b87eca2021-12-20 15:59:17.682root 11241100x8000000000000000770917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbadaf32ca89b652021-12-20 15:59:17.682root 11241100x8000000000000000770918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207beb7ec84bd6af2021-12-20 15:59:17.682root 11241100x8000000000000000770919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3400a84adbd727ac2021-12-20 15:59:17.682root 11241100x8000000000000000770920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa31b13cdd60ca12021-12-20 15:59:17.682root 11241100x8000000000000000770921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a438e8102403392021-12-20 15:59:17.682root 11241100x8000000000000000770922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e864d314ddd8235f2021-12-20 15:59:17.682root 11241100x8000000000000000770923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a1cf520803ca2d2021-12-20 15:59:17.682root 11241100x8000000000000000770924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e108122353cbca2e2021-12-20 15:59:17.682root 11241100x8000000000000000770925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e75c837d3d023ce2021-12-20 15:59:17.682root 11241100x8000000000000000770926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad834383ae3ba6d2021-12-20 15:59:17.682root 11241100x8000000000000000770927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691384fce34050842021-12-20 15:59:17.683root 11241100x8000000000000000770928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fd60d0768145cc2021-12-20 15:59:17.683root 11241100x8000000000000000770929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6acd38ac9ca06d2021-12-20 15:59:17.683root 11241100x8000000000000000770930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec4174032da991c2021-12-20 15:59:17.683root 11241100x8000000000000000770931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaa843056a5483c2021-12-20 15:59:17.683root 11241100x8000000000000000770932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76a019149e757a42021-12-20 15:59:17.683root 11241100x8000000000000000770933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daea7754af6b17122021-12-20 15:59:17.683root 11241100x8000000000000000770934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547b75a10bf785772021-12-20 15:59:17.683root 11241100x8000000000000000770935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0446f1fd1ac1e1a42021-12-20 15:59:17.683root 11241100x8000000000000000770936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce630bdd07176332021-12-20 15:59:17.683root 11241100x8000000000000000770937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb104e8ccefb0822021-12-20 15:59:17.683root 11241100x8000000000000000770938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8569ab5373d19c282021-12-20 15:59:17.683root 11241100x8000000000000000770939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:17.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5861b04ad4bb95a2021-12-20 15:59:17.683root 11241100x8000000000000000770940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696bcb270e8c31a62021-12-20 15:59:18.174root 11241100x8000000000000000770941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad05ceddbd8ad042021-12-20 15:59:18.174root 11241100x8000000000000000770942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baca4c8c1dc34eca2021-12-20 15:59:18.174root 11241100x8000000000000000770943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9f2c95c74f1db62021-12-20 15:59:18.174root 11241100x8000000000000000770944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe1a3b0c35bb6912021-12-20 15:59:18.175root 11241100x8000000000000000770945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3f8998104077db2021-12-20 15:59:18.175root 11241100x8000000000000000770946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683d5723b2b148352021-12-20 15:59:18.175root 11241100x8000000000000000770947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9368eb205bdb78312021-12-20 15:59:18.175root 11241100x8000000000000000770948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2319a4eab4b9c762021-12-20 15:59:18.175root 11241100x8000000000000000770949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaa6d4e21cf565e2021-12-20 15:59:18.175root 11241100x8000000000000000770950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c84095432ed96172021-12-20 15:59:18.175root 11241100x8000000000000000770951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97164df766afb9532021-12-20 15:59:18.175root 11241100x8000000000000000770952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92f55b7640d0a782021-12-20 15:59:18.176root 11241100x8000000000000000770953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07505bb619c49aa62021-12-20 15:59:18.176root 11241100x8000000000000000770954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d73f46494440f5d2021-12-20 15:59:18.176root 11241100x8000000000000000770955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a147cfb3cafe7f512021-12-20 15:59:18.176root 11241100x8000000000000000770956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb1a75dba4129232021-12-20 15:59:18.176root 11241100x8000000000000000770957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddc289aeb6a7aec2021-12-20 15:59:18.176root 11241100x8000000000000000770958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38613f388ed628a42021-12-20 15:59:18.176root 11241100x8000000000000000770959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c571c1bf896d1c592021-12-20 15:59:18.176root 11241100x8000000000000000770960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca3d859e9d09faa2021-12-20 15:59:18.176root 11241100x8000000000000000770961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a4b620f302c0282021-12-20 15:59:18.177root 11241100x8000000000000000770962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9ae425b2506a3b2021-12-20 15:59:18.177root 11241100x8000000000000000770963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7166eecda27a2ecc2021-12-20 15:59:18.177root 11241100x8000000000000000770964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f311dc363dfd5ae12021-12-20 15:59:18.177root 11241100x8000000000000000770965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8645a333ba75a1ef2021-12-20 15:59:18.177root 11241100x8000000000000000770966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55e13ef132bfced2021-12-20 15:59:18.177root 11241100x8000000000000000770967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ec6f0b63c65abc2021-12-20 15:59:18.177root 11241100x8000000000000000770968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670d34ea1ea577ac2021-12-20 15:59:18.177root 11241100x8000000000000000770969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85cc0acb7bf76fb2021-12-20 15:59:18.177root 11241100x8000000000000000770970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976f5bc5b1281eb22021-12-20 15:59:18.178root 11241100x8000000000000000770971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2549afcfe4bd7e432021-12-20 15:59:18.178root 11241100x8000000000000000770972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbdd348652e62ce2021-12-20 15:59:18.178root 11241100x8000000000000000770973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1fb111c12fd0522021-12-20 15:59:18.179root 11241100x8000000000000000770974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652bee58a18364742021-12-20 15:59:18.179root 11241100x8000000000000000770975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8fe0034bfd3e222021-12-20 15:59:18.184root 11241100x8000000000000000770976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90929cfd9c753e52021-12-20 15:59:18.184root 11241100x8000000000000000770977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608c796d56b541b62021-12-20 15:59:18.184root 11241100x8000000000000000770978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451cbb10f3ac0c562021-12-20 15:59:18.185root 11241100x8000000000000000770979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5158879a469cb662021-12-20 15:59:18.185root 11241100x8000000000000000770980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80caf37561d0839b2021-12-20 15:59:18.186root 11241100x8000000000000000770981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3293d0b0ab4edc82021-12-20 15:59:18.187root 11241100x8000000000000000770982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87672c04a96c0972021-12-20 15:59:18.187root 11241100x8000000000000000770983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328380dbfddead012021-12-20 15:59:18.188root 11241100x8000000000000000770984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f82778a7339aa922021-12-20 15:59:18.189root 11241100x8000000000000000770985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150a53faa7ecf5892021-12-20 15:59:18.189root 11241100x8000000000000000770986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe98db64308aff12021-12-20 15:59:18.189root 11241100x8000000000000000770987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ee349f7ebd16792021-12-20 15:59:18.189root 11241100x8000000000000000770988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4449497519f27002021-12-20 15:59:18.189root 11241100x8000000000000000770989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c32d06d6b8915502021-12-20 15:59:18.189root 11241100x8000000000000000770990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5f52961632f03c2021-12-20 15:59:18.190root 11241100x8000000000000000770991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68e59bd0a1839b02021-12-20 15:59:18.191root 11241100x8000000000000000770992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e5306ce8cac3142021-12-20 15:59:18.191root 11241100x8000000000000000770993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de772107793276c42021-12-20 15:59:18.191root 11241100x8000000000000000770994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c4849c38141e8c2021-12-20 15:59:18.191root 11241100x8000000000000000770995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27621ba8854521e2021-12-20 15:59:18.191root 11241100x8000000000000000770996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18af35e641b070772021-12-20 15:59:18.191root 11241100x8000000000000000770997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.192{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cabe13d5d4228f2021-12-20 15:59:18.192root 11241100x8000000000000000770998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823c5e69a29c6efa2021-12-20 15:59:18.193root 11241100x8000000000000000770999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1167ad0d0ae4ef52021-12-20 15:59:18.193root 11241100x8000000000000000771000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f883dd8cb96cc12021-12-20 15:59:18.193root 11241100x8000000000000000771001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ba1e394347bb2d2021-12-20 15:59:18.193root 11241100x8000000000000000771002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.194{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff45a6e2cc3e7ee2021-12-20 15:59:18.194root 11241100x8000000000000000771003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992ce590a325d9372021-12-20 15:59:18.674root 11241100x8000000000000000771004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9491910f2a3641562021-12-20 15:59:18.674root 11241100x8000000000000000771005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b1568ae8786e082021-12-20 15:59:18.674root 11241100x8000000000000000771006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ffcfb409af00582021-12-20 15:59:18.674root 11241100x8000000000000000771007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039d76e86d3b3f142021-12-20 15:59:18.675root 11241100x8000000000000000771008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f63945d9318a422021-12-20 15:59:18.675root 11241100x8000000000000000771009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6390a868398aaaf92021-12-20 15:59:18.675root 11241100x8000000000000000771010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f934caad669249632021-12-20 15:59:18.675root 11241100x8000000000000000771011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b82235d3c051b742021-12-20 15:59:18.675root 11241100x8000000000000000771012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fced72aeadacdbb62021-12-20 15:59:18.675root 11241100x8000000000000000771013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa49acf0f9b86032021-12-20 15:59:18.675root 11241100x8000000000000000771014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2fcf4d0ec79c302021-12-20 15:59:18.675root 11241100x8000000000000000771015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd4ae62513a3d072021-12-20 15:59:18.675root 11241100x8000000000000000771016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f368680cb5fd09b2021-12-20 15:59:18.675root 11241100x8000000000000000771017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9947b9261f9dcdcc2021-12-20 15:59:18.676root 11241100x8000000000000000771018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5905c52f3da51fbb2021-12-20 15:59:18.676root 11241100x8000000000000000771019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383da2b71f42b32e2021-12-20 15:59:18.676root 11241100x8000000000000000771020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c051c79220ba962021-12-20 15:59:18.677root 11241100x8000000000000000771021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a321eb729c7e0a2021-12-20 15:59:18.677root 11241100x8000000000000000771022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b41291432415932021-12-20 15:59:18.677root 11241100x8000000000000000771023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602e4e3dece5ace92021-12-20 15:59:18.677root 11241100x8000000000000000771024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325d087449caa7922021-12-20 15:59:18.677root 11241100x8000000000000000771025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214249d6b602fad22021-12-20 15:59:18.677root 11241100x8000000000000000771026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c1ccd08f0bcf9a2021-12-20 15:59:18.677root 11241100x8000000000000000771027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8800946cf99e4b2e2021-12-20 15:59:18.677root 11241100x8000000000000000771028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37415c35c96b23262021-12-20 15:59:18.677root 11241100x8000000000000000771029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f2f6843df56ce92021-12-20 15:59:18.678root 11241100x8000000000000000771030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68f240e26e98ed32021-12-20 15:59:18.678root 11241100x8000000000000000771031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccc02b1e7c489ee2021-12-20 15:59:19.174root 11241100x8000000000000000771032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014801d027da368e2021-12-20 15:59:19.174root 11241100x8000000000000000771033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abe4f1afa5f5a172021-12-20 15:59:19.174root 11241100x8000000000000000771034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41ea174daef61bc2021-12-20 15:59:19.174root 11241100x8000000000000000771035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9706696958fd927b2021-12-20 15:59:19.174root 11241100x8000000000000000771036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544b0fbd3f742c442021-12-20 15:59:19.175root 11241100x8000000000000000771037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64adedbfff9474f2021-12-20 15:59:19.175root 11241100x8000000000000000771038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9c93cd0a3ae80f2021-12-20 15:59:19.175root 11241100x8000000000000000771039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0fd75b4da146442021-12-20 15:59:19.175root 11241100x8000000000000000771040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185753898196837d2021-12-20 15:59:19.175root 11241100x8000000000000000771041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c577f7ecf81ab72021-12-20 15:59:19.175root 11241100x8000000000000000771042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa91541962416d002021-12-20 15:59:19.175root 11241100x8000000000000000771043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250fc439df16b8b32021-12-20 15:59:19.175root 11241100x8000000000000000771044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85d9c93d9be80112021-12-20 15:59:19.175root 11241100x8000000000000000771045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e904c21d8ec1e12021-12-20 15:59:19.175root 11241100x8000000000000000771046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab786f98f9995582021-12-20 15:59:19.175root 11241100x8000000000000000771047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59639dc145ffa7ab2021-12-20 15:59:19.175root 11241100x8000000000000000771048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa55deca9a67f6342021-12-20 15:59:19.175root 11241100x8000000000000000771049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9385ae5122bd952021-12-20 15:59:19.175root 11241100x8000000000000000771050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cd39bc1deefd6d2021-12-20 15:59:19.175root 11241100x8000000000000000771051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a49573b6a272942021-12-20 15:59:19.176root 11241100x8000000000000000771052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bb6be29b66f8062021-12-20 15:59:19.176root 11241100x8000000000000000771053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bf22fbb273a0b92021-12-20 15:59:19.176root 11241100x8000000000000000771054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f7fb009f022a6e2021-12-20 15:59:19.176root 11241100x8000000000000000771055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f7202359f0e19f2021-12-20 15:59:19.176root 11241100x8000000000000000771056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3015bb00f6fca8a02021-12-20 15:59:19.176root 11241100x8000000000000000771057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675c9872776b7c3f2021-12-20 15:59:19.176root 11241100x8000000000000000771058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b51f29160526c32021-12-20 15:59:19.176root 11241100x8000000000000000771059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9fe285c44f297f2021-12-20 15:59:19.674root 11241100x8000000000000000771060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a2b84d1893fe762021-12-20 15:59:19.675root 11241100x8000000000000000771061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559069105e142d682021-12-20 15:59:19.675root 11241100x8000000000000000771062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55815ed3a6fa2f222021-12-20 15:59:19.675root 11241100x8000000000000000771063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df8d27d5f4c20fe2021-12-20 15:59:19.675root 11241100x8000000000000000771064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d43f78c304fec42021-12-20 15:59:19.675root 11241100x8000000000000000771065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9edc38d5c64a572021-12-20 15:59:19.675root 11241100x8000000000000000771066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419a91f89587302a2021-12-20 15:59:19.676root 11241100x8000000000000000771067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0117135dd9b10762021-12-20 15:59:19.676root 11241100x8000000000000000771068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8199e902241655912021-12-20 15:59:19.676root 11241100x8000000000000000771069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7642279b795594ac2021-12-20 15:59:19.677root 11241100x8000000000000000771070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5043c788d33846d2021-12-20 15:59:19.677root 11241100x8000000000000000771071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47bb763c4abad5a2021-12-20 15:59:19.677root 11241100x8000000000000000771072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43ab54a091b0e522021-12-20 15:59:19.677root 11241100x8000000000000000771073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3b41aa590e7dbd2021-12-20 15:59:19.677root 11241100x8000000000000000771074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b55662f2782feb32021-12-20 15:59:19.677root 11241100x8000000000000000771075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a514e538630315a2021-12-20 15:59:19.677root 11241100x8000000000000000771076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bf0c76f63fbed72021-12-20 15:59:19.677root 11241100x8000000000000000771077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6205477431058c2021-12-20 15:59:19.677root 11241100x8000000000000000771078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898ad33471566ded2021-12-20 15:59:19.677root 11241100x8000000000000000771079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa06c48bf1545b12021-12-20 15:59:19.678root 11241100x8000000000000000771080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8ff0fa579637852021-12-20 15:59:19.678root 11241100x8000000000000000771081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc27949d55f336952021-12-20 15:59:19.678root 11241100x8000000000000000771082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d7be1aee585c772021-12-20 15:59:19.678root 11241100x8000000000000000771083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba0f7ce966d0b9c2021-12-20 15:59:19.678root 11241100x8000000000000000771084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5468805dd8ac6d2021-12-20 15:59:19.678root 11241100x8000000000000000771085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead4fd113f3c93472021-12-20 15:59:19.678root 11241100x8000000000000000771086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94469f56d527d0752021-12-20 15:59:19.678root 354300x8000000000000000771087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.062{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46176-false10.0.1.12-8089- 11241100x8000000000000000771088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f006bb6309710c2021-12-20 15:59:20.064root 11241100x8000000000000000771089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce4888b3ef2b0802021-12-20 15:59:20.064root 11241100x8000000000000000771090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a658ad4b36708b2021-12-20 15:59:20.065root 11241100x8000000000000000771091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5e8a4cf055191a2021-12-20 15:59:20.065root 11241100x8000000000000000771092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfceca58223940212021-12-20 15:59:20.065root 11241100x8000000000000000771093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc8cb10bd6abee72021-12-20 15:59:20.065root 11241100x8000000000000000771094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e55093dc4e8d2cd2021-12-20 15:59:20.065root 11241100x8000000000000000771095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683446230b3552b72021-12-20 15:59:20.065root 11241100x8000000000000000771096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f41150ffb2aea72021-12-20 15:59:20.065root 11241100x8000000000000000771097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721ec878154126982021-12-20 15:59:20.066root 11241100x8000000000000000771098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6451993f9c95ad032021-12-20 15:59:20.066root 11241100x8000000000000000771099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458dba3935950dd62021-12-20 15:59:20.066root 11241100x8000000000000000771100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cbae21ff2b8fc42021-12-20 15:59:20.066root 11241100x8000000000000000771101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f926620b722fafe2021-12-20 15:59:20.066root 11241100x8000000000000000771102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d71d04eee0f32742021-12-20 15:59:20.066root 11241100x8000000000000000771103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd7a3041b1db9252021-12-20 15:59:20.066root 11241100x8000000000000000771104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a79da879269d59a2021-12-20 15:59:20.066root 11241100x8000000000000000771105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c03e226e7bbb7ab2021-12-20 15:59:20.067root 11241100x8000000000000000771106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7e57463cd43da02021-12-20 15:59:20.067root 11241100x8000000000000000771107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efc6ae036eb88d02021-12-20 15:59:20.067root 11241100x8000000000000000771108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2774dea3bdb798142021-12-20 15:59:20.067root 11241100x8000000000000000771109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af68f6a410f1e7ef2021-12-20 15:59:20.067root 11241100x8000000000000000771110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e24ad2ab48ebe592021-12-20 15:59:20.067root 11241100x8000000000000000771111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ee2c73862df2d82021-12-20 15:59:20.067root 11241100x8000000000000000771112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b095565f201ca82021-12-20 15:59:20.067root 11241100x8000000000000000771113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bd8b9e6e0313622021-12-20 15:59:20.067root 11241100x8000000000000000771114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f5f267ded033b82021-12-20 15:59:20.067root 11241100x8000000000000000771115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51d1fdf1dccc7282021-12-20 15:59:20.067root 11241100x8000000000000000771116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaf7685f453ef4f2021-12-20 15:59:20.067root 11241100x8000000000000000771117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224118511339d7852021-12-20 15:59:20.067root 11241100x8000000000000000771118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4988fc23627258072021-12-20 15:59:20.067root 11241100x8000000000000000771119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0aa2c76f3ae18a42021-12-20 15:59:20.067root 11241100x8000000000000000771120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912a2b3ce71918052021-12-20 15:59:20.068root 11241100x8000000000000000771121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd10673c1d5d2202021-12-20 15:59:20.068root 11241100x8000000000000000771122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677d70719cefda122021-12-20 15:59:20.068root 11241100x8000000000000000771123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e36090fae6d89252021-12-20 15:59:20.068root 11241100x8000000000000000771124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5ee4fda701d3f92021-12-20 15:59:20.068root 11241100x8000000000000000771125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94a493d95cad3dd2021-12-20 15:59:20.424root 11241100x8000000000000000771126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89330f5f5d5f9cc82021-12-20 15:59:20.424root 11241100x8000000000000000771127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9b2f1c1ceba6d02021-12-20 15:59:20.424root 11241100x8000000000000000771128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fc35c7b361e6332021-12-20 15:59:20.425root 11241100x8000000000000000771129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baec68e0911a9662021-12-20 15:59:20.425root 11241100x8000000000000000771130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822baee1d135b14a2021-12-20 15:59:20.425root 11241100x8000000000000000771131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025a1230271316042021-12-20 15:59:20.425root 11241100x8000000000000000771132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c8f50f4b03f63f2021-12-20 15:59:20.425root 11241100x8000000000000000771133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e12e82046645092021-12-20 15:59:20.425root 11241100x8000000000000000771134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccdb849f4136fe02021-12-20 15:59:20.425root 11241100x8000000000000000771135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f4328d893e43602021-12-20 15:59:20.425root 11241100x8000000000000000771136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4928b8dbb381a82021-12-20 15:59:20.426root 11241100x8000000000000000771137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8020565be023fba2021-12-20 15:59:20.426root 11241100x8000000000000000771138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b8efee3faf227d2021-12-20 15:59:20.426root 11241100x8000000000000000771139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b95ce8b8bd49b662021-12-20 15:59:20.427root 11241100x8000000000000000771140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e502d0d086b39da12021-12-20 15:59:20.427root 11241100x8000000000000000771141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea80cc6591d78142021-12-20 15:59:20.427root 11241100x8000000000000000771142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcccafbc5fe1eb52021-12-20 15:59:20.428root 11241100x8000000000000000771143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289ff1acc4b88d9a2021-12-20 15:59:20.428root 11241100x8000000000000000771144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e6a3d2a2da8d622021-12-20 15:59:20.428root 11241100x8000000000000000771145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484d77bdb1120add2021-12-20 15:59:20.428root 11241100x8000000000000000771146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327e1971a67f1fc42021-12-20 15:59:20.428root 11241100x8000000000000000771147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2503b6821ca9d65c2021-12-20 15:59:20.428root 11241100x8000000000000000771148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d994516b043b3ed2021-12-20 15:59:20.428root 11241100x8000000000000000771149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af57eb0475601dd2021-12-20 15:59:20.428root 11241100x8000000000000000771150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1880e5493ed822572021-12-20 15:59:20.429root 11241100x8000000000000000771151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ee05a0ae45d0d72021-12-20 15:59:20.429root 11241100x8000000000000000771152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881aaf2dd68407472021-12-20 15:59:20.429root 11241100x8000000000000000771153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a8f52109094cf32021-12-20 15:59:20.429root 11241100x8000000000000000771154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84930ff7bcefea692021-12-20 15:59:20.924root 11241100x8000000000000000771155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54b6c3fead546112021-12-20 15:59:20.925root 11241100x8000000000000000771156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e91a7cc9bb19d02021-12-20 15:59:20.925root 11241100x8000000000000000771157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067a400f22f3ce232021-12-20 15:59:20.925root 11241100x8000000000000000771158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bd33cb131e667c2021-12-20 15:59:20.925root 11241100x8000000000000000771159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38367301567e21872021-12-20 15:59:20.925root 11241100x8000000000000000771160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40281084cf2d5a72021-12-20 15:59:20.925root 11241100x8000000000000000771161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cd7f368ea3b3b62021-12-20 15:59:20.925root 11241100x8000000000000000771162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b6dd97a4265b5d2021-12-20 15:59:20.925root 11241100x8000000000000000771163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4750bcc04500032b2021-12-20 15:59:20.926root 11241100x8000000000000000771164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c21eaac91aac5382021-12-20 15:59:20.926root 11241100x8000000000000000771165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f3c92d6f0f53522021-12-20 15:59:20.926root 11241100x8000000000000000771166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb6d0dc76ace3312021-12-20 15:59:20.926root 11241100x8000000000000000771167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d91e25e9768e7f42021-12-20 15:59:20.927root 11241100x8000000000000000771168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6abeb55f102ded02021-12-20 15:59:20.928root 11241100x8000000000000000771169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1266eefa312065c2021-12-20 15:59:20.928root 11241100x8000000000000000771170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef73f03fafe913a2021-12-20 15:59:20.928root 11241100x8000000000000000771171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcae9e1d3b3966dc2021-12-20 15:59:20.928root 11241100x8000000000000000771172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad866e917e8796a92021-12-20 15:59:20.928root 11241100x8000000000000000771173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e0695102d989ac2021-12-20 15:59:20.928root 11241100x8000000000000000771174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63bea6c636529852021-12-20 15:59:20.928root 11241100x8000000000000000771175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f1e71fd3b18afa2021-12-20 15:59:20.928root 11241100x8000000000000000771176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5abfcbab6155342021-12-20 15:59:20.928root 11241100x8000000000000000771177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23d9e7738e495082021-12-20 15:59:20.928root 11241100x8000000000000000771178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a68dfaec98e5c12021-12-20 15:59:20.929root 11241100x8000000000000000771179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a37e549d380c402021-12-20 15:59:20.929root 11241100x8000000000000000771180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba97543bbeea92192021-12-20 15:59:20.929root 11241100x8000000000000000771181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2503f557519a40462021-12-20 15:59:20.929root 11241100x8000000000000000771182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:20.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3014aa4a9573e6fe2021-12-20 15:59:20.930root 354300x8000000000000000771183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.103{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51476-false10.0.1.12-8000- 11241100x8000000000000000771184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ebe81e18a894f62021-12-20 15:59:21.424root 11241100x8000000000000000771185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b843d992f17c46ca2021-12-20 15:59:21.424root 11241100x8000000000000000771186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f707c2471d4ea6dc2021-12-20 15:59:21.424root 11241100x8000000000000000771187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddbe42939e62cc42021-12-20 15:59:21.424root 11241100x8000000000000000771188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dd0517ee8b3e702021-12-20 15:59:21.425root 11241100x8000000000000000771189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a974267339b7bbe92021-12-20 15:59:21.425root 11241100x8000000000000000771190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce60560849a464e2021-12-20 15:59:21.425root 11241100x8000000000000000771191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22880568d35ca4432021-12-20 15:59:21.425root 11241100x8000000000000000771192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4767325fa61551c32021-12-20 15:59:21.425root 11241100x8000000000000000771193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d6973e71e688932021-12-20 15:59:21.425root 11241100x8000000000000000771194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f9b394f596e4ec2021-12-20 15:59:21.425root 11241100x8000000000000000771195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e75dfdaf0a40a0a2021-12-20 15:59:21.425root 11241100x8000000000000000771196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9b6dafbbe8af572021-12-20 15:59:21.425root 11241100x8000000000000000771197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd87062c016e2a72021-12-20 15:59:21.425root 11241100x8000000000000000771198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c97267aa54ff8402021-12-20 15:59:21.426root 11241100x8000000000000000771199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad68a875ab87e692021-12-20 15:59:21.426root 11241100x8000000000000000771200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8702b108951a68322021-12-20 15:59:21.426root 11241100x8000000000000000771201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ab65053dbc1d5f2021-12-20 15:59:21.426root 11241100x8000000000000000771202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e11ff1cdd7754092021-12-20 15:59:21.426root 11241100x8000000000000000771203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352737a0f423ed0a2021-12-20 15:59:21.426root 11241100x8000000000000000771204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44f0acdc272d9522021-12-20 15:59:21.426root 11241100x8000000000000000771205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d920042f7d8b6ccd2021-12-20 15:59:21.426root 11241100x8000000000000000771206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0d9042788e8cc52021-12-20 15:59:21.426root 11241100x8000000000000000771207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a7be38efd9d24f2021-12-20 15:59:21.426root 11241100x8000000000000000771208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e183ae401cafe6d92021-12-20 15:59:21.427root 11241100x8000000000000000771209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c1e1dc9cd0b6992021-12-20 15:59:21.427root 11241100x8000000000000000771210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6826f7e897c6dd62021-12-20 15:59:21.427root 11241100x8000000000000000771211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b725f74dce116d792021-12-20 15:59:21.427root 11241100x8000000000000000771212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d378abfdfaf0be2021-12-20 15:59:21.427root 11241100x8000000000000000771213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0560d1e37622998c2021-12-20 15:59:21.427root 11241100x8000000000000000771214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c310f62b6c508d2021-12-20 15:59:21.427root 11241100x8000000000000000771215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836256d520d591752021-12-20 15:59:21.427root 11241100x8000000000000000771216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a4b22f2480449e2021-12-20 15:59:21.428root 11241100x8000000000000000771217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb53625a71005652021-12-20 15:59:21.924root 11241100x8000000000000000771218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42d3eb191de56662021-12-20 15:59:21.925root 11241100x8000000000000000771219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a1774d609d4e672021-12-20 15:59:21.925root 11241100x8000000000000000771220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a96287addc12c112021-12-20 15:59:21.925root 11241100x8000000000000000771221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3665d32ea01c33772021-12-20 15:59:21.925root 11241100x8000000000000000771222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c711e85426d0f0802021-12-20 15:59:21.925root 11241100x8000000000000000771223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4463b6f06ce3f62021-12-20 15:59:21.925root 11241100x8000000000000000771224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7200073d9ce847bd2021-12-20 15:59:21.926root 11241100x8000000000000000771225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf68cba704b5d8612021-12-20 15:59:21.926root 11241100x8000000000000000771226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37852209c725eea62021-12-20 15:59:21.926root 11241100x8000000000000000771227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04828b264ed65e912021-12-20 15:59:21.926root 11241100x8000000000000000771228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f8bb1336c7076c2021-12-20 15:59:21.926root 11241100x8000000000000000771229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70301361be9b91132021-12-20 15:59:21.927root 11241100x8000000000000000771230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3b256b328f325f2021-12-20 15:59:21.927root 11241100x8000000000000000771231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c446ffa2f09c852021-12-20 15:59:21.927root 11241100x8000000000000000771232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d19b67962d9bcc2021-12-20 15:59:21.927root 11241100x8000000000000000771233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34abd56f8ed20ab72021-12-20 15:59:21.927root 11241100x8000000000000000771234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689ad6e4a430115e2021-12-20 15:59:21.927root 11241100x8000000000000000771235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9edabab3df150f42021-12-20 15:59:21.927root 11241100x8000000000000000771236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd3045bd83b8aa72021-12-20 15:59:21.928root 11241100x8000000000000000771237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deee495750eb053b2021-12-20 15:59:21.928root 11241100x8000000000000000771238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70296ffeeec030f42021-12-20 15:59:21.928root 11241100x8000000000000000771239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfaa087c86ab3682021-12-20 15:59:21.928root 11241100x8000000000000000771240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da25259db6b43112021-12-20 15:59:21.928root 11241100x8000000000000000771241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f165ddd5a4790c692021-12-20 15:59:21.928root 11241100x8000000000000000771242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928fb16ed288eb992021-12-20 15:59:21.928root 11241100x8000000000000000771243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b6a5cecf9e15a62021-12-20 15:59:21.928root 11241100x8000000000000000771244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0bfe6636ab34db2021-12-20 15:59:21.928root 11241100x8000000000000000771245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4378ae7d99d5dadf2021-12-20 15:59:21.929root 11241100x8000000000000000771246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:21.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676147ba30ca52c62021-12-20 15:59:21.929root 11241100x8000000000000000771247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c6e983adcd19a52021-12-20 15:59:22.424root 11241100x8000000000000000771248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7591d38c60041c2021-12-20 15:59:22.424root 11241100x8000000000000000771249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83ce7408e37a1af2021-12-20 15:59:22.424root 11241100x8000000000000000771250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d429501d68095b9b2021-12-20 15:59:22.424root 11241100x8000000000000000771251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd63d5ff40add672021-12-20 15:59:22.425root 11241100x8000000000000000771252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c3aa87a50e1edf2021-12-20 15:59:22.425root 11241100x8000000000000000771253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60175666a337f9a2021-12-20 15:59:22.425root 11241100x8000000000000000771254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e38b1faea8244c92021-12-20 15:59:22.425root 11241100x8000000000000000771255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5402960821ad872021-12-20 15:59:22.425root 11241100x8000000000000000771256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878ad7ed5e1855942021-12-20 15:59:22.425root 11241100x8000000000000000771257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1408a275f60f552021-12-20 15:59:22.425root 11241100x8000000000000000771258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8002311fcfbd3672021-12-20 15:59:22.425root 11241100x8000000000000000771259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c993696c42f6d4522021-12-20 15:59:22.425root 11241100x8000000000000000771260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c4f23d623077542021-12-20 15:59:22.425root 11241100x8000000000000000771261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ea63f6ab440b142021-12-20 15:59:22.426root 11241100x8000000000000000771262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f15cdf9c6d3a012021-12-20 15:59:22.426root 11241100x8000000000000000771263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0ba963bb8a1dc82021-12-20 15:59:22.426root 11241100x8000000000000000771264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcdf22152e5581e2021-12-20 15:59:22.426root 11241100x8000000000000000771265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732dccbdfc6b6c5e2021-12-20 15:59:22.426root 11241100x8000000000000000771266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e2777414c7463d2021-12-20 15:59:22.426root 11241100x8000000000000000771267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4eac4b7aefc1922021-12-20 15:59:22.426root 11241100x8000000000000000771268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86a84c3857d0d222021-12-20 15:59:22.427root 11241100x8000000000000000771269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8074747127591e32021-12-20 15:59:22.427root 11241100x8000000000000000771270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b92cb50cdd960a2021-12-20 15:59:22.427root 11241100x8000000000000000771271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2edf3e4d0f14402021-12-20 15:59:22.427root 11241100x8000000000000000771272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e99f84cc54b64b2021-12-20 15:59:22.427root 11241100x8000000000000000771273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfeeaba793b26b272021-12-20 15:59:22.427root 11241100x8000000000000000771274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bd728867eda9452021-12-20 15:59:22.427root 11241100x8000000000000000771275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658c14530be596982021-12-20 15:59:22.427root 11241100x8000000000000000771276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4b35eda7838c792021-12-20 15:59:22.427root 11241100x8000000000000000771277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34c8e09dd3e7da02021-12-20 15:59:22.924root 11241100x8000000000000000771278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4444a527af2a5472021-12-20 15:59:22.925root 11241100x8000000000000000771279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f927784367f0d0712021-12-20 15:59:22.925root 11241100x8000000000000000771280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fee801848f760692021-12-20 15:59:22.925root 11241100x8000000000000000771281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8fe007b4532f982021-12-20 15:59:22.925root 11241100x8000000000000000771282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e4ceaaef67f5ca2021-12-20 15:59:22.925root 11241100x8000000000000000771283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78c048dfd8a67252021-12-20 15:59:22.925root 11241100x8000000000000000771284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e254ca2a06021fa42021-12-20 15:59:22.925root 11241100x8000000000000000771285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2dc1200e9f4d462021-12-20 15:59:22.925root 11241100x8000000000000000771286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb02ccde19bf0002021-12-20 15:59:22.925root 11241100x8000000000000000771287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424a11fd427718292021-12-20 15:59:22.925root 11241100x8000000000000000771288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13ca2e77bd8b23e2021-12-20 15:59:22.925root 11241100x8000000000000000771289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4a64a2245a68832021-12-20 15:59:22.926root 11241100x8000000000000000771290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff16ef6564bee592021-12-20 15:59:22.926root 11241100x8000000000000000771291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc9b4d2b91fc652021-12-20 15:59:22.926root 11241100x8000000000000000771292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3810fd2d867ec1782021-12-20 15:59:22.926root 11241100x8000000000000000771293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2c847bdc2762b02021-12-20 15:59:22.926root 11241100x8000000000000000771294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4822d33c67d7d2b12021-12-20 15:59:22.926root 11241100x8000000000000000771295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c479624374a69c2021-12-20 15:59:22.926root 11241100x8000000000000000771296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef862f52a422a532021-12-20 15:59:22.926root 11241100x8000000000000000771297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89cb1ff70ca02092021-12-20 15:59:22.926root 11241100x8000000000000000771298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd77a7e47d6f742b2021-12-20 15:59:22.927root 11241100x8000000000000000771299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ed709c74bad5c22021-12-20 15:59:22.927root 11241100x8000000000000000771300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dcff18b4f9ce182021-12-20 15:59:22.927root 11241100x8000000000000000771301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726f1fe51c7a68862021-12-20 15:59:22.927root 11241100x8000000000000000771302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c87bd71b1fca4112021-12-20 15:59:22.927root 11241100x8000000000000000771303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185accfc7fd92b0e2021-12-20 15:59:22.927root 11241100x8000000000000000771304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84457a6cbaa95a52021-12-20 15:59:22.927root 11241100x8000000000000000771305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce739efd69af63d2021-12-20 15:59:22.927root 11241100x8000000000000000771306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13a42497eaedf042021-12-20 15:59:22.927root 11241100x8000000000000000771307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e00bc3f8d062822021-12-20 15:59:22.927root 11241100x8000000000000000771308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9cd03959f7bb982021-12-20 15:59:23.424root 11241100x8000000000000000771309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c53897d77c4cf192021-12-20 15:59:23.424root 11241100x8000000000000000771310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393370aa70f754c52021-12-20 15:59:23.424root 11241100x8000000000000000771311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce41c7129f599cf12021-12-20 15:59:23.424root 11241100x8000000000000000771312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71eb1968326426942021-12-20 15:59:23.425root 11241100x8000000000000000771313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e119b885df191302021-12-20 15:59:23.425root 11241100x8000000000000000771314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d3a4ed347038a52021-12-20 15:59:23.425root 11241100x8000000000000000771315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc1fd3c0fee43202021-12-20 15:59:23.425root 11241100x8000000000000000771316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20247285e564e7242021-12-20 15:59:23.426root 11241100x8000000000000000771317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61335bc7b64a7d1a2021-12-20 15:59:23.426root 11241100x8000000000000000771318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9a7a0178e6daec2021-12-20 15:59:23.426root 11241100x8000000000000000771319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d206d66f98f7579e2021-12-20 15:59:23.427root 11241100x8000000000000000771320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1675e6908d7923e02021-12-20 15:59:23.427root 11241100x8000000000000000771321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f55749a528c5beb2021-12-20 15:59:23.427root 11241100x8000000000000000771322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa343fa15d624db2021-12-20 15:59:23.427root 11241100x8000000000000000771323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e056d5d97f4051d72021-12-20 15:59:23.428root 11241100x8000000000000000771324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4070e9745aec76d52021-12-20 15:59:23.428root 11241100x8000000000000000771325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45366d8c3cc6a7022021-12-20 15:59:23.429root 11241100x8000000000000000771326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725faf96feaf859e2021-12-20 15:59:23.429root 11241100x8000000000000000771327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4729ddfe674e12f82021-12-20 15:59:23.429root 11241100x8000000000000000771328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fa6cd479aab4ba2021-12-20 15:59:23.429root 11241100x8000000000000000771329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56561f4c1166fa72021-12-20 15:59:23.430root 11241100x8000000000000000771330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092624190ce95d052021-12-20 15:59:23.430root 11241100x8000000000000000771331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75df70ef2b919db2021-12-20 15:59:23.430root 11241100x8000000000000000771332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a34d3fb19102a772021-12-20 15:59:23.430root 11241100x8000000000000000771333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfa2ef554d6c9062021-12-20 15:59:23.431root 11241100x8000000000000000771334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e40f9d69ba31932021-12-20 15:59:23.431root 11241100x8000000000000000771335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3629f0f7659e3582021-12-20 15:59:23.432root 11241100x8000000000000000771336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03815a1af18912f12021-12-20 15:59:23.432root 11241100x8000000000000000771337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7080fb29dbe3282021-12-20 15:59:23.432root 11241100x8000000000000000771338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1f03a9748206422021-12-20 15:59:23.432root 11241100x8000000000000000771339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cb2f9af53986af2021-12-20 15:59:23.433root 11241100x8000000000000000771340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc04b91da0951992021-12-20 15:59:23.433root 11241100x8000000000000000771341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655af281fe172a722021-12-20 15:59:23.433root 11241100x8000000000000000771342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5959413d58430ea12021-12-20 15:59:23.433root 11241100x8000000000000000771343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cebe9eebac6a7a2021-12-20 15:59:23.433root 11241100x8000000000000000771344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72380bddca45c272021-12-20 15:59:23.434root 11241100x8000000000000000771345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9403b059f03f332021-12-20 15:59:23.434root 11241100x8000000000000000771346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737b637815e244622021-12-20 15:59:23.434root 11241100x8000000000000000771347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725f21892534bb502021-12-20 15:59:23.434root 11241100x8000000000000000771348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d98de60021da5b12021-12-20 15:59:23.434root 11241100x8000000000000000771349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6735f4fd678002fa2021-12-20 15:59:23.435root 11241100x8000000000000000771350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d5e2498b1a1d5e2021-12-20 15:59:23.435root 11241100x8000000000000000771351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158718ffbf10be2b2021-12-20 15:59:23.435root 11241100x8000000000000000771352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa26ec7985342e2021-12-20 15:59:23.435root 11241100x8000000000000000771353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17779ba5e1d3336c2021-12-20 15:59:23.924root 11241100x8000000000000000771354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b726a0357d536422021-12-20 15:59:23.924root 11241100x8000000000000000771355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d971a18e6e45a672021-12-20 15:59:23.924root 11241100x8000000000000000771356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb06b7eb1f94e7c12021-12-20 15:59:23.924root 11241100x8000000000000000771357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a512d6d3f07c75f22021-12-20 15:59:23.925root 11241100x8000000000000000771358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe874c70a05c6352021-12-20 15:59:23.925root 11241100x8000000000000000771359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a663cbda1552e6772021-12-20 15:59:23.925root 11241100x8000000000000000771360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb735a225df666b2021-12-20 15:59:23.925root 11241100x8000000000000000771361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a7bad09724db902021-12-20 15:59:23.925root 11241100x8000000000000000771362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcbf1d3b31386142021-12-20 15:59:23.925root 11241100x8000000000000000771363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c97aba5dc85e9222021-12-20 15:59:23.925root 11241100x8000000000000000771364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8056d27c48e89dc22021-12-20 15:59:23.925root 11241100x8000000000000000771365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1c6f435e730d792021-12-20 15:59:23.925root 11241100x8000000000000000771366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628b705df1e3b02c2021-12-20 15:59:23.925root 11241100x8000000000000000771367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529942391511682c2021-12-20 15:59:23.926root 11241100x8000000000000000771368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e4b0fc3215386b2021-12-20 15:59:23.926root 11241100x8000000000000000771369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcdccd1949b21f32021-12-20 15:59:23.926root 11241100x8000000000000000771370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977afee9f313325f2021-12-20 15:59:23.926root 11241100x8000000000000000771371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3b920b9ab6f7a62021-12-20 15:59:23.926root 11241100x8000000000000000771372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e535df8592231632021-12-20 15:59:23.926root 11241100x8000000000000000771373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7363beb2d8ddb62021-12-20 15:59:23.926root 11241100x8000000000000000771374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe12539a3a857f7e2021-12-20 15:59:23.926root 11241100x8000000000000000771375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6779c5142fe6ee2021-12-20 15:59:23.926root 11241100x8000000000000000771376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c87f62f8db03bd2021-12-20 15:59:23.927root 11241100x8000000000000000771377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe02ddf27e18ab22021-12-20 15:59:23.927root 11241100x8000000000000000771378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7696b499e5b0682021-12-20 15:59:23.927root 11241100x8000000000000000771379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148da11d39725f4b2021-12-20 15:59:23.927root 11241100x8000000000000000771380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d59e2d2e8f0fee2021-12-20 15:59:23.927root 11241100x8000000000000000771381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0690b67ee6ad482021-12-20 15:59:23.927root 11241100x8000000000000000771382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760d001eca77edf02021-12-20 15:59:23.927root 11241100x8000000000000000771383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5066d540ea6a202021-12-20 15:59:23.927root 11241100x8000000000000000771384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577d151a2d7c8aa52021-12-20 15:59:23.927root 11241100x8000000000000000771385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3fb924e54a4c742021-12-20 15:59:23.928root 11241100x8000000000000000771386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5328ff9321e74bc2021-12-20 15:59:23.928root 11241100x8000000000000000771387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af799a8f3c0d3482021-12-20 15:59:23.928root 11241100x8000000000000000771388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6b297e06de3f652021-12-20 15:59:23.928root 11241100x8000000000000000771389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe6f24f95bcd7092021-12-20 15:59:23.928root 11241100x8000000000000000771390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e839610328c7c32021-12-20 15:59:23.929root 11241100x8000000000000000771391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d110871e274ad5c02021-12-20 15:59:23.929root 11241100x8000000000000000771392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1805a052f42bd8ce2021-12-20 15:59:23.929root 11241100x8000000000000000771393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d61f5ef91964a822021-12-20 15:59:23.933root 11241100x8000000000000000771394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840d8d8695fa58fa2021-12-20 15:59:23.933root 11241100x8000000000000000771395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf81fedb99d13482021-12-20 15:59:23.934root 11241100x8000000000000000771396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2859d97429650102021-12-20 15:59:23.934root 11241100x8000000000000000771397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c95cac966929242021-12-20 15:59:23.934root 11241100x8000000000000000771398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0ec6e067ae9d7b2021-12-20 15:59:23.934root 11241100x8000000000000000771399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bca3277b0af41e32021-12-20 15:59:23.934root 11241100x8000000000000000771400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25148e429605040d2021-12-20 15:59:23.934root 11241100x8000000000000000771401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e7dace162454502021-12-20 15:59:23.934root 11241100x8000000000000000771402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b009efd9af93b7c92021-12-20 15:59:23.934root 11241100x8000000000000000771403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb83e9a29a19b95f2021-12-20 15:59:23.934root 11241100x8000000000000000771404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64955a6e24df25082021-12-20 15:59:23.934root 11241100x8000000000000000771405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096ca6245a64d8dc2021-12-20 15:59:23.934root 11241100x8000000000000000771406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1b8df4bc16a2722021-12-20 15:59:23.935root 11241100x8000000000000000771407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a94f44324d43dde2021-12-20 15:59:23.935root 11241100x8000000000000000771408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b6ff1b6760a9c72021-12-20 15:59:23.935root 11241100x8000000000000000771409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454311a0af0a38722021-12-20 15:59:23.935root 11241100x8000000000000000771410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7977d124d759ad02021-12-20 15:59:23.935root 11241100x8000000000000000771411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5254369ecc6009302021-12-20 15:59:23.935root 11241100x8000000000000000771412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac2951fb9fd30372021-12-20 15:59:23.935root 11241100x8000000000000000771413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c43b4a8e0082b4b2021-12-20 15:59:23.935root 11241100x8000000000000000771414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3376fca6b8d4f2c82021-12-20 15:59:23.935root 11241100x8000000000000000771415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b619ad75363d552021-12-20 15:59:23.935root 11241100x8000000000000000771416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db94dacf02a627792021-12-20 15:59:23.935root 11241100x8000000000000000771417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e562d8050b579b62021-12-20 15:59:23.935root 11241100x8000000000000000771418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abd224ffe8cfb8a2021-12-20 15:59:23.935root 11241100x8000000000000000771419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83da88f348a2270a2021-12-20 15:59:23.935root 11241100x8000000000000000771420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba811fcb8d05d5e2021-12-20 15:59:23.935root 11241100x8000000000000000771421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cf8f7a6dea0a892021-12-20 15:59:23.936root 11241100x8000000000000000771422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:23.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207ce531eb07cd4b2021-12-20 15:59:23.936root 11241100x8000000000000000771423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f27b5154968a972021-12-20 15:59:24.424root 11241100x8000000000000000771424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936eee9e36a4eafa2021-12-20 15:59:24.424root 11241100x8000000000000000771425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f82cb0720e89932021-12-20 15:59:24.424root 11241100x8000000000000000771426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553180b966761a662021-12-20 15:59:24.424root 11241100x8000000000000000771427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8eb70987e639fd2021-12-20 15:59:24.425root 11241100x8000000000000000771428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e06d8df71b7f4e62021-12-20 15:59:24.425root 11241100x8000000000000000771429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2ee5e0742195002021-12-20 15:59:24.425root 11241100x8000000000000000771430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a535d005ebc76d2021-12-20 15:59:24.425root 11241100x8000000000000000771431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9445aa4cdc3523d62021-12-20 15:59:24.425root 11241100x8000000000000000771432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf4e1749b0e5d9e2021-12-20 15:59:24.425root 11241100x8000000000000000771433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68310cae381454662021-12-20 15:59:24.425root 11241100x8000000000000000771434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9707e2e82c6f8a8f2021-12-20 15:59:24.425root 11241100x8000000000000000771435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc8262cb39d97822021-12-20 15:59:24.425root 11241100x8000000000000000771436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849e3abf159c22932021-12-20 15:59:24.425root 11241100x8000000000000000771437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c44f2e84d4bb772021-12-20 15:59:24.425root 11241100x8000000000000000771438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe570e2aa5657d02021-12-20 15:59:24.425root 11241100x8000000000000000771439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b59c42161c438702021-12-20 15:59:24.425root 11241100x8000000000000000771440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8762111cd00517c82021-12-20 15:59:24.425root 11241100x8000000000000000771441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f603126b9cbbb52021-12-20 15:59:24.425root 11241100x8000000000000000771442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54364c0a13f2a8a12021-12-20 15:59:24.425root 11241100x8000000000000000771443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3e922b6633b10f2021-12-20 15:59:24.426root 11241100x8000000000000000771444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d2bbcaa360c0772021-12-20 15:59:24.426root 11241100x8000000000000000771445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f426d2b5425a3b52021-12-20 15:59:24.426root 11241100x8000000000000000771446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23ca969b75fef6b2021-12-20 15:59:24.426root 11241100x8000000000000000771447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4d6e70c24d491f2021-12-20 15:59:24.426root 11241100x8000000000000000771448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769983e0995f57ee2021-12-20 15:59:24.426root 11241100x8000000000000000771449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b438c53888729f782021-12-20 15:59:24.426root 11241100x8000000000000000771450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce0b0aeac5b65522021-12-20 15:59:24.426root 11241100x8000000000000000771451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae092eda7bfb8c8c2021-12-20 15:59:24.426root 11241100x8000000000000000771452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774a29a9a9595a9d2021-12-20 15:59:24.426root 11241100x8000000000000000771453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6267e8ebf51c3a2021-12-20 15:59:24.924root 11241100x8000000000000000771454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ea65419b169c7b2021-12-20 15:59:24.924root 11241100x8000000000000000771455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f1cc08fe97a74f2021-12-20 15:59:24.924root 11241100x8000000000000000771456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b362c07986b90ed72021-12-20 15:59:24.924root 11241100x8000000000000000771457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff89c16bbba65a432021-12-20 15:59:24.924root 11241100x8000000000000000771458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028b60c8378a7be12021-12-20 15:59:24.925root 11241100x8000000000000000771459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8631dd88299c0c4b2021-12-20 15:59:24.925root 11241100x8000000000000000771460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b94f37c877fb742021-12-20 15:59:24.925root 11241100x8000000000000000771461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13acd16b1014076a2021-12-20 15:59:24.925root 11241100x8000000000000000771462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf213e252e2bc5a2021-12-20 15:59:24.925root 11241100x8000000000000000771463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb775bc2adbf9562021-12-20 15:59:24.925root 11241100x8000000000000000771464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b81620144d0cb582021-12-20 15:59:24.925root 11241100x8000000000000000771465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a92b8d8fac6e59d2021-12-20 15:59:24.925root 11241100x8000000000000000771466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68056cc9759b38bc2021-12-20 15:59:24.925root 11241100x8000000000000000771467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58316d0191f1a8402021-12-20 15:59:24.925root 11241100x8000000000000000771468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b24d031ec065a32021-12-20 15:59:24.926root 11241100x8000000000000000771469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d94f3a4f80e5512021-12-20 15:59:24.926root 11241100x8000000000000000771470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01defee951c7e4d2021-12-20 15:59:24.926root 11241100x8000000000000000771471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad49cb21ee371672021-12-20 15:59:24.926root 11241100x8000000000000000771472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baf4a6a5337a8492021-12-20 15:59:24.926root 11241100x8000000000000000771473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017f729ccd12dcb32021-12-20 15:59:24.926root 11241100x8000000000000000771474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f5d3df28230a4e2021-12-20 15:59:24.926root 11241100x8000000000000000771475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3feea6a5b4877c2021-12-20 15:59:24.926root 11241100x8000000000000000771476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590f43def28475602021-12-20 15:59:24.926root 11241100x8000000000000000771477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198b1493b27b98f52021-12-20 15:59:24.926root 11241100x8000000000000000771478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7fa889e44416f52021-12-20 15:59:24.926root 11241100x8000000000000000771479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebd323bd2da84172021-12-20 15:59:24.926root 11241100x8000000000000000771480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd998327ddea3e32021-12-20 15:59:24.926root 11241100x8000000000000000771481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4261835d5dde53732021-12-20 15:59:24.926root 11241100x8000000000000000771482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80385af8cb426492021-12-20 15:59:24.927root 11241100x8000000000000000771483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a496a7a347e55c02021-12-20 15:59:24.927root 11241100x8000000000000000771484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacf8178eeb5c66e2021-12-20 15:59:24.927root 11241100x8000000000000000771485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59792093c4b2572d2021-12-20 15:59:24.927root 11241100x8000000000000000771486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e21fbb20b881c0d2021-12-20 15:59:24.927root 11241100x8000000000000000771487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a875c451c991a02021-12-20 15:59:24.927root 11241100x8000000000000000771488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7c513b2025c1c82021-12-20 15:59:24.927root 11241100x8000000000000000771489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464cc721946e79f52021-12-20 15:59:24.927root 11241100x8000000000000000771490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae2c84c71b8fd802021-12-20 15:59:24.927root 11241100x8000000000000000771491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06071dba4ceee9ad2021-12-20 15:59:24.927root 11241100x8000000000000000771492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5f32c88dd9d7cc2021-12-20 15:59:25.424root 11241100x8000000000000000771493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30feb812a0560722021-12-20 15:59:25.424root 11241100x8000000000000000771494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea51d2062a0512e2021-12-20 15:59:25.424root 11241100x8000000000000000771495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fac3f0b7d24d6b92021-12-20 15:59:25.425root 11241100x8000000000000000771496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babb306bdc32be522021-12-20 15:59:25.425root 11241100x8000000000000000771497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555d7f7e89a8baad2021-12-20 15:59:25.425root 11241100x8000000000000000771498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51cf4efe9c3a5262021-12-20 15:59:25.425root 11241100x8000000000000000771499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14aad889f2b3b252021-12-20 15:59:25.425root 11241100x8000000000000000771500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2014baf0c17ef5422021-12-20 15:59:25.425root 11241100x8000000000000000771501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be896633ce45cd032021-12-20 15:59:25.425root 11241100x8000000000000000771502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff52652238b12f382021-12-20 15:59:25.425root 11241100x8000000000000000771503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd89231999adb072021-12-20 15:59:25.425root 11241100x8000000000000000771504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5546ebfb55083b422021-12-20 15:59:25.425root 11241100x8000000000000000771505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba926ff5c40538e32021-12-20 15:59:25.425root 11241100x8000000000000000771506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d93ca600c38b2ea2021-12-20 15:59:25.425root 11241100x8000000000000000771507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd5834b80e6b8a92021-12-20 15:59:25.425root 11241100x8000000000000000771508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec79f23713c8cec2021-12-20 15:59:25.425root 11241100x8000000000000000771509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542e90890cdcf1fa2021-12-20 15:59:25.425root 11241100x8000000000000000771510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cb2f8ef2020f132021-12-20 15:59:25.425root 11241100x8000000000000000771511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e510175365364742021-12-20 15:59:25.426root 11241100x8000000000000000771512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e324a03e930bbd252021-12-20 15:59:25.426root 11241100x8000000000000000771513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5119a7012e4db5262021-12-20 15:59:25.426root 11241100x8000000000000000771514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e702cc9886c30b542021-12-20 15:59:25.426root 11241100x8000000000000000771515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc37a0a17003f802021-12-20 15:59:25.426root 11241100x8000000000000000771516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fab0554a8c900f02021-12-20 15:59:25.426root 11241100x8000000000000000771517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41df26ad8cd1be8b2021-12-20 15:59:25.426root 11241100x8000000000000000771518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19745ead002b64d2021-12-20 15:59:25.426root 11241100x8000000000000000771519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e58225251ef64d92021-12-20 15:59:25.426root 11241100x8000000000000000771520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bfc026894737852021-12-20 15:59:25.426root 11241100x8000000000000000771521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055276938df33aa82021-12-20 15:59:25.426root 11241100x8000000000000000771522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875de42748d1a03e2021-12-20 15:59:25.426root 11241100x8000000000000000771523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feadd58793bfef8a2021-12-20 15:59:25.426root 11241100x8000000000000000771524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a23638fa8b3a6f02021-12-20 15:59:25.924root 11241100x8000000000000000771525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad47ffe975843342021-12-20 15:59:25.924root 11241100x8000000000000000771526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d37b7df8f8f2392021-12-20 15:59:25.924root 11241100x8000000000000000771527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94005e19c9e7da9e2021-12-20 15:59:25.924root 11241100x8000000000000000771528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848feac8a6bb218a2021-12-20 15:59:25.925root 11241100x8000000000000000771529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff9fd5a219708942021-12-20 15:59:25.925root 11241100x8000000000000000771530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850f7f70e5b23e8a2021-12-20 15:59:25.925root 11241100x8000000000000000771531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2e786ad543c05a2021-12-20 15:59:25.925root 11241100x8000000000000000771532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cefb72dd08d61c2021-12-20 15:59:25.925root 11241100x8000000000000000771533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75ae2db554f50e32021-12-20 15:59:25.925root 11241100x8000000000000000771534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4971843996e65cc2021-12-20 15:59:25.925root 11241100x8000000000000000771535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303950ae78aaafa72021-12-20 15:59:25.926root 11241100x8000000000000000771536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4406f4e2687be52021-12-20 15:59:25.926root 11241100x8000000000000000771537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1076b6463248e3fa2021-12-20 15:59:25.926root 11241100x8000000000000000771538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9c2086f4da474d2021-12-20 15:59:25.926root 11241100x8000000000000000771539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a10fed47dcb9f802021-12-20 15:59:25.926root 11241100x8000000000000000771540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ea8f01679879fe2021-12-20 15:59:25.927root 11241100x8000000000000000771541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b1bd5f16b57b342021-12-20 15:59:25.927root 11241100x8000000000000000771542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2292362d80c1b3792021-12-20 15:59:25.927root 11241100x8000000000000000771543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13aed704460325d2021-12-20 15:59:25.927root 11241100x8000000000000000771544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b45cbeec635e182021-12-20 15:59:25.927root 11241100x8000000000000000771545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8552b728177ce582021-12-20 15:59:25.928root 11241100x8000000000000000771546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f98af65572dc66c2021-12-20 15:59:25.928root 11241100x8000000000000000771547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0494e4fe2178f7992021-12-20 15:59:25.928root 11241100x8000000000000000771548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53afac1ea3bf35432021-12-20 15:59:25.928root 11241100x8000000000000000771549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787ccb5b0952eda32021-12-20 15:59:25.929root 11241100x8000000000000000771550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edf12420646db2e2021-12-20 15:59:25.929root 11241100x8000000000000000771551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d2b66dacf1f22f2021-12-20 15:59:25.929root 11241100x8000000000000000771552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228489c496315b422021-12-20 15:59:25.929root 11241100x8000000000000000771553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1513e052d4ec60392021-12-20 15:59:25.930root 11241100x8000000000000000771554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf0d9ad1fe6a4cb2021-12-20 15:59:25.930root 11241100x8000000000000000771555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bce19afce967e42021-12-20 15:59:25.930root 11241100x8000000000000000771556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10428936ef5ec7ea2021-12-20 15:59:25.930root 11241100x8000000000000000771557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3187d48ffb8805c02021-12-20 15:59:25.930root 11241100x8000000000000000771558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af961dec6b38b45b2021-12-20 15:59:25.930root 11241100x8000000000000000771559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059f30667f9618392021-12-20 15:59:25.930root 11241100x8000000000000000771560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbd2a292bed7e6b2021-12-20 15:59:25.930root 11241100x8000000000000000771561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d13f485cab00a12021-12-20 15:59:25.930root 11241100x8000000000000000771562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:25.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036abb8cf590f6d32021-12-20 15:59:25.930root 11241100x8000000000000000771563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1e06ad811f4c8d2021-12-20 15:59:26.424root 11241100x8000000000000000771564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f8077f82114cab2021-12-20 15:59:26.424root 11241100x8000000000000000771565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c1a8477ff144b62021-12-20 15:59:26.424root 11241100x8000000000000000771566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6afe3f9f072f2e2021-12-20 15:59:26.424root 11241100x8000000000000000771567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5d2264888b99db2021-12-20 15:59:26.425root 11241100x8000000000000000771568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62329fa33f24c9862021-12-20 15:59:26.425root 11241100x8000000000000000771569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0285ad70e154f9302021-12-20 15:59:26.425root 11241100x8000000000000000771570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37142d1a1818504d2021-12-20 15:59:26.425root 11241100x8000000000000000771571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74226e52be32f99a2021-12-20 15:59:26.425root 11241100x8000000000000000771572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197330ce22dee94c2021-12-20 15:59:26.425root 11241100x8000000000000000771573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28104292a5acb74a2021-12-20 15:59:26.425root 11241100x8000000000000000771574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867a1702c77992192021-12-20 15:59:26.425root 11241100x8000000000000000771575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a654e0c193a73b52021-12-20 15:59:26.425root 11241100x8000000000000000771576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa847181f63205d72021-12-20 15:59:26.425root 11241100x8000000000000000771577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227a9a61113896f92021-12-20 15:59:26.425root 11241100x8000000000000000771578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd2ddf348f39fa92021-12-20 15:59:26.425root 11241100x8000000000000000771579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118ca61d00f3f6b42021-12-20 15:59:26.425root 11241100x8000000000000000771580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bb246296ed60322021-12-20 15:59:26.425root 11241100x8000000000000000771581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e61c88f9322c6f2021-12-20 15:59:26.425root 11241100x8000000000000000771582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1f4ed24aa0ae712021-12-20 15:59:26.426root 11241100x8000000000000000771583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d20df3b48e13f32021-12-20 15:59:26.426root 11241100x8000000000000000771584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c4722bc3543fca2021-12-20 15:59:26.426root 11241100x8000000000000000771585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f8931d3c6216d02021-12-20 15:59:26.426root 11241100x8000000000000000771586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a05293001a5845c2021-12-20 15:59:26.426root 11241100x8000000000000000771587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cd5a7125375d322021-12-20 15:59:26.426root 11241100x8000000000000000771588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764aca9f562f42842021-12-20 15:59:26.426root 11241100x8000000000000000771589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ec305299de69402021-12-20 15:59:26.426root 11241100x8000000000000000771590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f213296016ae2082021-12-20 15:59:26.426root 11241100x8000000000000000771591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e47dfb1f557491f2021-12-20 15:59:26.426root 11241100x8000000000000000771592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bccef7cc889dd22021-12-20 15:59:26.426root 11241100x8000000000000000771593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3a820e8194790e2021-12-20 15:59:26.426root 11241100x8000000000000000771594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a398b8bc6fe2b5632021-12-20 15:59:26.924root 11241100x8000000000000000771595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e7867c64a56be72021-12-20 15:59:26.924root 11241100x8000000000000000771596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c893b218e1a2e3eb2021-12-20 15:59:26.924root 11241100x8000000000000000771597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc867f84db16b1ae2021-12-20 15:59:26.924root 11241100x8000000000000000771598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e89e6176311853a2021-12-20 15:59:26.925root 11241100x8000000000000000771599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225f3d1b83f555832021-12-20 15:59:26.925root 11241100x8000000000000000771600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7314e023a13b1f12021-12-20 15:59:26.925root 11241100x8000000000000000771601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980deb5bc3aee4822021-12-20 15:59:26.925root 11241100x8000000000000000771602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b091519a68ed0b242021-12-20 15:59:26.925root 11241100x8000000000000000771603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6949205d4b5d302021-12-20 15:59:26.925root 11241100x8000000000000000771604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf3877c7a80a4ca2021-12-20 15:59:26.925root 11241100x8000000000000000771605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fddda065b4f2062021-12-20 15:59:26.925root 11241100x8000000000000000771606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b46a323d4e73a962021-12-20 15:59:26.925root 11241100x8000000000000000771607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1974a21050841222021-12-20 15:59:26.925root 11241100x8000000000000000771608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9be5482c574822021-12-20 15:59:26.925root 11241100x8000000000000000771609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8a8699e806d6322021-12-20 15:59:26.925root 11241100x8000000000000000771610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a96ed7dfabc51f2021-12-20 15:59:26.925root 11241100x8000000000000000771611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c59c55e1c9bc1d2021-12-20 15:59:26.925root 11241100x8000000000000000771612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc84a62a431d419a2021-12-20 15:59:26.925root 11241100x8000000000000000771613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6890b1d26c244d2021-12-20 15:59:26.926root 11241100x8000000000000000771614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b57d087ee4931d2021-12-20 15:59:26.926root 11241100x8000000000000000771615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085669b05388a86e2021-12-20 15:59:26.926root 11241100x8000000000000000771616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9911059cf3a190712021-12-20 15:59:26.926root 11241100x8000000000000000771617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b88e22424ce3f482021-12-20 15:59:26.926root 11241100x8000000000000000771618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26605ee1e78a68312021-12-20 15:59:26.926root 11241100x8000000000000000771619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6b026149b604472021-12-20 15:59:26.926root 11241100x8000000000000000771620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e8c61696e4a0ef2021-12-20 15:59:26.926root 11241100x8000000000000000771621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49d4b74c9345d032021-12-20 15:59:26.926root 11241100x8000000000000000771622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8530173f0d19d7d2021-12-20 15:59:26.926root 11241100x8000000000000000771623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ce4695b0eb8e812021-12-20 15:59:26.926root 11241100x8000000000000000771624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d8db241dc5ae3f2021-12-20 15:59:26.926root 354300x8000000000000000771625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.067{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51478-false10.0.1.12-8000- 11241100x8000000000000000771626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c043bc1f1369c3762021-12-20 15:59:27.424root 11241100x8000000000000000771627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cf22242161e9d12021-12-20 15:59:27.424root 11241100x8000000000000000771628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f9eee259e456372021-12-20 15:59:27.424root 11241100x8000000000000000771629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35553ea24e87c4092021-12-20 15:59:27.424root 11241100x8000000000000000771630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513f429e1e34244c2021-12-20 15:59:27.424root 11241100x8000000000000000771631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9641a9d7c730e02021-12-20 15:59:27.424root 11241100x8000000000000000771632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7406db6d05f175e2021-12-20 15:59:27.424root 11241100x8000000000000000771633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5323bc59ac2f502021-12-20 15:59:27.425root 11241100x8000000000000000771634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ee94013cbe5aee2021-12-20 15:59:27.425root 11241100x8000000000000000771635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182675c7f03a18cc2021-12-20 15:59:27.425root 11241100x8000000000000000771636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3f28c67eb6e3a62021-12-20 15:59:27.425root 11241100x8000000000000000771637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1846e62179bba42021-12-20 15:59:27.425root 11241100x8000000000000000771638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74dcc86f8229fd82021-12-20 15:59:27.425root 11241100x8000000000000000771639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1defd9dd7ccf052021-12-20 15:59:27.425root 11241100x8000000000000000771640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731cb57a3d6a75062021-12-20 15:59:27.425root 11241100x8000000000000000771641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f45d6525fd99d72021-12-20 15:59:27.425root 11241100x8000000000000000771642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d50aa7fe6d6b252021-12-20 15:59:27.425root 11241100x8000000000000000771643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23feb0064a448cd92021-12-20 15:59:27.425root 11241100x8000000000000000771644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fc33cbafaf87a82021-12-20 15:59:27.426root 11241100x8000000000000000771645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4476b23a8465f92021-12-20 15:59:27.426root 11241100x8000000000000000771646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca70f9eaa7173622021-12-20 15:59:27.426root 11241100x8000000000000000771647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349e86dc025282ce2021-12-20 15:59:27.427root 11241100x8000000000000000771648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb91692d483de0b2021-12-20 15:59:27.427root 11241100x8000000000000000771649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a30fbcb53576dd2021-12-20 15:59:27.428root 11241100x8000000000000000771650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721605f41b61b7072021-12-20 15:59:27.428root 11241100x8000000000000000771651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba431a8c7f9620d2021-12-20 15:59:27.428root 11241100x8000000000000000771652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4b8fab2652a7d82021-12-20 15:59:27.429root 11241100x8000000000000000771653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d59310270d436f2021-12-20 15:59:27.429root 11241100x8000000000000000771654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3481a65fc548b79f2021-12-20 15:59:27.429root 11241100x8000000000000000771655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e68bbdff48d6f3a2021-12-20 15:59:27.430root 11241100x8000000000000000771656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a572468c083683c62021-12-20 15:59:27.430root 11241100x8000000000000000771657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7603e576e781c3ae2021-12-20 15:59:27.431root 11241100x8000000000000000771658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5c61dff344763d2021-12-20 15:59:27.431root 11241100x8000000000000000771659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d96db6639a966e2021-12-20 15:59:27.431root 11241100x8000000000000000771660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fb9c7dddbfcfe42021-12-20 15:59:27.431root 11241100x8000000000000000771661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a9b3c6c26612b72021-12-20 15:59:27.431root 11241100x8000000000000000771662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b099775f440b6312021-12-20 15:59:27.432root 11241100x8000000000000000771663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ee2582781fd8b52021-12-20 15:59:27.432root 11241100x8000000000000000771664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5aaaeb03fd1ffa92021-12-20 15:59:27.432root 11241100x8000000000000000771665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0556da577b7922b42021-12-20 15:59:27.432root 11241100x8000000000000000771666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dd62cd2170eba42021-12-20 15:59:27.433root 11241100x8000000000000000771667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d6adedfd2dee612021-12-20 15:59:27.434root 11241100x8000000000000000771668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d7934a00ca4e802021-12-20 15:59:27.434root 11241100x8000000000000000771669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337eb3e4661679452021-12-20 15:59:27.434root 11241100x8000000000000000771670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdc91cd4b34098b2021-12-20 15:59:27.434root 11241100x8000000000000000771671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c8c58f114e59a82021-12-20 15:59:27.434root 11241100x8000000000000000771672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cb5fd00ac281362021-12-20 15:59:27.434root 11241100x8000000000000000771673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d44a6bbf1e196912021-12-20 15:59:27.434root 11241100x8000000000000000771674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915d617a12c229d32021-12-20 15:59:27.434root 11241100x8000000000000000771675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52e6da72e8948032021-12-20 15:59:27.434root 11241100x8000000000000000771676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeb32cf58d51dc52021-12-20 15:59:27.434root 11241100x8000000000000000771677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ab65171d8613692021-12-20 15:59:27.434root 11241100x8000000000000000771678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de800f81e550e272021-12-20 15:59:27.434root 11241100x8000000000000000771679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b3f449f2061732021-12-20 15:59:27.435root 11241100x8000000000000000771680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28699199fd899dd62021-12-20 15:59:27.435root 11241100x8000000000000000771681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3908d78cd5103ff2021-12-20 15:59:27.924root 11241100x8000000000000000771682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9316b1ae3d5a6a672021-12-20 15:59:27.924root 11241100x8000000000000000771683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d99422ef507d862021-12-20 15:59:27.924root 11241100x8000000000000000771684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ff9fd3d3b532202021-12-20 15:59:27.924root 11241100x8000000000000000771685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc79a795e7054642021-12-20 15:59:27.924root 11241100x8000000000000000771686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343933376b6c50672021-12-20 15:59:27.924root 11241100x8000000000000000771687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744444fd5e5d89bb2021-12-20 15:59:27.925root 11241100x8000000000000000771688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d913160b651b2102021-12-20 15:59:27.925root 11241100x8000000000000000771689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357bb764c6bb95cc2021-12-20 15:59:27.925root 11241100x8000000000000000771690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f494466d1dde8f2021-12-20 15:59:27.925root 11241100x8000000000000000771691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6147faf0089369af2021-12-20 15:59:27.925root 11241100x8000000000000000771692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2b15a2938f4a262021-12-20 15:59:27.926root 11241100x8000000000000000771693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0073d4613897442021-12-20 15:59:27.926root 11241100x8000000000000000771694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d474b3c918f1ba2021-12-20 15:59:27.926root 11241100x8000000000000000771695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd9bf8a7dd4f0d92021-12-20 15:59:27.926root 11241100x8000000000000000771696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74240cac6cc502ca2021-12-20 15:59:27.926root 11241100x8000000000000000771697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a153880128ed1f5a2021-12-20 15:59:27.926root 11241100x8000000000000000771698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f976cd8055c1d0172021-12-20 15:59:27.926root 11241100x8000000000000000771699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f85a47bae2fdc692021-12-20 15:59:27.926root 11241100x8000000000000000771700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d0f4efe816528b2021-12-20 15:59:27.927root 11241100x8000000000000000771701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc44e5565b2a7f72021-12-20 15:59:27.927root 11241100x8000000000000000771702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da248389389449ab2021-12-20 15:59:27.927root 11241100x8000000000000000771703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a72cac0c0102aa02021-12-20 15:59:27.929root 11241100x8000000000000000771704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40401389bdcc17062021-12-20 15:59:27.929root 11241100x8000000000000000771705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35143367f1f6c4f2021-12-20 15:59:27.929root 11241100x8000000000000000771706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5688e2bf464519c42021-12-20 15:59:27.929root 11241100x8000000000000000771707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5f71e2404e79f92021-12-20 15:59:27.929root 11241100x8000000000000000771708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd798a914eb66e482021-12-20 15:59:27.929root 11241100x8000000000000000771709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789010c1bce03aa22021-12-20 15:59:27.929root 11241100x8000000000000000771710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b638fbe4155ec1382021-12-20 15:59:27.930root 11241100x8000000000000000771711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635a73976013252b2021-12-20 15:59:27.930root 11241100x8000000000000000771712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e60d3c41fae57c22021-12-20 15:59:27.930root 11241100x8000000000000000771713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffedea0b2a5fb6d32021-12-20 15:59:27.930root 11241100x8000000000000000771714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b5e270cdb379f32021-12-20 15:59:27.931root 11241100x8000000000000000771715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858ca18447a5e89c2021-12-20 15:59:27.931root 11241100x8000000000000000771716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7937199beb697b2021-12-20 15:59:27.931root 11241100x8000000000000000771717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e06fba4b12182802021-12-20 15:59:27.931root 11241100x8000000000000000771718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7892954fe7ab4fc2021-12-20 15:59:27.931root 11241100x8000000000000000771719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a682fc7c1ddd682021-12-20 15:59:27.931root 11241100x8000000000000000771720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f346180648e4a472021-12-20 15:59:27.931root 11241100x8000000000000000771721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617820944c64a2682021-12-20 15:59:27.933root 11241100x8000000000000000771722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87498f8e80fd7632021-12-20 15:59:27.933root 11241100x8000000000000000771723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:27.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472958ecf1fcdc5e2021-12-20 15:59:27.933root 11241100x8000000000000000771724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1192851b3f16062021-12-20 15:59:28.424root 11241100x8000000000000000771725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ab14268567dc5c2021-12-20 15:59:28.424root 11241100x8000000000000000771726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574fe5d01692f4df2021-12-20 15:59:28.425root 11241100x8000000000000000771727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65b0c520f75963f2021-12-20 15:59:28.425root 11241100x8000000000000000771728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef7ff95aab5e36b2021-12-20 15:59:28.425root 11241100x8000000000000000771729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84e3010b5f8cbb72021-12-20 15:59:28.425root 11241100x8000000000000000771730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48326be7af4c57222021-12-20 15:59:28.426root 11241100x8000000000000000771731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2304be621693ef42021-12-20 15:59:28.426root 11241100x8000000000000000771732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a0b32bf3fee5252021-12-20 15:59:28.426root 11241100x8000000000000000771733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d3f8ce00ac0cb22021-12-20 15:59:28.426root 11241100x8000000000000000771734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35b2a6d1114bd242021-12-20 15:59:28.427root 11241100x8000000000000000771735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cfbda0a80f629a2021-12-20 15:59:28.427root 11241100x8000000000000000771736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d02785bdd7666762021-12-20 15:59:28.427root 11241100x8000000000000000771737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27999e1c420b3c62021-12-20 15:59:28.427root 11241100x8000000000000000771738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137648b1d07c4de2021-12-20 15:59:28.427root 11241100x8000000000000000771739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122c01863142885f2021-12-20 15:59:28.427root 11241100x8000000000000000771740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e70b1e0dcd9d6e2021-12-20 15:59:28.427root 11241100x8000000000000000771741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e33a4b36e2fc4642021-12-20 15:59:28.427root 11241100x8000000000000000771742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0897875ea3db444f2021-12-20 15:59:28.427root 11241100x8000000000000000771743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e2b2ba7e67c5da2021-12-20 15:59:28.427root 11241100x8000000000000000771744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52943cb89b745b12021-12-20 15:59:28.427root 11241100x8000000000000000771745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e514c5a561849a732021-12-20 15:59:28.428root 11241100x8000000000000000771746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4f1c49175b509e2021-12-20 15:59:28.428root 11241100x8000000000000000771747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f541f0c44ff0bc72021-12-20 15:59:28.428root 11241100x8000000000000000771748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f49fd0cb02480042021-12-20 15:59:28.428root 11241100x8000000000000000771749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddda919e0166c9e2021-12-20 15:59:28.428root 11241100x8000000000000000771750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56bd2b849ed7fc92021-12-20 15:59:28.428root 11241100x8000000000000000771751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd5cfc325dd281c2021-12-20 15:59:28.428root 11241100x8000000000000000771752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9305a26fc227edef2021-12-20 15:59:28.428root 11241100x8000000000000000771753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431602bee98f9a6d2021-12-20 15:59:28.428root 11241100x8000000000000000771754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8932428ee554c52021-12-20 15:59:28.428root 11241100x8000000000000000771755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60dcb54deff1fe52021-12-20 15:59:28.429root 11241100x8000000000000000771756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6a3ed78d5fbd7b2021-12-20 15:59:28.429root 11241100x8000000000000000771757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eff604afe0a1b972021-12-20 15:59:28.429root 11241100x8000000000000000771758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850cb0ad3673c2b52021-12-20 15:59:28.429root 11241100x8000000000000000771759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35b3cf171f345912021-12-20 15:59:28.429root 11241100x8000000000000000771760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24ae20ba503b40e2021-12-20 15:59:28.924root 11241100x8000000000000000771761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21b0d7bbb3680432021-12-20 15:59:28.924root 11241100x8000000000000000771762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d0023eb6f75a782021-12-20 15:59:28.924root 11241100x8000000000000000771763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32856477ea4ebf9e2021-12-20 15:59:28.924root 11241100x8000000000000000771764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74389e3ec9247a332021-12-20 15:59:28.925root 11241100x8000000000000000771765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61c6af138642a032021-12-20 15:59:28.925root 11241100x8000000000000000771766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda8d320afa378a62021-12-20 15:59:28.925root 11241100x8000000000000000771767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609b1af92a1e33482021-12-20 15:59:28.925root 11241100x8000000000000000771768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb3bc53013229e62021-12-20 15:59:28.925root 11241100x8000000000000000771769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be46da7736f69b852021-12-20 15:59:28.925root 11241100x8000000000000000771770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e3fdb1cc101f742021-12-20 15:59:28.925root 11241100x8000000000000000771771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa4820edcbc31122021-12-20 15:59:28.925root 11241100x8000000000000000771772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c7db34972e27772021-12-20 15:59:28.925root 11241100x8000000000000000771773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42428536da39a102021-12-20 15:59:28.925root 11241100x8000000000000000771774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55414476eb596bca2021-12-20 15:59:28.926root 11241100x8000000000000000771775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c493c50496d6fc302021-12-20 15:59:28.926root 11241100x8000000000000000771776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64a78322a324a772021-12-20 15:59:28.926root 11241100x8000000000000000771777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fe09102ec26f882021-12-20 15:59:28.926root 11241100x8000000000000000771778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1180c5aa46d2f2e82021-12-20 15:59:28.926root 11241100x8000000000000000771779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc974e77cb5a936f2021-12-20 15:59:28.926root 11241100x8000000000000000771780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fc36f23f281d3c2021-12-20 15:59:28.926root 11241100x8000000000000000771781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990c7641f80438f22021-12-20 15:59:28.926root 11241100x8000000000000000771782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb33c23f624479042021-12-20 15:59:28.927root 11241100x8000000000000000771783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa0d54ab447a7012021-12-20 15:59:28.927root 11241100x8000000000000000771784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f4c8f394f94f9d2021-12-20 15:59:28.927root 11241100x8000000000000000771785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081de06bec69a6612021-12-20 15:59:28.927root 11241100x8000000000000000771786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85717fece38ee1e02021-12-20 15:59:28.927root 11241100x8000000000000000771787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0ba97b9c1dd3192021-12-20 15:59:28.928root 11241100x8000000000000000771788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe4466490f124d72021-12-20 15:59:28.928root 11241100x8000000000000000771789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01040bbe69f447b52021-12-20 15:59:28.928root 11241100x8000000000000000771790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce853f358ce35882021-12-20 15:59:28.928root 11241100x8000000000000000771791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7d92da650a3d172021-12-20 15:59:28.928root 11241100x8000000000000000771792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fbada40b8331cd2021-12-20 15:59:28.930root 11241100x8000000000000000771793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1512a8b5b8208c62021-12-20 15:59:28.930root 11241100x8000000000000000771794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8c8c24f85dcee32021-12-20 15:59:28.930root 11241100x8000000000000000771795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7972612fb79fa1ea2021-12-20 15:59:28.930root 11241100x8000000000000000771796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8781d4fd74d771442021-12-20 15:59:28.930root 11241100x8000000000000000771797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d998f462374b462021-12-20 15:59:28.930root 11241100x8000000000000000771798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0cc0334af7922b2021-12-20 15:59:28.930root 11241100x8000000000000000771799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:28.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932f31cf049938642021-12-20 15:59:28.931root 11241100x8000000000000000771800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16414d1946f9c50b2021-12-20 15:59:29.424root 11241100x8000000000000000771801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6a8567089767af2021-12-20 15:59:29.424root 11241100x8000000000000000771802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b1712c42a24aca2021-12-20 15:59:29.424root 11241100x8000000000000000771803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcfe97483b90f152021-12-20 15:59:29.424root 11241100x8000000000000000771804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67abdeaf8695ee052021-12-20 15:59:29.425root 11241100x8000000000000000771805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624b3848228f973c2021-12-20 15:59:29.425root 11241100x8000000000000000771806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c78379b9398c4c2021-12-20 15:59:29.425root 11241100x8000000000000000771807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d1f6e7da2ca0ff2021-12-20 15:59:29.425root 11241100x8000000000000000771808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2eb97bb7bbf6022021-12-20 15:59:29.425root 11241100x8000000000000000771809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820aac004598c93b2021-12-20 15:59:29.425root 11241100x8000000000000000771810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7696fec624de8e582021-12-20 15:59:29.425root 11241100x8000000000000000771811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdb28358fd5e4e42021-12-20 15:59:29.425root 11241100x8000000000000000771812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a492197c45e9022021-12-20 15:59:29.425root 11241100x8000000000000000771813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06530f90ca68f6f2021-12-20 15:59:29.425root 11241100x8000000000000000771814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fd18a7d1c3029f2021-12-20 15:59:29.425root 11241100x8000000000000000771815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf3a98096336fa92021-12-20 15:59:29.425root 11241100x8000000000000000771816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a974961962346c2021-12-20 15:59:29.425root 11241100x8000000000000000771817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cb9dbeddd9b1cf2021-12-20 15:59:29.425root 11241100x8000000000000000771818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0722e326a2af622021-12-20 15:59:29.426root 11241100x8000000000000000771819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a7b400e95e507c2021-12-20 15:59:29.426root 11241100x8000000000000000771820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42404ef4b2d9f782021-12-20 15:59:29.426root 11241100x8000000000000000771821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41245261edda0622021-12-20 15:59:29.426root 11241100x8000000000000000771822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc384463bec344772021-12-20 15:59:29.426root 11241100x8000000000000000771823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbeb59a0a2cfb1a2021-12-20 15:59:29.426root 11241100x8000000000000000771824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a93c663456470812021-12-20 15:59:29.426root 11241100x8000000000000000771825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845245e43221c1de2021-12-20 15:59:29.426root 11241100x8000000000000000771826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27214ccb2cb2b052021-12-20 15:59:29.426root 11241100x8000000000000000771827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2688b400e71b1de22021-12-20 15:59:29.426root 11241100x8000000000000000771828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4f81ecd0e8dc712021-12-20 15:59:29.426root 11241100x8000000000000000771829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f129e35bac0d6ba2021-12-20 15:59:29.427root 11241100x8000000000000000771830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227b5585f988f04b2021-12-20 15:59:29.427root 11241100x8000000000000000771831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a3d0016789bc192021-12-20 15:59:29.427root 11241100x8000000000000000771832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1f66f9b31875352021-12-20 15:59:29.924root 11241100x8000000000000000771833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8012cf8371366e8d2021-12-20 15:59:29.924root 11241100x8000000000000000771834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd95c42bb7d1723b2021-12-20 15:59:29.924root 11241100x8000000000000000771835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f4692cbf1950892021-12-20 15:59:29.924root 11241100x8000000000000000771836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acaab016fc23978d2021-12-20 15:59:29.924root 11241100x8000000000000000771837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891b0c4cb57176e32021-12-20 15:59:29.924root 11241100x8000000000000000771838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399e0a68035b93ad2021-12-20 15:59:29.925root 11241100x8000000000000000771839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0225a896aa25b5fb2021-12-20 15:59:29.925root 11241100x8000000000000000771840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbfb62712f9ffd22021-12-20 15:59:29.925root 11241100x8000000000000000771841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8eba8f9a9635cc2021-12-20 15:59:29.925root 11241100x8000000000000000771842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0388018e13ed1032021-12-20 15:59:29.925root 11241100x8000000000000000771843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562baafe77fbc7752021-12-20 15:59:29.925root 11241100x8000000000000000771844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5649a74cd1c42fa42021-12-20 15:59:29.925root 11241100x8000000000000000771845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77962a17632f4c52021-12-20 15:59:29.925root 11241100x8000000000000000771846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cf3caf3178a7fa2021-12-20 15:59:29.926root 11241100x8000000000000000771847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381091b292bcc7c42021-12-20 15:59:29.926root 11241100x8000000000000000771848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed7824ded9f65db2021-12-20 15:59:29.926root 11241100x8000000000000000771849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ffc4013e2804332021-12-20 15:59:29.926root 11241100x8000000000000000771850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abb463de3d5477e2021-12-20 15:59:29.926root 11241100x8000000000000000771851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f6fc735221137e2021-12-20 15:59:29.926root 11241100x8000000000000000771852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325a902e8ce6df1a2021-12-20 15:59:29.926root 11241100x8000000000000000771853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92b63547c4e5fd52021-12-20 15:59:29.926root 11241100x8000000000000000771854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30924a7364602f192021-12-20 15:59:29.926root 11241100x8000000000000000771855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedda36360582d1c2021-12-20 15:59:29.926root 11241100x8000000000000000771856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3e0ca140aac5f72021-12-20 15:59:29.927root 11241100x8000000000000000771857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf51dcd5cc14c5032021-12-20 15:59:29.927root 11241100x8000000000000000771858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbf9ad85463c7152021-12-20 15:59:29.927root 11241100x8000000000000000771859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc993d09c21936f2021-12-20 15:59:29.927root 11241100x8000000000000000771860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c05928a8a842bd12021-12-20 15:59:29.927root 11241100x8000000000000000771861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc89b1cd502a5fb2021-12-20 15:59:29.927root 11241100x8000000000000000771862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8ac5a2975c9e332021-12-20 15:59:29.927root 11241100x8000000000000000771863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff93c818ebed42e42021-12-20 15:59:29.927root 11241100x8000000000000000771864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5eb3b4d323552b72021-12-20 15:59:29.927root 11241100x8000000000000000771865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706301f7ee52e4cb2021-12-20 15:59:29.927root 11241100x8000000000000000771866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:29.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aa7ff13f68ec0e2021-12-20 15:59:29.928root 11241100x8000000000000000771867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888a2ee0523dbdac2021-12-20 15:59:30.424root 11241100x8000000000000000771868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c499dc752c6d1aeb2021-12-20 15:59:30.424root 11241100x8000000000000000771869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875ddd18ea7240e32021-12-20 15:59:30.424root 11241100x8000000000000000771870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b54fd3254b0e492021-12-20 15:59:30.425root 11241100x8000000000000000771871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb2099657930e3b2021-12-20 15:59:30.425root 11241100x8000000000000000771872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f722e0bb7b1b0142021-12-20 15:59:30.425root 11241100x8000000000000000771873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8224fb159c9d7f472021-12-20 15:59:30.425root 11241100x8000000000000000771874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3976ed04d8f6bb12021-12-20 15:59:30.425root 11241100x8000000000000000771875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179dfa614f0851522021-12-20 15:59:30.425root 11241100x8000000000000000771876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0ce2138f4841bb2021-12-20 15:59:30.425root 11241100x8000000000000000771877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d81b657cce2e612021-12-20 15:59:30.425root 11241100x8000000000000000771878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa6267ead6cf21d2021-12-20 15:59:30.425root 11241100x8000000000000000771879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e54b3cc39a29bff2021-12-20 15:59:30.425root 11241100x8000000000000000771880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a85e74660b9dc52021-12-20 15:59:30.426root 11241100x8000000000000000771881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab9e281c1b44c092021-12-20 15:59:30.426root 11241100x8000000000000000771882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97aa0c6befe6a4cd2021-12-20 15:59:30.426root 11241100x8000000000000000771883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc3d793607fad842021-12-20 15:59:30.426root 11241100x8000000000000000771884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e304ebcf5692822021-12-20 15:59:30.426root 11241100x8000000000000000771885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f69c7ff2e637152021-12-20 15:59:30.426root 11241100x8000000000000000771886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea251c409c2fa9e32021-12-20 15:59:30.426root 11241100x8000000000000000771887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161e063fe5c567f82021-12-20 15:59:30.426root 11241100x8000000000000000771888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81aa60fdd08f6a02021-12-20 15:59:30.426root 11241100x8000000000000000771889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f55fc270e1c6882021-12-20 15:59:30.427root 11241100x8000000000000000771890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e929fde3f1c8b22021-12-20 15:59:30.427root 11241100x8000000000000000771891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b907a2776052e12021-12-20 15:59:30.427root 11241100x8000000000000000771892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe75bf493fc46062021-12-20 15:59:30.427root 11241100x8000000000000000771893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d4f0ddd9ef7ae32021-12-20 15:59:30.427root 11241100x8000000000000000771894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24adb6668823c05e2021-12-20 15:59:30.427root 11241100x8000000000000000771895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d203c0d8dde32fca2021-12-20 15:59:30.427root 11241100x8000000000000000771896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440006afb90f1d712021-12-20 15:59:30.427root 11241100x8000000000000000771897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd6fa156f0127ef2021-12-20 15:59:30.428root 11241100x8000000000000000771898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bf916a445b76442021-12-20 15:59:30.428root 11241100x8000000000000000771899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebb57ec10651f182021-12-20 15:59:30.428root 11241100x8000000000000000771900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0413a3a22ffc472021-12-20 15:59:30.428root 11241100x8000000000000000771901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c9640cb7f7dbb62021-12-20 15:59:30.924root 11241100x8000000000000000771902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19d191894358b592021-12-20 15:59:30.924root 11241100x8000000000000000771903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad37d475c3f1a842021-12-20 15:59:30.924root 11241100x8000000000000000771904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134cb52f7a0732ce2021-12-20 15:59:30.924root 11241100x8000000000000000771905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271f99b7f05aeb4f2021-12-20 15:59:30.925root 11241100x8000000000000000771906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f08860b6f6a7672021-12-20 15:59:30.925root 11241100x8000000000000000771907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0cb67ab6e484ae2021-12-20 15:59:30.925root 11241100x8000000000000000771908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940975a3fb68249e2021-12-20 15:59:30.925root 11241100x8000000000000000771909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d5c5c83e08eb9c2021-12-20 15:59:30.925root 11241100x8000000000000000771910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9687692e3fbcd482021-12-20 15:59:30.925root 11241100x8000000000000000771911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002d87f6e42f00bc2021-12-20 15:59:30.925root 11241100x8000000000000000771912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74394d9bf10718dd2021-12-20 15:59:30.925root 11241100x8000000000000000771913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7da4c379ef23b1d2021-12-20 15:59:30.925root 11241100x8000000000000000771914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f371c701fb4962502021-12-20 15:59:30.925root 11241100x8000000000000000771915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257cd31d93b311e02021-12-20 15:59:30.925root 11241100x8000000000000000771916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b5d6ed36eb61cb2021-12-20 15:59:30.925root 11241100x8000000000000000771917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02500f1cae146522021-12-20 15:59:30.925root 11241100x8000000000000000771918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193edcbf6b1f37d32021-12-20 15:59:30.925root 11241100x8000000000000000771919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f81a353a7a762c82021-12-20 15:59:30.925root 11241100x8000000000000000771920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fb907922a2959a2021-12-20 15:59:30.925root 11241100x8000000000000000771921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b661318d6371842021-12-20 15:59:30.926root 11241100x8000000000000000771922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2241db45fe5cb462021-12-20 15:59:30.926root 11241100x8000000000000000771923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d996b9acf578c3382021-12-20 15:59:30.926root 11241100x8000000000000000771924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adb93560f3a8cdd2021-12-20 15:59:30.926root 11241100x8000000000000000771925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c981442b620d57422021-12-20 15:59:30.926root 11241100x8000000000000000771926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d434df9a61132462021-12-20 15:59:30.926root 11241100x8000000000000000771927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62e088657630e822021-12-20 15:59:30.926root 11241100x8000000000000000771928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181486e817d7ff682021-12-20 15:59:30.926root 11241100x8000000000000000771929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863386fc2a70fe322021-12-20 15:59:30.926root 11241100x8000000000000000771930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d670b13ae46190812021-12-20 15:59:30.926root 11241100x8000000000000000771931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd69d40fc1a9961f2021-12-20 15:59:30.926root 11241100x8000000000000000771932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a568a416f39e2282021-12-20 15:59:30.926root 11241100x8000000000000000771933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabf710f8e4704172021-12-20 15:59:30.926root 11241100x8000000000000000771934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c974b70213f4b8d72021-12-20 15:59:30.927root 11241100x8000000000000000771935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba992eb0e8c6a0f92021-12-20 15:59:31.424root 11241100x8000000000000000771936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc2928fc81b2aae2021-12-20 15:59:31.424root 11241100x8000000000000000771937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de1bc10fb2425f82021-12-20 15:59:31.424root 11241100x8000000000000000771938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954aad9ffe87a8272021-12-20 15:59:31.424root 11241100x8000000000000000771939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7969d04e013c7b862021-12-20 15:59:31.425root 11241100x8000000000000000771940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a461617a2ec2a52021-12-20 15:59:31.425root 11241100x8000000000000000771941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b370d07787339a7a2021-12-20 15:59:31.425root 11241100x8000000000000000771942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57d73c9e8852a2b2021-12-20 15:59:31.425root 11241100x8000000000000000771943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0a44e9849d5aac2021-12-20 15:59:31.425root 11241100x8000000000000000771944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850663e99702b27e2021-12-20 15:59:31.425root 11241100x8000000000000000771945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5774dbc5d667c52021-12-20 15:59:31.425root 11241100x8000000000000000771946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697b484a48d03d1b2021-12-20 15:59:31.425root 11241100x8000000000000000771947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e06c78511d9bef82021-12-20 15:59:31.425root 11241100x8000000000000000771948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e287be71dab28752021-12-20 15:59:31.425root 11241100x8000000000000000771949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07efe29de0b035672021-12-20 15:59:31.425root 11241100x8000000000000000771950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9edc812f594f2c42021-12-20 15:59:31.426root 11241100x8000000000000000771951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c018b7db1cbf2e2021-12-20 15:59:31.426root 11241100x8000000000000000771952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9933f5d4ebfe29872021-12-20 15:59:31.426root 11241100x8000000000000000771953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70aaff13b2ba2a12021-12-20 15:59:31.426root 11241100x8000000000000000771954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34118e2c02649b2c2021-12-20 15:59:31.426root 11241100x8000000000000000771955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5a0faaeeff42e42021-12-20 15:59:31.426root 11241100x8000000000000000771956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd3cbbf5dd408962021-12-20 15:59:31.427root 11241100x8000000000000000771957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a805471da42146c2021-12-20 15:59:31.427root 11241100x8000000000000000771958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5929b25d45f3efaf2021-12-20 15:59:31.427root 11241100x8000000000000000771959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ff6c14fe74916e2021-12-20 15:59:31.428root 11241100x8000000000000000771960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fe5ab26248b21c2021-12-20 15:59:31.428root 11241100x8000000000000000771961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37496c84a99b1ccc2021-12-20 15:59:31.428root 11241100x8000000000000000771962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c1ae6d5c3142a02021-12-20 15:59:31.429root 11241100x8000000000000000771963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39923e46362fd072021-12-20 15:59:31.429root 11241100x8000000000000000771964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcf64523c954b9a2021-12-20 15:59:31.429root 11241100x8000000000000000771965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6c31eba99971d92021-12-20 15:59:31.429root 11241100x8000000000000000771966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226f21d0c3f7cd872021-12-20 15:59:31.429root 11241100x8000000000000000771967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216b61217254ac9e2021-12-20 15:59:31.429root 11241100x8000000000000000771968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac807479dddfb5d52021-12-20 15:59:31.430root 11241100x8000000000000000771969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c07af86352750f2021-12-20 15:59:31.430root 11241100x8000000000000000771970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10b633dbb8e30032021-12-20 15:59:31.430root 11241100x8000000000000000771971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9da0f618cc64c52021-12-20 15:59:31.430root 11241100x8000000000000000771972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a2a88abdd391f72021-12-20 15:59:31.924root 11241100x8000000000000000771973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dac4ee96ecd15042021-12-20 15:59:31.924root 11241100x8000000000000000771974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcd6aa105d3f8d02021-12-20 15:59:31.924root 11241100x8000000000000000771975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71867b5c80d819c52021-12-20 15:59:31.924root 11241100x8000000000000000771976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52cc660525b1d4b2021-12-20 15:59:31.924root 11241100x8000000000000000771977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd592916f7e245d2021-12-20 15:59:31.924root 11241100x8000000000000000771978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8189c38404789532021-12-20 15:59:31.925root 11241100x8000000000000000771979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c565a79be951bcef2021-12-20 15:59:31.925root 11241100x8000000000000000771980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d84401f6afc0342021-12-20 15:59:31.925root 11241100x8000000000000000771981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6239a201de450e22021-12-20 15:59:31.925root 11241100x8000000000000000771982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca98a2a5a0833e12021-12-20 15:59:31.925root 11241100x8000000000000000771983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449f8d92097b48532021-12-20 15:59:31.925root 11241100x8000000000000000771984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5b12c30bd5b45d2021-12-20 15:59:31.926root 11241100x8000000000000000771985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d098c589cec2c84c2021-12-20 15:59:31.926root 11241100x8000000000000000771986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af651c5aca198ba2021-12-20 15:59:31.926root 11241100x8000000000000000771987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f27563f1a72ba902021-12-20 15:59:31.926root 11241100x8000000000000000771988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f304be6ae63bf02021-12-20 15:59:31.926root 11241100x8000000000000000771989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de26acbb803930012021-12-20 15:59:31.926root 11241100x8000000000000000771990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5b9a5f517e53ef2021-12-20 15:59:31.926root 11241100x8000000000000000771991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208b0908765c6e932021-12-20 15:59:31.927root 11241100x8000000000000000771992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537619e9aa6f11e92021-12-20 15:59:31.928root 11241100x8000000000000000771993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98444706489b6f4e2021-12-20 15:59:31.928root 11241100x8000000000000000771994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a18452fbec56e4f2021-12-20 15:59:31.928root 11241100x8000000000000000771995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd4bd2e4db3e39c2021-12-20 15:59:31.928root 11241100x8000000000000000771996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d8578e1a4ec7152021-12-20 15:59:31.928root 11241100x8000000000000000771997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59b30080b8df76e2021-12-20 15:59:31.928root 11241100x8000000000000000771998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17891bd845d9f9df2021-12-20 15:59:31.928root 11241100x8000000000000000771999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c84563a5da061e2021-12-20 15:59:31.929root 11241100x8000000000000000772000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93d687563a1947a2021-12-20 15:59:31.929root 11241100x8000000000000000772001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78256c880209f51d2021-12-20 15:59:31.929root 11241100x8000000000000000772002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325a0931ddc59b1d2021-12-20 15:59:31.929root 11241100x8000000000000000772003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414c65d9d77b2b392021-12-20 15:59:31.929root 11241100x8000000000000000772004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95607b1ec930c85a2021-12-20 15:59:31.929root 11241100x8000000000000000772005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556feb9ce12105082021-12-20 15:59:31.929root 11241100x8000000000000000772006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c77276d3483f0c62021-12-20 15:59:31.929root 11241100x8000000000000000772007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0513195c8b21346c2021-12-20 15:59:31.929root 11241100x8000000000000000772008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78abcceb908844b2021-12-20 15:59:31.930root 11241100x8000000000000000772009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:31.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520804ac2ec464032021-12-20 15:59:31.930root 11241100x8000000000000000772010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abfdd5cd18dde202021-12-20 15:59:32.424root 11241100x8000000000000000772011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b9c0c0f17a836f2021-12-20 15:59:32.424root 11241100x8000000000000000772012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13ccd9d4a8701092021-12-20 15:59:32.424root 11241100x8000000000000000772013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28978b4dba91ae362021-12-20 15:59:32.424root 11241100x8000000000000000772014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb13e9b7e949307e2021-12-20 15:59:32.425root 11241100x8000000000000000772015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d200a53130a5a892021-12-20 15:59:32.425root 11241100x8000000000000000772016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7332a3642b097362021-12-20 15:59:32.425root 11241100x8000000000000000772017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f5da55c00eaf712021-12-20 15:59:32.425root 11241100x8000000000000000772018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd254bcac3695582021-12-20 15:59:32.425root 11241100x8000000000000000772019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1f73158739f5bb2021-12-20 15:59:32.425root 11241100x8000000000000000772020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7583c84636f0e12021-12-20 15:59:32.425root 11241100x8000000000000000772021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae96a17886d55122021-12-20 15:59:32.425root 11241100x8000000000000000772022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbbba5704e78a962021-12-20 15:59:32.425root 11241100x8000000000000000772023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c93cf0ae85c897f2021-12-20 15:59:32.425root 11241100x8000000000000000772024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da12cf8cc62cdf652021-12-20 15:59:32.425root 11241100x8000000000000000772025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f108780d2e41832021-12-20 15:59:32.425root 11241100x8000000000000000772026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129af836a8be4fe22021-12-20 15:59:32.425root 11241100x8000000000000000772027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed593c8395637362021-12-20 15:59:32.425root 11241100x8000000000000000772028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a476135df8fae4902021-12-20 15:59:32.425root 11241100x8000000000000000772029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d34182b2050f5d2021-12-20 15:59:32.425root 11241100x8000000000000000772030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064efc61385930e42021-12-20 15:59:32.426root 11241100x8000000000000000772031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa0df87971743862021-12-20 15:59:32.426root 11241100x8000000000000000772032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c86b048f364e6e42021-12-20 15:59:32.426root 11241100x8000000000000000772033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80794b49e4485b662021-12-20 15:59:32.426root 11241100x8000000000000000772034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4b0a53aa9e385f2021-12-20 15:59:32.426root 11241100x8000000000000000772035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702528c7570e40442021-12-20 15:59:32.426root 11241100x8000000000000000772036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b428355d416900942021-12-20 15:59:32.426root 11241100x8000000000000000772037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97afd98895dd25782021-12-20 15:59:32.426root 11241100x8000000000000000772038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c641aee105c56102021-12-20 15:59:32.426root 11241100x8000000000000000772039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546ea09148eb28b52021-12-20 15:59:32.426root 11241100x8000000000000000772040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2ee979013dd11a2021-12-20 15:59:32.426root 11241100x8000000000000000772041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c961a733c71223e12021-12-20 15:59:32.426root 11241100x8000000000000000772042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca307bc038b6dcad2021-12-20 15:59:32.924root 11241100x8000000000000000772043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93eee4736bcddfe62021-12-20 15:59:32.924root 11241100x8000000000000000772044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ae29a9c9ca61272021-12-20 15:59:32.924root 11241100x8000000000000000772045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e35db9c5a6e4b02021-12-20 15:59:32.924root 11241100x8000000000000000772046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755fd9e38372cd5c2021-12-20 15:59:32.924root 11241100x8000000000000000772047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a39ef91d837d062021-12-20 15:59:32.924root 11241100x8000000000000000772048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d19dfb277657f2e2021-12-20 15:59:32.924root 11241100x8000000000000000772049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaa0f0a59bf851d2021-12-20 15:59:32.924root 11241100x8000000000000000772050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3d4cf113e474bf2021-12-20 15:59:32.924root 11241100x8000000000000000772051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f68c4d88ec59aa2021-12-20 15:59:32.925root 11241100x8000000000000000772052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b555364a098f3b02021-12-20 15:59:32.925root 11241100x8000000000000000772053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52e5db39742945e2021-12-20 15:59:32.925root 11241100x8000000000000000772054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b84e54620581e02021-12-20 15:59:32.925root 11241100x8000000000000000772055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57298efb117863602021-12-20 15:59:32.925root 11241100x8000000000000000772056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db8b06f374477312021-12-20 15:59:32.925root 11241100x8000000000000000772057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f9ef49b3415b992021-12-20 15:59:32.925root 11241100x8000000000000000772058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42aa366c582dbaa82021-12-20 15:59:32.925root 11241100x8000000000000000772059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70aafe2f7874e7a2021-12-20 15:59:32.925root 11241100x8000000000000000772060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39f45556ccfd2fe2021-12-20 15:59:32.926root 11241100x8000000000000000772061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755e8f196e9cb5942021-12-20 15:59:32.926root 11241100x8000000000000000772062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab80a8675cbc5962021-12-20 15:59:32.926root 11241100x8000000000000000772063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0db70529b23622f2021-12-20 15:59:32.926root 11241100x8000000000000000772064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdb969655c638a72021-12-20 15:59:32.927root 11241100x8000000000000000772065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a46871b267a0cd52021-12-20 15:59:32.927root 11241100x8000000000000000772066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b390258fb46609702021-12-20 15:59:32.927root 11241100x8000000000000000772067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d130e8bdbc9cb02021-12-20 15:59:32.928root 11241100x8000000000000000772068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275ff2752fa2a52c2021-12-20 15:59:32.928root 11241100x8000000000000000772069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929ef2af48e1f7d52021-12-20 15:59:32.928root 11241100x8000000000000000772070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98818b13c78a31932021-12-20 15:59:32.928root 11241100x8000000000000000772071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a2f20dbab7cbb02021-12-20 15:59:32.929root 11241100x8000000000000000772072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5765a76f3fc464472021-12-20 15:59:32.929root 11241100x8000000000000000772073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb7c75ee6a665502021-12-20 15:59:32.929root 11241100x8000000000000000772074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3acfe88b43d8a552021-12-20 15:59:32.929root 11241100x8000000000000000772075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fd87443978f7752021-12-20 15:59:32.929root 11241100x8000000000000000772076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575873faf7f94a4c2021-12-20 15:59:32.929root 11241100x8000000000000000772077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68b7a632756b7222021-12-20 15:59:32.930root 11241100x8000000000000000772078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53064648275907852021-12-20 15:59:32.930root 11241100x8000000000000000772079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87665f4fe5c6080a2021-12-20 15:59:32.930root 11241100x8000000000000000772080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1615ebaf0b773f2021-12-20 15:59:32.930root 11241100x8000000000000000772081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5679d1b86bf32432021-12-20 15:59:32.930root 11241100x8000000000000000772082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b0139914bb367f2021-12-20 15:59:32.930root 11241100x8000000000000000772083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5794d581b54b05332021-12-20 15:59:32.930root 11241100x8000000000000000772084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80add0d714cf11bd2021-12-20 15:59:32.930root 11241100x8000000000000000772085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5513106cfcf3bf2021-12-20 15:59:32.930root 11241100x8000000000000000772086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11001243b4df93d2021-12-20 15:59:32.930root 11241100x8000000000000000772087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6249b28ca45f2be22021-12-20 15:59:32.930root 11241100x8000000000000000772088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f308b5f7b4e2982021-12-20 15:59:32.931root 11241100x8000000000000000772089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ef33374c86d5b32021-12-20 15:59:32.931root 11241100x8000000000000000772090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4600462a89056e2021-12-20 15:59:32.931root 11241100x8000000000000000772091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e95cce6f74fbc182021-12-20 15:59:32.931root 11241100x8000000000000000772092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c32ab17acce08152021-12-20 15:59:32.931root 11241100x8000000000000000772093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:32.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd86fb1dad3aba32021-12-20 15:59:32.931root 354300x8000000000000000772094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.038{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51480-false10.0.1.12-8000- 11241100x8000000000000000772095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2729fc0395441e012021-12-20 15:59:33.424root 11241100x8000000000000000772096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c645ffca2b01aeb02021-12-20 15:59:33.425root 11241100x8000000000000000772097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b539af446cf7932021-12-20 15:59:33.425root 11241100x8000000000000000772098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7ebdb52689d39f2021-12-20 15:59:33.425root 11241100x8000000000000000772099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdf7defff5c511f2021-12-20 15:59:33.425root 11241100x8000000000000000772100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015c799a40acebf72021-12-20 15:59:33.425root 11241100x8000000000000000772101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635ed1894cfce9472021-12-20 15:59:33.425root 11241100x8000000000000000772102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b483ff902a7d202021-12-20 15:59:33.425root 11241100x8000000000000000772103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c342cded4175319b2021-12-20 15:59:33.425root 11241100x8000000000000000772104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edc1760c411d25e2021-12-20 15:59:33.426root 11241100x8000000000000000772105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaf61b242fd89c52021-12-20 15:59:33.426root 11241100x8000000000000000772106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449bec98ee2b3ffb2021-12-20 15:59:33.426root 11241100x8000000000000000772107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f71b2a1c7b6261b2021-12-20 15:59:33.426root 11241100x8000000000000000772108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb9dc05454841102021-12-20 15:59:33.426root 11241100x8000000000000000772109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e098897cb0e261212021-12-20 15:59:33.426root 11241100x8000000000000000772110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbeda1013e51e292021-12-20 15:59:33.426root 11241100x8000000000000000772111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077183450252252c2021-12-20 15:59:33.427root 11241100x8000000000000000772112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d72a3869e128f762021-12-20 15:59:33.427root 11241100x8000000000000000772113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667f066879757c9f2021-12-20 15:59:33.427root 11241100x8000000000000000772114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a65e29fa74c8c4b2021-12-20 15:59:33.427root 11241100x8000000000000000772115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d2afb6c8b9898f2021-12-20 15:59:33.427root 11241100x8000000000000000772116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391ff53eae94bc832021-12-20 15:59:33.428root 11241100x8000000000000000772117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cb132555f7bd522021-12-20 15:59:33.428root 11241100x8000000000000000772118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4dfebaf655d5a72021-12-20 15:59:33.428root 11241100x8000000000000000772119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffeca7b13481bb42021-12-20 15:59:33.428root 11241100x8000000000000000772120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8506a845e0818d7a2021-12-20 15:59:33.428root 11241100x8000000000000000772121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bfba7556cbdd382021-12-20 15:59:33.428root 11241100x8000000000000000772122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a03214f231089c2021-12-20 15:59:33.428root 11241100x8000000000000000772123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f2d6e1ed24c42a2021-12-20 15:59:33.428root 11241100x8000000000000000772124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d677894074cb192021-12-20 15:59:33.428root 11241100x8000000000000000772125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321e7160711a35c92021-12-20 15:59:33.429root 11241100x8000000000000000772126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cd3bc2e5de00b32021-12-20 15:59:33.429root 11241100x8000000000000000772127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65dfa5c6b0d82c02021-12-20 15:59:33.429root 11241100x8000000000000000772128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bf46dd8af964fc2021-12-20 15:59:33.924root 11241100x8000000000000000772129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6910c01c026b93362021-12-20 15:59:33.924root 11241100x8000000000000000772130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4f251bc28c6da82021-12-20 15:59:33.924root 11241100x8000000000000000772131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fb43095ae216082021-12-20 15:59:33.924root 11241100x8000000000000000772132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd59329ed0a198d22021-12-20 15:59:33.924root 11241100x8000000000000000772133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e3a7453057465c2021-12-20 15:59:33.925root 11241100x8000000000000000772134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e40049292c6439e2021-12-20 15:59:33.925root 11241100x8000000000000000772135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bdf2b027a064d62021-12-20 15:59:33.925root 11241100x8000000000000000772136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239d6345342ce44e2021-12-20 15:59:33.925root 11241100x8000000000000000772137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4e797094d47b992021-12-20 15:59:33.925root 11241100x8000000000000000772138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a547fbb62c887f12021-12-20 15:59:33.925root 11241100x8000000000000000772139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00222806f2e18e462021-12-20 15:59:33.925root 11241100x8000000000000000772140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ddbe0942c29c6d2021-12-20 15:59:33.925root 11241100x8000000000000000772141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c1f59d2cf6488c2021-12-20 15:59:33.925root 11241100x8000000000000000772142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8be22ca7d4df27d2021-12-20 15:59:33.926root 11241100x8000000000000000772143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9650f2d3a7f9078f2021-12-20 15:59:33.926root 11241100x8000000000000000772144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6a378559394ff62021-12-20 15:59:33.926root 11241100x8000000000000000772145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ffc63b100d50712021-12-20 15:59:33.926root 11241100x8000000000000000772146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85036b722d42d2b92021-12-20 15:59:33.926root 11241100x8000000000000000772147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164af416d439c3d32021-12-20 15:59:33.926root 11241100x8000000000000000772148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d8d04d20a020a62021-12-20 15:59:33.926root 11241100x8000000000000000772149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa43d4af37d384b2021-12-20 15:59:33.926root 11241100x8000000000000000772150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba5fcf80b4ddbe52021-12-20 15:59:33.926root 11241100x8000000000000000772151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de86548931b818a2021-12-20 15:59:33.927root 11241100x8000000000000000772152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c55794e115310432021-12-20 15:59:33.927root 11241100x8000000000000000772153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d5063044aae57e2021-12-20 15:59:33.927root 11241100x8000000000000000772154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5eea182714ea5962021-12-20 15:59:33.927root 11241100x8000000000000000772155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86f575c9a6f40312021-12-20 15:59:33.927root 11241100x8000000000000000772156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898072ca3a5cd3842021-12-20 15:59:33.927root 11241100x8000000000000000772157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce6b0909b3cd56c2021-12-20 15:59:33.927root 11241100x8000000000000000772158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7e89de7a5122612021-12-20 15:59:33.927root 11241100x8000000000000000772159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33b735a084d89072021-12-20 15:59:33.927root 11241100x8000000000000000772160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0d875c85b6fbd92021-12-20 15:59:33.927root 11241100x8000000000000000772161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cf67d7dfd67bb42021-12-20 15:59:33.927root 11241100x8000000000000000772162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f922ba04754f10e2021-12-20 15:59:33.928root 11241100x8000000000000000772163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8352c24370d3f02021-12-20 15:59:33.928root 11241100x8000000000000000772164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef46903eefaa65232021-12-20 15:59:33.928root 11241100x8000000000000000772165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07fe6ad8de8ea2b2021-12-20 15:59:33.928root 11241100x8000000000000000772166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e247f85e2494b2542021-12-20 15:59:33.928root 11241100x8000000000000000772167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:33.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebbc30fd347384d2021-12-20 15:59:33.928root 11241100x8000000000000000772168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ff26a305a780322021-12-20 15:59:34.424root 11241100x8000000000000000772169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7608dd39ea5596b2021-12-20 15:59:34.424root 11241100x8000000000000000772170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474d96d5f25ee14e2021-12-20 15:59:34.424root 11241100x8000000000000000772171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9145a6b8db761c882021-12-20 15:59:34.424root 11241100x8000000000000000772172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50908e21601a1ad2021-12-20 15:59:34.424root 11241100x8000000000000000772173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256ddc17f24c932c2021-12-20 15:59:34.424root 11241100x8000000000000000772174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0526f64ad0d7a8e2021-12-20 15:59:34.424root 11241100x8000000000000000772175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0ee3f6ea642e072021-12-20 15:59:34.424root 11241100x8000000000000000772176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56f8d03b74559fc2021-12-20 15:59:34.425root 11241100x8000000000000000772177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f93ab234dfe6972021-12-20 15:59:34.425root 11241100x8000000000000000772178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5268d042c16a8f22021-12-20 15:59:34.425root 11241100x8000000000000000772179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041654c36b37879b2021-12-20 15:59:34.425root 11241100x8000000000000000772180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c56080118a972262021-12-20 15:59:34.425root 11241100x8000000000000000772181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cd17257ecc6d662021-12-20 15:59:34.425root 11241100x8000000000000000772182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd03c3073d11a022021-12-20 15:59:34.425root 11241100x8000000000000000772183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c2929c9345afea2021-12-20 15:59:34.426root 11241100x8000000000000000772184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3eab2049a9eb8f2021-12-20 15:59:34.426root 11241100x8000000000000000772185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c3357c0a619dab2021-12-20 15:59:34.426root 11241100x8000000000000000772186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10633bd674cd11442021-12-20 15:59:34.426root 11241100x8000000000000000772187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eed032b0cf70eaa2021-12-20 15:59:34.426root 11241100x8000000000000000772188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21702a6c21a2cc1e2021-12-20 15:59:34.426root 11241100x8000000000000000772189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df001f36daa19a62021-12-20 15:59:34.426root 11241100x8000000000000000772190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d430af04cb3a6a2021-12-20 15:59:34.426root 11241100x8000000000000000772191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46bff7caf81caf62021-12-20 15:59:34.426root 11241100x8000000000000000772192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7019df4b1b90d42021-12-20 15:59:34.426root 11241100x8000000000000000772193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1289e247ec62e09b2021-12-20 15:59:34.427root 11241100x8000000000000000772194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8c0660e84e28272021-12-20 15:59:34.427root 11241100x8000000000000000772195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c81df65547518a02021-12-20 15:59:34.427root 11241100x8000000000000000772196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a6418de87af0b82021-12-20 15:59:34.427root 11241100x8000000000000000772197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed42b32b976d59a12021-12-20 15:59:34.427root 11241100x8000000000000000772198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac6861fd3de1f3b2021-12-20 15:59:34.427root 11241100x8000000000000000772199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a8bbee7845afd12021-12-20 15:59:34.428root 11241100x8000000000000000772200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c62bb72710655c2021-12-20 15:59:34.429root 11241100x8000000000000000772201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac7b03d1b7222362021-12-20 15:59:34.429root 11241100x8000000000000000772202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260a4611ccc6dd912021-12-20 15:59:34.429root 11241100x8000000000000000772203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fa0d84c453af372021-12-20 15:59:34.429root 11241100x8000000000000000772204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b038dede041b01da2021-12-20 15:59:34.429root 11241100x8000000000000000772205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145dca4e23d1f28e2021-12-20 15:59:34.429root 11241100x8000000000000000772206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9552a2252bd3d082021-12-20 15:59:34.429root 11241100x8000000000000000772207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe4cf17b894ca862021-12-20 15:59:34.429root 11241100x8000000000000000772208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f06aab01bf164bb2021-12-20 15:59:34.429root 11241100x8000000000000000772209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709f3828ed9a65762021-12-20 15:59:34.429root 11241100x8000000000000000772210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f8f54b3ef9294f2021-12-20 15:59:34.429root 11241100x8000000000000000772211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef2daa12a5c52952021-12-20 15:59:34.429root 11241100x8000000000000000772212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b814e4835fddaa402021-12-20 15:59:34.429root 11241100x8000000000000000772213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c908c27fbe573a2021-12-20 15:59:34.429root 11241100x8000000000000000772214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832fc560b57a572e2021-12-20 15:59:34.429root 11241100x8000000000000000772215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e3b83a5346d7f72021-12-20 15:59:34.430root 11241100x8000000000000000772216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de80df9177d941b2021-12-20 15:59:34.430root 11241100x8000000000000000772217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e629ce8bda7c6a2021-12-20 15:59:34.430root 11241100x8000000000000000772218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbb50df3028df5e2021-12-20 15:59:34.430root 11241100x8000000000000000772219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14149e3a1f0391f02021-12-20 15:59:34.924root 11241100x8000000000000000772220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2404ce934a6e4bc2021-12-20 15:59:34.924root 11241100x8000000000000000772221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5e30472ee5a44b2021-12-20 15:59:34.924root 11241100x8000000000000000772222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd8816f2835d3b12021-12-20 15:59:34.924root 11241100x8000000000000000772223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdabe218684e0512021-12-20 15:59:34.925root 11241100x8000000000000000772224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b777689f962b1b982021-12-20 15:59:34.925root 11241100x8000000000000000772225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb74308caddc28f2021-12-20 15:59:34.925root 11241100x8000000000000000772226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3d55c26b2d39b22021-12-20 15:59:34.925root 11241100x8000000000000000772227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e747eb849c9a7e9c2021-12-20 15:59:34.925root 11241100x8000000000000000772228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48656a3cfcaea222021-12-20 15:59:34.925root 11241100x8000000000000000772229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52547874028fafc02021-12-20 15:59:34.925root 11241100x8000000000000000772230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc24dbeaf6e7875c2021-12-20 15:59:34.925root 11241100x8000000000000000772231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2139ad1ca5a0b3d22021-12-20 15:59:34.925root 11241100x8000000000000000772232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90235bf2d13b34cb2021-12-20 15:59:34.925root 11241100x8000000000000000772233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324a25bba0531d7d2021-12-20 15:59:34.925root 11241100x8000000000000000772234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a825f0d55f7d162021-12-20 15:59:34.925root 11241100x8000000000000000772235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe99dcb6baa1fb012021-12-20 15:59:34.925root 11241100x8000000000000000772236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7daaa37f580006a2021-12-20 15:59:34.925root 11241100x8000000000000000772237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91051e1e919dc912021-12-20 15:59:34.925root 11241100x8000000000000000772238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a3d5fa224ead0a2021-12-20 15:59:34.925root 11241100x8000000000000000772239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b976267f1199df72021-12-20 15:59:34.926root 11241100x8000000000000000772240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b46fb923ed01e92021-12-20 15:59:34.926root 11241100x8000000000000000772241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae28357837365132021-12-20 15:59:34.926root 11241100x8000000000000000772242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81adea82d7006a602021-12-20 15:59:34.926root 11241100x8000000000000000772243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4ee015b8413da82021-12-20 15:59:34.926root 11241100x8000000000000000772244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b616f78406bda72021-12-20 15:59:34.926root 11241100x8000000000000000772245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1a6dcbde6b52722021-12-20 15:59:34.926root 11241100x8000000000000000772246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f05e958d82fbc22021-12-20 15:59:34.926root 11241100x8000000000000000772247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387c506fd890cc162021-12-20 15:59:34.926root 11241100x8000000000000000772248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e13dfc5d27ed6ac2021-12-20 15:59:34.926root 11241100x8000000000000000772249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc8df90ab9ee1f62021-12-20 15:59:34.926root 11241100x8000000000000000772250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28a36dca96f25722021-12-20 15:59:34.926root 11241100x8000000000000000772251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941df345731effcf2021-12-20 15:59:34.926root 11241100x8000000000000000772252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9581734f22f300e2021-12-20 15:59:34.926root 11241100x8000000000000000772253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4a1549dc5a2b772021-12-20 15:59:34.926root 11241100x8000000000000000772254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31b1509401a762c2021-12-20 15:59:34.927root 11241100x8000000000000000772255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6490071a9e84612021-12-20 15:59:34.927root 11241100x8000000000000000772256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021f12c48d4d54682021-12-20 15:59:34.927root 11241100x8000000000000000772257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607bbd2068153b272021-12-20 15:59:34.927root 11241100x8000000000000000772258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4c95d4bdcbd2ac2021-12-20 15:59:34.927root 11241100x8000000000000000772259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d37d8c505012d72021-12-20 15:59:34.927root 11241100x8000000000000000772260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b282c4d29976eb42021-12-20 15:59:34.927root 11241100x8000000000000000772261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1fa550f048bfe82021-12-20 15:59:34.927root 11241100x8000000000000000772262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32456e7eb5f55bb92021-12-20 15:59:34.927root 11241100x8000000000000000772263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a9a5d02e2451cd2021-12-20 15:59:34.927root 11241100x8000000000000000772264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf67a22cb5229e132021-12-20 15:59:34.927root 11241100x8000000000000000772265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f41dfe8bbcfcad2021-12-20 15:59:34.927root 11241100x8000000000000000772266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8f35c176593ee02021-12-20 15:59:34.927root 11241100x8000000000000000772267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1a3c50fad102d02021-12-20 15:59:34.927root 11241100x8000000000000000772268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0289051962fcdcb62021-12-20 15:59:34.927root 11241100x8000000000000000772269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd9a8e958dc967a2021-12-20 15:59:35.424root 11241100x8000000000000000772270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a552ff4c024ead2021-12-20 15:59:35.425root 11241100x8000000000000000772271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa52aebc9214d0372021-12-20 15:59:35.425root 11241100x8000000000000000772272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f65c2bcb0c9f9662021-12-20 15:59:35.425root 11241100x8000000000000000772273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e6442eb47f8aa52021-12-20 15:59:35.425root 11241100x8000000000000000772274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a73e3bdc4dc9e42021-12-20 15:59:35.426root 11241100x8000000000000000772275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c80cd583e369862021-12-20 15:59:35.426root 11241100x8000000000000000772276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74572ca3f9b39a582021-12-20 15:59:35.426root 11241100x8000000000000000772277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c355bc1feae54c782021-12-20 15:59:35.426root 11241100x8000000000000000772278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7845e2abc68e0c52021-12-20 15:59:35.426root 11241100x8000000000000000772279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4806488184dce3232021-12-20 15:59:35.426root 11241100x8000000000000000772280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9ea325fdecb5482021-12-20 15:59:35.427root 11241100x8000000000000000772281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46969c98c8326c882021-12-20 15:59:35.427root 11241100x8000000000000000772282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a60ee6ba7e0c6082021-12-20 15:59:35.427root 11241100x8000000000000000772283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61f8c31ff5934ff2021-12-20 15:59:35.427root 11241100x8000000000000000772284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8efe03416898d842021-12-20 15:59:35.427root 11241100x8000000000000000772285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b43269efa4e95652021-12-20 15:59:35.427root 11241100x8000000000000000772286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3d721d601d678b2021-12-20 15:59:35.427root 11241100x8000000000000000772287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2b7e4bd784fd202021-12-20 15:59:35.428root 11241100x8000000000000000772288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0e0e4c3d9369692021-12-20 15:59:35.428root 11241100x8000000000000000772289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8f0561ae8646252021-12-20 15:59:35.428root 11241100x8000000000000000772290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a491a0ffb1a084ed2021-12-20 15:59:35.428root 11241100x8000000000000000772291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b92b18f2ded17182021-12-20 15:59:35.428root 11241100x8000000000000000772292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3710520b72697ce2021-12-20 15:59:35.428root 11241100x8000000000000000772293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11af434abd3ed3342021-12-20 15:59:35.428root 11241100x8000000000000000772294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89311ce35c5217242021-12-20 15:59:35.428root 11241100x8000000000000000772295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738d965f53b027402021-12-20 15:59:35.428root 11241100x8000000000000000772296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599b2b6896b3ece32021-12-20 15:59:35.428root 11241100x8000000000000000772297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c694ab868be0402021-12-20 15:59:35.428root 11241100x8000000000000000772298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788a8a9a104ac4252021-12-20 15:59:35.428root 11241100x8000000000000000772299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5103bab0811646fe2021-12-20 15:59:35.428root 11241100x8000000000000000772300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c266338451ba890c2021-12-20 15:59:35.428root 11241100x8000000000000000772301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d487690dc0a5af2021-12-20 15:59:35.429root 11241100x8000000000000000772302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4608b20136d5e4612021-12-20 15:59:35.429root 11241100x8000000000000000772303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722bc6a1483ac5a62021-12-20 15:59:35.429root 11241100x8000000000000000772304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf253683fb6e32e02021-12-20 15:59:35.924root 11241100x8000000000000000772305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1399749a1118ed922021-12-20 15:59:35.924root 11241100x8000000000000000772306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a796174efe615f2021-12-20 15:59:35.924root 11241100x8000000000000000772307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36a5a93597386d02021-12-20 15:59:35.924root 11241100x8000000000000000772308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a85a800b1165e5e2021-12-20 15:59:35.924root 11241100x8000000000000000772309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7cd0126eb33bf22021-12-20 15:59:35.924root 11241100x8000000000000000772310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962e94d525c735fb2021-12-20 15:59:35.925root 11241100x8000000000000000772311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8c69c50330866b2021-12-20 15:59:35.925root 11241100x8000000000000000772312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03932a218e4cbe12021-12-20 15:59:35.925root 11241100x8000000000000000772313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c64b65d7faa9212021-12-20 15:59:35.925root 11241100x8000000000000000772314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e811eb4c5145062021-12-20 15:59:35.925root 11241100x8000000000000000772315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f1fb47f33c49b12021-12-20 15:59:35.925root 11241100x8000000000000000772316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a974f3785b718672021-12-20 15:59:35.925root 11241100x8000000000000000772317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ccb125732db58b2021-12-20 15:59:35.925root 11241100x8000000000000000772318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db77d359e8d8a5452021-12-20 15:59:35.925root 11241100x8000000000000000772319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0985f03dee0cd22021-12-20 15:59:35.925root 11241100x8000000000000000772320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df58743689adee812021-12-20 15:59:35.925root 11241100x8000000000000000772321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d66a55ee349d2e72021-12-20 15:59:35.926root 11241100x8000000000000000772322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba669cdd863703f92021-12-20 15:59:35.926root 11241100x8000000000000000772323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cfba30a62f47d62021-12-20 15:59:35.926root 11241100x8000000000000000772324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bead24b22e2f1aeb2021-12-20 15:59:35.926root 11241100x8000000000000000772325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3900e9e92f76ea2021-12-20 15:59:35.926root 11241100x8000000000000000772326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72abd24f57d7a8f22021-12-20 15:59:35.926root 11241100x8000000000000000772327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb182700dc658c352021-12-20 15:59:35.926root 11241100x8000000000000000772328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100765bbcf4a5ce62021-12-20 15:59:35.926root 11241100x8000000000000000772329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef4518b2844467d2021-12-20 15:59:35.926root 11241100x8000000000000000772330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6260c4b1f564d8b2021-12-20 15:59:35.926root 11241100x8000000000000000772331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869c87b276b0a69b2021-12-20 15:59:35.926root 11241100x8000000000000000772332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a4b6a30400ea812021-12-20 15:59:35.927root 11241100x8000000000000000772333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fe603826b302742021-12-20 15:59:35.927root 11241100x8000000000000000772334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b272194b5a35ed2021-12-20 15:59:35.927root 11241100x8000000000000000772335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0481054cedde5e82021-12-20 15:59:35.927root 11241100x8000000000000000772336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b0c460d1c036032021-12-20 15:59:35.927root 11241100x8000000000000000772337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a131f65362ffc542021-12-20 15:59:35.927root 11241100x8000000000000000772338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa93899ed1e0f2232021-12-20 15:59:35.927root 11241100x8000000000000000772339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa8012befcfc3e92021-12-20 15:59:35.927root 11241100x8000000000000000772340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4a06f75d4fd9b12021-12-20 15:59:35.927root 11241100x8000000000000000772341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158f9c4af4f2b28f2021-12-20 15:59:35.927root 11241100x8000000000000000772342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b4589412adb1612021-12-20 15:59:35.927root 11241100x8000000000000000772343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6026b2f25da2fe792021-12-20 15:59:35.927root 11241100x8000000000000000772344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe57e7059c2e52762021-12-20 15:59:35.927root 11241100x8000000000000000772345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f56b79ed3db0e2021-12-20 15:59:35.928root 11241100x8000000000000000772346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698b97a3d0b9fbf12021-12-20 15:59:35.928root 11241100x8000000000000000772347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219d96fcd16d57a42021-12-20 15:59:35.928root 11241100x8000000000000000772348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6b636b40364c542021-12-20 15:59:35.928root 11241100x8000000000000000772349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00afe1a081a0c74a2021-12-20 15:59:35.928root 11241100x8000000000000000772350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e1da0c239f55eb2021-12-20 15:59:35.928root 11241100x8000000000000000772351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b4bb2f1a6628b32021-12-20 15:59:35.928root 11241100x8000000000000000772352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141a06bfe09db9892021-12-20 15:59:35.928root 11241100x8000000000000000772353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 15:59:36.068root 11241100x8000000000000000772354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e4bba69e89974f2021-12-20 15:59:36.424root 11241100x8000000000000000772355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d63f51bbee7bc02021-12-20 15:59:36.424root 11241100x8000000000000000772356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dace958175fc3cc82021-12-20 15:59:36.424root 11241100x8000000000000000772357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83e59e48494995b2021-12-20 15:59:36.424root 11241100x8000000000000000772358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b3c4975dbecc912021-12-20 15:59:36.424root 11241100x8000000000000000772359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beac55c64d935ed2021-12-20 15:59:36.424root 11241100x8000000000000000772360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696b788c7ec629272021-12-20 15:59:36.425root 11241100x8000000000000000772361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1a3b547594926d2021-12-20 15:59:36.425root 11241100x8000000000000000772362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb84cbc8e51b8c62021-12-20 15:59:36.425root 11241100x8000000000000000772363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a26360e652ccb82021-12-20 15:59:36.426root 11241100x8000000000000000772364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0446f290e08b82d42021-12-20 15:59:36.426root 11241100x8000000000000000772365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fae55d5441308d42021-12-20 15:59:36.426root 11241100x8000000000000000772366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c526654b9d320b2021-12-20 15:59:36.426root 11241100x8000000000000000772367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe9bead29636fc32021-12-20 15:59:36.426root 11241100x8000000000000000772368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159240336b4330b32021-12-20 15:59:36.426root 11241100x8000000000000000772369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4d35abeaa304c72021-12-20 15:59:36.426root 11241100x8000000000000000772370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145ddb2699d9a4d42021-12-20 15:59:36.427root 11241100x8000000000000000772371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48ea74619533a532021-12-20 15:59:36.427root 11241100x8000000000000000772372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcb7a8d16030f2a2021-12-20 15:59:36.427root 11241100x8000000000000000772373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c8830fd305dc392021-12-20 15:59:36.427root 11241100x8000000000000000772374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19b6cbadb0f4fce2021-12-20 15:59:36.427root 11241100x8000000000000000772375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06917a3638cf5df62021-12-20 15:59:36.427root 11241100x8000000000000000772376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3506d46c1693b1912021-12-20 15:59:36.427root 11241100x8000000000000000772377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85e55e9f172443b2021-12-20 15:59:36.427root 11241100x8000000000000000772378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c13fa481e52c8702021-12-20 15:59:36.427root 11241100x8000000000000000772379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2803c2dd23ac732021-12-20 15:59:36.427root 11241100x8000000000000000772380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca00ca5711cc9d82021-12-20 15:59:36.427root 11241100x8000000000000000772381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15fdbb0d37281b62021-12-20 15:59:36.428root 11241100x8000000000000000772382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4295ea4aa3d50082021-12-20 15:59:36.428root 11241100x8000000000000000772383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5886727240cf0902021-12-20 15:59:36.428root 11241100x8000000000000000772384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1254dad86a0c22fb2021-12-20 15:59:36.428root 11241100x8000000000000000772385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837e64ebeb7cd9022021-12-20 15:59:36.428root 11241100x8000000000000000772386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bbee46abb6d70e2021-12-20 15:59:36.428root 11241100x8000000000000000772387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed7ec13fd95d8712021-12-20 15:59:36.428root 11241100x8000000000000000772388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d97f9af10a81b512021-12-20 15:59:36.428root 11241100x8000000000000000772389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cc235c928ee99c2021-12-20 15:59:36.428root 11241100x8000000000000000772390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ad626743d164132021-12-20 15:59:36.428root 11241100x8000000000000000772391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a0c12f66667a0a2021-12-20 15:59:36.428root 11241100x8000000000000000772392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32895aefbc98202e2021-12-20 15:59:36.429root 11241100x8000000000000000772393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9ce029690243832021-12-20 15:59:36.429root 11241100x8000000000000000772394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce6f76354cb48882021-12-20 15:59:36.429root 11241100x8000000000000000772395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939c7ef0dae1770d2021-12-20 15:59:36.429root 11241100x8000000000000000772396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c321912b2ef357b22021-12-20 15:59:36.429root 11241100x8000000000000000772397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8766427e8746be392021-12-20 15:59:36.429root 11241100x8000000000000000772398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b073e5acb09fbd5d2021-12-20 15:59:36.429root 11241100x8000000000000000772399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd638171295ed3e2021-12-20 15:59:36.429root 11241100x8000000000000000772400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe644665786c2892021-12-20 15:59:36.429root 11241100x8000000000000000772401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e45484d1160da12021-12-20 15:59:36.429root 11241100x8000000000000000772402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bba560e9857baa12021-12-20 15:59:36.437root 11241100x8000000000000000772403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cb51bc4635359c2021-12-20 15:59:36.437root 11241100x8000000000000000772404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2152852e78f93db2021-12-20 15:59:36.437root 11241100x8000000000000000772405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbae21962566b6292021-12-20 15:59:36.437root 11241100x8000000000000000772406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b21c6d20e36f7e2021-12-20 15:59:36.442root 11241100x8000000000000000772407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f137157b6bfef82021-12-20 15:59:36.442root 11241100x8000000000000000772408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731a8e5dd5a396362021-12-20 15:59:36.442root 11241100x8000000000000000772409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6a06b59108e8812021-12-20 15:59:36.442root 11241100x8000000000000000772410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0d45f830d15d152021-12-20 15:59:36.442root 11241100x8000000000000000772411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88692fecc07a82bc2021-12-20 15:59:36.442root 11241100x8000000000000000772412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7729fe436c827ed32021-12-20 15:59:36.442root 11241100x8000000000000000772413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73dfecc08ebccc62021-12-20 15:59:36.443root 11241100x8000000000000000772414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10339c096f512bf92021-12-20 15:59:36.443root 11241100x8000000000000000772415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a32cbdbbeb783a2021-12-20 15:59:36.443root 11241100x8000000000000000772416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd15b1c5894fecef2021-12-20 15:59:36.443root 11241100x8000000000000000772417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e479678a4e9f402021-12-20 15:59:36.443root 11241100x8000000000000000772418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8c48df4d2e15c52021-12-20 15:59:36.443root 11241100x8000000000000000772419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe58c4b20e4b38e2021-12-20 15:59:36.443root 11241100x8000000000000000772420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ef05252f8598b82021-12-20 15:59:36.443root 11241100x8000000000000000772421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc83b61b4d5a05622021-12-20 15:59:36.443root 11241100x8000000000000000772422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136c69470b73b7692021-12-20 15:59:36.443root 11241100x8000000000000000772423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c45621c32009d2a2021-12-20 15:59:36.443root 11241100x8000000000000000772424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bf263637dcf1172021-12-20 15:59:36.443root 11241100x8000000000000000772425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff94b0f92186c0e2021-12-20 15:59:36.443root 11241100x8000000000000000772426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2084694463b215a02021-12-20 15:59:36.924root 11241100x8000000000000000772427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845c823ff0e62ba82021-12-20 15:59:36.924root 11241100x8000000000000000772428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bedb1e2ddee0572021-12-20 15:59:36.924root 11241100x8000000000000000772429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd5c0bf6e2b794a2021-12-20 15:59:36.924root 11241100x8000000000000000772430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da6b45cf34f3b132021-12-20 15:59:36.924root 11241100x8000000000000000772431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dbfc45b7f86be72021-12-20 15:59:36.924root 11241100x8000000000000000772432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75aac35f55e111142021-12-20 15:59:36.925root 11241100x8000000000000000772433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429377a8ef4bdcb12021-12-20 15:59:36.925root 11241100x8000000000000000772434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ff4b036a7948862021-12-20 15:59:36.925root 11241100x8000000000000000772435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde65cc5ded7461a2021-12-20 15:59:36.925root 11241100x8000000000000000772436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043a43115660ac672021-12-20 15:59:36.925root 11241100x8000000000000000772437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a945ca04de9fc8f2021-12-20 15:59:36.925root 11241100x8000000000000000772438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb54fba586b3d742021-12-20 15:59:36.925root 11241100x8000000000000000772439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d55a312266cc912021-12-20 15:59:36.925root 11241100x8000000000000000772440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb767ab99ee09482021-12-20 15:59:36.925root 11241100x8000000000000000772441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4e80088c2450442021-12-20 15:59:36.925root 11241100x8000000000000000772442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453cb597ba8afbd02021-12-20 15:59:36.926root 11241100x8000000000000000772443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437162521614a98d2021-12-20 15:59:36.926root 11241100x8000000000000000772444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1a2bccac17f1742021-12-20 15:59:36.926root 11241100x8000000000000000772445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb47a0604de1ab792021-12-20 15:59:36.926root 11241100x8000000000000000772446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ce1a27779ccadf2021-12-20 15:59:36.926root 11241100x8000000000000000772447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d135c9cd8311846a2021-12-20 15:59:36.926root 11241100x8000000000000000772448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d0b3bf4823658b2021-12-20 15:59:36.926root 11241100x8000000000000000772449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0515f808825a9712021-12-20 15:59:36.926root 11241100x8000000000000000772450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e045e43863663d2021-12-20 15:59:36.926root 11241100x8000000000000000772451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e14115cac4c7c2c2021-12-20 15:59:36.926root 11241100x8000000000000000772452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d87ab168dcc4f612021-12-20 15:59:36.927root 11241100x8000000000000000772453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6de99a12ae14392021-12-20 15:59:36.927root 11241100x8000000000000000772454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f84cc0442b6ec52021-12-20 15:59:36.927root 11241100x8000000000000000772455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dda9fafeff72a772021-12-20 15:59:36.927root 11241100x8000000000000000772456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3792d3a6841363f22021-12-20 15:59:36.927root 11241100x8000000000000000772457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c75afb29bafd382021-12-20 15:59:36.927root 11241100x8000000000000000772458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf70d9f2ed6b46442021-12-20 15:59:36.927root 11241100x8000000000000000772459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0c3d6bdd525aa62021-12-20 15:59:36.928root 11241100x8000000000000000772460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89dd164573787632021-12-20 15:59:36.928root 11241100x8000000000000000772461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d5e98b0ff4df472021-12-20 15:59:36.928root 11241100x8000000000000000772462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aa38d7d906d98d2021-12-20 15:59:36.931root 11241100x8000000000000000772463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31889657213a89d02021-12-20 15:59:36.932root 11241100x8000000000000000772464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875b2de6ee8684322021-12-20 15:59:36.932root 11241100x8000000000000000772465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f979c8b42b5f972021-12-20 15:59:36.932root 11241100x8000000000000000772466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaa8f6251319dcc2021-12-20 15:59:36.932root 11241100x8000000000000000772467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130606b05f68b2562021-12-20 15:59:36.932root 11241100x8000000000000000772468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1cceb8f04d18e62021-12-20 15:59:36.932root 11241100x8000000000000000772469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91997de13606080f2021-12-20 15:59:36.932root 11241100x8000000000000000772470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46c590cf62accea2021-12-20 15:59:36.932root 11241100x8000000000000000772471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ee832668aa93192021-12-20 15:59:36.933root 11241100x8000000000000000772472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792e8ffc042837c2021-12-20 15:59:36.933root 11241100x8000000000000000772473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a414289ca5046dce2021-12-20 15:59:36.933root 11241100x8000000000000000772474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c989599775196d2021-12-20 15:59:36.933root 11241100x8000000000000000772475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4b521bbdf67d2e2021-12-20 15:59:36.933root 11241100x8000000000000000772476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded7ea35dc51a6de2021-12-20 15:59:36.933root 11241100x8000000000000000772477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccd881eb423a9372021-12-20 15:59:36.933root 11241100x8000000000000000772478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:36.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5930e38355dc842021-12-20 15:59:36.933root 11241100x8000000000000000772479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615c145511572bf72021-12-20 15:59:37.424root 11241100x8000000000000000772480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a47c9cb44cbf2c2021-12-20 15:59:37.424root 11241100x8000000000000000772481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01196179bd1a470f2021-12-20 15:59:37.424root 11241100x8000000000000000772482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbc302b002b72f12021-12-20 15:59:37.424root 11241100x8000000000000000772483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f46b4b4844058f12021-12-20 15:59:37.424root 11241100x8000000000000000772484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecd5f15d693a16f2021-12-20 15:59:37.425root 11241100x8000000000000000772485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab428df2caa972c2021-12-20 15:59:37.425root 11241100x8000000000000000772486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a243662a953cd5962021-12-20 15:59:37.425root 11241100x8000000000000000772487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f197e3764da9c3402021-12-20 15:59:37.425root 11241100x8000000000000000772488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713b4c120a62ba692021-12-20 15:59:37.425root 11241100x8000000000000000772489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7e32f504b74e732021-12-20 15:59:37.425root 11241100x8000000000000000772490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b93f5d4d4de4fb2021-12-20 15:59:37.425root 11241100x8000000000000000772491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4a8107cba7ad762021-12-20 15:59:37.425root 11241100x8000000000000000772492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd2ec03d3b48c5e2021-12-20 15:59:37.427root 11241100x8000000000000000772493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac8da64ff1bf69e2021-12-20 15:59:37.427root 11241100x8000000000000000772494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059b5e4b9a2647a02021-12-20 15:59:37.427root 11241100x8000000000000000772495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073107622296419f2021-12-20 15:59:37.427root 11241100x8000000000000000772496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c972bb8e5101f9532021-12-20 15:59:37.428root 11241100x8000000000000000772497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a94549055d27612021-12-20 15:59:37.428root 11241100x8000000000000000772498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5d21718e5679262021-12-20 15:59:37.428root 11241100x8000000000000000772499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657fd4b00f689be52021-12-20 15:59:37.428root 11241100x8000000000000000772500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5173f847a1d0b5ec2021-12-20 15:59:37.428root 11241100x8000000000000000772501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe968b3cc0498a732021-12-20 15:59:37.428root 11241100x8000000000000000772502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62dcd44885137322021-12-20 15:59:37.428root 11241100x8000000000000000772503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8122ea5dce6b16212021-12-20 15:59:37.429root 11241100x8000000000000000772504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6e085c12e2a6552021-12-20 15:59:37.429root 11241100x8000000000000000772505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11869c9b1082f0b2021-12-20 15:59:37.429root 11241100x8000000000000000772506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78b8a7129513a892021-12-20 15:59:37.429root 11241100x8000000000000000772507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b20681205ccbb052021-12-20 15:59:37.429root 11241100x8000000000000000772508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b4dc0d6cce33592021-12-20 15:59:37.429root 11241100x8000000000000000772509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d26b3b8bc4e851e2021-12-20 15:59:37.429root 11241100x8000000000000000772510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de4cd0377a316802021-12-20 15:59:37.429root 11241100x8000000000000000772511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d8486a80dddf222021-12-20 15:59:37.430root 11241100x8000000000000000772512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18f3f2522ee2e8e2021-12-20 15:59:37.430root 11241100x8000000000000000772513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb1f1569367b3912021-12-20 15:59:37.430root 11241100x8000000000000000772514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35382b708ee851952021-12-20 15:59:37.430root 11241100x8000000000000000772515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff94fb14c26164e2021-12-20 15:59:37.430root 11241100x8000000000000000772516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d8dd824a8645042021-12-20 15:59:37.430root 11241100x8000000000000000772517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508eb2a1458b24042021-12-20 15:59:37.430root 11241100x8000000000000000772518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54052820365a7b512021-12-20 15:59:37.430root 11241100x8000000000000000772519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b57abad78d9f6852021-12-20 15:59:37.430root 11241100x8000000000000000772520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ae115e884eda312021-12-20 15:59:37.430root 11241100x8000000000000000772521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c9da017cdfb9982021-12-20 15:59:37.430root 11241100x8000000000000000772522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16413009e9d04bd2021-12-20 15:59:37.431root 11241100x8000000000000000772523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d9161491f39e472021-12-20 15:59:37.431root 11241100x8000000000000000772524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5f15e3797923002021-12-20 15:59:37.431root 11241100x8000000000000000772525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1235cbc3098122722021-12-20 15:59:37.431root 11241100x8000000000000000772526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119d609fa588e15f2021-12-20 15:59:37.431root 11241100x8000000000000000772527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7067e755d08cbbf62021-12-20 15:59:37.431root 11241100x8000000000000000772528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00611eab77d11a92021-12-20 15:59:37.431root 11241100x8000000000000000772529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa6572c508f3c862021-12-20 15:59:37.432root 11241100x8000000000000000772530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f789b86160949ed42021-12-20 15:59:37.924root 11241100x8000000000000000772531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7aba874e140e262021-12-20 15:59:37.924root 11241100x8000000000000000772532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ce430622f505f82021-12-20 15:59:37.924root 11241100x8000000000000000772533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b0e2559475a9c42021-12-20 15:59:37.925root 11241100x8000000000000000772534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8234add931e3851d2021-12-20 15:59:37.925root 11241100x8000000000000000772535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf1680a0c8be02b2021-12-20 15:59:37.925root 11241100x8000000000000000772536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b19963f3f615502021-12-20 15:59:37.925root 11241100x8000000000000000772537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a42f39c83a70082021-12-20 15:59:37.925root 11241100x8000000000000000772538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1988fb5ed0acd47c2021-12-20 15:59:37.925root 11241100x8000000000000000772539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11ef7c21f1af3692021-12-20 15:59:37.925root 11241100x8000000000000000772540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bced7448aa2d41332021-12-20 15:59:37.925root 11241100x8000000000000000772541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e916837e3e6799ac2021-12-20 15:59:37.925root 11241100x8000000000000000772542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545aea0be602d27a2021-12-20 15:59:37.925root 11241100x8000000000000000772543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc725ab129da190c2021-12-20 15:59:37.925root 11241100x8000000000000000772544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0e703d6f88c67c2021-12-20 15:59:37.926root 11241100x8000000000000000772545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2f2c1b454d0f5e2021-12-20 15:59:37.926root 11241100x8000000000000000772546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d2858c318077b22021-12-20 15:59:37.926root 11241100x8000000000000000772547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1a603c90a99e8f2021-12-20 15:59:37.926root 11241100x8000000000000000772548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e557b2a904605b902021-12-20 15:59:37.926root 11241100x8000000000000000772549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e67314f350366a2021-12-20 15:59:37.926root 11241100x8000000000000000772550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265edad656a4054c2021-12-20 15:59:37.926root 11241100x8000000000000000772551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143f198ae5c9d5d82021-12-20 15:59:37.927root 11241100x8000000000000000772552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3346ec191e8a45a92021-12-20 15:59:37.927root 11241100x8000000000000000772553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8d4bf7792c04c2021-12-20 15:59:37.927root 11241100x8000000000000000772554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b3b0100cb021c62021-12-20 15:59:37.927root 11241100x8000000000000000772555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17f6032440138e92021-12-20 15:59:37.927root 11241100x8000000000000000772556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d2571edb9f12612021-12-20 15:59:37.927root 11241100x8000000000000000772557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f12af4581ab4792021-12-20 15:59:37.927root 11241100x8000000000000000772558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cc7bff12702c562021-12-20 15:59:37.927root 11241100x8000000000000000772559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af24419db75840d72021-12-20 15:59:37.927root 11241100x8000000000000000772560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb752198923d5092021-12-20 15:59:37.928root 11241100x8000000000000000772561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd6854e0d2af4f52021-12-20 15:59:37.928root 11241100x8000000000000000772562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe3a397411a4c1f2021-12-20 15:59:37.928root 11241100x8000000000000000772563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23120722beb668b42021-12-20 15:59:37.928root 11241100x8000000000000000772564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f493c2e7e5b34bf22021-12-20 15:59:37.928root 11241100x8000000000000000772565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db61d946daac3732021-12-20 15:59:37.928root 11241100x8000000000000000772566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6729aaca1afd2d62021-12-20 15:59:37.928root 11241100x8000000000000000772567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbe1de4543c33b92021-12-20 15:59:37.928root 11241100x8000000000000000772568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070e86dae84d099d2021-12-20 15:59:37.928root 11241100x8000000000000000772569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa399c6e70d9e242021-12-20 15:59:37.928root 11241100x8000000000000000772570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9c2faa1d43bd4c2021-12-20 15:59:37.928root 11241100x8000000000000000772571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70071cd06f252a72021-12-20 15:59:37.928root 11241100x8000000000000000772572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4da9218c424d742021-12-20 15:59:37.928root 11241100x8000000000000000772573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8a526e3da24f692021-12-20 15:59:37.929root 11241100x8000000000000000772574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779d9feb521b1eed2021-12-20 15:59:37.929root 11241100x8000000000000000772575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b2cb3cd688b0062021-12-20 15:59:37.929root 11241100x8000000000000000772576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899bba24d11d30b82021-12-20 15:59:37.929root 11241100x8000000000000000772577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019f03d2b973c7d62021-12-20 15:59:37.929root 11241100x8000000000000000772578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0e36f2dcadfb452021-12-20 15:59:37.929root 11241100x8000000000000000772579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258f5dfa85dee0b72021-12-20 15:59:37.929root 11241100x8000000000000000772580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea0149022ebe56a2021-12-20 15:59:37.929root 11241100x8000000000000000772581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505ef40c4db52d9c2021-12-20 15:59:37.929root 354300x8000000000000000772582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.237{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51482-false10.0.1.12-8000- 11241100x8000000000000000772583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.237{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cc9a69ea74060e2021-12-20 15:59:38.237root 11241100x8000000000000000772584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.238{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c666f34307242f2021-12-20 15:59:38.238root 11241100x8000000000000000772585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.238{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e01b1b4d3c6b282021-12-20 15:59:38.238root 11241100x8000000000000000772586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.238{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e244e6829dd24242021-12-20 15:59:38.238root 11241100x8000000000000000772587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.238{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213c5c2bfb0bea432021-12-20 15:59:38.238root 11241100x8000000000000000772588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.238{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d0fb100b1939c92021-12-20 15:59:38.238root 11241100x8000000000000000772589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.238{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df689bdfbeaa8962021-12-20 15:59:38.238root 11241100x8000000000000000772590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.239{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0293506bab80222021-12-20 15:59:38.239root 11241100x8000000000000000772591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.239{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a4058c47ab8c5c2021-12-20 15:59:38.239root 11241100x8000000000000000772592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.239{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b648dcd6b8e513082021-12-20 15:59:38.239root 11241100x8000000000000000772593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.239{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ebcb16ad4499892021-12-20 15:59:38.239root 11241100x8000000000000000772594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.239{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f985da283eab40ae2021-12-20 15:59:38.239root 11241100x8000000000000000772595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.240{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e28f0cd761b0752021-12-20 15:59:38.240root 11241100x8000000000000000772596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.240{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8456502919c658232021-12-20 15:59:38.240root 11241100x8000000000000000772597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.240{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6781d4d3e168aee2021-12-20 15:59:38.240root 11241100x8000000000000000772598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.240{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4859dc0a76e297d2021-12-20 15:59:38.240root 11241100x8000000000000000772599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.240{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828d735ac18eb1ea2021-12-20 15:59:38.240root 11241100x8000000000000000772600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.241{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c95e9d41458669e2021-12-20 15:59:38.241root 11241100x8000000000000000772601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.241{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cdfaaa4436c0172021-12-20 15:59:38.241root 11241100x8000000000000000772602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.241{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888f9be318927e602021-12-20 15:59:38.241root 11241100x8000000000000000772603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.242{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef67a4b7e88275a2021-12-20 15:59:38.242root 11241100x8000000000000000772604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.242{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3ac73767d4066a2021-12-20 15:59:38.242root 11241100x8000000000000000772605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.242{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b3fa5518f4e2a02021-12-20 15:59:38.242root 11241100x8000000000000000772606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.242{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29d9699eac1c0792021-12-20 15:59:38.242root 11241100x8000000000000000772607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.242{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2300a12b999fe62021-12-20 15:59:38.242root 11241100x8000000000000000772608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.243{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9519678667b4b3382021-12-20 15:59:38.243root 11241100x8000000000000000772609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.243{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06655042824edd6d2021-12-20 15:59:38.243root 11241100x8000000000000000772610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.243{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae89f903e20c7732021-12-20 15:59:38.243root 11241100x8000000000000000772611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1288e0a41557d992021-12-20 15:59:38.244root 11241100x8000000000000000772612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d879f3c50177cd2021-12-20 15:59:38.244root 11241100x8000000000000000772613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95323934a9bc8f22021-12-20 15:59:38.244root 11241100x8000000000000000772614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.244{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b23f3f82ec228de2021-12-20 15:59:38.244root 11241100x8000000000000000772615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.245{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa7a6e35b4032b82021-12-20 15:59:38.245root 11241100x8000000000000000772616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.245{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef41d04261463bb2021-12-20 15:59:38.245root 11241100x8000000000000000772617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.246{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd948ddd74ac0f22021-12-20 15:59:38.246root 11241100x8000000000000000772618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.246{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f288f48cae55757a2021-12-20 15:59:38.246root 11241100x8000000000000000772619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd4d207acfd60aa2021-12-20 15:59:38.248root 11241100x8000000000000000772620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9ce3e2c9e3deaa2021-12-20 15:59:38.248root 11241100x8000000000000000772621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055b84c55317c73c2021-12-20 15:59:38.248root 11241100x8000000000000000772622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b612d0626fc26f12021-12-20 15:59:38.248root 11241100x8000000000000000772623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.248{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e1ae49dfa7ce4d2021-12-20 15:59:38.248root 11241100x8000000000000000772624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.249{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c275a07905f78c12021-12-20 15:59:38.249root 11241100x8000000000000000772625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.249{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeacf19ca1ce9a4a2021-12-20 15:59:38.249root 11241100x8000000000000000772626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.249{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8b46f1d5de7dd22021-12-20 15:59:38.249root 11241100x8000000000000000772627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.249{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f6da6023d838042021-12-20 15:59:38.249root 11241100x8000000000000000772628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c363d4ce338dee92021-12-20 15:59:38.674root 11241100x8000000000000000772629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8184cd32262238b12021-12-20 15:59:38.674root 11241100x8000000000000000772630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec8baf85cb30b252021-12-20 15:59:38.674root 11241100x8000000000000000772631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdc3545687e6b5d2021-12-20 15:59:38.674root 11241100x8000000000000000772632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72160a5a0f527dc22021-12-20 15:59:38.675root 11241100x8000000000000000772633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18e68ed260df2742021-12-20 15:59:38.675root 11241100x8000000000000000772634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ece9a757944aac32021-12-20 15:59:38.675root 11241100x8000000000000000772635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eeca4e7e56f2ee2021-12-20 15:59:38.675root 11241100x8000000000000000772636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9808cc8490647a52021-12-20 15:59:38.675root 11241100x8000000000000000772637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5309a44ad9e6242021-12-20 15:59:38.675root 11241100x8000000000000000772638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b379cf09aace922021-12-20 15:59:38.675root 11241100x8000000000000000772639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5830f684d749f7fd2021-12-20 15:59:38.675root 11241100x8000000000000000772640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637620acabcf8c822021-12-20 15:59:38.675root 11241100x8000000000000000772641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222b3a53e8d4aee82021-12-20 15:59:38.675root 11241100x8000000000000000772642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cb2a9441d36dca2021-12-20 15:59:38.676root 11241100x8000000000000000772643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e693804a8206812021-12-20 15:59:38.676root 11241100x8000000000000000772644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b09bd775f6aa272021-12-20 15:59:38.676root 11241100x8000000000000000772645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8adc5772ee4dda2021-12-20 15:59:38.676root 11241100x8000000000000000772646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a43546fdf4961ec2021-12-20 15:59:38.676root 11241100x8000000000000000772647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0105404e34bbeb6e2021-12-20 15:59:38.676root 11241100x8000000000000000772648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b64e1797bd68072021-12-20 15:59:38.677root 11241100x8000000000000000772649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4079a8e447ef4ad12021-12-20 15:59:38.677root 11241100x8000000000000000772650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164e66a3689f24222021-12-20 15:59:38.677root 11241100x8000000000000000772651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab97076d5438fad2021-12-20 15:59:38.677root 11241100x8000000000000000772652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793a173a19cdc62b2021-12-20 15:59:38.677root 11241100x8000000000000000772653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d3735019d760df2021-12-20 15:59:38.677root 11241100x8000000000000000772654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27473032671a38dd2021-12-20 15:59:38.677root 11241100x8000000000000000772655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a21b1d92683adb12021-12-20 15:59:38.678root 11241100x8000000000000000772656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1489042f8fbe612021-12-20 15:59:38.678root 11241100x8000000000000000772657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99000910777fc27f2021-12-20 15:59:38.678root 11241100x8000000000000000772658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2aaaa83fafde1ac2021-12-20 15:59:38.678root 11241100x8000000000000000772659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1a41a2af98aa292021-12-20 15:59:38.678root 11241100x8000000000000000772660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c1c2239506ceff2021-12-20 15:59:38.678root 11241100x8000000000000000772661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55663a22fdb5aeb72021-12-20 15:59:38.678root 11241100x8000000000000000772662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782a94cbca1625df2021-12-20 15:59:38.678root 11241100x8000000000000000772663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff2952a8e0202d12021-12-20 15:59:38.678root 11241100x8000000000000000772664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812f10c08571eafc2021-12-20 15:59:38.678root 11241100x8000000000000000772665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f74da3b4bf8a5d2021-12-20 15:59:38.679root 11241100x8000000000000000772666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6864ff2bdd65342021-12-20 15:59:38.679root 11241100x8000000000000000772667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac36780703a75ad2021-12-20 15:59:38.679root 11241100x8000000000000000772668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505375a3641a1d772021-12-20 15:59:38.679root 11241100x8000000000000000772669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d91bbedb2f45732021-12-20 15:59:38.679root 11241100x8000000000000000772670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111d8da591b63e0f2021-12-20 15:59:38.680root 11241100x8000000000000000772671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612a444732ad58e82021-12-20 15:59:38.680root 11241100x8000000000000000772672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe514f2fd41f4f12021-12-20 15:59:38.680root 11241100x8000000000000000772673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa615b124eb2e6ed2021-12-20 15:59:38.680root 11241100x8000000000000000772674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb12599f1eaa4d002021-12-20 15:59:38.681root 11241100x8000000000000000772675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186572b0404e99bb2021-12-20 15:59:38.681root 11241100x8000000000000000772676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410b438122a2d3622021-12-20 15:59:38.681root 11241100x8000000000000000772677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2db0be32dec2da2021-12-20 15:59:38.681root 11241100x8000000000000000772678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4b6e416ec4a0652021-12-20 15:59:38.681root 11241100x8000000000000000772679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:38.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f979b577a31cc52021-12-20 15:59:38.681root 23542300x8000000000000000772680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000772681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d81fbe0554b46542021-12-20 15:59:39.070root 11241100x8000000000000000772682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372a46997e3cf7782021-12-20 15:59:39.070root 11241100x8000000000000000772683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c1ae18454db8542021-12-20 15:59:39.071root 11241100x8000000000000000772684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189d0e164ed4b15f2021-12-20 15:59:39.071root 11241100x8000000000000000772685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794abc5cb104e29b2021-12-20 15:59:39.071root 11241100x8000000000000000772686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac62759351892a72021-12-20 15:59:39.071root 11241100x8000000000000000772687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905f1147d84995982021-12-20 15:59:39.071root 11241100x8000000000000000772688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d757f7a09de4f972021-12-20 15:59:39.071root 11241100x8000000000000000772689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bd66a3135faf5f2021-12-20 15:59:39.071root 11241100x8000000000000000772690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8668985d3f852a2a2021-12-20 15:59:39.071root 11241100x8000000000000000772691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f33d473361c1a112021-12-20 15:59:39.071root 11241100x8000000000000000772692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e51ca7c855b54f22021-12-20 15:59:39.071root 11241100x8000000000000000772693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8823f68957ad382021-12-20 15:59:39.072root 11241100x8000000000000000772694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba0ea793ef42e5e2021-12-20 15:59:39.072root 11241100x8000000000000000772695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca40b4b80cd024fb2021-12-20 15:59:39.072root 11241100x8000000000000000772696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee04583de3df8bd2021-12-20 15:59:39.072root 11241100x8000000000000000772697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02be0a0fa30d14da2021-12-20 15:59:39.072root 11241100x8000000000000000772698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e13c02be674ae12021-12-20 15:59:39.072root 11241100x8000000000000000772699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513579732bebdcbf2021-12-20 15:59:39.072root 11241100x8000000000000000772700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b2a1320699f7b22021-12-20 15:59:39.072root 11241100x8000000000000000772701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad40a8a02b4025d32021-12-20 15:59:39.072root 11241100x8000000000000000772702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fa42611757c9652021-12-20 15:59:39.073root 11241100x8000000000000000772703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a11ffe21f7bfb562021-12-20 15:59:39.073root 11241100x8000000000000000772704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f55e13912f5d2b2021-12-20 15:59:39.073root 11241100x8000000000000000772705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573d9023c837577a2021-12-20 15:59:39.073root 11241100x8000000000000000772706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652af70b311e3ac82021-12-20 15:59:39.073root 11241100x8000000000000000772707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831e4d2fe198e6532021-12-20 15:59:39.074root 11241100x8000000000000000772708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754b4b93ce5d53b52021-12-20 15:59:39.074root 11241100x8000000000000000772709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dcb6769833e58e2021-12-20 15:59:39.074root 11241100x8000000000000000772710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a83227651f77ec2021-12-20 15:59:39.074root 11241100x8000000000000000772711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d2c2600a6334dd2021-12-20 15:59:39.074root 11241100x8000000000000000772712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7353d72caf25deb92021-12-20 15:59:39.074root 11241100x8000000000000000772713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fd1b68c0d6fe942021-12-20 15:59:39.074root 11241100x8000000000000000772714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9d14a1bf6d1f922021-12-20 15:59:39.075root 11241100x8000000000000000772715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f5d46573d210d52021-12-20 15:59:39.075root 11241100x8000000000000000772716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ea0d07a96771dd2021-12-20 15:59:39.075root 11241100x8000000000000000772717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a011ed2c63710392021-12-20 15:59:39.075root 11241100x8000000000000000772718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a24a2f66fafa16e2021-12-20 15:59:39.075root 11241100x8000000000000000772719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1667c960cca440212021-12-20 15:59:39.075root 11241100x8000000000000000772720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5458d9cc403a872021-12-20 15:59:39.075root 11241100x8000000000000000772721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb67edbe6dbc3dea2021-12-20 15:59:39.424root 11241100x8000000000000000772722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a63acb2b5c23b92021-12-20 15:59:39.424root 11241100x8000000000000000772723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32270c45b4f6aef02021-12-20 15:59:39.424root 11241100x8000000000000000772724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90d97ed4a573e312021-12-20 15:59:39.425root 11241100x8000000000000000772725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d733c01b4058c01e2021-12-20 15:59:39.425root 11241100x8000000000000000772726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408184e51ae6e32e2021-12-20 15:59:39.425root 11241100x8000000000000000772727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b063c30a53631b02021-12-20 15:59:39.425root 11241100x8000000000000000772728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fb4e9932d8dc612021-12-20 15:59:39.425root 11241100x8000000000000000772729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5724df9deaf45e422021-12-20 15:59:39.425root 11241100x8000000000000000772730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a72885d5610fe32021-12-20 15:59:39.425root 11241100x8000000000000000772731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfa86fb205fb6652021-12-20 15:59:39.426root 11241100x8000000000000000772732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5735d04ec1e8bab22021-12-20 15:59:39.426root 11241100x8000000000000000772733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9aeefa68c1772b72021-12-20 15:59:39.426root 11241100x8000000000000000772734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc00910cf2d72732021-12-20 15:59:39.426root 11241100x8000000000000000772735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6880ffe9b1f54ce92021-12-20 15:59:39.426root 11241100x8000000000000000772736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba374fc3b28e50202021-12-20 15:59:39.426root 11241100x8000000000000000772737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3737df2b782cbc5c2021-12-20 15:59:39.426root 11241100x8000000000000000772738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5650f4f21fff77a42021-12-20 15:59:39.426root 11241100x8000000000000000772739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c102c702c64d9e2021-12-20 15:59:39.426root 11241100x8000000000000000772740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfe3d3e6d9219162021-12-20 15:59:39.427root 11241100x8000000000000000772741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac4dbc07fe021382021-12-20 15:59:39.427root 11241100x8000000000000000772742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90fde7ae183c4ad2021-12-20 15:59:39.427root 11241100x8000000000000000772743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac894e6db34f04212021-12-20 15:59:39.427root 11241100x8000000000000000772744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eee8fc5cd1b26ed2021-12-20 15:59:39.427root 11241100x8000000000000000772745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86605d0211f88522021-12-20 15:59:39.427root 11241100x8000000000000000772746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04476f4790d57842021-12-20 15:59:39.427root 11241100x8000000000000000772747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e51913df2ef85e2021-12-20 15:59:39.427root 11241100x8000000000000000772748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b4362a4065a1082021-12-20 15:59:39.427root 11241100x8000000000000000772749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41c242d952f913c2021-12-20 15:59:39.427root 11241100x8000000000000000772750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0985c433d46e28492021-12-20 15:59:39.427root 11241100x8000000000000000772751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53270d5112da6b1b2021-12-20 15:59:39.428root 11241100x8000000000000000772752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fe146dea01675b2021-12-20 15:59:39.428root 11241100x8000000000000000772753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991a9578ace57ce42021-12-20 15:59:39.428root 11241100x8000000000000000772754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe841d1f79579e32021-12-20 15:59:39.428root 11241100x8000000000000000772755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62f35110860d2a12021-12-20 15:59:39.428root 11241100x8000000000000000772756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0a33c4c182e3a02021-12-20 15:59:39.428root 11241100x8000000000000000772757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39b35aec2cfddd82021-12-20 15:59:39.428root 11241100x8000000000000000772758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6255dc27b183f2c72021-12-20 15:59:39.429root 11241100x8000000000000000772759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb46f3e470f819252021-12-20 15:59:39.429root 11241100x8000000000000000772760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34830806b2eb07d2021-12-20 15:59:39.429root 11241100x8000000000000000772761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fe620ff3bc21302021-12-20 15:59:39.429root 11241100x8000000000000000772762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e1dcd6ab0e25602021-12-20 15:59:39.429root 154100x8000000000000000772763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.472{ec2c97d1-a86b-61c0-081e-1d68e7550000}10225/usr/bin/sudo-----sudo mal_boot.sh /etc/profile.d/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 354300x8000000000000000772764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.477{ec2c97d1-a86b-61c0-081e-1d68e7550000}10225/usr/bin/sudoubuntuudptruefalse127.0.0.1-42249-false127.0.0.53-53- 354300x8000000000000000772765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.477{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-52021-false10.0.0.2-53- 354300x8000000000000000772766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.477{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-37185-false10.0.0.2-53- 354300x8000000000000000772767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.478{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-42249- 354300x8000000000000000772768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.478{ec2c97d1-a86b-61c0-081e-1d68e7550000}10225/usr/bin/sudoubuntuudptruefalse127.0.0.1-59342-false127.0.0.53-53- 354300x8000000000000000772769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.478{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-59342- 534500x8000000000000000772770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.481{ec2c97d1-a86b-61c0-081e-1d68e7550000}10225/usr/bin/sudoubuntu 11241100x8000000000000000772771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a915715b50e63fd2021-12-20 15:59:39.924root 11241100x8000000000000000772772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081e9c7ede8e45ab2021-12-20 15:59:39.924root 11241100x8000000000000000772773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f571057e1ba1f1192021-12-20 15:59:39.924root 11241100x8000000000000000772774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d432c74acc64952021-12-20 15:59:39.925root 11241100x8000000000000000772775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0052cfe24334c72021-12-20 15:59:39.925root 11241100x8000000000000000772776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae99512a9a9946152021-12-20 15:59:39.925root 11241100x8000000000000000772777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7ce0f14a9cde2c2021-12-20 15:59:39.925root 11241100x8000000000000000772778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b9e701926c5fce2021-12-20 15:59:39.925root 11241100x8000000000000000772779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518c946a5718fdb52021-12-20 15:59:39.925root 11241100x8000000000000000772780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6485ac73adacc932021-12-20 15:59:39.925root 11241100x8000000000000000772781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a25729b046797b82021-12-20 15:59:39.925root 11241100x8000000000000000772782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e0dea7b39821982021-12-20 15:59:39.925root 11241100x8000000000000000772783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b09ff0f652f39d2021-12-20 15:59:39.925root 11241100x8000000000000000772784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57bc7749cb194982021-12-20 15:59:39.926root 11241100x8000000000000000772785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe72f88967ca1faf2021-12-20 15:59:39.926root 11241100x8000000000000000772786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1220f1d710aac572021-12-20 15:59:39.926root 11241100x8000000000000000772787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a82633070596492021-12-20 15:59:39.926root 11241100x8000000000000000772788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe602fea128bb2a92021-12-20 15:59:39.926root 11241100x8000000000000000772789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c7955c3e8a9edd2021-12-20 15:59:39.926root 11241100x8000000000000000772790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d26ac8bfe81d5212021-12-20 15:59:39.926root 11241100x8000000000000000772791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442dfe7d582fb74d2021-12-20 15:59:39.926root 11241100x8000000000000000772792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd5422427515c9d2021-12-20 15:59:39.926root 11241100x8000000000000000772793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64188127eb6f87b2021-12-20 15:59:39.926root 11241100x8000000000000000772794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb2ebafe5926d1a2021-12-20 15:59:39.926root 11241100x8000000000000000772795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ce13dc99518f2e2021-12-20 15:59:39.927root 11241100x8000000000000000772796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790ede674a0808aa2021-12-20 15:59:39.927root 11241100x8000000000000000772797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17b28dae6d1a75a2021-12-20 15:59:39.927root 11241100x8000000000000000772798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e6ac07af419f622021-12-20 15:59:39.927root 11241100x8000000000000000772799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f82f680acc6fca2021-12-20 15:59:39.927root 11241100x8000000000000000772800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febaaa93d9e79c282021-12-20 15:59:39.927root 11241100x8000000000000000772801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c69fa9a7cb3ae32021-12-20 15:59:39.927root 11241100x8000000000000000772802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4b4f5e449e0a6a2021-12-20 15:59:39.927root 11241100x8000000000000000772803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a783337917eaa32021-12-20 15:59:39.927root 11241100x8000000000000000772804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e2125c9a4116282021-12-20 15:59:39.927root 11241100x8000000000000000772805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec40c5e3b4023062021-12-20 15:59:39.928root 11241100x8000000000000000772806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af02fd623578c1f2021-12-20 15:59:39.928root 11241100x8000000000000000772807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc7be9747174cb32021-12-20 15:59:39.928root 11241100x8000000000000000772808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d9f99d9a541a342021-12-20 15:59:39.928root 11241100x8000000000000000772809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e5cfca1cbddd552021-12-20 15:59:39.928root 11241100x8000000000000000772810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa25e1546e7a2142021-12-20 15:59:39.928root 11241100x8000000000000000772811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986d68ce7334cd712021-12-20 15:59:39.928root 11241100x8000000000000000772812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d253769d3757ac362021-12-20 15:59:39.928root 11241100x8000000000000000772813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67e5bd7d6884d442021-12-20 15:59:39.928root 11241100x8000000000000000772814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a625df0cad810f2021-12-20 15:59:39.928root 11241100x8000000000000000772815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b860858722bed02021-12-20 15:59:39.929root 11241100x8000000000000000772816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc09dd7fcfdb5482021-12-20 15:59:39.929root 11241100x8000000000000000772817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ab078912dfcb902021-12-20 15:59:39.929root 11241100x8000000000000000772818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c936b0486ca805602021-12-20 15:59:39.929root 11241100x8000000000000000772819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ebed42fdee41b42021-12-20 15:59:39.929root 11241100x8000000000000000772820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e82c053200aa3d2021-12-20 15:59:39.929root 11241100x8000000000000000772821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981a0937dafdd9082021-12-20 15:59:39.929root 11241100x8000000000000000772822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1ed038385f58af2021-12-20 15:59:39.929root 11241100x8000000000000000772823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ccb87340227c602021-12-20 15:59:39.929root 11241100x8000000000000000772824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24d3b774e6178d22021-12-20 15:59:39.929root 11241100x8000000000000000772825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b996c99b4c7cbc992021-12-20 15:59:40.424root 11241100x8000000000000000772826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760e95409b7b37652021-12-20 15:59:40.424root 11241100x8000000000000000772827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b027409bff5f0ad2021-12-20 15:59:40.424root 11241100x8000000000000000772828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f795ebc2b1ef1ad22021-12-20 15:59:40.424root 11241100x8000000000000000772829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70946f5ce60a2a342021-12-20 15:59:40.425root 11241100x8000000000000000772830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7ffd704e14043d2021-12-20 15:59:40.425root 11241100x8000000000000000772831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e961cd6ceab344da2021-12-20 15:59:40.425root 11241100x8000000000000000772832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13ad856171122432021-12-20 15:59:40.425root 11241100x8000000000000000772833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965dc7907c75c3a52021-12-20 15:59:40.425root 11241100x8000000000000000772834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b56a46392d19a92021-12-20 15:59:40.425root 11241100x8000000000000000772835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c562bd5b6da3992021-12-20 15:59:40.425root 11241100x8000000000000000772836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a7d8655343827c2021-12-20 15:59:40.425root 11241100x8000000000000000772837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c76c8a2ce4cf43b2021-12-20 15:59:40.425root 11241100x8000000000000000772838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c7072c9a0213692021-12-20 15:59:40.426root 11241100x8000000000000000772839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1374ebc2b279e7e2021-12-20 15:59:40.426root 11241100x8000000000000000772840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327fdd43fa76903f2021-12-20 15:59:40.426root 11241100x8000000000000000772841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93c8b8c50d5634c2021-12-20 15:59:40.426root 11241100x8000000000000000772842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77d17db18f5947b2021-12-20 15:59:40.426root 11241100x8000000000000000772843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8571d4fd31187b952021-12-20 15:59:40.426root 11241100x8000000000000000772844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1ed3342b268cf82021-12-20 15:59:40.427root 11241100x8000000000000000772845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4811cb3ba64862b2021-12-20 15:59:40.427root 11241100x8000000000000000772846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4306722055cc0e32021-12-20 15:59:40.427root 11241100x8000000000000000772847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d020047494483552021-12-20 15:59:40.427root 11241100x8000000000000000772848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fade7c9279bf92822021-12-20 15:59:40.427root 11241100x8000000000000000772849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925764fd7c98f4372021-12-20 15:59:40.427root 11241100x8000000000000000772850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d20e35a25d8525d2021-12-20 15:59:40.428root 11241100x8000000000000000772851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663c9c5c89dedbcb2021-12-20 15:59:40.428root 11241100x8000000000000000772852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bb16b164d282562021-12-20 15:59:40.428root 11241100x8000000000000000772853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0282633fcc2ac26e2021-12-20 15:59:40.428root 11241100x8000000000000000772854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b6aadb2fc6bc2a2021-12-20 15:59:40.428root 11241100x8000000000000000772855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55734981cf8b33172021-12-20 15:59:40.428root 11241100x8000000000000000772856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2505dc48e69742732021-12-20 15:59:40.428root 11241100x8000000000000000772857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641f1d5f8c1a55332021-12-20 15:59:40.429root 11241100x8000000000000000772858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2da4745b0c221a2021-12-20 15:59:40.429root 11241100x8000000000000000772859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00750c7822eed6a2021-12-20 15:59:40.429root 11241100x8000000000000000772860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031e4c38235011af2021-12-20 15:59:40.429root 11241100x8000000000000000772861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b757923b9c0c612021-12-20 15:59:40.429root 11241100x8000000000000000772862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4251a5a310d6263a2021-12-20 15:59:40.429root 11241100x8000000000000000772863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3715270f91e0e60c2021-12-20 15:59:40.429root 11241100x8000000000000000772864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9812fe3c3815be4f2021-12-20 15:59:40.430root 11241100x8000000000000000772865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0ef0cab6cfc3242021-12-20 15:59:40.430root 11241100x8000000000000000772866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426816cbd07a4a212021-12-20 15:59:40.430root 11241100x8000000000000000772867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91df58f723574ff2021-12-20 15:59:40.430root 11241100x8000000000000000772868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b31bc2c2b5673ea2021-12-20 15:59:40.430root 11241100x8000000000000000772869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74776a06c654ec112021-12-20 15:59:40.430root 11241100x8000000000000000772870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d43364e065f3e32021-12-20 15:59:40.430root 11241100x8000000000000000772871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af78c5fb98168e42021-12-20 15:59:40.431root 11241100x8000000000000000772872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5964de4f67810f2021-12-20 15:59:40.431root 11241100x8000000000000000772873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50b71cc845dc9e22021-12-20 15:59:40.431root 11241100x8000000000000000772874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25715a6341ce8eb72021-12-20 15:59:40.431root 11241100x8000000000000000772875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5240cd4660bf7cc2021-12-20 15:59:40.431root 11241100x8000000000000000772876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9f2a4e52b2832e2021-12-20 15:59:40.431root 11241100x8000000000000000772877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f838eeeb200bcd6b2021-12-20 15:59:40.431root 11241100x8000000000000000772878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6e4581aa9bb4792021-12-20 15:59:40.431root 11241100x8000000000000000772879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67b162976a4efaa2021-12-20 15:59:40.431root 11241100x8000000000000000772880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1627a8068c27b0922021-12-20 15:59:40.432root 11241100x8000000000000000772881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffc402782a054472021-12-20 15:59:40.432root 11241100x8000000000000000772882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab9b96a16a3e06b2021-12-20 15:59:40.432root 11241100x8000000000000000772883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cb5d72e8869fcf2021-12-20 15:59:40.432root 11241100x8000000000000000772884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b0a315d554a46a2021-12-20 15:59:40.432root 11241100x8000000000000000772885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efb1fc6546fd1622021-12-20 15:59:40.432root 11241100x8000000000000000772886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cb932b6314a6902021-12-20 15:59:40.432root 11241100x8000000000000000772887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acfc51451f58a3a2021-12-20 15:59:40.432root 11241100x8000000000000000772888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185807c03c4a78212021-12-20 15:59:40.432root 11241100x8000000000000000772889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8aae51490312352021-12-20 15:59:40.432root 11241100x8000000000000000772890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089ee5a8aa587dd62021-12-20 15:59:40.433root 11241100x8000000000000000772891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7588fa4a336592d2021-12-20 15:59:40.433root 11241100x8000000000000000772892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f592e33ff53d98a2021-12-20 15:59:40.433root 11241100x8000000000000000772893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0da9a37b170f0f2021-12-20 15:59:40.433root 11241100x8000000000000000772894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6df3f4199614c32021-12-20 15:59:40.433root 11241100x8000000000000000772895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5836722ade40e5342021-12-20 15:59:40.433root 11241100x8000000000000000772896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3abdfb727b67e42021-12-20 15:59:40.433root 11241100x8000000000000000772897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df25e03b90eaaa42021-12-20 15:59:40.433root 11241100x8000000000000000772898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99133430b2e78a562021-12-20 15:59:40.433root 11241100x8000000000000000772899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47f07df4bb40ff12021-12-20 15:59:40.433root 11241100x8000000000000000772900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfdefec90d7476a2021-12-20 15:59:40.434root 11241100x8000000000000000772901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dde595a59b341632021-12-20 15:59:40.434root 11241100x8000000000000000772902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7e3067f6b7a02c2021-12-20 15:59:40.434root 11241100x8000000000000000772903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba99e6c92a36dd82021-12-20 15:59:40.434root 11241100x8000000000000000772904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cc0d81e8db02582021-12-20 15:59:40.434root 11241100x8000000000000000772905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25bf1466d9b1afe2021-12-20 15:59:40.434root 11241100x8000000000000000772906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc86c69a4edd09a62021-12-20 15:59:40.434root 11241100x8000000000000000772907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea891e762995bbc2021-12-20 15:59:40.434root 11241100x8000000000000000772908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b5f701e6d17fce2021-12-20 15:59:40.924root 11241100x8000000000000000772909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7bb5b26d26bc9d2021-12-20 15:59:40.924root 11241100x8000000000000000772910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f121416faed85ef2021-12-20 15:59:40.924root 11241100x8000000000000000772911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1456dad82e963dd2021-12-20 15:59:40.924root 11241100x8000000000000000772912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b67d576cfa91edf2021-12-20 15:59:40.925root 11241100x8000000000000000772913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cf73019d75e9322021-12-20 15:59:40.925root 11241100x8000000000000000772914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4085c727f46cd102021-12-20 15:59:40.925root 11241100x8000000000000000772915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c107944a66fae02021-12-20 15:59:40.925root 11241100x8000000000000000772916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aa85617d6a9fb12021-12-20 15:59:40.925root 11241100x8000000000000000772917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233c0c22828d76642021-12-20 15:59:40.925root 11241100x8000000000000000772918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a39b9c71bb8d76c2021-12-20 15:59:40.925root 11241100x8000000000000000772919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0532e4b408e4fa2021-12-20 15:59:40.925root 11241100x8000000000000000772920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e361f7dc987da4252021-12-20 15:59:40.925root 11241100x8000000000000000772921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0112c781a7d7cbb12021-12-20 15:59:40.925root 11241100x8000000000000000772922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edcecf9e1a948572021-12-20 15:59:40.925root 11241100x8000000000000000772923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf775563c8f195d2021-12-20 15:59:40.926root 11241100x8000000000000000772924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188fab812186e41a2021-12-20 15:59:40.926root 11241100x8000000000000000772925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea16d0281b525d02021-12-20 15:59:40.926root 11241100x8000000000000000772926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33505e576975cebc2021-12-20 15:59:40.926root 11241100x8000000000000000772927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c863cb9ebf465792021-12-20 15:59:40.926root 11241100x8000000000000000772928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45483604ad5ce0252021-12-20 15:59:40.926root 11241100x8000000000000000772929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d3330998d63f622021-12-20 15:59:40.927root 11241100x8000000000000000772930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1492ad2b9899359d2021-12-20 15:59:40.927root 11241100x8000000000000000772931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9748c3e89c9db0b52021-12-20 15:59:40.927root 11241100x8000000000000000772932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6551171fbe1c90f2021-12-20 15:59:40.927root 11241100x8000000000000000772933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72df78004f2c4332021-12-20 15:59:40.927root 11241100x8000000000000000772934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdfc619ca0325352021-12-20 15:59:40.927root 11241100x8000000000000000772935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90d1d51f913e7312021-12-20 15:59:40.927root 11241100x8000000000000000772936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f057efed235dc372021-12-20 15:59:40.927root 11241100x8000000000000000772937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160df5a20b5d3d382021-12-20 15:59:40.927root 11241100x8000000000000000772938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d367c214bfcd9be2021-12-20 15:59:40.929root 11241100x8000000000000000772939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054970c48ab3ad942021-12-20 15:59:40.929root 11241100x8000000000000000772940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22766ed86b8c8f42021-12-20 15:59:40.929root 11241100x8000000000000000772941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f6aa0378d5b2112021-12-20 15:59:40.929root 11241100x8000000000000000772942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6530b505fd8874c2021-12-20 15:59:40.929root 11241100x8000000000000000772943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58de66b70d1ffed42021-12-20 15:59:40.929root 11241100x8000000000000000772944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abea578099882212021-12-20 15:59:40.929root 11241100x8000000000000000772945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74751ef589055ed72021-12-20 15:59:40.929root 11241100x8000000000000000772946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082190c583ba68012021-12-20 15:59:40.929root 11241100x8000000000000000772947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c717fedcdf4f6f5a2021-12-20 15:59:40.930root 11241100x8000000000000000772948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459ea9fba15078572021-12-20 15:59:40.930root 11241100x8000000000000000772949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7b83aa1c9636362021-12-20 15:59:40.930root 11241100x8000000000000000772950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7277743c15354ca32021-12-20 15:59:40.930root 11241100x8000000000000000772951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e128a1802ec1c52021-12-20 15:59:40.932root 11241100x8000000000000000772952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0fc042cdd481e42021-12-20 15:59:40.932root 11241100x8000000000000000772953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069b270017270d922021-12-20 15:59:40.932root 11241100x8000000000000000772954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb8c947adf7aa712021-12-20 15:59:40.932root 11241100x8000000000000000772955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55754c0b10c48f92021-12-20 15:59:40.932root 11241100x8000000000000000772956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c4fda85d9d25952021-12-20 15:59:40.932root 11241100x8000000000000000772957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f129d0f685712c22021-12-20 15:59:40.932root 11241100x8000000000000000772958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e9a61a3beddba2021-12-20 15:59:40.932root 11241100x8000000000000000772959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b17011ea48ee6da2021-12-20 15:59:40.933root 11241100x8000000000000000772960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6a6efb9a76264f2021-12-20 15:59:40.933root 11241100x8000000000000000772961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99099c0fa16e2d32021-12-20 15:59:40.933root 11241100x8000000000000000772962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6237aaa982a0883e2021-12-20 15:59:40.933root 11241100x8000000000000000772963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b846aa9c60f4f90e2021-12-20 15:59:40.933root 11241100x8000000000000000772964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebda3164f302df932021-12-20 15:59:40.933root 11241100x8000000000000000772965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fabe85262ef94d2021-12-20 15:59:40.933root 11241100x8000000000000000772966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4ab15a9fc318062021-12-20 15:59:40.933root 11241100x8000000000000000772967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e465b1bcd256a42d2021-12-20 15:59:40.933root 11241100x8000000000000000772968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7855548044f690af2021-12-20 15:59:40.933root 11241100x8000000000000000772969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26d0fb51beaeee82021-12-20 15:59:40.933root 11241100x8000000000000000772970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5153a47f383b7b12021-12-20 15:59:40.933root 11241100x8000000000000000772971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171aa3354d7a94412021-12-20 15:59:40.933root 11241100x8000000000000000772972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2daf652ed29de22021-12-20 15:59:40.935root 11241100x8000000000000000772973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e319b5feed1c464a2021-12-20 15:59:40.935root 11241100x8000000000000000772974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa47f4ecd69fffa32021-12-20 15:59:40.935root 11241100x8000000000000000772975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76e0e068cb817692021-12-20 15:59:40.935root 11241100x8000000000000000772976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf16e11a6d628b22021-12-20 15:59:40.935root 11241100x8000000000000000772977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff800371122fab682021-12-20 15:59:40.935root 11241100x8000000000000000772978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ed45449806c2462021-12-20 15:59:40.935root 11241100x8000000000000000772979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e85f6e2a426b112021-12-20 15:59:40.935root 11241100x8000000000000000772980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d3a88da1d700962021-12-20 15:59:40.935root 11241100x8000000000000000772981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848abf0ee4d0e4722021-12-20 15:59:40.935root 11241100x8000000000000000772982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c180918897de1c7d2021-12-20 15:59:40.935root 11241100x8000000000000000772983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c302016026a57e052021-12-20 15:59:40.935root 11241100x8000000000000000772984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a83468a016e0cd82021-12-20 15:59:40.935root 11241100x8000000000000000772985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e544b0c5db0ae22021-12-20 15:59:40.935root 11241100x8000000000000000772986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222adf0ab8ed8a832021-12-20 15:59:40.937root 11241100x8000000000000000772987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64ac0477847d3632021-12-20 15:59:40.937root 11241100x8000000000000000772988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a68aabf23591702021-12-20 15:59:40.937root 11241100x8000000000000000772989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e135a444afa6b36c2021-12-20 15:59:40.937root 11241100x8000000000000000772990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c91f86ae79a89292021-12-20 15:59:40.937root 11241100x8000000000000000772991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d268e768795b4e2021-12-20 15:59:40.937root 11241100x8000000000000000772992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fa2692a5742c362021-12-20 15:59:40.937root 11241100x8000000000000000772993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21de28d5f5ac95a92021-12-20 15:59:40.939root 11241100x8000000000000000772994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414b9cd0627be1fb2021-12-20 15:59:40.939root 11241100x8000000000000000772995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0e8fcc0b9035272021-12-20 15:59:40.939root 11241100x8000000000000000772996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e962ed4932a2f942021-12-20 15:59:40.939root 11241100x8000000000000000772997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:40.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c5e409901e60ae2021-12-20 15:59:40.939root 11241100x8000000000000000772998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864bcda05ad676f82021-12-20 15:59:41.424root 11241100x8000000000000000772999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eaafb8d838da8382021-12-20 15:59:41.424root 11241100x8000000000000000773000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb9ce4b7baefa442021-12-20 15:59:41.424root 11241100x8000000000000000773001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2de6c95a8ad13972021-12-20 15:59:41.425root 11241100x8000000000000000773002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692b0b289c2bbff32021-12-20 15:59:41.425root 11241100x8000000000000000773003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c323c07f575de22021-12-20 15:59:41.425root 11241100x8000000000000000773004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7d09ebcbd48f062021-12-20 15:59:41.425root 11241100x8000000000000000773005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcde864a389e7b962021-12-20 15:59:41.425root 11241100x8000000000000000773006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaa2d0de2e7d7182021-12-20 15:59:41.425root 11241100x8000000000000000773007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbabe3715c09a5c02021-12-20 15:59:41.425root 11241100x8000000000000000773008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2e9addf8fe32052021-12-20 15:59:41.426root 11241100x8000000000000000773009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231d91fd95ee66912021-12-20 15:59:41.426root 11241100x8000000000000000773010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9875ccc34a41e4972021-12-20 15:59:41.426root 11241100x8000000000000000773011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc119e67c68be302021-12-20 15:59:41.426root 11241100x8000000000000000773012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792d1eb70e5b0b212021-12-20 15:59:41.426root 11241100x8000000000000000773013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dc7fa5372cffde2021-12-20 15:59:41.426root 11241100x8000000000000000773014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566c96ee8d08e0fb2021-12-20 15:59:41.426root 11241100x8000000000000000773015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825d125c841eddea2021-12-20 15:59:41.426root 11241100x8000000000000000773016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c98be19bffdbc22021-12-20 15:59:41.426root 11241100x8000000000000000773017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eb10862502b99e2021-12-20 15:59:41.427root 11241100x8000000000000000773018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8831ff466a6d09bd2021-12-20 15:59:41.427root 11241100x8000000000000000773019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33baac12c838100d2021-12-20 15:59:41.427root 11241100x8000000000000000773020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d2f689931e55092021-12-20 15:59:41.427root 11241100x8000000000000000773021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06da1277b2b91aa22021-12-20 15:59:41.427root 11241100x8000000000000000773022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cf31094f00591d2021-12-20 15:59:41.427root 11241100x8000000000000000773023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19a03971a58c89b2021-12-20 15:59:41.427root 11241100x8000000000000000773024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9080c528f284807e2021-12-20 15:59:41.427root 11241100x8000000000000000773025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6779a07fc62014dd2021-12-20 15:59:41.427root 11241100x8000000000000000773026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848935377761e4d92021-12-20 15:59:41.427root 11241100x8000000000000000773027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110651b6ddb77eb82021-12-20 15:59:41.427root 11241100x8000000000000000773028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799e5516376e4ec12021-12-20 15:59:41.428root 11241100x8000000000000000773029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e145044c4061e32021-12-20 15:59:41.428root 11241100x8000000000000000773030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11392441745343702021-12-20 15:59:41.428root 11241100x8000000000000000773031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bab020162fc56e2021-12-20 15:59:41.428root 11241100x8000000000000000773032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f78d555a052f662021-12-20 15:59:41.428root 11241100x8000000000000000773033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adef89c68f6f974f2021-12-20 15:59:41.428root 11241100x8000000000000000773034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbccfa64fdd0e71b2021-12-20 15:59:41.428root 11241100x8000000000000000773035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00ec61ee2c13af22021-12-20 15:59:41.428root 11241100x8000000000000000773036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab33d1f2705e17b2021-12-20 15:59:41.428root 11241100x8000000000000000773037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92306615a7299ff2021-12-20 15:59:41.428root 11241100x8000000000000000773038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fe12a1e9c186502021-12-20 15:59:41.428root 11241100x8000000000000000773039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a9fd754453a11e2021-12-20 15:59:41.428root 11241100x8000000000000000773040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db0bf1bb8145c042021-12-20 15:59:41.429root 11241100x8000000000000000773041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceeb0461403023e2021-12-20 15:59:41.429root 11241100x8000000000000000773042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0968cd76882aad312021-12-20 15:59:41.429root 11241100x8000000000000000773043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e567460be0634d912021-12-20 15:59:41.429root 11241100x8000000000000000773044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83f0676ffcc1cef2021-12-20 15:59:41.429root 11241100x8000000000000000773045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a120f16d5f0f5d2021-12-20 15:59:41.429root 11241100x8000000000000000773046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e965876d64222452021-12-20 15:59:41.429root 11241100x8000000000000000773047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a679707902a2b3bc2021-12-20 15:59:41.429root 11241100x8000000000000000773048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeb217973b0871a2021-12-20 15:59:41.924root 11241100x8000000000000000773049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abc705d4426226f2021-12-20 15:59:41.924root 11241100x8000000000000000773050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71aa66c2f76558722021-12-20 15:59:41.925root 11241100x8000000000000000773051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1d10e58043b9aa2021-12-20 15:59:41.925root 11241100x8000000000000000773052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee5a398a837dd782021-12-20 15:59:41.925root 11241100x8000000000000000773053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b09bd7eb23bf72021-12-20 15:59:41.925root 11241100x8000000000000000773054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2ab1d6e952e84a2021-12-20 15:59:41.925root 11241100x8000000000000000773055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40fe4197805b6c52021-12-20 15:59:41.925root 11241100x8000000000000000773056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc3cb15cbf8e8c32021-12-20 15:59:41.925root 11241100x8000000000000000773057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b2aca2b036193c2021-12-20 15:59:41.925root 11241100x8000000000000000773058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441918728f057abe2021-12-20 15:59:41.925root 11241100x8000000000000000773059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da8c7e30981602b2021-12-20 15:59:41.926root 11241100x8000000000000000773060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7590bd86894241252021-12-20 15:59:41.926root 11241100x8000000000000000773061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ba41c3f89989972021-12-20 15:59:41.926root 11241100x8000000000000000773062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b263721e6de6a8f2021-12-20 15:59:41.926root 11241100x8000000000000000773063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08189dafd75f1372021-12-20 15:59:41.926root 11241100x8000000000000000773064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756116f9c0a00e3d2021-12-20 15:59:41.926root 11241100x8000000000000000773065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f89aaad0a81108c2021-12-20 15:59:41.926root 11241100x8000000000000000773066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6349218e11207fd2021-12-20 15:59:41.926root 11241100x8000000000000000773067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a480e3a63bb658fb2021-12-20 15:59:41.926root 11241100x8000000000000000773068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8b4196da4688fd2021-12-20 15:59:41.926root 11241100x8000000000000000773069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cf92db069087152021-12-20 15:59:41.926root 11241100x8000000000000000773070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0d335f6ebf5a552021-12-20 15:59:41.926root 11241100x8000000000000000773071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64906be7541ed09e2021-12-20 15:59:41.926root 11241100x8000000000000000773072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82364997f82cc8632021-12-20 15:59:41.926root 11241100x8000000000000000773073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2555f0a5e89608412021-12-20 15:59:41.927root 11241100x8000000000000000773074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd451a7f70e09502021-12-20 15:59:41.927root 11241100x8000000000000000773075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bef388025dcc0e2021-12-20 15:59:41.927root 11241100x8000000000000000773076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98171dfbfcbf51052021-12-20 15:59:41.927root 11241100x8000000000000000773077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c0864d62495e892021-12-20 15:59:41.927root 11241100x8000000000000000773078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb7e560b85cfe552021-12-20 15:59:41.927root 11241100x8000000000000000773079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab1ca2bdef161322021-12-20 15:59:41.927root 11241100x8000000000000000773080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14ee55577469a3d2021-12-20 15:59:41.927root 11241100x8000000000000000773081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0676d81582f9002021-12-20 15:59:41.927root 11241100x8000000000000000773082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d584af06f9c5b1502021-12-20 15:59:41.927root 11241100x8000000000000000773083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f5e36aeca5a6f22021-12-20 15:59:41.927root 11241100x8000000000000000773084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b68f69c5e21ca652021-12-20 15:59:41.927root 11241100x8000000000000000773085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a14a648026c82e2021-12-20 15:59:41.927root 11241100x8000000000000000773086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4c2ba6897b39262021-12-20 15:59:41.927root 11241100x8000000000000000773087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cfcc17df009edd2021-12-20 15:59:41.927root 11241100x8000000000000000773088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3997db30696181af2021-12-20 15:59:41.927root 11241100x8000000000000000773089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce2f4311fd6b6482021-12-20 15:59:41.928root 11241100x8000000000000000773090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003bbb9de65466892021-12-20 15:59:41.928root 11241100x8000000000000000773091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dbdd9f6efa79792021-12-20 15:59:41.928root 11241100x8000000000000000773092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb4bcf3c6f77e622021-12-20 15:59:41.928root 11241100x8000000000000000773093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5449eb529fdd50c02021-12-20 15:59:41.928root 11241100x8000000000000000773094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074a67fe84d723ab2021-12-20 15:59:41.928root 11241100x8000000000000000773095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a7131a29f01dee2021-12-20 15:59:41.928root 11241100x8000000000000000773096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0766eea354ee4b5f2021-12-20 15:59:41.928root 11241100x8000000000000000773097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2bded295e26c6d2021-12-20 15:59:41.928root 11241100x8000000000000000773098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf0bd3af032a5bc2021-12-20 15:59:42.424root 11241100x8000000000000000773099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d916a383aae02852021-12-20 15:59:42.424root 11241100x8000000000000000773100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362f303f313859322021-12-20 15:59:42.424root 11241100x8000000000000000773101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484723465c0ed51f2021-12-20 15:59:42.424root 11241100x8000000000000000773102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01afd0dc3e15c2c2021-12-20 15:59:42.425root 11241100x8000000000000000773103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90782328577b50292021-12-20 15:59:42.425root 11241100x8000000000000000773104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43982499c828ef032021-12-20 15:59:42.425root 11241100x8000000000000000773105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b2f498953ffe202021-12-20 15:59:42.425root 11241100x8000000000000000773106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee22664a0035dfe2021-12-20 15:59:42.425root 11241100x8000000000000000773107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501072a396a8b0a12021-12-20 15:59:42.426root 11241100x8000000000000000773108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb480d5be967ee2e2021-12-20 15:59:42.426root 11241100x8000000000000000773109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a029e0742c2e012021-12-20 15:59:42.426root 11241100x8000000000000000773110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26db7b9fe40d702f2021-12-20 15:59:42.427root 11241100x8000000000000000773111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189ddc08cc834c4a2021-12-20 15:59:42.427root 11241100x8000000000000000773112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aca4a77655cfee2021-12-20 15:59:42.427root 11241100x8000000000000000773113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7830545156571cc2021-12-20 15:59:42.428root 11241100x8000000000000000773114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142a6877795d29a22021-12-20 15:59:42.428root 11241100x8000000000000000773115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e93185d9f4a8932021-12-20 15:59:42.428root 11241100x8000000000000000773116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b881e099f6c637752021-12-20 15:59:42.428root 11241100x8000000000000000773117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258a1dff367fbc472021-12-20 15:59:42.428root 11241100x8000000000000000773118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1386a400969692992021-12-20 15:59:42.428root 11241100x8000000000000000773119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e60b962950566222021-12-20 15:59:42.428root 11241100x8000000000000000773120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce85558ec4cb9782021-12-20 15:59:42.429root 11241100x8000000000000000773121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8e7ddfb85b20b42021-12-20 15:59:42.429root 11241100x8000000000000000773122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f023cca90514ffa42021-12-20 15:59:42.429root 11241100x8000000000000000773123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6b79f9f8bff8e92021-12-20 15:59:42.429root 11241100x8000000000000000773124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2721358779ab9a2021-12-20 15:59:42.429root 11241100x8000000000000000773125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edfe9b6d41cf2782021-12-20 15:59:42.429root 11241100x8000000000000000773126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21e16edc268ff652021-12-20 15:59:42.429root 11241100x8000000000000000773127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ddba38cebadc982021-12-20 15:59:42.429root 11241100x8000000000000000773128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a2ce7297c43fdb2021-12-20 15:59:42.429root 11241100x8000000000000000773129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735bff8a7064a1962021-12-20 15:59:42.430root 11241100x8000000000000000773130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a7c44a2a382b182021-12-20 15:59:42.430root 11241100x8000000000000000773131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c0a59a4517b86e2021-12-20 15:59:42.433root 11241100x8000000000000000773132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b603a520c156ebba2021-12-20 15:59:42.433root 11241100x8000000000000000773133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08181901f64dcaa92021-12-20 15:59:42.433root 11241100x8000000000000000773134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33665fba37e474a82021-12-20 15:59:42.433root 11241100x8000000000000000773135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5737439d3518073a2021-12-20 15:59:42.433root 11241100x8000000000000000773136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1d275d28b7530a2021-12-20 15:59:42.433root 11241100x8000000000000000773137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7e3d9909c15fac2021-12-20 15:59:42.433root 11241100x8000000000000000773138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b9c4f4904dfd9d2021-12-20 15:59:42.433root 11241100x8000000000000000773139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06074b827952b5f72021-12-20 15:59:42.433root 11241100x8000000000000000773140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e965d4ecc7e00e2021-12-20 15:59:42.433root 11241100x8000000000000000773141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf321b9641d14aa22021-12-20 15:59:42.433root 11241100x8000000000000000773142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c9ee0ecb54e24b2021-12-20 15:59:42.434root 11241100x8000000000000000773143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ff04d01f4aa5bb2021-12-20 15:59:42.434root 11241100x8000000000000000773144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93722122921cd9ad2021-12-20 15:59:42.434root 11241100x8000000000000000773145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c27bab3d3dd68aa2021-12-20 15:59:42.434root 11241100x8000000000000000773146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918e8fed7ab6a4c32021-12-20 15:59:42.434root 11241100x8000000000000000773147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed22614574696022021-12-20 15:59:42.434root 11241100x8000000000000000773148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303fdbdbd90035ef2021-12-20 15:59:42.434root 11241100x8000000000000000773149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9171a056b55411af2021-12-20 15:59:42.434root 11241100x8000000000000000773150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e80535ffa68fbbf2021-12-20 15:59:42.434root 11241100x8000000000000000773151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f63acfbab9877c2021-12-20 15:59:42.434root 11241100x8000000000000000773152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329758934a6cdaf02021-12-20 15:59:42.434root 11241100x8000000000000000773153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40009d9242059b0c2021-12-20 15:59:42.435root 11241100x8000000000000000773154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a004ca05a3d275bc2021-12-20 15:59:42.435root 11241100x8000000000000000773155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8cc81ffdeccc8a2021-12-20 15:59:42.924root 11241100x8000000000000000773156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1918b30e9a5b7b22021-12-20 15:59:42.924root 11241100x8000000000000000773157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81edf301fa1158c62021-12-20 15:59:42.925root 11241100x8000000000000000773158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06ebf417d6e38c22021-12-20 15:59:42.925root 11241100x8000000000000000773159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f45e707b1872b02021-12-20 15:59:42.925root 11241100x8000000000000000773160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bea2906e8f8ccf2021-12-20 15:59:42.925root 11241100x8000000000000000773161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a645eb67a6878422021-12-20 15:59:42.926root 11241100x8000000000000000773162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de907899612ed8f12021-12-20 15:59:42.926root 11241100x8000000000000000773163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f81e87e182b1452021-12-20 15:59:42.926root 11241100x8000000000000000773164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc150131621ac9f2021-12-20 15:59:42.926root 11241100x8000000000000000773165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b2d993855149822021-12-20 15:59:42.926root 11241100x8000000000000000773166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee09caba3e91d8b2021-12-20 15:59:42.927root 11241100x8000000000000000773167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997b3452653750e2021-12-20 15:59:42.927root 11241100x8000000000000000773168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a130be13640084182021-12-20 15:59:42.927root 11241100x8000000000000000773169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa48b96a2b288a22021-12-20 15:59:42.928root 11241100x8000000000000000773170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a0ecafb0f85b2a2021-12-20 15:59:42.928root 11241100x8000000000000000773171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a426a5bb2f3d6f12021-12-20 15:59:42.928root 11241100x8000000000000000773172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628efa7608e07eec2021-12-20 15:59:42.928root 11241100x8000000000000000773173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14421fc07f769172021-12-20 15:59:42.928root 11241100x8000000000000000773174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19cb18b2eaa30132021-12-20 15:59:42.928root 11241100x8000000000000000773175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355b1f002493b96d2021-12-20 15:59:42.929root 11241100x8000000000000000773176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9384af053017b062021-12-20 15:59:42.929root 11241100x8000000000000000773177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4b96c479f15fd22021-12-20 15:59:42.929root 11241100x8000000000000000773178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689992d922de3fce2021-12-20 15:59:42.929root 11241100x8000000000000000773179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1991fa443d9436662021-12-20 15:59:42.929root 11241100x8000000000000000773180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9e76d2b1137e3c2021-12-20 15:59:42.929root 11241100x8000000000000000773181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526789db2d05e6472021-12-20 15:59:42.929root 11241100x8000000000000000773182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418252ea129b1c142021-12-20 15:59:42.929root 11241100x8000000000000000773183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf57b581aba9cb2021-12-20 15:59:42.930root 11241100x8000000000000000773184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa71f36f5d638ae02021-12-20 15:59:42.930root 11241100x8000000000000000773185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690d6def78ada0b32021-12-20 15:59:42.930root 11241100x8000000000000000773186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4720c5869866a52021-12-20 15:59:42.930root 11241100x8000000000000000773187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eb627a2fc041412021-12-20 15:59:42.930root 11241100x8000000000000000773188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6cd65017914d802021-12-20 15:59:42.930root 11241100x8000000000000000773189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a25a702bb1fdfb12021-12-20 15:59:42.930root 11241100x8000000000000000773190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b91084fa2035d22021-12-20 15:59:42.930root 11241100x8000000000000000773191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb55277923f232b02021-12-20 15:59:42.930root 11241100x8000000000000000773192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a4d8d92be908652021-12-20 15:59:42.931root 11241100x8000000000000000773193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60ff1b6293f7dbb2021-12-20 15:59:42.931root 11241100x8000000000000000773194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f456a73d6e6019752021-12-20 15:59:42.931root 11241100x8000000000000000773195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4906aa200b0411042021-12-20 15:59:42.931root 11241100x8000000000000000773196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fe1dda0d53a1b72021-12-20 15:59:42.931root 11241100x8000000000000000773197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6da15e30b9313f62021-12-20 15:59:42.931root 11241100x8000000000000000773198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015ccb12e65e22cb2021-12-20 15:59:42.931root 11241100x8000000000000000773199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5daf9ae8437576092021-12-20 15:59:42.931root 11241100x8000000000000000773200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6d20194e0ce8c52021-12-20 15:59:42.932root 11241100x8000000000000000773201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d8ffbcb41278c52021-12-20 15:59:42.932root 11241100x8000000000000000773202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f905d48bcc93d1b82021-12-20 15:59:42.932root 11241100x8000000000000000773203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787e1e090a67875c2021-12-20 15:59:42.932root 11241100x8000000000000000773204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b06e5896b71a412021-12-20 15:59:42.932root 11241100x8000000000000000773205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dc95f0543fe4762021-12-20 15:59:42.932root 11241100x8000000000000000773206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402dbb4a66d50e182021-12-20 15:59:42.933root 11241100x8000000000000000773207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359326d1ede2b61d2021-12-20 15:59:42.933root 11241100x8000000000000000773208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07f7eb4d54fb6d12021-12-20 15:59:42.933root 11241100x8000000000000000773209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5ae3aae54eb50e2021-12-20 15:59:43.424root 11241100x8000000000000000773210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a211e7c0713ba5002021-12-20 15:59:43.424root 11241100x8000000000000000773211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaaccac91fb2dae2021-12-20 15:59:43.424root 11241100x8000000000000000773212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbf6a969d1d673e2021-12-20 15:59:43.425root 11241100x8000000000000000773213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3cc555f1d0f5bb2021-12-20 15:59:43.425root 11241100x8000000000000000773214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9f818f615bba502021-12-20 15:59:43.425root 11241100x8000000000000000773215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c929a5405bc39bc92021-12-20 15:59:43.425root 11241100x8000000000000000773216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18827511b96d0c392021-12-20 15:59:43.425root 11241100x8000000000000000773217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1769c422f3a84d502021-12-20 15:59:43.425root 11241100x8000000000000000773218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238fe756fa9191b62021-12-20 15:59:43.425root 11241100x8000000000000000773219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8c953f309cdb342021-12-20 15:59:43.425root 11241100x8000000000000000773220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9382f0f680471f2021-12-20 15:59:43.425root 11241100x8000000000000000773221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50681ba48bc52c892021-12-20 15:59:43.425root 11241100x8000000000000000773222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1b20cf3f7791402021-12-20 15:59:43.425root 11241100x8000000000000000773223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b042553fbd0af942021-12-20 15:59:43.425root 11241100x8000000000000000773224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0eebd73697814f2021-12-20 15:59:43.425root 11241100x8000000000000000773225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90da1d5d9fa470142021-12-20 15:59:43.425root 11241100x8000000000000000773226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28092dc37419f2e02021-12-20 15:59:43.425root 11241100x8000000000000000773227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeb755ac2c7f9a22021-12-20 15:59:43.425root 11241100x8000000000000000773228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a61d52925cd3f72021-12-20 15:59:43.426root 11241100x8000000000000000773229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8b5b02b94231612021-12-20 15:59:43.426root 11241100x8000000000000000773230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71e437bd75994a02021-12-20 15:59:43.426root 11241100x8000000000000000773231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae93685bd32858bb2021-12-20 15:59:43.426root 11241100x8000000000000000773232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d415cb0554cde8152021-12-20 15:59:43.426root 11241100x8000000000000000773233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2775ea03f5ca0f2021-12-20 15:59:43.426root 11241100x8000000000000000773234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e31b1c65ba5e532021-12-20 15:59:43.426root 11241100x8000000000000000773235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ca6510cfedff892021-12-20 15:59:43.426root 11241100x8000000000000000773236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71be01a7f5885932021-12-20 15:59:43.426root 11241100x8000000000000000773237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f33c0dcdea3a2ad2021-12-20 15:59:43.426root 11241100x8000000000000000773238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35b7115d4baf2c72021-12-20 15:59:43.426root 11241100x8000000000000000773239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d984b67a1098539a2021-12-20 15:59:43.426root 11241100x8000000000000000773240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be69ca7bb788ca62021-12-20 15:59:43.426root 11241100x8000000000000000773241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e10b898f68d7d32021-12-20 15:59:43.426root 11241100x8000000000000000773242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0db87d28706d59c2021-12-20 15:59:43.426root 11241100x8000000000000000773243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf348c6cbc0c2c2021-12-20 15:59:43.427root 11241100x8000000000000000773244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32758734a793bca2021-12-20 15:59:43.427root 11241100x8000000000000000773245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef596dd888720cbf2021-12-20 15:59:43.427root 11241100x8000000000000000773246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952e62d0c40132902021-12-20 15:59:43.427root 11241100x8000000000000000773247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba75bd65ff9b42d2021-12-20 15:59:43.427root 11241100x8000000000000000773248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f682f7860ca8c48c2021-12-20 15:59:43.427root 11241100x8000000000000000773249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4a055a4e59f6d72021-12-20 15:59:43.427root 11241100x8000000000000000773250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f154120c14825752021-12-20 15:59:43.427root 11241100x8000000000000000773251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2a7a97de5dd8ef2021-12-20 15:59:43.427root 154100x8000000000000000773252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.860{ec2c97d1-a86f-61c0-e8a6-9b556a550000}10226/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 11241100x8000000000000000773253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.862{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da80eef5a263b5042021-12-20 15:59:43.862root 11241100x8000000000000000773254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.862{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f0c444f5cb59c72021-12-20 15:59:43.862root 11241100x8000000000000000773255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.862{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33d89387f8ff01a2021-12-20 15:59:43.862root 11241100x8000000000000000773256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.862{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63dc5c35275c61a2021-12-20 15:59:43.862root 11241100x8000000000000000773257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.862{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10006f5367e1858c2021-12-20 15:59:43.862root 11241100x8000000000000000773258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.862{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997c2bb71d4d0f602021-12-20 15:59:43.862root 534500x8000000000000000773259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.863{ec2c97d1-a86f-61c0-e8a6-9b556a550000}10226/bin/lsubuntu 11241100x8000000000000000773260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.863{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4d43216d47eb052021-12-20 15:59:43.863root 11241100x8000000000000000773261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.863{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6694bc22ac6ab8812021-12-20 15:59:43.863root 11241100x8000000000000000773262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.863{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6f4ca3d1314c892021-12-20 15:59:43.863root 11241100x8000000000000000773263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.864{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa72055e70f242e2021-12-20 15:59:43.864root 11241100x8000000000000000773264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.864{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff82b676073ee2d2021-12-20 15:59:43.864root 11241100x8000000000000000773265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.864{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411d96f3a03014242021-12-20 15:59:43.864root 11241100x8000000000000000773266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.864{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7296676e1c214e2021-12-20 15:59:43.864root 11241100x8000000000000000773267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.864{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb364b117cab78e2021-12-20 15:59:43.864root 11241100x8000000000000000773268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.865{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3620cb3a0e69947e2021-12-20 15:59:43.865root 11241100x8000000000000000773269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.865{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0509063f5ac7776c2021-12-20 15:59:43.865root 11241100x8000000000000000773270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.865{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdeaee972f3badd2021-12-20 15:59:43.865root 11241100x8000000000000000773271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.865{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b2d095c4c8acc92021-12-20 15:59:43.865root 11241100x8000000000000000773272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.865{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31f0c5b370ffd522021-12-20 15:59:43.865root 11241100x8000000000000000773273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.866{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daae39cb7454bb172021-12-20 15:59:43.866root 11241100x8000000000000000773274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.866{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a3d079da8cd2cd2021-12-20 15:59:43.866root 11241100x8000000000000000773275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.866{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b1e2db2d6381102021-12-20 15:59:43.866root 11241100x8000000000000000773276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.866{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e14f1a8cc59821f2021-12-20 15:59:43.866root 11241100x8000000000000000773277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.866{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055ea3c40396f9542021-12-20 15:59:43.866root 11241100x8000000000000000773278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.866{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854cc7461bf922622021-12-20 15:59:43.866root 11241100x8000000000000000773279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.867{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd69226c3510aa02021-12-20 15:59:43.867root 11241100x8000000000000000773280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.867{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39da0f228a64a392021-12-20 15:59:43.867root 11241100x8000000000000000773281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.867{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51081801486b7e5c2021-12-20 15:59:43.867root 11241100x8000000000000000773282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.867{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9d7f9b8d182ab92021-12-20 15:59:43.867root 11241100x8000000000000000773283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.867{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd06c8b91093d9182021-12-20 15:59:43.867root 11241100x8000000000000000773284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.867{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825034679a4ffbc02021-12-20 15:59:43.867root 11241100x8000000000000000773285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.867{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a9290bf7aa24cf2021-12-20 15:59:43.867root 11241100x8000000000000000773286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.867{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630be62d474b8cab2021-12-20 15:59:43.867root 11241100x8000000000000000773287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.867{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44492cb201f6bc52021-12-20 15:59:43.867root 11241100x8000000000000000773288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.868{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc33f865fab110e82021-12-20 15:59:43.868root 11241100x8000000000000000773289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.868{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3379e3e53715944f2021-12-20 15:59:43.868root 11241100x8000000000000000773290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.868{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b319784c64f1af02021-12-20 15:59:43.868root 11241100x8000000000000000773291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.868{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007b853dd68d2922021-12-20 15:59:43.868root 11241100x8000000000000000773292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.868{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda26e8d285ef9e72021-12-20 15:59:43.868root 11241100x8000000000000000773293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.868{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0cec220fda2dc52021-12-20 15:59:43.868root 11241100x8000000000000000773294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.868{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2f0265ec0617962021-12-20 15:59:43.868root 11241100x8000000000000000773295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.868{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972db24ccb45fd032021-12-20 15:59:43.868root 11241100x8000000000000000773296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.868{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd82f990ce82b8a12021-12-20 15:59:43.868root 11241100x8000000000000000773297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.869{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e173c236df0c932021-12-20 15:59:43.869root 11241100x8000000000000000773298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.869{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e19b944d89d8a82021-12-20 15:59:43.869root 11241100x8000000000000000773299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.869{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb4191c55eac4532021-12-20 15:59:43.869root 11241100x8000000000000000773300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.869{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911ac5e64cdc08542021-12-20 15:59:43.869root 11241100x8000000000000000773301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.869{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3e0bbc96a49a9d2021-12-20 15:59:43.869root 11241100x8000000000000000773302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.869{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69529afd7c295b942021-12-20 15:59:43.869root 11241100x8000000000000000773303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.869{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eebc8c22ea82802021-12-20 15:59:43.869root 11241100x8000000000000000773304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.870{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a50f0a938b94542021-12-20 15:59:43.870root 11241100x8000000000000000773305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.870{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51817c28d9019b372021-12-20 15:59:43.870root 11241100x8000000000000000773306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.870{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5abfd95a2b23f932021-12-20 15:59:43.870root 11241100x8000000000000000773307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.870{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be78df91359d300f2021-12-20 15:59:43.870root 11241100x8000000000000000773308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.871{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe41dae313b352f2021-12-20 15:59:43.871root 11241100x8000000000000000773309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:43.871{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc1d8211c186c402021-12-20 15:59:43.871root 11241100x8000000000000000773310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f4c29acfb23d802021-12-20 15:59:44.174root 11241100x8000000000000000773311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6c66242e4f9dd82021-12-20 15:59:44.175root 11241100x8000000000000000773312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ae66f658940f5c2021-12-20 15:59:44.175root 11241100x8000000000000000773313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec45b52ef583b6a2021-12-20 15:59:44.175root 11241100x8000000000000000773314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e99393e13d04512021-12-20 15:59:44.175root 11241100x8000000000000000773315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcd53293da5e9ae2021-12-20 15:59:44.175root 11241100x8000000000000000773316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7b6393cb35d37f2021-12-20 15:59:44.176root 11241100x8000000000000000773317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2d979434bda64e2021-12-20 15:59:44.176root 11241100x8000000000000000773318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f762d30f67ff522021-12-20 15:59:44.176root 11241100x8000000000000000773319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bae0e1c8a44f7102021-12-20 15:59:44.176root 11241100x8000000000000000773320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e639e37ef4ad327e2021-12-20 15:59:44.177root 11241100x8000000000000000773321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc3e4b69f280b342021-12-20 15:59:44.177root 11241100x8000000000000000773322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90a1555dee527122021-12-20 15:59:44.177root 11241100x8000000000000000773323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b115e0f98083e0ee2021-12-20 15:59:44.178root 11241100x8000000000000000773324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1bd5f50ddc6d772021-12-20 15:59:44.178root 11241100x8000000000000000773325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494c2687bbab75372021-12-20 15:59:44.178root 11241100x8000000000000000773326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcccfc41e23e30dd2021-12-20 15:59:44.178root 11241100x8000000000000000773327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8488ef4260bb0a92021-12-20 15:59:44.178root 11241100x8000000000000000773328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c7699f4468da4f2021-12-20 15:59:44.178root 11241100x8000000000000000773329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f87cfc2a05cd7512021-12-20 15:59:44.178root 11241100x8000000000000000773330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e561a59523cc95762021-12-20 15:59:44.179root 11241100x8000000000000000773331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f19ed35166e1902021-12-20 15:59:44.179root 11241100x8000000000000000773332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd24b387735807a2021-12-20 15:59:44.179root 11241100x8000000000000000773333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efced32e937b4422021-12-20 15:59:44.179root 11241100x8000000000000000773334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f800a79e717cb272021-12-20 15:59:44.180root 11241100x8000000000000000773335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39611f8d74138a462021-12-20 15:59:44.180root 11241100x8000000000000000773336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eccde2928b5ef82021-12-20 15:59:44.180root 11241100x8000000000000000773337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9758d5e3249a5a2021-12-20 15:59:44.180root 11241100x8000000000000000773338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a663f659205749832021-12-20 15:59:44.181root 11241100x8000000000000000773339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485d76d8422910f02021-12-20 15:59:44.181root 11241100x8000000000000000773340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafb9229a1e241382021-12-20 15:59:44.181root 11241100x8000000000000000773341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399cf6dc38671a922021-12-20 15:59:44.181root 11241100x8000000000000000773342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b4d9eb2b3b05542021-12-20 15:59:44.181root 11241100x8000000000000000773343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14c842228cc9b372021-12-20 15:59:44.181root 11241100x8000000000000000773344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82fd2f52a1511142021-12-20 15:59:44.181root 11241100x8000000000000000773345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb202616216cef942021-12-20 15:59:44.182root 11241100x8000000000000000773346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525b19e2d92565a02021-12-20 15:59:44.182root 11241100x8000000000000000773347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd3012d0e2868a72021-12-20 15:59:44.182root 11241100x8000000000000000773348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2e95e5f6b4c1932021-12-20 15:59:44.182root 11241100x8000000000000000773349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd38bde38829cd42021-12-20 15:59:44.182root 11241100x8000000000000000773350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de80cc00e5f20212021-12-20 15:59:44.182root 11241100x8000000000000000773351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d3e1e71a7e0a442021-12-20 15:59:44.183root 11241100x8000000000000000773352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbeee4c97fa8e0d2021-12-20 15:59:44.183root 11241100x8000000000000000773353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125a6f1c003d8c6b2021-12-20 15:59:44.183root 11241100x8000000000000000773354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65e21cec22909422021-12-20 15:59:44.183root 11241100x8000000000000000773355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b982c8badddb2a2021-12-20 15:59:44.183root 11241100x8000000000000000773356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188898bd219c68db2021-12-20 15:59:44.183root 11241100x8000000000000000773357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3837a7766b4d09cb2021-12-20 15:59:44.184root 11241100x8000000000000000773358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de45a5f38c3470b72021-12-20 15:59:44.184root 11241100x8000000000000000773359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db84970a56e7b0b2021-12-20 15:59:44.184root 11241100x8000000000000000773360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89d94da017e7a452021-12-20 15:59:44.184root 11241100x8000000000000000773361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74f6b4e39b3485a2021-12-20 15:59:44.184root 11241100x8000000000000000773362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189c226311d246b62021-12-20 15:59:44.184root 11241100x8000000000000000773363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5afd5ca6bff20f2021-12-20 15:59:44.184root 11241100x8000000000000000773364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490bc12608ea5bc82021-12-20 15:59:44.185root 354300x8000000000000000773365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.227{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51484-false10.0.1.12-8000- 11241100x8000000000000000773366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c55e62af7d5d8bc2021-12-20 15:59:44.674root 11241100x8000000000000000773367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4461c5f252a30c022021-12-20 15:59:44.674root 11241100x8000000000000000773368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f7897fe46329662021-12-20 15:59:44.674root 11241100x8000000000000000773369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19d7d9c28258f8d2021-12-20 15:59:44.674root 11241100x8000000000000000773370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2691fcff397d06c52021-12-20 15:59:44.674root 11241100x8000000000000000773371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5be5663dc19fb02021-12-20 15:59:44.675root 11241100x8000000000000000773372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a5b77f79addb222021-12-20 15:59:44.675root 11241100x8000000000000000773373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cbb6b9b2c607c62021-12-20 15:59:44.675root 11241100x8000000000000000773374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f838d78e581f4a602021-12-20 15:59:44.675root 11241100x8000000000000000773375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a499a7d8bb3a5e7e2021-12-20 15:59:44.675root 11241100x8000000000000000773376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f0cb3202a884d82021-12-20 15:59:44.675root 11241100x8000000000000000773377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166ba858ead334352021-12-20 15:59:44.675root 11241100x8000000000000000773378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67880adfb6ea41c2021-12-20 15:59:44.675root 11241100x8000000000000000773379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0b54f9d866bcf52021-12-20 15:59:44.675root 11241100x8000000000000000773380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93beebdaebcf7f9e2021-12-20 15:59:44.675root 11241100x8000000000000000773381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e712f443dd2cdf6e2021-12-20 15:59:44.675root 11241100x8000000000000000773382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecf60b812caaf652021-12-20 15:59:44.675root 11241100x8000000000000000773383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a2644e6d3e0d8a2021-12-20 15:59:44.676root 11241100x8000000000000000773384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540495e9ef8e748c2021-12-20 15:59:44.676root 11241100x8000000000000000773385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5922f9175b1d4dd2021-12-20 15:59:44.676root 11241100x8000000000000000773386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c21d23288a2122021-12-20 15:59:44.676root 11241100x8000000000000000773387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42add1b9d93c7ea2021-12-20 15:59:44.676root 11241100x8000000000000000773388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778978b85edecca72021-12-20 15:59:44.676root 11241100x8000000000000000773389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca81fcec90dc0cd2021-12-20 15:59:44.676root 11241100x8000000000000000773390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572628b4e36f3b482021-12-20 15:59:44.676root 11241100x8000000000000000773391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7962fa3cf5a4cb2021-12-20 15:59:44.676root 11241100x8000000000000000773392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df259f63abb148842021-12-20 15:59:44.676root 11241100x8000000000000000773393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e720771e10d52952021-12-20 15:59:44.676root 11241100x8000000000000000773394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6d645b45347c782021-12-20 15:59:44.676root 11241100x8000000000000000773395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fc5cdf3709648a2021-12-20 15:59:44.676root 11241100x8000000000000000773396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f8b51db071f5042021-12-20 15:59:44.676root 11241100x8000000000000000773397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a8c61b67e456a52021-12-20 15:59:44.676root 11241100x8000000000000000773398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a419edb1b3b70c2021-12-20 15:59:44.677root 11241100x8000000000000000773399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0886b1dd16b763c12021-12-20 15:59:44.677root 11241100x8000000000000000773400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a4a685637e94e82021-12-20 15:59:44.677root 11241100x8000000000000000773401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b76ee5d019eea92021-12-20 15:59:44.677root 11241100x8000000000000000773402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644916c9b10ff8bc2021-12-20 15:59:44.677root 11241100x8000000000000000773403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f42e4316af9ae432021-12-20 15:59:44.677root 11241100x8000000000000000773404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd85aa2c067b37f52021-12-20 15:59:44.677root 11241100x8000000000000000773405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13d8701c7c16a292021-12-20 15:59:44.677root 11241100x8000000000000000773406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea772beb12a83d2021-12-20 15:59:44.678root 11241100x8000000000000000773407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54c640124b3e8a52021-12-20 15:59:44.678root 11241100x8000000000000000773408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6734f80012bbe1152021-12-20 15:59:44.678root 11241100x8000000000000000773409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a45f98c0b15d7d2021-12-20 15:59:44.678root 11241100x8000000000000000773410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c655acea77db5662021-12-20 15:59:44.678root 11241100x8000000000000000773411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a80a95db4befa532021-12-20 15:59:44.678root 11241100x8000000000000000773412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a6a0f6ab00096c2021-12-20 15:59:44.678root 11241100x8000000000000000773413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0746cc1985d1677a2021-12-20 15:59:44.678root 11241100x8000000000000000773414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560ae8913bde868d2021-12-20 15:59:44.678root 11241100x8000000000000000773415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ff6e38e640a4cf2021-12-20 15:59:44.679root 11241100x8000000000000000773416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66b6ecad30262bb2021-12-20 15:59:44.679root 11241100x8000000000000000773417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8492eafef414c9782021-12-20 15:59:44.679root 11241100x8000000000000000773418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9b047b7c8d78b42021-12-20 15:59:44.679root 11241100x8000000000000000773419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c919330014ebab382021-12-20 15:59:44.679root 11241100x8000000000000000773420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f365ae9ed51d015c2021-12-20 15:59:44.679root 11241100x8000000000000000773421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7718a4a5fcf1f1b2021-12-20 15:59:44.679root 11241100x8000000000000000773422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e955f1847daa77eb2021-12-20 15:59:44.679root 11241100x8000000000000000773423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76969efa9cbbec0c2021-12-20 15:59:44.679root 11241100x8000000000000000773424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbbf89e92cc98db2021-12-20 15:59:44.679root 11241100x8000000000000000773425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfd90dec554e5e32021-12-20 15:59:44.679root 11241100x8000000000000000773426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db77e4be290cd8d52021-12-20 15:59:44.679root 11241100x8000000000000000773427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6138db18278e21b02021-12-20 15:59:44.679root 11241100x8000000000000000773428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7c2f124ac52f1c2021-12-20 15:59:44.680root 11241100x8000000000000000773429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6544762236a5f5ff2021-12-20 15:59:44.680root 11241100x8000000000000000773430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd42577b526c39a2021-12-20 15:59:44.680root 11241100x8000000000000000773431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350bfb72506c8dc62021-12-20 15:59:44.680root 11241100x8000000000000000773432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccd1966265784ee2021-12-20 15:59:44.680root 11241100x8000000000000000773433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51023dbcf8eaea402021-12-20 15:59:44.680root 11241100x8000000000000000773434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e6ed39c75f4bc22021-12-20 15:59:44.680root 11241100x8000000000000000773435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9005f1898d25c6822021-12-20 15:59:44.680root 11241100x8000000000000000773436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690c94ce200dfbb02021-12-20 15:59:44.680root 11241100x8000000000000000773437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed27634c675f6c12021-12-20 15:59:44.680root 11241100x8000000000000000773438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219272e39b5a892e2021-12-20 15:59:44.680root 11241100x8000000000000000773439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e824614d3ee301eb2021-12-20 15:59:44.680root 11241100x8000000000000000773440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc87ebf885d974d72021-12-20 15:59:44.680root 11241100x8000000000000000773441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6ddbc923debbbd2021-12-20 15:59:44.680root 11241100x8000000000000000773442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c2fc24971ad15b2021-12-20 15:59:44.681root 11241100x8000000000000000773443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bc0e5c66fc195a2021-12-20 15:59:44.681root 11241100x8000000000000000773444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69f85ded19f8b922021-12-20 15:59:44.681root 11241100x8000000000000000773445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c44137ef7284662021-12-20 15:59:44.681root 11241100x8000000000000000773446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc430d0fd3871e42021-12-20 15:59:44.681root 11241100x8000000000000000773447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90554b0290445a042021-12-20 15:59:44.681root 11241100x8000000000000000773448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebaec2ad2f0ea2b2021-12-20 15:59:44.681root 11241100x8000000000000000773449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0a4ef7bf5384492021-12-20 15:59:44.681root 11241100x8000000000000000773450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566b4bee60a3e8172021-12-20 15:59:44.681root 11241100x8000000000000000773451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2203378dec87a32021-12-20 15:59:44.681root 11241100x8000000000000000773452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28226954be808462021-12-20 15:59:44.681root 11241100x8000000000000000773453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b88913f90d22242021-12-20 15:59:44.681root 11241100x8000000000000000773454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6abc9f34ab1ef352021-12-20 15:59:44.682root 11241100x8000000000000000773455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2da2f24aee9fa22021-12-20 15:59:44.682root 11241100x8000000000000000773456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab02c0ad9fb7c162021-12-20 15:59:44.682root 11241100x8000000000000000773457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52ef922c033bac22021-12-20 15:59:44.682root 11241100x8000000000000000773458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf803a943b05d742021-12-20 15:59:44.682root 11241100x8000000000000000773459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcada0f9683e232b2021-12-20 15:59:44.682root 11241100x8000000000000000773460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7982f2dd41be85ba2021-12-20 15:59:44.682root 11241100x8000000000000000773461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9467ff7e8f1b172021-12-20 15:59:44.682root 11241100x8000000000000000773462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49bded81345a0132021-12-20 15:59:44.682root 11241100x8000000000000000773463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26610d99656a3502021-12-20 15:59:44.682root 11241100x8000000000000000773464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb381d727062411d2021-12-20 15:59:44.682root 11241100x8000000000000000773465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d6f32340f232392021-12-20 15:59:44.682root 11241100x8000000000000000773466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa66ffddf0588992021-12-20 15:59:44.682root 11241100x8000000000000000773467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9eb449d75dbb782021-12-20 15:59:44.683root 11241100x8000000000000000773468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cca6fbdf1946aa2021-12-20 15:59:44.683root 11241100x8000000000000000773469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c998277e27fd558f2021-12-20 15:59:44.683root 11241100x8000000000000000773470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036dd183f31383ef2021-12-20 15:59:44.683root 11241100x8000000000000000773471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aef9d4a8dda5bc92021-12-20 15:59:44.683root 11241100x8000000000000000773472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771c4eec800af9392021-12-20 15:59:44.683root 11241100x8000000000000000773473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a8e3c8f470ac022021-12-20 15:59:44.683root 11241100x8000000000000000773474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efec69dc21b988352021-12-20 15:59:44.683root 11241100x8000000000000000773475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffed0572fdf906092021-12-20 15:59:44.683root 11241100x8000000000000000773476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf0fa9f0ce88b242021-12-20 15:59:44.683root 11241100x8000000000000000773477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ec7dbc8e82e73c2021-12-20 15:59:44.683root 11241100x8000000000000000773478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0c1be9c691a6672021-12-20 15:59:44.683root 11241100x8000000000000000773479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591ca86fa095b9a52021-12-20 15:59:44.683root 11241100x8000000000000000773480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ab059ec9236a662021-12-20 15:59:44.683root 11241100x8000000000000000773481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794f3e75a07254ff2021-12-20 15:59:44.684root 11241100x8000000000000000773482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bb465e775bf4252021-12-20 15:59:44.684root 11241100x8000000000000000773483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08031dbe3a5632c22021-12-20 15:59:44.684root 11241100x8000000000000000773484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec6e9a42ac80b7f2021-12-20 15:59:44.684root 11241100x8000000000000000773485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06447f7c29e74ad52021-12-20 15:59:44.684root 11241100x8000000000000000773486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3f6c23f7ce75752021-12-20 15:59:44.684root 11241100x8000000000000000773487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5723f7f1d893fcd2021-12-20 15:59:44.684root 11241100x8000000000000000773488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b13caecb194ce12021-12-20 15:59:44.684root 11241100x8000000000000000773489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1c2a65fba50e8e2021-12-20 15:59:44.684root 11241100x8000000000000000773490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288206daac47c78a2021-12-20 15:59:44.685root 11241100x8000000000000000773491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0473da56ad8cf2532021-12-20 15:59:44.685root 11241100x8000000000000000773492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2397556e3ed27d4f2021-12-20 15:59:44.685root 11241100x8000000000000000773493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:44.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b0d0cec83afd512021-12-20 15:59:44.685root 11241100x8000000000000000773494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399a3553ec4cce2b2021-12-20 15:59:45.174root 11241100x8000000000000000773495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7efab4157a32d9c2021-12-20 15:59:45.174root 11241100x8000000000000000773496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8d48ffd5f207832021-12-20 15:59:45.174root 11241100x8000000000000000773497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bacb65ef4630fd82021-12-20 15:59:45.174root 11241100x8000000000000000773498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b435da36478149c2021-12-20 15:59:45.175root 11241100x8000000000000000773499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce31a80a0c36b862021-12-20 15:59:45.175root 11241100x8000000000000000773500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0526a1aa5c5a4d252021-12-20 15:59:45.175root 11241100x8000000000000000773501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e184b3d76be3e992021-12-20 15:59:45.175root 11241100x8000000000000000773502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332e743ef8a463012021-12-20 15:59:45.175root 11241100x8000000000000000773503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c3fad160645ffc2021-12-20 15:59:45.175root 11241100x8000000000000000773504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d6c0d71093ce1c2021-12-20 15:59:45.175root 11241100x8000000000000000773505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b59c76e810d72922021-12-20 15:59:45.175root 11241100x8000000000000000773506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7530934104ad31a2021-12-20 15:59:45.175root 11241100x8000000000000000773507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80108580fbfe0f32021-12-20 15:59:45.176root 11241100x8000000000000000773508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00afc0d8614909082021-12-20 15:59:45.176root 11241100x8000000000000000773509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88270257f7650942021-12-20 15:59:45.176root 11241100x8000000000000000773510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05d3539adcbf61d2021-12-20 15:59:45.176root 11241100x8000000000000000773511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fec68d566082092021-12-20 15:59:45.176root 11241100x8000000000000000773512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e4ec0e2a8967fe2021-12-20 15:59:45.176root 11241100x8000000000000000773513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2ebd1ebeb763a32021-12-20 15:59:45.176root 11241100x8000000000000000773514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb5209cf72213282021-12-20 15:59:45.176root 11241100x8000000000000000773515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4235a3b5585f02ac2021-12-20 15:59:45.177root 11241100x8000000000000000773516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c273e9a55f04d32021-12-20 15:59:45.177root 11241100x8000000000000000773517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99963daf5c1d6d8b2021-12-20 15:59:45.177root 11241100x8000000000000000773518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3106cd37af3a80612021-12-20 15:59:45.177root 11241100x8000000000000000773519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7d868756b015e62021-12-20 15:59:45.177root 11241100x8000000000000000773520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700480419b87218e2021-12-20 15:59:45.177root 11241100x8000000000000000773521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb3f86017efb8522021-12-20 15:59:45.177root 11241100x8000000000000000773522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f73fdcfe22d2dd82021-12-20 15:59:45.177root 11241100x8000000000000000773523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24f1d284d0f08c42021-12-20 15:59:45.178root 11241100x8000000000000000773524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3084fb62c8b4bcaa2021-12-20 15:59:45.178root 11241100x8000000000000000773525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713d36b67e3b2d9a2021-12-20 15:59:45.178root 11241100x8000000000000000773526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141a4961664051682021-12-20 15:59:45.178root 11241100x8000000000000000773527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c2515a898955022021-12-20 15:59:45.178root 11241100x8000000000000000773528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51f3c34b5bdda0e2021-12-20 15:59:45.178root 11241100x8000000000000000773529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471be8ed50d700332021-12-20 15:59:45.178root 11241100x8000000000000000773530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eea59323ab04bf2021-12-20 15:59:45.178root 11241100x8000000000000000773531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2d60f9fd67d94c2021-12-20 15:59:45.179root 11241100x8000000000000000773532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ee9194cd172fe12021-12-20 15:59:45.179root 11241100x8000000000000000773533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a680874c88c1dec12021-12-20 15:59:45.179root 11241100x8000000000000000773534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba19b565eb8f6c22021-12-20 15:59:45.179root 11241100x8000000000000000773535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b31d26a562a6f82021-12-20 15:59:45.179root 11241100x8000000000000000773536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08977b84073dc5d2021-12-20 15:59:45.179root 11241100x8000000000000000773537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f47b71fd058b7f2021-12-20 15:59:45.179root 11241100x8000000000000000773538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e2adb4110cc2262021-12-20 15:59:45.180root 11241100x8000000000000000773539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04465b7cd8bd95442021-12-20 15:59:45.180root 11241100x8000000000000000773540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6d09109caf7d3d2021-12-20 15:59:45.180root 11241100x8000000000000000773541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3cdfd7f7b7a55b2021-12-20 15:59:45.180root 11241100x8000000000000000773542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c1f307e2a6e8ab2021-12-20 15:59:45.180root 11241100x8000000000000000773543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e8c31e20cceb562021-12-20 15:59:45.180root 11241100x8000000000000000773544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89b7ac5269b42a32021-12-20 15:59:45.180root 11241100x8000000000000000773545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7057adfb219be5512021-12-20 15:59:45.181root 11241100x8000000000000000773546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ff901e6c5265a62021-12-20 15:59:45.181root 11241100x8000000000000000773547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a0d44fe3426a532021-12-20 15:59:45.181root 11241100x8000000000000000773548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc97b90f44669cf42021-12-20 15:59:45.181root 11241100x8000000000000000773549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a11917279baf1ab2021-12-20 15:59:45.181root 11241100x8000000000000000773550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7b104b190c6a342021-12-20 15:59:45.181root 11241100x8000000000000000773551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039df2fa17925cba2021-12-20 15:59:45.181root 11241100x8000000000000000773552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75da8cc0335a2a9f2021-12-20 15:59:45.181root 11241100x8000000000000000773553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e931a75d63dfae2021-12-20 15:59:45.181root 11241100x8000000000000000773554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dd37e3031373d52021-12-20 15:59:45.182root 11241100x8000000000000000773555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40362a3d9cedac72021-12-20 15:59:45.182root 11241100x8000000000000000773556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be91cf1a4027a262021-12-20 15:59:45.182root 11241100x8000000000000000773557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dd089c08036f2d2021-12-20 15:59:45.182root 11241100x8000000000000000773558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ee45fb3bead6442021-12-20 15:59:45.182root 11241100x8000000000000000773559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b11c992f211c86b2021-12-20 15:59:45.182root 11241100x8000000000000000773560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9a18796729d08c2021-12-20 15:59:45.182root 11241100x8000000000000000773561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cbe975d1a1c5012021-12-20 15:59:45.182root 11241100x8000000000000000773562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b31b12207567f162021-12-20 15:59:45.182root 11241100x8000000000000000773563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe68578920d12a22021-12-20 15:59:45.183root 11241100x8000000000000000773564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa22e10d5a7cf5d2021-12-20 15:59:45.183root 11241100x8000000000000000773565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaedb10280d2b202021-12-20 15:59:45.183root 11241100x8000000000000000773566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ab196b75f2fa6f2021-12-20 15:59:45.183root 11241100x8000000000000000773567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2af339e87bad2b2021-12-20 15:59:45.183root 11241100x8000000000000000773568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a767f7492ee3c02021-12-20 15:59:45.183root 11241100x8000000000000000773569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88b561557c438872021-12-20 15:59:45.183root 11241100x8000000000000000773570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185d8ca0aee079962021-12-20 15:59:45.183root 11241100x8000000000000000773571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54388ca041baea12021-12-20 15:59:45.183root 11241100x8000000000000000773572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70827f89a16e59f52021-12-20 15:59:45.184root 11241100x8000000000000000773573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115150d92650c73e2021-12-20 15:59:45.184root 11241100x8000000000000000773574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a6bb63fcd7ccba2021-12-20 15:59:45.676root 11241100x8000000000000000773575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c277117cbaee142021-12-20 15:59:45.676root 11241100x8000000000000000773576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77eab22be7c165282021-12-20 15:59:45.676root 11241100x8000000000000000773577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb334185d7b7c5722021-12-20 15:59:45.676root 11241100x8000000000000000773578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f725be941dabbb12021-12-20 15:59:45.676root 11241100x8000000000000000773579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9fa235454256522021-12-20 15:59:45.676root 11241100x8000000000000000773580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f23ad6cd54cd692021-12-20 15:59:45.676root 11241100x8000000000000000773581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381bdf9ebe78acdc2021-12-20 15:59:45.677root 11241100x8000000000000000773582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57ce6549bb2a2532021-12-20 15:59:45.677root 11241100x8000000000000000773583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80411b19c6369ab72021-12-20 15:59:45.677root 11241100x8000000000000000773584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5367eda72230ab5b2021-12-20 15:59:45.677root 11241100x8000000000000000773585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7cba10ccfd35ff2021-12-20 15:59:45.677root 11241100x8000000000000000773586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05482ed0e43d6fc52021-12-20 15:59:45.678root 11241100x8000000000000000773587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a6c3bd7de5cb9a2021-12-20 15:59:45.678root 11241100x8000000000000000773588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3672d04f2528fe02021-12-20 15:59:45.678root 11241100x8000000000000000773589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0412fe88ba02ee3d2021-12-20 15:59:45.678root 11241100x8000000000000000773590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d16a2790129c3262021-12-20 15:59:45.678root 11241100x8000000000000000773591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61459740bb22deef2021-12-20 15:59:45.678root 11241100x8000000000000000773592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0633ec83a06bb7d2021-12-20 15:59:45.679root 11241100x8000000000000000773593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276649b208dd658d2021-12-20 15:59:45.679root 11241100x8000000000000000773594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17ad7eb204483062021-12-20 15:59:45.679root 11241100x8000000000000000773595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1187c30544b7d53e2021-12-20 15:59:45.679root 11241100x8000000000000000773596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1ed51b5f0baf7d2021-12-20 15:59:45.679root 11241100x8000000000000000773597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937c52760f8970dc2021-12-20 15:59:45.679root 11241100x8000000000000000773598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368c36b2e0eb1d612021-12-20 15:59:45.679root 11241100x8000000000000000773599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce8b274e1db36d52021-12-20 15:59:45.679root 11241100x8000000000000000773600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ada06b849d1bd92021-12-20 15:59:45.679root 11241100x8000000000000000773601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b10b40288e71602021-12-20 15:59:45.680root 11241100x8000000000000000773602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f761e2e726bbdf52021-12-20 15:59:45.680root 11241100x8000000000000000773603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96324082fcb3a442021-12-20 15:59:45.680root 11241100x8000000000000000773604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd719376ead492da2021-12-20 15:59:45.681root 11241100x8000000000000000773605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf35e9f83daf2ea02021-12-20 15:59:45.681root 11241100x8000000000000000773606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ea810f5a1e76eb2021-12-20 15:59:45.681root 11241100x8000000000000000773607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eba07bee5e28e92021-12-20 15:59:45.681root 11241100x8000000000000000773608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71782bd0ffa2c3042021-12-20 15:59:45.681root 11241100x8000000000000000773609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbb700af9ccb87c2021-12-20 15:59:45.681root 11241100x8000000000000000773610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c903318818969d052021-12-20 15:59:45.681root 11241100x8000000000000000773611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a4280997b7390b2021-12-20 15:59:45.681root 11241100x8000000000000000773612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18f5615c9028acd2021-12-20 15:59:45.681root 11241100x8000000000000000773613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f5da0fd62704522021-12-20 15:59:45.682root 11241100x8000000000000000773614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be6377c84c807c92021-12-20 15:59:45.682root 11241100x8000000000000000773615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ebc3da3dcea9462021-12-20 15:59:45.682root 11241100x8000000000000000773616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cdd536cf7d32a02021-12-20 15:59:45.682root 11241100x8000000000000000773617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1404bdc9a35fc32021-12-20 15:59:45.682root 11241100x8000000000000000773618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f9cbfbaf46407d2021-12-20 15:59:45.683root 11241100x8000000000000000773619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:45.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a738b727295e5272021-12-20 15:59:45.683root 11241100x8000000000000000773620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc58dc6569889642021-12-20 15:59:46.174root 11241100x8000000000000000773621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c8db0d0a1fd1342021-12-20 15:59:46.174root 11241100x8000000000000000773622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4b3fbf5a068a272021-12-20 15:59:46.174root 11241100x8000000000000000773623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1011843117427c82021-12-20 15:59:46.174root 11241100x8000000000000000773624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785ddaef394a23bc2021-12-20 15:59:46.174root 11241100x8000000000000000773625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04383e5e4123fae2021-12-20 15:59:46.174root 11241100x8000000000000000773626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caf039d6a154ac32021-12-20 15:59:46.174root 11241100x8000000000000000773627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9325b2621c5ee4fd2021-12-20 15:59:46.174root 11241100x8000000000000000773628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae36d6f43c221a62021-12-20 15:59:46.175root 11241100x8000000000000000773629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c46dc922e6d30e2021-12-20 15:59:46.175root 11241100x8000000000000000773630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d33d6e7aeb0df22021-12-20 15:59:46.175root 11241100x8000000000000000773631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1489b21358bc77452021-12-20 15:59:46.175root 11241100x8000000000000000773632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326b80a694d7e59a2021-12-20 15:59:46.175root 11241100x8000000000000000773633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39841b6c2b618f072021-12-20 15:59:46.175root 11241100x8000000000000000773634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d0d79df06250a82021-12-20 15:59:46.175root 11241100x8000000000000000773635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e4ff7a3faea0ec2021-12-20 15:59:46.175root 11241100x8000000000000000773636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fb5d1d45a046ad2021-12-20 15:59:46.175root 11241100x8000000000000000773637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b1923ce8c816d72021-12-20 15:59:46.175root 11241100x8000000000000000773638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79bed5cf252524b2021-12-20 15:59:46.175root 11241100x8000000000000000773639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b286d3dacc72c0b72021-12-20 15:59:46.175root 11241100x8000000000000000773640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8458d252225c68472021-12-20 15:59:46.176root 11241100x8000000000000000773641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebf389f804869292021-12-20 15:59:46.176root 11241100x8000000000000000773642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cab934d1a27b392021-12-20 15:59:46.176root 11241100x8000000000000000773643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ab236b483f977e2021-12-20 15:59:46.176root 11241100x8000000000000000773644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c574763dd3d4d012021-12-20 15:59:46.176root 11241100x8000000000000000773645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72432a6459892f3e2021-12-20 15:59:46.177root 11241100x8000000000000000773646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347aebf72e3056e72021-12-20 15:59:46.177root 11241100x8000000000000000773647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e59fe522fd7e9bd2021-12-20 15:59:46.177root 11241100x8000000000000000773648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c972b4ff884eac2021-12-20 15:59:46.177root 11241100x8000000000000000773649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935bfbb258afd6282021-12-20 15:59:46.177root 11241100x8000000000000000773650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5972e1f42bd47722021-12-20 15:59:46.177root 11241100x8000000000000000773651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c6eca2ca6e06ad2021-12-20 15:59:46.177root 11241100x8000000000000000773652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af2e46b008506132021-12-20 15:59:46.178root 11241100x8000000000000000773653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2300781ab2816abb2021-12-20 15:59:46.178root 11241100x8000000000000000773654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654e16e943e6cd662021-12-20 15:59:46.178root 11241100x8000000000000000773655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f447447e99f44c202021-12-20 15:59:46.178root 11241100x8000000000000000773656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a434d670141b0422021-12-20 15:59:46.178root 11241100x8000000000000000773657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd506f214a3ba0e2021-12-20 15:59:46.178root 11241100x8000000000000000773658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab312a38905d3852021-12-20 15:59:46.178root 11241100x8000000000000000773659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4ee26851f3a84e2021-12-20 15:59:46.178root 11241100x8000000000000000773660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12862bd8b28000122021-12-20 15:59:46.178root 11241100x8000000000000000773661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695c878af21a1ad92021-12-20 15:59:46.179root 11241100x8000000000000000773662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990aed581593c39a2021-12-20 15:59:46.179root 11241100x8000000000000000773663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697d471c1a5cdd742021-12-20 15:59:46.179root 11241100x8000000000000000773664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec17ce9c5bd4e832021-12-20 15:59:46.179root 11241100x8000000000000000773665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb50bd2e6b566fa2021-12-20 15:59:46.179root 11241100x8000000000000000773666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c9b2e6bf58ede92021-12-20 15:59:46.179root 11241100x8000000000000000773667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69316ae0da96d9492021-12-20 15:59:46.179root 11241100x8000000000000000773668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98dff7b6433592b2021-12-20 15:59:46.179root 11241100x8000000000000000773669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd33b3c54c3f4ff02021-12-20 15:59:46.179root 11241100x8000000000000000773670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e1ae32d5c971862021-12-20 15:59:46.179root 11241100x8000000000000000773671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7195f81430d731492021-12-20 15:59:46.179root 11241100x8000000000000000773672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cd4c5bc7df78932021-12-20 15:59:46.180root 11241100x8000000000000000773673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241f0ccea0d223de2021-12-20 15:59:46.180root 11241100x8000000000000000773674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5432a43e9507d8ad2021-12-20 15:59:46.180root 11241100x8000000000000000773675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71035a5101bff3442021-12-20 15:59:46.180root 11241100x8000000000000000773676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb383a3706b52b732021-12-20 15:59:46.180root 11241100x8000000000000000773677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec08656de360c7e2021-12-20 15:59:46.180root 11241100x8000000000000000773678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab228e31da4d92a72021-12-20 15:59:46.180root 11241100x8000000000000000773679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1939f4382e6a8a92021-12-20 15:59:46.180root 11241100x8000000000000000773680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667ff4a1dcc7a9d02021-12-20 15:59:46.181root 11241100x8000000000000000773681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef183936096571082021-12-20 15:59:46.181root 11241100x8000000000000000773682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b92b95b55882c52021-12-20 15:59:46.181root 11241100x8000000000000000773683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149bfa3f07fcdc712021-12-20 15:59:46.181root 11241100x8000000000000000773684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d8b9cf9bf8402c2021-12-20 15:59:46.181root 11241100x8000000000000000773685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1f45ec317152232021-12-20 15:59:46.181root 11241100x8000000000000000773686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46bbca389e669832021-12-20 15:59:46.181root 11241100x8000000000000000773687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696705cafc1660912021-12-20 15:59:46.181root 11241100x8000000000000000773688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1877418be0f7fe5f2021-12-20 15:59:46.181root 11241100x8000000000000000773689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6354989c95b355f2021-12-20 15:59:46.181root 11241100x8000000000000000773690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ef83c938ebb1672021-12-20 15:59:46.182root 11241100x8000000000000000773691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6ec38e634bb3ce2021-12-20 15:59:46.182root 11241100x8000000000000000773692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06f0b1ef396d05a2021-12-20 15:59:46.182root 11241100x8000000000000000773693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8f4bde6d1ffe892021-12-20 15:59:46.182root 11241100x8000000000000000773694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280ef8351548fab02021-12-20 15:59:46.182root 11241100x8000000000000000773695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee5cd52ee748f512021-12-20 15:59:46.182root 11241100x8000000000000000773696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3c53ad5ad1de682021-12-20 15:59:46.182root 11241100x8000000000000000773697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac8a6339ede76002021-12-20 15:59:46.674root 11241100x8000000000000000773698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eaeb4b3f0021d5a2021-12-20 15:59:46.674root 11241100x8000000000000000773699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0599c5bd43bce62021-12-20 15:59:46.674root 11241100x8000000000000000773700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793007ae961ad79f2021-12-20 15:59:46.674root 11241100x8000000000000000773701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7fdf2464d85f7b2021-12-20 15:59:46.675root 11241100x8000000000000000773702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a73ad0049cb2862021-12-20 15:59:46.675root 11241100x8000000000000000773703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c221804ea0b0a75b2021-12-20 15:59:46.675root 11241100x8000000000000000773704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24d18d42941e7372021-12-20 15:59:46.675root 11241100x8000000000000000773705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604063986885f5ff2021-12-20 15:59:46.675root 11241100x8000000000000000773706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc85e477e707ab7e2021-12-20 15:59:46.675root 11241100x8000000000000000773707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c346288bec5553552021-12-20 15:59:46.675root 11241100x8000000000000000773708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6183c92000055df2021-12-20 15:59:46.675root 11241100x8000000000000000773709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6795f359487b232021-12-20 15:59:46.675root 11241100x8000000000000000773710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222d6eb471ebee2e2021-12-20 15:59:46.675root 11241100x8000000000000000773711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a9150a5a5ef1ef2021-12-20 15:59:46.675root 11241100x8000000000000000773712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f57a40d1a0204262021-12-20 15:59:46.676root 11241100x8000000000000000773713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795c6c5e944f22922021-12-20 15:59:46.676root 11241100x8000000000000000773714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a98bd264f22af452021-12-20 15:59:46.676root 11241100x8000000000000000773715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b986baf2aecb3e2021-12-20 15:59:46.676root 11241100x8000000000000000773716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac4ee65f9d16f2e2021-12-20 15:59:46.677root 11241100x8000000000000000773717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e496a7d5239a49b62021-12-20 15:59:46.677root 11241100x8000000000000000773718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f88ba8720df5092021-12-20 15:59:46.677root 11241100x8000000000000000773719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff5f5ee9b67ba192021-12-20 15:59:46.677root 11241100x8000000000000000773720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8fcfb7428151f52021-12-20 15:59:46.677root 11241100x8000000000000000773721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8f5c82800696d12021-12-20 15:59:46.677root 11241100x8000000000000000773722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5c11ff3d8627712021-12-20 15:59:46.677root 11241100x8000000000000000773723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f989cde3ec6a77942021-12-20 15:59:46.677root 11241100x8000000000000000773724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b95daff449350fb2021-12-20 15:59:46.677root 11241100x8000000000000000773725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1443b1d16679402021-12-20 15:59:46.677root 11241100x8000000000000000773726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc6ff2e453e79022021-12-20 15:59:46.678root 11241100x8000000000000000773727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461182ce2ec447442021-12-20 15:59:46.678root 11241100x8000000000000000773728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb86ffae82974e52021-12-20 15:59:46.678root 11241100x8000000000000000773729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d0d0e2115dbfe42021-12-20 15:59:46.678root 11241100x8000000000000000773730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c71b7941b1e71f2021-12-20 15:59:46.678root 11241100x8000000000000000773731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a0f506c4a8721c2021-12-20 15:59:46.678root 11241100x8000000000000000773732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed1649be3afd3b2021-12-20 15:59:46.678root 11241100x8000000000000000773733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d676e2eb902bee602021-12-20 15:59:46.678root 11241100x8000000000000000773734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0656a6dd68acdaf32021-12-20 15:59:46.678root 11241100x8000000000000000773735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63588b29d9b9ec2c2021-12-20 15:59:46.678root 11241100x8000000000000000773736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474f3c715ef5775a2021-12-20 15:59:46.678root 11241100x8000000000000000773737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eaa0f84e0793f362021-12-20 15:59:46.679root 11241100x8000000000000000773738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e459de87c3b989132021-12-20 15:59:46.679root 11241100x8000000000000000773739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae40a0995cf16e532021-12-20 15:59:46.679root 11241100x8000000000000000773740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad51c62a9904e3232021-12-20 15:59:46.679root 11241100x8000000000000000773741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5b4dda989abe072021-12-20 15:59:46.679root 11241100x8000000000000000773742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48ef443cdd4aa9b2021-12-20 15:59:46.679root 11241100x8000000000000000773743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17637523c67e7562021-12-20 15:59:46.679root 11241100x8000000000000000773744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cde3f3d15a7451c2021-12-20 15:59:46.679root 11241100x8000000000000000773745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d9db014690e05b2021-12-20 15:59:46.680root 11241100x8000000000000000773746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e025aa33f3d28b2021-12-20 15:59:46.680root 11241100x8000000000000000773747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251bfb8f21a85fd82021-12-20 15:59:46.680root 11241100x8000000000000000773748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfd7c76afcd631f2021-12-20 15:59:46.680root 11241100x8000000000000000773749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6f359a221825f72021-12-20 15:59:46.680root 11241100x8000000000000000773750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5cb6a1c807da2d2021-12-20 15:59:46.680root 11241100x8000000000000000773751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613e7432a79f3a062021-12-20 15:59:46.680root 11241100x8000000000000000773752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523a8dd7153655112021-12-20 15:59:46.680root 11241100x8000000000000000773753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48e7a08dae617942021-12-20 15:59:46.680root 11241100x8000000000000000773754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1582a14b0d7b4c02021-12-20 15:59:46.680root 11241100x8000000000000000773755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db588af4c51f8df22021-12-20 15:59:46.680root 11241100x8000000000000000773756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5db40b395b498f2021-12-20 15:59:46.681root 11241100x8000000000000000773757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6d7165230463582021-12-20 15:59:46.681root 11241100x8000000000000000773758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5983d002b55fc3102021-12-20 15:59:46.681root 11241100x8000000000000000773759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d54d71ba6ee10aa2021-12-20 15:59:46.681root 11241100x8000000000000000773760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25bda668a6d335e2021-12-20 15:59:46.681root 11241100x8000000000000000773761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18a7fe75ec68b6d2021-12-20 15:59:46.681root 11241100x8000000000000000773762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8f8654a2adf0772021-12-20 15:59:46.682root 11241100x8000000000000000773763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d84666398bb844f2021-12-20 15:59:46.682root 11241100x8000000000000000773764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14fdd34207dcf402021-12-20 15:59:46.682root 11241100x8000000000000000773765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ce53767e2eca592021-12-20 15:59:46.682root 11241100x8000000000000000773766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431ad40686f35c5a2021-12-20 15:59:46.682root 11241100x8000000000000000773767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bfec99eaf37f302021-12-20 15:59:46.682root 11241100x8000000000000000773768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978de9b9eb3831482021-12-20 15:59:46.682root 11241100x8000000000000000773769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c79a835d5bede32021-12-20 15:59:46.683root 11241100x8000000000000000773770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffb6167f5d7d59a2021-12-20 15:59:46.683root 11241100x8000000000000000773771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51619d347ab979982021-12-20 15:59:46.683root 11241100x8000000000000000773772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c39e248ea563472021-12-20 15:59:46.683root 11241100x8000000000000000773773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb86a4853aa32f632021-12-20 15:59:46.684root 11241100x8000000000000000773774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7052383938a3c38e2021-12-20 15:59:46.684root 11241100x8000000000000000773775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f9f220e16bafe32021-12-20 15:59:46.684root 11241100x8000000000000000773776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358daa792b0d3aef2021-12-20 15:59:46.684root 11241100x8000000000000000773777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608f90bbcbcdccbb2021-12-20 15:59:46.684root 11241100x8000000000000000773778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc407c533d1e0b42021-12-20 15:59:46.684root 11241100x8000000000000000773779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e011dfcbee790daf2021-12-20 15:59:46.685root 11241100x8000000000000000773780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68be7edfc78b9b02021-12-20 15:59:46.685root 11241100x8000000000000000773781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f062a2c5117ad2bd2021-12-20 15:59:46.685root 11241100x8000000000000000773782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914b369d96001dfa2021-12-20 15:59:46.685root 11241100x8000000000000000773783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35eb61bd1180e0652021-12-20 15:59:46.685root 11241100x8000000000000000773784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4072b2dfad0c9ca92021-12-20 15:59:46.686root 11241100x8000000000000000773785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca366c6e3d7d5b12021-12-20 15:59:46.686root 11241100x8000000000000000773786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19458464a16540c22021-12-20 15:59:46.686root 11241100x8000000000000000773787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53c94225ed232852021-12-20 15:59:46.686root 11241100x8000000000000000773788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9062bcf60e8bc0a2021-12-20 15:59:46.686root 11241100x8000000000000000773789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e46ecf214998f012021-12-20 15:59:46.686root 11241100x8000000000000000773790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.687{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06feafd4e4ed1bd72021-12-20 15:59:46.687root 11241100x8000000000000000773791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.687{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5558a35219709d2021-12-20 15:59:46.687root 11241100x8000000000000000773792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.687{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84d194ad262d9192021-12-20 15:59:46.687root 11241100x8000000000000000773793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.687{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef942e32d4728aa42021-12-20 15:59:46.687root 11241100x8000000000000000773794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:46.687{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f1cf85abbbb4cf2021-12-20 15:59:46.687root 11241100x8000000000000000773795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45222de28c697912021-12-20 15:59:47.174root 11241100x8000000000000000773796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e90505867bf1ac2021-12-20 15:59:47.174root 11241100x8000000000000000773797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279f1cfe2d1424c62021-12-20 15:59:47.174root 11241100x8000000000000000773798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da45de60c07c28f32021-12-20 15:59:47.174root 11241100x8000000000000000773799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6034e9535193b72021-12-20 15:59:47.174root 11241100x8000000000000000773800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cdbd533514c6c12021-12-20 15:59:47.174root 11241100x8000000000000000773801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15792f7ab35c26a42021-12-20 15:59:47.174root 11241100x8000000000000000773802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a2a99c9454e74f2021-12-20 15:59:47.174root 11241100x8000000000000000773803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d6ddd23d26b63d2021-12-20 15:59:47.175root 11241100x8000000000000000773804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370176c67c6d11ed2021-12-20 15:59:47.175root 11241100x8000000000000000773805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c154bd5788023f472021-12-20 15:59:47.175root 11241100x8000000000000000773806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e5f34d9e700cf62021-12-20 15:59:47.175root 11241100x8000000000000000773807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff095689bfaff3c62021-12-20 15:59:47.176root 11241100x8000000000000000773808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b899bd2aa223b6532021-12-20 15:59:47.176root 11241100x8000000000000000773809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b8bcbf6c5545312021-12-20 15:59:47.176root 11241100x8000000000000000773810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8974c5d669693f732021-12-20 15:59:47.176root 11241100x8000000000000000773811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db865916bdffd0002021-12-20 15:59:47.176root 11241100x8000000000000000773812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce5453859fc6dc72021-12-20 15:59:47.176root 11241100x8000000000000000773813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80759295afe3d1522021-12-20 15:59:47.176root 11241100x8000000000000000773814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbca948c05c316642021-12-20 15:59:47.177root 11241100x8000000000000000773815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9447447fe6ffc61f2021-12-20 15:59:47.177root 11241100x8000000000000000773816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc065ca72d71f1b2021-12-20 15:59:47.177root 11241100x8000000000000000773817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e540e1f590211c2021-12-20 15:59:47.177root 11241100x8000000000000000773818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d59bc3fede55752021-12-20 15:59:47.177root 11241100x8000000000000000773819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76209815b10daeb2021-12-20 15:59:47.177root 11241100x8000000000000000773820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d415ca854f9706312021-12-20 15:59:47.178root 11241100x8000000000000000773821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c6f4dad473c8e12021-12-20 15:59:47.178root 11241100x8000000000000000773822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cdbcec7a05f9d32021-12-20 15:59:47.178root 11241100x8000000000000000773823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec4cfd8da4773132021-12-20 15:59:47.179root 11241100x8000000000000000773824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4f7c3cb44f8a982021-12-20 15:59:47.179root 11241100x8000000000000000773825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e25a04b6b8c53752021-12-20 15:59:47.179root 11241100x8000000000000000773826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4342295b4badad2021-12-20 15:59:47.179root 11241100x8000000000000000773827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483a0560068e1eaa2021-12-20 15:59:47.180root 11241100x8000000000000000773828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0352b4626fadf212021-12-20 15:59:47.180root 11241100x8000000000000000773829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668d4cc1efe1dda62021-12-20 15:59:47.180root 11241100x8000000000000000773830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c797887bbe763c2021-12-20 15:59:47.180root 11241100x8000000000000000773831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c012b0574f049a2021-12-20 15:59:47.180root 11241100x8000000000000000773832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e176ec86b4de762021-12-20 15:59:47.181root 11241100x8000000000000000773833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4008183f3ba35d2021-12-20 15:59:47.182root 11241100x8000000000000000773834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7890116c6f98d82021-12-20 15:59:47.183root 11241100x8000000000000000773835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8633993a465aa7542021-12-20 15:59:47.184root 11241100x8000000000000000773836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7218d97261f86b692021-12-20 15:59:47.184root 11241100x8000000000000000773837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5279bacb9a0ebc02021-12-20 15:59:47.184root 11241100x8000000000000000773838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566cfd91ffb15b3e2021-12-20 15:59:47.185root 11241100x8000000000000000773839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f80feeb26f58ae2021-12-20 15:59:47.185root 11241100x8000000000000000773840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162d8c6b9868de5f2021-12-20 15:59:47.186root 11241100x8000000000000000773841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4f402ea93caf592021-12-20 15:59:47.186root 11241100x8000000000000000773842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76453a22bc55ed842021-12-20 15:59:47.187root 11241100x8000000000000000773843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168029dbec7b753f2021-12-20 15:59:47.187root 11241100x8000000000000000773844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85812afbed192b092021-12-20 15:59:47.187root 11241100x8000000000000000773845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e97f62d317daad2021-12-20 15:59:47.187root 11241100x8000000000000000773846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d03e14518c5a592021-12-20 15:59:47.187root 11241100x8000000000000000773847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9b947a2737580d2021-12-20 15:59:47.188root 11241100x8000000000000000773848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8358192a318b53362021-12-20 15:59:47.188root 11241100x8000000000000000773849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b5c9dd98d488cb2021-12-20 15:59:47.188root 11241100x8000000000000000773850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33f43531fec83f32021-12-20 15:59:47.188root 11241100x8000000000000000773851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed9577ebee10ee52021-12-20 15:59:47.189root 11241100x8000000000000000773852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4452f8c80ad96202021-12-20 15:59:47.189root 11241100x8000000000000000773853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30aac3912798e9f2021-12-20 15:59:47.189root 11241100x8000000000000000773854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5883a1ddeeef28e2021-12-20 15:59:47.189root 11241100x8000000000000000773855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842a1da8dd9468072021-12-20 15:59:47.189root 11241100x8000000000000000773856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434773a42188a4bb2021-12-20 15:59:47.189root 11241100x8000000000000000773857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d01776dcb811f892021-12-20 15:59:47.189root 11241100x8000000000000000773858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae5f451858e8a3d2021-12-20 15:59:47.189root 11241100x8000000000000000773859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10441729c419bd592021-12-20 15:59:47.190root 11241100x8000000000000000773860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c880c0c26b56d52021-12-20 15:59:47.190root 11241100x8000000000000000773861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a96fe398f1b84512021-12-20 15:59:47.190root 11241100x8000000000000000773862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154517ed882d87842021-12-20 15:59:47.190root 11241100x8000000000000000773863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40da8169aee38f072021-12-20 15:59:47.190root 11241100x8000000000000000773864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cc07f6a9c0276c2021-12-20 15:59:47.190root 11241100x8000000000000000773865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.190{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c99bca9b17e9c62021-12-20 15:59:47.190root 11241100x8000000000000000773866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd17b9e8bb88d892021-12-20 15:59:47.191root 11241100x8000000000000000773867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebbe1cd43f5f7b12021-12-20 15:59:47.191root 11241100x8000000000000000773868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bff47a5b43aaf82021-12-20 15:59:47.191root 11241100x8000000000000000773869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3acf7b721bd6ac32021-12-20 15:59:47.191root 11241100x8000000000000000773870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.191{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4c20947cf93dbe2021-12-20 15:59:47.191root 11241100x8000000000000000773871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.192{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad6c0d0acabab682021-12-20 15:59:47.192root 11241100x8000000000000000773872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.192{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8da3e115ce09792021-12-20 15:59:47.192root 11241100x8000000000000000773873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.192{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b1810723a956712021-12-20 15:59:47.192root 11241100x8000000000000000773874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.192{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3a936de366e9c82021-12-20 15:59:47.192root 11241100x8000000000000000773875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.192{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789ddb963e21b55b2021-12-20 15:59:47.192root 11241100x8000000000000000773876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71061ec8ddb9e752021-12-20 15:59:47.193root 11241100x8000000000000000773877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b891a830959dc4a72021-12-20 15:59:47.193root 11241100x8000000000000000773878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2139a7ebf30dc5a12021-12-20 15:59:47.193root 11241100x8000000000000000773879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447dcc11bcab183a2021-12-20 15:59:47.193root 11241100x8000000000000000773880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf25a1a6f432a9d2021-12-20 15:59:47.193root 11241100x8000000000000000773881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46afc4b59494c07b2021-12-20 15:59:47.193root 11241100x8000000000000000773882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34c7093132718b52021-12-20 15:59:47.193root 11241100x8000000000000000773883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b5b49e02e0f1a2021-12-20 15:59:47.193root 11241100x8000000000000000773884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf63dfef2d9f13f2021-12-20 15:59:47.193root 11241100x8000000000000000773885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.193{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbc2f2119babb6d2021-12-20 15:59:47.193root 11241100x8000000000000000773886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.194{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca903325c989b302021-12-20 15:59:47.194root 11241100x8000000000000000773887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.194{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a132d6d5d81f052021-12-20 15:59:47.194root 11241100x8000000000000000773888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.195{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30f8981a845ae5e2021-12-20 15:59:47.195root 11241100x8000000000000000773889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.195{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a6ff7aa89b61a92021-12-20 15:59:47.195root 11241100x8000000000000000773890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.195{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36ec2bce4a0de8b2021-12-20 15:59:47.195root 11241100x8000000000000000773891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3361f040e7165442021-12-20 15:59:47.674root 11241100x8000000000000000773892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0056b8eb3f4f882021-12-20 15:59:47.674root 11241100x8000000000000000773893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06137a0c1d5e4c92021-12-20 15:59:47.675root 11241100x8000000000000000773894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9707e34439bcfe562021-12-20 15:59:47.675root 11241100x8000000000000000773895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0208623386fac50f2021-12-20 15:59:47.675root 11241100x8000000000000000773896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68779e1bf30a621e2021-12-20 15:59:47.675root 11241100x8000000000000000773897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90570c30a500a1e2021-12-20 15:59:47.676root 11241100x8000000000000000773898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa8f6ff4dc3db622021-12-20 15:59:47.676root 11241100x8000000000000000773899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32db3eb4bcbe747f2021-12-20 15:59:47.676root 11241100x8000000000000000773900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea2b1b0c7d853bd2021-12-20 15:59:47.676root 11241100x8000000000000000773901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f76d4cf13ed31c2021-12-20 15:59:47.676root 11241100x8000000000000000773902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cd4149e6de753f2021-12-20 15:59:47.677root 11241100x8000000000000000773903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206798ae3d38bbdb2021-12-20 15:59:47.677root 11241100x8000000000000000773904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1ba509af4c7b202021-12-20 15:59:47.677root 11241100x8000000000000000773905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19859985cd824c22021-12-20 15:59:47.679root 11241100x8000000000000000773906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd0369d27e4a42f2021-12-20 15:59:47.680root 11241100x8000000000000000773907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae41e5b74858a4942021-12-20 15:59:47.680root 11241100x8000000000000000773908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ca36dae268df0e2021-12-20 15:59:47.680root 11241100x8000000000000000773909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1edf6c3595cfeb2021-12-20 15:59:47.680root 11241100x8000000000000000773910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cd2941acf78a8a2021-12-20 15:59:47.681root 11241100x8000000000000000773911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9748c9240135daa2021-12-20 15:59:47.681root 11241100x8000000000000000773912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc2496941da0a662021-12-20 15:59:47.681root 11241100x8000000000000000773913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1df3d7cc647f5d2021-12-20 15:59:47.681root 11241100x8000000000000000773914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b884a7f80aaf0702021-12-20 15:59:47.682root 11241100x8000000000000000773915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc97460343535ca02021-12-20 15:59:47.682root 11241100x8000000000000000773916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aca8f5dfe2a360c2021-12-20 15:59:47.682root 11241100x8000000000000000773917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da9993fa89b3c442021-12-20 15:59:47.682root 11241100x8000000000000000773918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cbee00d6feac4b2021-12-20 15:59:47.682root 11241100x8000000000000000773919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bf7ad1f0812fd52021-12-20 15:59:47.682root 11241100x8000000000000000773920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d8e12c5cd80bcb2021-12-20 15:59:47.683root 11241100x8000000000000000773921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61653f79e32a7b7a2021-12-20 15:59:47.683root 11241100x8000000000000000773922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3c655d81ed910c2021-12-20 15:59:47.683root 11241100x8000000000000000773923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd5d6b1ba660eec2021-12-20 15:59:47.683root 11241100x8000000000000000773924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c5645b3e86b1df2021-12-20 15:59:47.683root 11241100x8000000000000000773925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72319a8cd22730a2021-12-20 15:59:47.683root 11241100x8000000000000000773926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693ac29e6564b4dd2021-12-20 15:59:47.683root 11241100x8000000000000000773927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc909a99498888182021-12-20 15:59:47.683root 11241100x8000000000000000773928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598cbdd26c113c8c2021-12-20 15:59:47.683root 11241100x8000000000000000773929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9d63c04ea8e4292021-12-20 15:59:47.683root 11241100x8000000000000000773930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d1b308aeaaa0e62021-12-20 15:59:47.684root 11241100x8000000000000000773931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a486f764869248d2021-12-20 15:59:47.684root 11241100x8000000000000000773932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386eca3ab61787ec2021-12-20 15:59:47.684root 11241100x8000000000000000773933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef78a1bb814217212021-12-20 15:59:47.684root 11241100x8000000000000000773934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a2fc7249ce53942021-12-20 15:59:47.684root 11241100x8000000000000000773935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e19474bb985eec2021-12-20 15:59:47.684root 11241100x8000000000000000773936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399d35e31902a1472021-12-20 15:59:47.684root 11241100x8000000000000000773937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e3e16e69e7b8e12021-12-20 15:59:47.685root 11241100x8000000000000000773938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676d7413d9d7bef92021-12-20 15:59:47.685root 11241100x8000000000000000773939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ad46a24ffc734c2021-12-20 15:59:47.685root 11241100x8000000000000000773940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9cf20aa3cd915f2021-12-20 15:59:47.685root 11241100x8000000000000000773941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fc931aa91822632021-12-20 15:59:47.685root 11241100x8000000000000000773942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187e5a284c0633c92021-12-20 15:59:47.685root 11241100x8000000000000000773943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0554f077b4e8a2021-12-20 15:59:47.686root 11241100x8000000000000000773944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866388b6d71235002021-12-20 15:59:47.686root 11241100x8000000000000000773945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b087e8245eb07ff32021-12-20 15:59:47.686root 11241100x8000000000000000773946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad0fae3e0466fba2021-12-20 15:59:47.686root 11241100x8000000000000000773947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.687{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87baefd9758c7822021-12-20 15:59:47.687root 11241100x8000000000000000773948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.688{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d470000dfa3fb22021-12-20 15:59:47.688root 11241100x8000000000000000773949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34555287d6b5b5272021-12-20 15:59:47.689root 11241100x8000000000000000773950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaa4080a83683e32021-12-20 15:59:47.689root 11241100x8000000000000000773951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:47.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340a7fe9963d97312021-12-20 15:59:47.689root 11241100x8000000000000000773952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9bc04de7c8adc72021-12-20 15:59:48.174root 11241100x8000000000000000773953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18a00cd6b8caa762021-12-20 15:59:48.175root 11241100x8000000000000000773954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35563212a4487ae12021-12-20 15:59:48.175root 11241100x8000000000000000773955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cfd576d779db732021-12-20 15:59:48.175root 11241100x8000000000000000773956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9bc31300a192c92021-12-20 15:59:48.175root 11241100x8000000000000000773957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb82e36e67729a72021-12-20 15:59:48.175root 11241100x8000000000000000773958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51a3bdd525bf2202021-12-20 15:59:48.175root 11241100x8000000000000000773959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa71419f5050d092021-12-20 15:59:48.175root 11241100x8000000000000000773960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d0f87d5e4bac6b2021-12-20 15:59:48.175root 11241100x8000000000000000773961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a4ac507b20c3132021-12-20 15:59:48.175root 11241100x8000000000000000773962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8ee12b4262952c2021-12-20 15:59:48.175root 11241100x8000000000000000773963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ec098487276fe02021-12-20 15:59:48.176root 11241100x8000000000000000773964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9945a8d298d3cc2021-12-20 15:59:48.176root 11241100x8000000000000000773965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd70662e426d0cc72021-12-20 15:59:48.176root 11241100x8000000000000000773966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22acec13c436fdaf2021-12-20 15:59:48.176root 11241100x8000000000000000773967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868c72e4497651ee2021-12-20 15:59:48.176root 11241100x8000000000000000773968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31926f01fd50d48f2021-12-20 15:59:48.176root 11241100x8000000000000000773969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad22a972c78ff0782021-12-20 15:59:48.176root 11241100x8000000000000000773970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451045911f03a10c2021-12-20 15:59:48.176root 11241100x8000000000000000773971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150eb24e311eae582021-12-20 15:59:48.177root 11241100x8000000000000000773972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb324e6fd65a07b2021-12-20 15:59:48.177root 11241100x8000000000000000773973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41434b31cb8ded7e2021-12-20 15:59:48.177root 11241100x8000000000000000773974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b9c00273f8aee52021-12-20 15:59:48.177root 11241100x8000000000000000773975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b268a98e02bb016a2021-12-20 15:59:48.177root 11241100x8000000000000000773976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f0ebf21b382ecd2021-12-20 15:59:48.177root 11241100x8000000000000000773977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1541d841ef4a2c12021-12-20 15:59:48.177root 11241100x8000000000000000773978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363263fe889bd3462021-12-20 15:59:48.177root 11241100x8000000000000000773979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4e97cd448b06a72021-12-20 15:59:48.178root 11241100x8000000000000000773980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c5885b2d9976202021-12-20 15:59:48.179root 11241100x8000000000000000773981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4db84ac53162c72021-12-20 15:59:48.179root 11241100x8000000000000000773982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec437790c4ae7e0a2021-12-20 15:59:48.179root 11241100x8000000000000000773983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f397b0a11fcc6bb2021-12-20 15:59:48.179root 11241100x8000000000000000773984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4794f64cdc740b2021-12-20 15:59:48.179root 11241100x8000000000000000773985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad58d8f607d1cabd2021-12-20 15:59:48.179root 11241100x8000000000000000773986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cc78af2c80ff8e2021-12-20 15:59:48.179root 11241100x8000000000000000773987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea38999c794fafa2021-12-20 15:59:48.180root 11241100x8000000000000000773988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b10376f28df78d2021-12-20 15:59:48.180root 11241100x8000000000000000773989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d457d245be036fe42021-12-20 15:59:48.180root 11241100x8000000000000000773990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56f1fce47cda37f2021-12-20 15:59:48.180root 11241100x8000000000000000773991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff81f1ae83259952021-12-20 15:59:48.180root 11241100x8000000000000000773992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8475c47767c56bb2021-12-20 15:59:48.180root 11241100x8000000000000000773993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029e6e4c221e1d6e2021-12-20 15:59:48.180root 11241100x8000000000000000773994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf22b7ed0b0a7122021-12-20 15:59:48.180root 11241100x8000000000000000773995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2bce5a957c08c2021-12-20 15:59:48.180root 11241100x8000000000000000773996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332269b010f109322021-12-20 15:59:48.180root 11241100x8000000000000000773997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f11a1cd660e69932021-12-20 15:59:48.181root 11241100x8000000000000000773998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a715d9884011e0d72021-12-20 15:59:48.181root 11241100x8000000000000000773999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163d02f3e5eca3402021-12-20 15:59:48.181root 11241100x8000000000000000774000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a0d0e2de160cea2021-12-20 15:59:48.181root 11241100x8000000000000000774001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94ea0e5088a6bfd2021-12-20 15:59:48.181root 11241100x8000000000000000774002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b0a9820f79eecb2021-12-20 15:59:48.181root 11241100x8000000000000000774003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4669e79a7cc70f7e2021-12-20 15:59:48.181root 11241100x8000000000000000774004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d3651965c607fb2021-12-20 15:59:48.181root 11241100x8000000000000000774005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741335022235ca8c2021-12-20 15:59:48.181root 11241100x8000000000000000774006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28acc5e740b2ed6d2021-12-20 15:59:48.181root 11241100x8000000000000000774007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d38e3b389a9dfd2021-12-20 15:59:48.182root 11241100x8000000000000000774008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62651e90879701d2021-12-20 15:59:48.182root 11241100x8000000000000000774009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843cb17e6dc152aa2021-12-20 15:59:48.182root 11241100x8000000000000000774010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0bbc6b9bc540cc2021-12-20 15:59:48.182root 11241100x8000000000000000774011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab7636579f1d3f32021-12-20 15:59:48.182root 11241100x8000000000000000774012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b902b0b20e24362021-12-20 15:59:48.182root 11241100x8000000000000000774013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9800038088c5d962021-12-20 15:59:48.182root 11241100x8000000000000000774014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0e5183e31288812021-12-20 15:59:48.182root 11241100x8000000000000000774015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac6cde0b091c3892021-12-20 15:59:48.183root 11241100x8000000000000000774016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7336696dc77a4b2021-12-20 15:59:48.183root 11241100x8000000000000000774017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecf95e230b0a9b22021-12-20 15:59:48.183root 11241100x8000000000000000774018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe99577e20681f32021-12-20 15:59:48.183root 11241100x8000000000000000774019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ded7235a1da0e8b2021-12-20 15:59:48.183root 11241100x8000000000000000774020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796f0a7242fb39f72021-12-20 15:59:48.183root 11241100x8000000000000000774021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c78566ea70a10272021-12-20 15:59:48.674root 11241100x8000000000000000774022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685fde78f0f769762021-12-20 15:59:48.674root 11241100x8000000000000000774023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3124bd1c6f87bb2021-12-20 15:59:48.674root 11241100x8000000000000000774024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24395a40de4e54f92021-12-20 15:59:48.675root 11241100x8000000000000000774025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cecf0bc7d969d302021-12-20 15:59:48.675root 11241100x8000000000000000774026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d816f200db3d2ffd2021-12-20 15:59:48.675root 11241100x8000000000000000774027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aae368e05b8a1232021-12-20 15:59:48.675root 11241100x8000000000000000774028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36a6bb830b4e20a2021-12-20 15:59:48.675root 11241100x8000000000000000774029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038c72d5c14a4edc2021-12-20 15:59:48.675root 11241100x8000000000000000774030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6a43ec46d621462021-12-20 15:59:48.675root 11241100x8000000000000000774031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2beeefbb6a127c732021-12-20 15:59:48.676root 11241100x8000000000000000774032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffdd0db840543512021-12-20 15:59:48.676root 11241100x8000000000000000774033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fdad2c34a8b8952021-12-20 15:59:48.676root 11241100x8000000000000000774034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8499f5b66f9ff5332021-12-20 15:59:48.676root 11241100x8000000000000000774035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5565501c48ba932021-12-20 15:59:48.676root 11241100x8000000000000000774036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6a5ea23b75c4872021-12-20 15:59:48.676root 11241100x8000000000000000774037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bdf1901bb5c6e92021-12-20 15:59:48.676root 11241100x8000000000000000774038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0a7c64458526652021-12-20 15:59:48.677root 11241100x8000000000000000774039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e442608153d1d6932021-12-20 15:59:48.677root 11241100x8000000000000000774040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d35c13b69cac222021-12-20 15:59:48.677root 11241100x8000000000000000774041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229ccdeca390d3002021-12-20 15:59:48.677root 11241100x8000000000000000774042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e741d74e2ba2ee2021-12-20 15:59:48.677root 11241100x8000000000000000774043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46be64dfb902267f2021-12-20 15:59:48.677root 11241100x8000000000000000774044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e58cd4d405781a2021-12-20 15:59:48.677root 11241100x8000000000000000774045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4f982885d3fbec2021-12-20 15:59:48.677root 11241100x8000000000000000774046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcb2283156ec1142021-12-20 15:59:48.678root 11241100x8000000000000000774047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0789312ce03381c12021-12-20 15:59:48.678root 11241100x8000000000000000774048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946d50cacb0b3f5a2021-12-20 15:59:48.678root 11241100x8000000000000000774049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c05932d739470182021-12-20 15:59:48.678root 11241100x8000000000000000774050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d43c9700bcb5b092021-12-20 15:59:48.678root 11241100x8000000000000000774051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca37719f5bd849132021-12-20 15:59:48.678root 11241100x8000000000000000774052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61a1159638adc6c2021-12-20 15:59:48.678root 11241100x8000000000000000774053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d438ecc0f7b2722021-12-20 15:59:48.678root 11241100x8000000000000000774054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f0fd4d3ba3764c2021-12-20 15:59:48.678root 11241100x8000000000000000774055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7df447bf8ed8ab2021-12-20 15:59:48.678root 11241100x8000000000000000774056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ab1b79d814259e2021-12-20 15:59:48.678root 11241100x8000000000000000774057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e56544af95f9332021-12-20 15:59:48.679root 11241100x8000000000000000774058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2784e9b05538312021-12-20 15:59:48.679root 11241100x8000000000000000774059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d34e73691fe1062021-12-20 15:59:48.679root 11241100x8000000000000000774060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b96c89ce04138b2021-12-20 15:59:48.679root 11241100x8000000000000000774061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8b14f1157e57ec2021-12-20 15:59:48.679root 11241100x8000000000000000774062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40778488e7028b52021-12-20 15:59:48.679root 11241100x8000000000000000774063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a47559ef97e0382021-12-20 15:59:48.679root 11241100x8000000000000000774064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbd124698c1f0f82021-12-20 15:59:48.679root 11241100x8000000000000000774065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca24d1945053b4f2021-12-20 15:59:48.679root 11241100x8000000000000000774066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bf63504d4dbb862021-12-20 15:59:48.679root 11241100x8000000000000000774067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e310ef651471de962021-12-20 15:59:48.679root 11241100x8000000000000000774068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07496c630d43d0622021-12-20 15:59:48.680root 11241100x8000000000000000774069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9445fcecf933e88f2021-12-20 15:59:48.680root 11241100x8000000000000000774070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97da22a3d38475e62021-12-20 15:59:48.680root 11241100x8000000000000000774071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8879c1365fd54812021-12-20 15:59:48.680root 11241100x8000000000000000774072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce3db855d3d7d582021-12-20 15:59:48.680root 11241100x8000000000000000774073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89f0d6a56a329672021-12-20 15:59:48.680root 11241100x8000000000000000774074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0551234853e2de2021-12-20 15:59:48.680root 11241100x8000000000000000774075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb42ee4641d4e6d2021-12-20 15:59:48.680root 11241100x8000000000000000774076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a441f7326227572021-12-20 15:59:48.680root 11241100x8000000000000000774077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:48.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464fab4a524600742021-12-20 15:59:48.680root 11241100x8000000000000000774078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4f0574a942ac332021-12-20 15:59:49.174root 11241100x8000000000000000774079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1e220ccfa271082021-12-20 15:59:49.174root 11241100x8000000000000000774080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cc48262cf500312021-12-20 15:59:49.175root 11241100x8000000000000000774081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7327e0ce136662482021-12-20 15:59:49.175root 11241100x8000000000000000774082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cfacb65fd0fcc02021-12-20 15:59:49.175root 11241100x8000000000000000774083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c17e0d37128794c2021-12-20 15:59:49.175root 11241100x8000000000000000774084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a67b52f1ee18da62021-12-20 15:59:49.175root 11241100x8000000000000000774085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf9f4b381f81f602021-12-20 15:59:49.175root 11241100x8000000000000000774086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b21ea7a42a62562021-12-20 15:59:49.175root 11241100x8000000000000000774087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfc548ac055e84b2021-12-20 15:59:49.176root 11241100x8000000000000000774088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dd37bb9b7061592021-12-20 15:59:49.176root 11241100x8000000000000000774089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a42a576a1f05bef2021-12-20 15:59:49.176root 11241100x8000000000000000774090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc36aa12029b76a42021-12-20 15:59:49.176root 11241100x8000000000000000774091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349b29773f6301662021-12-20 15:59:49.176root 11241100x8000000000000000774092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b360f4a67307d38b2021-12-20 15:59:49.176root 11241100x8000000000000000774093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ddd7b9744282f22021-12-20 15:59:49.176root 11241100x8000000000000000774094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9431647480e90c62021-12-20 15:59:49.177root 11241100x8000000000000000774095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98da1429324d3632021-12-20 15:59:49.177root 11241100x8000000000000000774096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705b9ebed85dd19c2021-12-20 15:59:49.177root 11241100x8000000000000000774097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110adfaac51688e32021-12-20 15:59:49.178root 11241100x8000000000000000774098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b16b9b22255dbb02021-12-20 15:59:49.178root 11241100x8000000000000000774099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72e8366761d6df42021-12-20 15:59:49.178root 11241100x8000000000000000774100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad805ab5a9d9b832021-12-20 15:59:49.179root 11241100x8000000000000000774101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c53849bafd01cd2021-12-20 15:59:49.180root 11241100x8000000000000000774102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045f5c2288fd1da32021-12-20 15:59:49.180root 11241100x8000000000000000774103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe171965141b81e2021-12-20 15:59:49.180root 11241100x8000000000000000774104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3ca01281dca24b2021-12-20 15:59:49.181root 11241100x8000000000000000774105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5d27c5fc5653242021-12-20 15:59:49.181root 11241100x8000000000000000774106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46ff821cb5b67062021-12-20 15:59:49.181root 11241100x8000000000000000774107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffec06cffd571032021-12-20 15:59:49.182root 11241100x8000000000000000774108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5361af2190161a2021-12-20 15:59:49.182root 11241100x8000000000000000774109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c518dca10d74462021-12-20 15:59:49.182root 11241100x8000000000000000774110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c605316845876762021-12-20 15:59:49.182root 11241100x8000000000000000774111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa99a575bdee87ec2021-12-20 15:59:49.183root 11241100x8000000000000000774112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a183436dfd449ebe2021-12-20 15:59:49.183root 11241100x8000000000000000774113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226ae1dcfe5694412021-12-20 15:59:49.183root 11241100x8000000000000000774114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815e3f9101656e302021-12-20 15:59:49.183root 11241100x8000000000000000774115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edb510f0b6d2d6d2021-12-20 15:59:49.183root 11241100x8000000000000000774116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6a1c5c42852f2b2021-12-20 15:59:49.184root 11241100x8000000000000000774117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba8f92d0cbbcf622021-12-20 15:59:49.184root 11241100x8000000000000000774118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3fad9dccd1888b2021-12-20 15:59:49.184root 11241100x8000000000000000774119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0932ec1bf956be22021-12-20 15:59:49.184root 11241100x8000000000000000774120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884b3cbee532c4952021-12-20 15:59:49.184root 11241100x8000000000000000774121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35df82833247c23d2021-12-20 15:59:49.185root 11241100x8000000000000000774122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36ce874655aa6df2021-12-20 15:59:49.185root 11241100x8000000000000000774123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2556927ea2dac732021-12-20 15:59:49.185root 11241100x8000000000000000774124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3025b0b324138de2021-12-20 15:59:49.185root 11241100x8000000000000000774125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa55f5d3ef64758d2021-12-20 15:59:49.185root 11241100x8000000000000000774126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a59fb68dfc8a272021-12-20 15:59:49.186root 11241100x8000000000000000774127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4926e3be46a875b2021-12-20 15:59:49.186root 11241100x8000000000000000774128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafccf0e4738d8b72021-12-20 15:59:49.186root 11241100x8000000000000000774129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0fc30d8e478f762021-12-20 15:59:49.186root 11241100x8000000000000000774130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afccbdbe7ecd11c82021-12-20 15:59:49.186root 11241100x8000000000000000774131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc9fd588f0ef3992021-12-20 15:59:49.187root 11241100x8000000000000000774132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2040ef4c775b60f52021-12-20 15:59:49.187root 11241100x8000000000000000774133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f50d6e95421369e2021-12-20 15:59:49.187root 11241100x8000000000000000774134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab4a944f8ba1f782021-12-20 15:59:49.187root 11241100x8000000000000000774135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d44c9a4038aca092021-12-20 15:59:49.187root 11241100x8000000000000000774136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af37fce980b8d9e2021-12-20 15:59:49.187root 11241100x8000000000000000774137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533bae7f7dbdce3e2021-12-20 15:59:49.188root 11241100x8000000000000000774138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274f903137dae3eb2021-12-20 15:59:49.188root 11241100x8000000000000000774139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb158882852878e2021-12-20 15:59:49.188root 11241100x8000000000000000774140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2001a3b841964a852021-12-20 15:59:49.188root 11241100x8000000000000000774141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd03226015f99e72021-12-20 15:59:49.188root 11241100x8000000000000000774142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea189a22e0f314812021-12-20 15:59:49.189root 11241100x8000000000000000774143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.189{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9876e7d38c3990222021-12-20 15:59:49.189root 11241100x8000000000000000774144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0380bd366ec28bc32021-12-20 15:59:49.674root 11241100x8000000000000000774145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12418adb799150a2021-12-20 15:59:49.674root 11241100x8000000000000000774146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf6171f6c4524f12021-12-20 15:59:49.674root 11241100x8000000000000000774147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca29a721358adce2021-12-20 15:59:49.674root 11241100x8000000000000000774148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09881de6340182a2021-12-20 15:59:49.675root 11241100x8000000000000000774149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d8fd367c212ba62021-12-20 15:59:49.675root 11241100x8000000000000000774150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c23fb5de84cf3312021-12-20 15:59:49.675root 11241100x8000000000000000774151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb375f0330d79bc2021-12-20 15:59:49.675root 11241100x8000000000000000774152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de1c4e250b7653f2021-12-20 15:59:49.675root 11241100x8000000000000000774153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448c480b70f2ce6a2021-12-20 15:59:49.675root 11241100x8000000000000000774154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e86de0f5d0956de2021-12-20 15:59:49.676root 11241100x8000000000000000774155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fcd4da7e26be712021-12-20 15:59:49.676root 11241100x8000000000000000774156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5066406e48a5d12021-12-20 15:59:49.676root 11241100x8000000000000000774157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34921612cb4e5f692021-12-20 15:59:49.676root 11241100x8000000000000000774158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc668bb567594b72021-12-20 15:59:49.677root 11241100x8000000000000000774159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b01f31d66a557b2021-12-20 15:59:49.680root 11241100x8000000000000000774160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5afbdccf2f75722021-12-20 15:59:49.680root 11241100x8000000000000000774161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9c99b3795133b82021-12-20 15:59:49.680root 11241100x8000000000000000774162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5364ee93424815212021-12-20 15:59:49.680root 11241100x8000000000000000774163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea008d2d9f7eb6b2021-12-20 15:59:49.680root 11241100x8000000000000000774164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc370ff534c49902021-12-20 15:59:49.681root 11241100x8000000000000000774165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d39f45770782f82021-12-20 15:59:49.681root 11241100x8000000000000000774166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1c879bb98e2bb12021-12-20 15:59:49.681root 11241100x8000000000000000774167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331af9d73ce8950e2021-12-20 15:59:49.681root 11241100x8000000000000000774168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08724066ee37d3032021-12-20 15:59:49.681root 11241100x8000000000000000774169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbb81e61c3da4fc2021-12-20 15:59:49.681root 11241100x8000000000000000774170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bc24e821f8fffd2021-12-20 15:59:49.681root 11241100x8000000000000000774171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408aaffaad0c59d72021-12-20 15:59:49.681root 11241100x8000000000000000774172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86917ce9158824a52021-12-20 15:59:49.681root 11241100x8000000000000000774173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b0e04f87f25ca32021-12-20 15:59:49.681root 11241100x8000000000000000774174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b0817365c8e8762021-12-20 15:59:49.681root 11241100x8000000000000000774175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a737a87dba0c682021-12-20 15:59:49.682root 11241100x8000000000000000774176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707157a7c9c7c5432021-12-20 15:59:49.682root 11241100x8000000000000000774177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698e6a9fa6691ca02021-12-20 15:59:49.682root 11241100x8000000000000000774178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb385ee5026b3272021-12-20 15:59:49.682root 11241100x8000000000000000774179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6059ab1ca39ce4472021-12-20 15:59:49.682root 11241100x8000000000000000774180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fa98e2a3aa9a6e2021-12-20 15:59:49.682root 11241100x8000000000000000774181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d646c70998d0f1e82021-12-20 15:59:49.683root 11241100x8000000000000000774182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc3dd2c97d0b5162021-12-20 15:59:49.683root 11241100x8000000000000000774183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9e5b60287c228f2021-12-20 15:59:49.683root 11241100x8000000000000000774184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e4252b871668452021-12-20 15:59:49.683root 11241100x8000000000000000774185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d25f715de838852021-12-20 15:59:49.683root 11241100x8000000000000000774186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2933451f4a6d5f2021-12-20 15:59:49.683root 11241100x8000000000000000774187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc86d4eefc6c8602021-12-20 15:59:49.683root 11241100x8000000000000000774188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62b339f32ea44dd2021-12-20 15:59:49.684root 11241100x8000000000000000774189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:49.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd73b2a92d33b0e2021-12-20 15:59:49.684root 11241100x8000000000000000774190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55357d061f20d24b2021-12-20 15:59:50.174root 11241100x8000000000000000774191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4bc7bc408d24032021-12-20 15:59:50.174root 11241100x8000000000000000774192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a7e286cc7f4b462021-12-20 15:59:50.174root 11241100x8000000000000000774193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c1abe5d6698eb52021-12-20 15:59:50.174root 11241100x8000000000000000774194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd93012340e0e7b2021-12-20 15:59:50.174root 11241100x8000000000000000774195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad98466adae1d0d32021-12-20 15:59:50.174root 11241100x8000000000000000774196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e7ba5174772b142021-12-20 15:59:50.174root 11241100x8000000000000000774197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2429a6d4404e10c2021-12-20 15:59:50.174root 11241100x8000000000000000774198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285309b8bfb951922021-12-20 15:59:50.174root 11241100x8000000000000000774199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862a2724746376ab2021-12-20 15:59:50.174root 11241100x8000000000000000774200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dc8bbd9b3c03a32021-12-20 15:59:50.174root 11241100x8000000000000000774201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaa16230964ea752021-12-20 15:59:50.174root 11241100x8000000000000000774202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ea49976cf4f8b92021-12-20 15:59:50.175root 11241100x8000000000000000774203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8cacfbbfe8a4ab2021-12-20 15:59:50.175root 11241100x8000000000000000774204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57b014b97373a8a2021-12-20 15:59:50.175root 11241100x8000000000000000774205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406319a8bdb632aa2021-12-20 15:59:50.175root 11241100x8000000000000000774206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7fc7c3474cc5422021-12-20 15:59:50.175root 11241100x8000000000000000774207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd26cdc6a17c95d32021-12-20 15:59:50.175root 11241100x8000000000000000774208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b62229b73e28f2c2021-12-20 15:59:50.175root 11241100x8000000000000000774209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ddaba94edfa0f02021-12-20 15:59:50.175root 11241100x8000000000000000774210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec432e14b99992e2021-12-20 15:59:50.175root 11241100x8000000000000000774211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3678a8b6d56133f2021-12-20 15:59:50.175root 11241100x8000000000000000774212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b26903e9b5633702021-12-20 15:59:50.175root 11241100x8000000000000000774213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d14cce90c9926602021-12-20 15:59:50.175root 11241100x8000000000000000774214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51902672e9fcfea72021-12-20 15:59:50.175root 11241100x8000000000000000774215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6be0fb16061a67c2021-12-20 15:59:50.175root 11241100x8000000000000000774216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e44a30a4fcafd992021-12-20 15:59:50.175root 11241100x8000000000000000774217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d963733a5a5f74852021-12-20 15:59:50.175root 11241100x8000000000000000774218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190347c5c2f39e342021-12-20 15:59:50.176root 11241100x8000000000000000774219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6e76df490159a32021-12-20 15:59:50.176root 11241100x8000000000000000774220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a0ef2b6b60b8832021-12-20 15:59:50.176root 11241100x8000000000000000774221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3333d23f0aa208d2021-12-20 15:59:50.176root 11241100x8000000000000000774222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f5cfce07ad751e2021-12-20 15:59:50.176root 11241100x8000000000000000774223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc5eadfbc0502f12021-12-20 15:59:50.176root 11241100x8000000000000000774224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cac7e03c1d9bb42021-12-20 15:59:50.176root 11241100x8000000000000000774225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b0df7af86466cf2021-12-20 15:59:50.176root 11241100x8000000000000000774226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7403e0406373768a2021-12-20 15:59:50.176root 11241100x8000000000000000774227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca45ac4ca50ed34c2021-12-20 15:59:50.176root 11241100x8000000000000000774228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1fad5953cd6bd72021-12-20 15:59:50.177root 11241100x8000000000000000774229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbe8f2c19705aab2021-12-20 15:59:50.177root 11241100x8000000000000000774230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df161ca3ed110062021-12-20 15:59:50.177root 11241100x8000000000000000774231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9ad0227eec09302021-12-20 15:59:50.177root 11241100x8000000000000000774232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78798fd4ad6059c22021-12-20 15:59:50.178root 11241100x8000000000000000774233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e423a4b42e8e2192021-12-20 15:59:50.178root 11241100x8000000000000000774234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9644082055e5e8ea2021-12-20 15:59:50.178root 11241100x8000000000000000774235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68d457cad850dfa2021-12-20 15:59:50.178root 11241100x8000000000000000774236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ebc8c3e66854b02021-12-20 15:59:50.178root 11241100x8000000000000000774237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d11fdd799e297b2021-12-20 15:59:50.178root 11241100x8000000000000000774238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d98ba11695079f2021-12-20 15:59:50.178root 11241100x8000000000000000774239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fee20d0bd7c0d22021-12-20 15:59:50.178root 11241100x8000000000000000774240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1f9a060b8beac32021-12-20 15:59:50.179root 11241100x8000000000000000774241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262601e612ed08e72021-12-20 15:59:50.179root 11241100x8000000000000000774242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61146edc31a5e2ce2021-12-20 15:59:50.179root 11241100x8000000000000000774243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d86c3e9ebbce0b42021-12-20 15:59:50.179root 11241100x8000000000000000774244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e481abc2b7832a32021-12-20 15:59:50.179root 11241100x8000000000000000774245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54d732fd32e9cdd2021-12-20 15:59:50.179root 11241100x8000000000000000774246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c807ca79448630182021-12-20 15:59:50.179root 11241100x8000000000000000774247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cf27456c12a6742021-12-20 15:59:50.179root 11241100x8000000000000000774248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4ddb0c225d85862021-12-20 15:59:50.179root 11241100x8000000000000000774249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92920b08c20b6d8a2021-12-20 15:59:50.179root 11241100x8000000000000000774250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec5e7af327eaad62021-12-20 15:59:50.179root 11241100x8000000000000000774251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85680ee51c9dd3b52021-12-20 15:59:50.180root 11241100x8000000000000000774252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db9d13bde025a1c2021-12-20 15:59:50.180root 11241100x8000000000000000774253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f9d926316bc2192021-12-20 15:59:50.181root 11241100x8000000000000000774254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1605aa1d30992762021-12-20 15:59:50.181root 11241100x8000000000000000774255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddb3b5091b365ce2021-12-20 15:59:50.181root 11241100x8000000000000000774256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fd14ce84095cda2021-12-20 15:59:50.181root 11241100x8000000000000000774257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec67d05be87d0b12021-12-20 15:59:50.181root 11241100x8000000000000000774258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fae067aa2203f72021-12-20 15:59:50.181root 11241100x8000000000000000774259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6bec13372c4c742021-12-20 15:59:50.182root 11241100x8000000000000000774260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616d1e537fe045e92021-12-20 15:59:50.182root 11241100x8000000000000000774261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d046ebb6db02e952021-12-20 15:59:50.182root 11241100x8000000000000000774262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdcdefc2cc87dae2021-12-20 15:59:50.182root 11241100x8000000000000000774263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2909e182a87e972021-12-20 15:59:50.182root 11241100x8000000000000000774264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d7bde42347de662021-12-20 15:59:50.182root 11241100x8000000000000000774265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176c9ba3779d8ffd2021-12-20 15:59:50.182root 11241100x8000000000000000774266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731480652ab148e12021-12-20 15:59:50.182root 11241100x8000000000000000774267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719906a8d7c0a2c22021-12-20 15:59:50.182root 11241100x8000000000000000774268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db64a2f3c6056d542021-12-20 15:59:50.183root 11241100x8000000000000000774269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cf3fb39006927d2021-12-20 15:59:50.183root 11241100x8000000000000000774270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e565c1ac6e388672021-12-20 15:59:50.183root 11241100x8000000000000000774271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2394026a4fb6a84b2021-12-20 15:59:50.183root 11241100x8000000000000000774272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ac8ee10efea6022021-12-20 15:59:50.183root 11241100x8000000000000000774273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de3777564245ce32021-12-20 15:59:50.183root 11241100x8000000000000000774274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26304a55e57b0ae52021-12-20 15:59:50.183root 11241100x8000000000000000774275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f0e204fbc0fee32021-12-20 15:59:50.183root 11241100x8000000000000000774276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffbab54843376db2021-12-20 15:59:50.183root 11241100x8000000000000000774277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d824efec8b06092021-12-20 15:59:50.183root 11241100x8000000000000000774278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264200e193568c762021-12-20 15:59:50.183root 354300x8000000000000000774279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.207{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51486-false10.0.1.12-8000- 11241100x8000000000000000774280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294ba4710fb3ea362021-12-20 15:59:50.674root 11241100x8000000000000000774281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5169d9e98cf93352021-12-20 15:59:50.674root 11241100x8000000000000000774282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a65bf987f596fd82021-12-20 15:59:50.674root 11241100x8000000000000000774283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9280cdbb8640aee82021-12-20 15:59:50.674root 11241100x8000000000000000774284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6fd9ae477b9bbc2021-12-20 15:59:50.674root 11241100x8000000000000000774285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e2f1170fe7c1892021-12-20 15:59:50.674root 11241100x8000000000000000774286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3e22e6dd225ce82021-12-20 15:59:50.674root 11241100x8000000000000000774287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29e8fb436f412d12021-12-20 15:59:50.674root 11241100x8000000000000000774288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85c121a503f8e712021-12-20 15:59:50.674root 11241100x8000000000000000774289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd016ef32e6f19a2021-12-20 15:59:50.675root 11241100x8000000000000000774290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088582ce89fb13462021-12-20 15:59:50.675root 11241100x8000000000000000774291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f180293765ad20442021-12-20 15:59:50.675root 11241100x8000000000000000774292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4318a8fc1b3481282021-12-20 15:59:50.675root 11241100x8000000000000000774293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c034ce63d0499f2021-12-20 15:59:50.675root 11241100x8000000000000000774294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45c02bea0b138292021-12-20 15:59:50.675root 11241100x8000000000000000774295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e2c632bd74cb972021-12-20 15:59:50.675root 11241100x8000000000000000774296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e5534c6ed142fd2021-12-20 15:59:50.675root 11241100x8000000000000000774297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c6ec39eb4ff65f2021-12-20 15:59:50.675root 11241100x8000000000000000774298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fa6e18e4c0516a2021-12-20 15:59:50.675root 11241100x8000000000000000774299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4773e8ee21b0bf2021-12-20 15:59:50.675root 11241100x8000000000000000774300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c8d190be06b3df2021-12-20 15:59:50.675root 11241100x8000000000000000774301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bec3a03c796b7232021-12-20 15:59:50.676root 11241100x8000000000000000774302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1000899912ce677c2021-12-20 15:59:50.676root 11241100x8000000000000000774303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855635c137bcad082021-12-20 15:59:50.676root 11241100x8000000000000000774304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e267a23262a4df2021-12-20 15:59:50.676root 11241100x8000000000000000774305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e998145d71b63e7f2021-12-20 15:59:50.676root 11241100x8000000000000000774306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c5738cbdcbcf982021-12-20 15:59:50.676root 11241100x8000000000000000774307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e457f6f2f8403012021-12-20 15:59:50.676root 11241100x8000000000000000774308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a2c51057032dbf2021-12-20 15:59:50.677root 11241100x8000000000000000774309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a76120ccb258ef72021-12-20 15:59:50.677root 11241100x8000000000000000774310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874108f86c627bd52021-12-20 15:59:50.677root 11241100x8000000000000000774311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7481e5467b10237e2021-12-20 15:59:50.677root 11241100x8000000000000000774312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0853caa664a3f88f2021-12-20 15:59:50.677root 11241100x8000000000000000774313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15478d5080990fbe2021-12-20 15:59:50.677root 11241100x8000000000000000774314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f76628c89a6ea412021-12-20 15:59:50.677root 11241100x8000000000000000774315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d823d08485d84c912021-12-20 15:59:50.677root 11241100x8000000000000000774316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf22606cab67bea2021-12-20 15:59:50.677root 11241100x8000000000000000774317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01512ee3fe3634a02021-12-20 15:59:50.678root 11241100x8000000000000000774318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed94deafdfb2472021-12-20 15:59:50.678root 11241100x8000000000000000774319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d3f45822f571562021-12-20 15:59:50.678root 11241100x8000000000000000774320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cf7f27cbaf5e3a2021-12-20 15:59:50.678root 11241100x8000000000000000774321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06844bd8b4434bf2021-12-20 15:59:50.678root 11241100x8000000000000000774322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a6871f462aac102021-12-20 15:59:50.678root 11241100x8000000000000000774323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02de5b5fe68d3662021-12-20 15:59:50.679root 11241100x8000000000000000774324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744fbeecdd1a4b942021-12-20 15:59:50.679root 11241100x8000000000000000774325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd62504d0147f9c32021-12-20 15:59:50.679root 11241100x8000000000000000774326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da4da42957b2a622021-12-20 15:59:50.679root 11241100x8000000000000000774327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffaa436beebeaeb2021-12-20 15:59:50.679root 11241100x8000000000000000774328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c9ca146c2368f72021-12-20 15:59:50.679root 11241100x8000000000000000774329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c50c0fe0389d6182021-12-20 15:59:50.679root 11241100x8000000000000000774330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f966a3af6ab7a7092021-12-20 15:59:50.680root 11241100x8000000000000000774331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4baaf3a2a8e94f092021-12-20 15:59:50.680root 11241100x8000000000000000774332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f685a272357bd332021-12-20 15:59:50.680root 11241100x8000000000000000774333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf5979511c7f5a52021-12-20 15:59:50.681root 11241100x8000000000000000774334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e481e62d76070742021-12-20 15:59:50.681root 11241100x8000000000000000774335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d83eb2ed89d50e2021-12-20 15:59:50.681root 11241100x8000000000000000774336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0351edc3e085083e2021-12-20 15:59:50.681root 11241100x8000000000000000774337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32566f53144139062021-12-20 15:59:50.681root 11241100x8000000000000000774338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc66401d62b812c42021-12-20 15:59:50.682root 11241100x8000000000000000774339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d72865653f8b8c52021-12-20 15:59:50.682root 11241100x8000000000000000774340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b024ad7f0e7223b12021-12-20 15:59:50.682root 11241100x8000000000000000774341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a4e3f3299440892021-12-20 15:59:50.682root 11241100x8000000000000000774342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419fcfdb7c9cde6c2021-12-20 15:59:50.682root 11241100x8000000000000000774343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b766dc12353b322021-12-20 15:59:50.682root 11241100x8000000000000000774344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1f9a0b891d16782021-12-20 15:59:50.682root 11241100x8000000000000000774345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daf85ed163a59782021-12-20 15:59:50.683root 11241100x8000000000000000774346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c677783d666e0f8b2021-12-20 15:59:50.683root 11241100x8000000000000000774347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4d8c1203439f292021-12-20 15:59:50.683root 11241100x8000000000000000774348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce8f686163479ad2021-12-20 15:59:50.683root 11241100x8000000000000000774349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7725a8c0e30a644f2021-12-20 15:59:50.683root 11241100x8000000000000000774350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eceac3bf307a1ce2021-12-20 15:59:50.683root 11241100x8000000000000000774351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:50.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243ec1223b5a294e2021-12-20 15:59:50.683root 11241100x8000000000000000774352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d60288e63578412021-12-20 15:59:51.174root 11241100x8000000000000000774353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d88985d79f9374d2021-12-20 15:59:51.174root 11241100x8000000000000000774354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb18dcb2e0aeb6242021-12-20 15:59:51.174root 11241100x8000000000000000774355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a385db058a36ad22021-12-20 15:59:51.174root 11241100x8000000000000000774356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaafca124739ba232021-12-20 15:59:51.174root 11241100x8000000000000000774357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7e6c8d6dae26052021-12-20 15:59:51.174root 11241100x8000000000000000774358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aac3489f1c819742021-12-20 15:59:51.174root 11241100x8000000000000000774359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb5e34c8ee255812021-12-20 15:59:51.175root 11241100x8000000000000000774360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8317d6b55cbb832021-12-20 15:59:51.175root 11241100x8000000000000000774361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1122559807e529d62021-12-20 15:59:51.175root 11241100x8000000000000000774362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70b4fc461ccae922021-12-20 15:59:51.175root 11241100x8000000000000000774363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0131a0098e0f25902021-12-20 15:59:51.175root 11241100x8000000000000000774364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12005d76749475c2021-12-20 15:59:51.175root 11241100x8000000000000000774365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18e8d0ae7b0ed232021-12-20 15:59:51.175root 11241100x8000000000000000774366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebe3d939256024a2021-12-20 15:59:51.175root 11241100x8000000000000000774367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ceca0606e99ed542021-12-20 15:59:51.175root 11241100x8000000000000000774368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4025c65c2593db52021-12-20 15:59:51.175root 11241100x8000000000000000774369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5c1c64fdda9c852021-12-20 15:59:51.176root 11241100x8000000000000000774370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75160ba4447c56a2021-12-20 15:59:51.176root 11241100x8000000000000000774371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e045ed88417bbb2d2021-12-20 15:59:51.176root 11241100x8000000000000000774372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b1f0afdde645322021-12-20 15:59:51.176root 11241100x8000000000000000774373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47fd4d688a709602021-12-20 15:59:51.176root 11241100x8000000000000000774374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb22c95ee471e60d2021-12-20 15:59:51.176root 11241100x8000000000000000774375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b31bb84ea502c32021-12-20 15:59:51.176root 11241100x8000000000000000774376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fac2f327a1991b2021-12-20 15:59:51.176root 11241100x8000000000000000774377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db410c536b2377b92021-12-20 15:59:51.177root 11241100x8000000000000000774378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea73a70e69c4e42b2021-12-20 15:59:51.177root 11241100x8000000000000000774379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eabd7156be1b3f2021-12-20 15:59:51.177root 11241100x8000000000000000774380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c575647e53a29562021-12-20 15:59:51.177root 11241100x8000000000000000774381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc815b835707dea2021-12-20 15:59:51.177root 11241100x8000000000000000774382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db89a7f4fdc86a5f2021-12-20 15:59:51.177root 11241100x8000000000000000774383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34eb47324fca79d2021-12-20 15:59:51.177root 11241100x8000000000000000774384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9033a4085e96062021-12-20 15:59:51.177root 11241100x8000000000000000774385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f73dce53a8c6cfa2021-12-20 15:59:51.177root 11241100x8000000000000000774386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b5d1f8a95fdf882021-12-20 15:59:51.177root 11241100x8000000000000000774387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bd4946ad9893ac2021-12-20 15:59:51.177root 11241100x8000000000000000774388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471c1b2301051fe32021-12-20 15:59:51.178root 11241100x8000000000000000774389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c731c0b15748d8e92021-12-20 15:59:51.178root 11241100x8000000000000000774390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dbaa5fc23a43b82021-12-20 15:59:51.178root 11241100x8000000000000000774391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d56f3d874d662f12021-12-20 15:59:51.178root 11241100x8000000000000000774392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18025e1ba0013c5b2021-12-20 15:59:51.178root 11241100x8000000000000000774393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1604bed028aadda22021-12-20 15:59:51.178root 11241100x8000000000000000774394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0754177cee53d0322021-12-20 15:59:51.178root 11241100x8000000000000000774395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb788c6c2edf16c72021-12-20 15:59:51.178root 11241100x8000000000000000774396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0e1a8ca9dbe6152021-12-20 15:59:51.178root 11241100x8000000000000000774397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3238f48419ab25ef2021-12-20 15:59:51.178root 11241100x8000000000000000774398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae9e6f57af3d5e02021-12-20 15:59:51.178root 11241100x8000000000000000774399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad8a8ee8a5d9b942021-12-20 15:59:51.179root 11241100x8000000000000000774400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350cc2ba0780ae222021-12-20 15:59:51.179root 11241100x8000000000000000774401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde0621fec4bcde22021-12-20 15:59:51.179root 11241100x8000000000000000774402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639bd1ca6daa6ad92021-12-20 15:59:51.179root 11241100x8000000000000000774403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30383fff82dfa9932021-12-20 15:59:51.179root 11241100x8000000000000000774404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73846cf8c8c9c0d02021-12-20 15:59:51.179root 11241100x8000000000000000774405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167775ef1a6594e62021-12-20 15:59:51.179root 11241100x8000000000000000774406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14504648144700b42021-12-20 15:59:51.180root 11241100x8000000000000000774407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a1f9c10a93cc132021-12-20 15:59:51.180root 11241100x8000000000000000774408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8972874d871a3d522021-12-20 15:59:51.180root 11241100x8000000000000000774409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381bf7cfb5f811ec2021-12-20 15:59:51.180root 11241100x8000000000000000774410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a824c246c69f250c2021-12-20 15:59:51.180root 11241100x8000000000000000774411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b397e0c86100c3332021-12-20 15:59:51.181root 11241100x8000000000000000774412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4714f04c4a6e46a32021-12-20 15:59:51.181root 11241100x8000000000000000774413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab32b513bdad6e12021-12-20 15:59:51.181root 11241100x8000000000000000774414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4a7085747d31732021-12-20 15:59:51.181root 11241100x8000000000000000774415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9849ce91d469ce2021-12-20 15:59:51.181root 11241100x8000000000000000774416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9227abc943dcb7732021-12-20 15:59:51.181root 11241100x8000000000000000774417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea910b60d89f6aee2021-12-20 15:59:51.182root 11241100x8000000000000000774418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69624f1557397c9b2021-12-20 15:59:51.182root 11241100x8000000000000000774419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f81305781430c72021-12-20 15:59:51.182root 11241100x8000000000000000774420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088e09fa604fc45a2021-12-20 15:59:51.182root 11241100x8000000000000000774421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc50a0be760930312021-12-20 15:59:51.674root 11241100x8000000000000000774422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3e6c09957da8ef2021-12-20 15:59:51.674root 11241100x8000000000000000774423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cdd0747f204eb32021-12-20 15:59:51.674root 11241100x8000000000000000774424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b041b5ed39c2f602021-12-20 15:59:51.674root 11241100x8000000000000000774425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427de7eee1fde7512021-12-20 15:59:51.674root 11241100x8000000000000000774426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ce932b869c98042021-12-20 15:59:51.674root 11241100x8000000000000000774427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff47a3d55808eb62021-12-20 15:59:51.674root 11241100x8000000000000000774428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fd974e7918c3ac2021-12-20 15:59:51.675root 11241100x8000000000000000774429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b079cce625c40642021-12-20 15:59:51.675root 11241100x8000000000000000774430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc47522b066dd2082021-12-20 15:59:51.675root 11241100x8000000000000000774431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b00d33a76a664232021-12-20 15:59:51.675root 11241100x8000000000000000774432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb5bc22d67c6f672021-12-20 15:59:51.675root 11241100x8000000000000000774433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435164c45f380e172021-12-20 15:59:51.675root 11241100x8000000000000000774434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd84df50c6335322021-12-20 15:59:51.675root 11241100x8000000000000000774435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae0caac11214e662021-12-20 15:59:51.675root 11241100x8000000000000000774436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdba6cff9065edf2021-12-20 15:59:51.675root 11241100x8000000000000000774437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565e6e61e32cad0c2021-12-20 15:59:51.675root 11241100x8000000000000000774438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6da7c19f98ed2a2021-12-20 15:59:51.675root 11241100x8000000000000000774439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72018f4cebe9b5a2021-12-20 15:59:51.676root 11241100x8000000000000000774440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5c012d8b8d15742021-12-20 15:59:51.676root 11241100x8000000000000000774441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0f28c807ebd40b2021-12-20 15:59:51.676root 11241100x8000000000000000774442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2ad8b487bc169e2021-12-20 15:59:51.676root 11241100x8000000000000000774443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c625d6f79bbe9d52021-12-20 15:59:51.676root 11241100x8000000000000000774444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03044ca5de274202021-12-20 15:59:51.676root 11241100x8000000000000000774445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f428d7134daf5eb2021-12-20 15:59:51.676root 11241100x8000000000000000774446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd94a5a425ad22832021-12-20 15:59:51.676root 11241100x8000000000000000774447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d50b2c1fc075f42021-12-20 15:59:51.677root 11241100x8000000000000000774448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8ad539f93c99e02021-12-20 15:59:51.677root 11241100x8000000000000000774449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8144c02ce0d443452021-12-20 15:59:51.677root 11241100x8000000000000000774450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d7ced6e90dfd6a2021-12-20 15:59:51.677root 11241100x8000000000000000774451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654871ee8b32c8312021-12-20 15:59:51.677root 11241100x8000000000000000774452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4beb72839280224e2021-12-20 15:59:51.678root 11241100x8000000000000000774453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4482b2753ea3f8432021-12-20 15:59:51.678root 11241100x8000000000000000774454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2658b59f27f0ca732021-12-20 15:59:51.678root 11241100x8000000000000000774455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739b39d938c0800d2021-12-20 15:59:51.678root 11241100x8000000000000000774456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa62ab75ad591cf82021-12-20 15:59:51.678root 11241100x8000000000000000774457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea74ec7abcb6d63f2021-12-20 15:59:51.678root 11241100x8000000000000000774458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c69830d39e269c2021-12-20 15:59:51.678root 11241100x8000000000000000774459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a61d5967cc607b92021-12-20 15:59:51.678root 11241100x8000000000000000774460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3857da7a3ef775a2021-12-20 15:59:51.678root 11241100x8000000000000000774461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccd032b005f8e1f2021-12-20 15:59:51.679root 11241100x8000000000000000774462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeb73358ac670c72021-12-20 15:59:51.679root 11241100x8000000000000000774463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e003daf32f44872021-12-20 15:59:51.679root 11241100x8000000000000000774464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223e8c10a76d8d4d2021-12-20 15:59:51.679root 11241100x8000000000000000774465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaff9de4564e82d42021-12-20 15:59:51.679root 11241100x8000000000000000774466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ef7e1e31fca5e42021-12-20 15:59:51.679root 11241100x8000000000000000774467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154845137bd3d06b2021-12-20 15:59:51.679root 11241100x8000000000000000774468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cb81c5bcdab77b2021-12-20 15:59:51.680root 11241100x8000000000000000774469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8b4501149c53282021-12-20 15:59:51.680root 11241100x8000000000000000774470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed821b37e1caf8b02021-12-20 15:59:51.680root 11241100x8000000000000000774471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01c9e2fa25a6a7a2021-12-20 15:59:51.680root 11241100x8000000000000000774472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6d530302ed19752021-12-20 15:59:51.681root 11241100x8000000000000000774473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cedeec1e7ed9f752021-12-20 15:59:51.681root 11241100x8000000000000000774474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03ea3d00182e52f2021-12-20 15:59:51.681root 11241100x8000000000000000774475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2736591e969f4e512021-12-20 15:59:51.681root 11241100x8000000000000000774476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8adbf7890e98d002021-12-20 15:59:51.681root 11241100x8000000000000000774477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccf9f5f9c0012352021-12-20 15:59:51.682root 11241100x8000000000000000774478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2879cfce20b2118a2021-12-20 15:59:51.682root 11241100x8000000000000000774479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81fe899ee3e10472021-12-20 15:59:51.682root 11241100x8000000000000000774480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3215bb0b8bb3ce2021-12-20 15:59:51.682root 11241100x8000000000000000774481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d92a73a1ea55b2e2021-12-20 15:59:51.682root 11241100x8000000000000000774482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d218ad32e703102021-12-20 15:59:51.682root 11241100x8000000000000000774483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16416517709354292021-12-20 15:59:51.682root 11241100x8000000000000000774484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb7f080b2509fe32021-12-20 15:59:51.682root 11241100x8000000000000000774485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6753d0455f2b462021-12-20 15:59:51.683root 11241100x8000000000000000774486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd3b6c4b0449902021-12-20 15:59:51.683root 11241100x8000000000000000774487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c755591f9f5c4c662021-12-20 15:59:51.683root 11241100x8000000000000000774488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aabacb077f144432021-12-20 15:59:51.683root 11241100x8000000000000000774489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8557376c82e99f2021-12-20 15:59:51.683root 11241100x8000000000000000774490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fa04208dff36922021-12-20 15:59:51.683root 11241100x8000000000000000774491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a869564e77418a52021-12-20 15:59:51.683root 11241100x8000000000000000774492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719ee9bfbcb869ee2021-12-20 15:59:51.683root 11241100x8000000000000000774493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972d564c7362dca42021-12-20 15:59:51.683root 11241100x8000000000000000774494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6f0f58039a48322021-12-20 15:59:51.684root 11241100x8000000000000000774495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ab3f171a937dae2021-12-20 15:59:51.684root 11241100x8000000000000000774496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9880b20f64540f262021-12-20 15:59:51.684root 11241100x8000000000000000774497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49216725d58ec462021-12-20 15:59:51.684root 11241100x8000000000000000774498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8187ee498860f2a2021-12-20 15:59:51.684root 11241100x8000000000000000774499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e1506b5ca68f4f2021-12-20 15:59:51.684root 11241100x8000000000000000774500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96fa8a2f787e5392021-12-20 15:59:51.684root 11241100x8000000000000000774501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44679beffea88a1d2021-12-20 15:59:51.684root 11241100x8000000000000000774502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cca31812ffca3fb2021-12-20 15:59:51.685root 11241100x8000000000000000774503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd43291c74ac65c2021-12-20 15:59:51.685root 11241100x8000000000000000774504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0e62c1b015aa3c2021-12-20 15:59:51.685root 11241100x8000000000000000774505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33caf7b3bd47cec52021-12-20 15:59:51.685root 11241100x8000000000000000774506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ce79f46384c5d72021-12-20 15:59:51.685root 11241100x8000000000000000774507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22455122fc083f9a2021-12-20 15:59:51.685root 11241100x8000000000000000774508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e371727e4e1839452021-12-20 15:59:51.685root 11241100x8000000000000000774509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:51.686{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce071a5f519fe6f72021-12-20 15:59:51.686root 11241100x8000000000000000774510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb51ffab6b675f02021-12-20 15:59:52.174root 11241100x8000000000000000774511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77042cb8177229a72021-12-20 15:59:52.174root 11241100x8000000000000000774512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0951bbd87132da8c2021-12-20 15:59:52.174root 11241100x8000000000000000774513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2208c33d7462f3d2021-12-20 15:59:52.174root 11241100x8000000000000000774514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d42c4416c291432021-12-20 15:59:52.174root 11241100x8000000000000000774515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a2596c8cbdbef32021-12-20 15:59:52.174root 11241100x8000000000000000774516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8935e3bb9d53c022021-12-20 15:59:52.174root 11241100x8000000000000000774517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2197948b9592432021-12-20 15:59:52.175root 11241100x8000000000000000774518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb973f0dc1d60b3e2021-12-20 15:59:52.175root 11241100x8000000000000000774519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f6f18c0b8f8eec2021-12-20 15:59:52.175root 11241100x8000000000000000774520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4eb9d7a28c6c002021-12-20 15:59:52.175root 11241100x8000000000000000774521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4af6c3e7ab67ed72021-12-20 15:59:52.175root 11241100x8000000000000000774522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac9ab18718c9b052021-12-20 15:59:52.175root 11241100x8000000000000000774523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c713e661e313fdd2021-12-20 15:59:52.176root 11241100x8000000000000000774524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e68ff9ef66b1792021-12-20 15:59:52.176root 11241100x8000000000000000774525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7688658fb48796a2021-12-20 15:59:52.176root 11241100x8000000000000000774526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c24abb390e94712021-12-20 15:59:52.176root 11241100x8000000000000000774527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987fa9577e6023802021-12-20 15:59:52.177root 11241100x8000000000000000774528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd68d79b59206b8a2021-12-20 15:59:52.177root 11241100x8000000000000000774529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1d09f2c1df41a72021-12-20 15:59:52.177root 11241100x8000000000000000774530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f0fa4ea25131082021-12-20 15:59:52.177root 11241100x8000000000000000774531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b4b5177d7909b82021-12-20 15:59:52.177root 11241100x8000000000000000774532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797c84a1b2f233b82021-12-20 15:59:52.177root 11241100x8000000000000000774533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d95dec129e49dc02021-12-20 15:59:52.178root 11241100x8000000000000000774534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230c52cdebd79acf2021-12-20 15:59:52.178root 11241100x8000000000000000774535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20a28da0e686c0c2021-12-20 15:59:52.178root 11241100x8000000000000000774536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbcf14629d888052021-12-20 15:59:52.178root 11241100x8000000000000000774537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ab54bbb5f5b0252021-12-20 15:59:52.178root 11241100x8000000000000000774538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aeba4864a20a0dd2021-12-20 15:59:52.178root 11241100x8000000000000000774539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a7f4767ba88ab92021-12-20 15:59:52.178root 11241100x8000000000000000774540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d6f42b6d507a202021-12-20 15:59:52.178root 11241100x8000000000000000774541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4991763a6ed497372021-12-20 15:59:52.178root 11241100x8000000000000000774542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d531e6c5063d7b2021-12-20 15:59:52.179root 11241100x8000000000000000774543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5bcb4b04064ecd2021-12-20 15:59:52.179root 11241100x8000000000000000774544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d37c6b787e87952021-12-20 15:59:52.179root 11241100x8000000000000000774545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a51d4caaba419c62021-12-20 15:59:52.179root 11241100x8000000000000000774546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be997ce3dc28b7c2021-12-20 15:59:52.179root 11241100x8000000000000000774547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e409e023bc9c8b2021-12-20 15:59:52.179root 11241100x8000000000000000774548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8685cf8c99e1f9922021-12-20 15:59:52.179root 11241100x8000000000000000774549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bb4cb9ada08db32021-12-20 15:59:52.179root 11241100x8000000000000000774550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e272ef27a7daff962021-12-20 15:59:52.179root 11241100x8000000000000000774551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6467a9c67d46ee22021-12-20 15:59:52.180root 11241100x8000000000000000774552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7774bf37c313eab82021-12-20 15:59:52.180root 11241100x8000000000000000774553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c284e0d300bd7d82021-12-20 15:59:52.180root 11241100x8000000000000000774554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8df81d5ffb669a2021-12-20 15:59:52.180root 11241100x8000000000000000774555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6ec709871c4b082021-12-20 15:59:52.180root 11241100x8000000000000000774556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a222209d79c7e3e02021-12-20 15:59:52.180root 11241100x8000000000000000774557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d70083d9508409e2021-12-20 15:59:52.180root 11241100x8000000000000000774558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7278650b66246ac2021-12-20 15:59:52.180root 11241100x8000000000000000774559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ad9a16e2bd7cab2021-12-20 15:59:52.181root 11241100x8000000000000000774560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf604204ab9b3e72021-12-20 15:59:52.181root 11241100x8000000000000000774561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6507c677fee63bd62021-12-20 15:59:52.181root 11241100x8000000000000000774562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e5a4810753909f2021-12-20 15:59:52.181root 11241100x8000000000000000774563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df410f4759b01a52021-12-20 15:59:52.181root 11241100x8000000000000000774564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca3c13936aba3532021-12-20 15:59:52.181root 11241100x8000000000000000774565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82f758d119265902021-12-20 15:59:52.181root 11241100x8000000000000000774566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c76d74999b222382021-12-20 15:59:52.181root 11241100x8000000000000000774567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bf7852875d88db2021-12-20 15:59:52.181root 11241100x8000000000000000774568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fadc7aca606cc5d2021-12-20 15:59:52.675root 11241100x8000000000000000774569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c966dc2e8374e82021-12-20 15:59:52.675root 11241100x8000000000000000774570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b263bfeac491dd9a2021-12-20 15:59:52.675root 11241100x8000000000000000774571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7d5f87721dae3f2021-12-20 15:59:52.676root 11241100x8000000000000000774572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15015859f3439d982021-12-20 15:59:52.676root 11241100x8000000000000000774573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87df7eb574702922021-12-20 15:59:52.676root 11241100x8000000000000000774574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e009d5d3517a9ee92021-12-20 15:59:52.676root 11241100x8000000000000000774575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f11330406747392021-12-20 15:59:52.676root 11241100x8000000000000000774576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332e8f1ec7f943e82021-12-20 15:59:52.676root 11241100x8000000000000000774577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdee59475b194912021-12-20 15:59:52.677root 11241100x8000000000000000774578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e35d2b52edb10f2021-12-20 15:59:52.677root 11241100x8000000000000000774579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b287c807248e06ec2021-12-20 15:59:52.677root 11241100x8000000000000000774580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f759525dcd7dc7c2021-12-20 15:59:52.677root 11241100x8000000000000000774581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fe9c88983409392021-12-20 15:59:52.677root 11241100x8000000000000000774582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fc95309f708bbf2021-12-20 15:59:52.677root 11241100x8000000000000000774583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4b20f1f8c5deed2021-12-20 15:59:52.677root 11241100x8000000000000000774584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e93bf1f109b6ca2021-12-20 15:59:52.678root 11241100x8000000000000000774585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ce798f81b60c3a2021-12-20 15:59:52.678root 11241100x8000000000000000774586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f49a17ac244e6882021-12-20 15:59:52.678root 11241100x8000000000000000774587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74418633d18901952021-12-20 15:59:52.678root 11241100x8000000000000000774588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbc7f05ddf696b72021-12-20 15:59:52.678root 11241100x8000000000000000774589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c7558eb0cab3e52021-12-20 15:59:52.678root 11241100x8000000000000000774590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22d8384ed0378a22021-12-20 15:59:52.678root 11241100x8000000000000000774591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316ae7839d54b1ee2021-12-20 15:59:52.678root 11241100x8000000000000000774592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a191a541b82db962021-12-20 15:59:52.678root 11241100x8000000000000000774593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef7ad5da5a9bcc42021-12-20 15:59:52.679root 11241100x8000000000000000774594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cfc931a92ba4822021-12-20 15:59:52.679root 11241100x8000000000000000774595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e813e7dc312b0bfe2021-12-20 15:59:52.679root 11241100x8000000000000000774596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4321d92bc3c37ba62021-12-20 15:59:52.679root 11241100x8000000000000000774597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f953da18dfd1f32021-12-20 15:59:52.679root 11241100x8000000000000000774598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6402f08173fc0772021-12-20 15:59:52.679root 11241100x8000000000000000774599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcffbdf379b4a1262021-12-20 15:59:52.680root 11241100x8000000000000000774600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89892ffce277d8b62021-12-20 15:59:52.680root 11241100x8000000000000000774601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0e7bee1f6304b12021-12-20 15:59:52.680root 11241100x8000000000000000774602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35da1547dbd3351e2021-12-20 15:59:52.680root 11241100x8000000000000000774603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f56fb60edf175df2021-12-20 15:59:52.681root 11241100x8000000000000000774604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004426bcead41b6e2021-12-20 15:59:52.681root 11241100x8000000000000000774605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e270f463aae63d2021-12-20 15:59:52.681root 11241100x8000000000000000774606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 15:59:52.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bf3c6fd26da9722021-12-20 15:59:52.681root 354300x8000000000000000774667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:07.187{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51492-false10.0.1.12-8000- 11241100x8000000000000000774668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:07.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fcf26245f2f4df2021-12-20 16:00:07.674root 11241100x8000000000000000774669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:08.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5873e32e09b4fcf2021-12-20 16:00:08.174root 11241100x8000000000000000774670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:08.673{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc66f70b3a9606b2021-12-20 16:00:08.673root 23542300x8000000000000000774671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:09.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000774672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2fa7180b1ffb112021-12-20 16:00:09.070root 11241100x8000000000000000774673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6901d8e99ab4578d2021-12-20 16:00:09.070root 11241100x8000000000000000774674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6b902265fa3d3b2021-12-20 16:00:09.424root 11241100x8000000000000000774675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f291575625d93a02021-12-20 16:00:09.424root 11241100x8000000000000000774676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147cfcb53dee72942021-12-20 16:00:09.924root 11241100x8000000000000000774677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7a39d19da7281c2021-12-20 16:00:09.924root 11241100x8000000000000000774678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f9b74912bd8e722021-12-20 16:00:10.424root 11241100x8000000000000000774679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c567eb708acc60f2021-12-20 16:00:10.424root 11241100x8000000000000000774680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f0132134bf88ca2021-12-20 16:00:10.924root 11241100x8000000000000000774681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfaf7b9484b24572021-12-20 16:00:10.924root 11241100x8000000000000000774682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622bd5a68bb5c9d72021-12-20 16:00:11.424root 11241100x8000000000000000774683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70d24b21287938e2021-12-20 16:00:11.424root 11241100x8000000000000000774684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf2136cfc09663b2021-12-20 16:00:11.924root 11241100x8000000000000000774685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b43427ed22dd5eb2021-12-20 16:00:11.924root 11241100x8000000000000000774686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50d2ff185ba40282021-12-20 16:00:12.424root 11241100x8000000000000000774687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496aa13792ac7ed12021-12-20 16:00:12.424root 11241100x8000000000000000774688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05df37a774f7e81f2021-12-20 16:00:12.924root 11241100x8000000000000000774689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b436454f9e202bc2021-12-20 16:00:12.924root 354300x8000000000000000774690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:13.177{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51494-false10.0.1.12-8000- 11241100x8000000000000000774691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:13.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a936844f3f3483592021-12-20 16:00:13.178root 11241100x8000000000000000774692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:13.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4306c1814b2d07d92021-12-20 16:00:13.178root 11241100x8000000000000000774693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:13.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4743459bcb9857cf2021-12-20 16:00:13.178root 11241100x8000000000000000774694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ccb867e2fb4ca52021-12-20 16:00:13.674root 11241100x8000000000000000774695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289ffc9e9cee6cc12021-12-20 16:00:13.674root 11241100x8000000000000000774696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:13.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e840bd65e236dc32021-12-20 16:00:13.674root 11241100x8000000000000000774697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:14.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f24c16356ba65b2021-12-20 16:00:14.174root 11241100x8000000000000000774698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:14.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3f71cf6bfa30ed2021-12-20 16:00:14.174root 11241100x8000000000000000774699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:14.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58ed363a5f1f1f72021-12-20 16:00:14.174root 11241100x8000000000000000774700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3869317755ffd6ce2021-12-20 16:00:14.674root 11241100x8000000000000000774701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3abc52a181527f2021-12-20 16:00:14.674root 11241100x8000000000000000774702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c164ed1606106c52021-12-20 16:00:14.674root 11241100x8000000000000000774703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9fcf6ddeea5c592021-12-20 16:00:15.174root 11241100x8000000000000000774704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70afba20d963a0cd2021-12-20 16:00:15.174root 11241100x8000000000000000774705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9658b43eee07d8062021-12-20 16:00:15.174root 11241100x8000000000000000774706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:15.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11349acf59ebbcf62021-12-20 16:00:15.674root 11241100x8000000000000000774707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:15.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45181931a2386372021-12-20 16:00:15.674root 11241100x8000000000000000774708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:15.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa5e1a0f53b4efa2021-12-20 16:00:15.674root 11241100x8000000000000000774709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6833f6bef697242021-12-20 16:00:16.174root 11241100x8000000000000000774710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7501543bec80c41d2021-12-20 16:00:16.174root 11241100x8000000000000000774711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:16.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7662470991e30892021-12-20 16:00:16.174root 11241100x8000000000000000774712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ba8d2e0080d63a2021-12-20 16:00:16.674root 11241100x8000000000000000774713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f04f8b35e3e407c2021-12-20 16:00:16.674root 11241100x8000000000000000774714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383a617734bd53042021-12-20 16:00:16.674root 11241100x8000000000000000774715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:17.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb9cf0835f7d5a2021-12-20 16:00:17.174root 11241100x8000000000000000774716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:17.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f6bafd589a1bc12021-12-20 16:00:17.174root 11241100x8000000000000000774717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:17.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0e4a2ac35a1e7d2021-12-20 16:00:17.174root 11241100x8000000000000000774718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b158afe1db05702021-12-20 16:00:17.674root 11241100x8000000000000000774719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a75f4abae732c3c2021-12-20 16:00:17.674root 11241100x8000000000000000774720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ba832d6491e6502021-12-20 16:00:17.674root 11241100x8000000000000000774721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b420a03317ca57702021-12-20 16:00:18.174root 11241100x8000000000000000774722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721dbc6eca833092021-12-20 16:00:18.174root 11241100x8000000000000000774723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2699989c5b34e02021-12-20 16:00:18.174root 154100x8000000000000000774724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:18.334{ec2c97d1-a892-61c0-6854-bd64d8550000}10229/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 534500x8000000000000000774725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:18.347{ec2c97d1-a892-61c0-6854-bd64d8550000}10229/bin/psroot 11241100x8000000000000000774726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1791c417e7c94ca62021-12-20 16:00:18.674root 11241100x8000000000000000774727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15bbaee2a7d80a32021-12-20 16:00:18.674root 11241100x8000000000000000774728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2e20de1efeabdc2021-12-20 16:00:18.674root 11241100x8000000000000000774729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605ff946b3b7b19c2021-12-20 16:00:18.674root 11241100x8000000000000000774730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9f80874e2e9d012021-12-20 16:00:18.674root 354300x8000000000000000774731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.174{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51496-false10.0.1.12-8000- 11241100x8000000000000000774732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abd9d7561b16a9b2021-12-20 16:00:19.174root 11241100x8000000000000000774733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ed0d4910c4a2ab2021-12-20 16:00:19.174root 11241100x8000000000000000774734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0f24c349e234352021-12-20 16:00:19.174root 11241100x8000000000000000774735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46f160d7e70cd732021-12-20 16:00:19.174root 11241100x8000000000000000774736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32d71e947520bc92021-12-20 16:00:19.174root 11241100x8000000000000000774737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7079a31b163c1e2021-12-20 16:00:19.674root 11241100x8000000000000000774738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a4e9d73e2199ae2021-12-20 16:00:19.674root 11241100x8000000000000000774739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dc52162afd47cc2021-12-20 16:00:19.674root 11241100x8000000000000000774740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2c3be8dfe4d4072021-12-20 16:00:19.674root 11241100x8000000000000000774741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2faf083f04095072021-12-20 16:00:19.674root 11241100x8000000000000000774742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8fef3d79c8d8802021-12-20 16:00:19.674root 354300x8000000000000000774743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46200-false10.0.1.12-8089- 11241100x8000000000000000774744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b3ff69749e8f292021-12-20 16:00:20.068root 11241100x8000000000000000774745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9d6f2720cb09d52021-12-20 16:00:20.068root 11241100x8000000000000000774746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba39c677c27d65e72021-12-20 16:00:20.068root 11241100x8000000000000000774747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42c580454b348222021-12-20 16:00:20.069root 11241100x8000000000000000774748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3bfbf18151f8462021-12-20 16:00:20.069root 11241100x8000000000000000774749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c856f7633d2e8a9c2021-12-20 16:00:20.069root 11241100x8000000000000000774750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a24d05416e13e6e2021-12-20 16:00:20.070root 11241100x8000000000000000774751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef0d8cf058365142021-12-20 16:00:20.424root 11241100x8000000000000000774752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7453348047b1eb3c2021-12-20 16:00:20.424root 11241100x8000000000000000774753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acdf726444cf3772021-12-20 16:00:20.424root 11241100x8000000000000000774754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18881a37d28545422021-12-20 16:00:20.424root 11241100x8000000000000000774755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021a4c120361630c2021-12-20 16:00:20.425root 11241100x8000000000000000774756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13af789cdf07e90e2021-12-20 16:00:20.425root 11241100x8000000000000000774757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdfda762faa47b82021-12-20 16:00:20.425root 11241100x8000000000000000774758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba91dd0bc319f5b2021-12-20 16:00:20.924root 11241100x8000000000000000774759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b3831a8a61ca022021-12-20 16:00:20.924root 11241100x8000000000000000774760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa83935977c48bd2021-12-20 16:00:20.924root 11241100x8000000000000000774761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b811d391e16c042021-12-20 16:00:20.924root 11241100x8000000000000000774762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3ae1727504c2a62021-12-20 16:00:20.925root 11241100x8000000000000000774763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e0ba9d84b19ae42021-12-20 16:00:20.925root 11241100x8000000000000000774764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515692396d96d08d2021-12-20 16:00:20.925root 11241100x8000000000000000774765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82513138bab7a0f02021-12-20 16:00:21.424root 11241100x8000000000000000774766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f065310003029752021-12-20 16:00:21.424root 11241100x8000000000000000774767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942f1f3e221f13612021-12-20 16:00:21.424root 11241100x8000000000000000774768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cef8d21dd61ebc12021-12-20 16:00:21.424root 11241100x8000000000000000774769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deaa6ed9b76b30b2021-12-20 16:00:21.425root 11241100x8000000000000000774770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6941f15fae04317e2021-12-20 16:00:21.425root 11241100x8000000000000000774771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebbaf5d296c96442021-12-20 16:00:21.425root 11241100x8000000000000000774772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e475815ceb59d2021-12-20 16:00:21.924root 11241100x8000000000000000774773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdee82cb8b3087c2021-12-20 16:00:21.924root 11241100x8000000000000000774774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e75e758e419d5922021-12-20 16:00:21.924root 11241100x8000000000000000774775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcda4f5fab522f7c2021-12-20 16:00:21.924root 11241100x8000000000000000774776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bcd7fecb8e39032021-12-20 16:00:21.925root 11241100x8000000000000000774777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e5f5160dd9473e2021-12-20 16:00:21.925root 11241100x8000000000000000774778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3351ddb038d418992021-12-20 16:00:21.925root 11241100x8000000000000000774779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5ad523d016dc602021-12-20 16:00:22.424root 11241100x8000000000000000774780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e0ce13bca99eb2021-12-20 16:00:22.424root 11241100x8000000000000000774781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6ab6cbde6ed2e92021-12-20 16:00:22.424root 11241100x8000000000000000774782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce1689de275bd8f2021-12-20 16:00:22.424root 11241100x8000000000000000774783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9def2d203af2bbbc2021-12-20 16:00:22.425root 11241100x8000000000000000774784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53151363730875de2021-12-20 16:00:22.425root 11241100x8000000000000000774785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed01071450b71c3c2021-12-20 16:00:22.425root 11241100x8000000000000000774786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe94d7347585f452021-12-20 16:00:22.924root 11241100x8000000000000000774787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61810245cb8531822021-12-20 16:00:22.924root 11241100x8000000000000000774788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e3f99a6c5267522021-12-20 16:00:22.924root 11241100x8000000000000000774789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9dfb523908c8902021-12-20 16:00:22.924root 11241100x8000000000000000774790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a029ba17e50ac2f2021-12-20 16:00:22.925root 11241100x8000000000000000774791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ccb03450749682021-12-20 16:00:22.925root 11241100x8000000000000000774792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e931f3626049a9e52021-12-20 16:00:22.925root 11241100x8000000000000000774793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a938b7a14c29c8412021-12-20 16:00:23.424root 11241100x8000000000000000774794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c00f548cad8fc052021-12-20 16:00:23.424root 11241100x8000000000000000774795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085b755900578f6d2021-12-20 16:00:23.424root 11241100x8000000000000000774796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08afd366ba1c42e02021-12-20 16:00:23.424root 11241100x8000000000000000774797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c1d161c653bf472021-12-20 16:00:23.425root 11241100x8000000000000000774798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c7df17f408ca5d2021-12-20 16:00:23.425root 11241100x8000000000000000774799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390aec96542b9c722021-12-20 16:00:23.425root 11241100x8000000000000000774800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de2e5c5a0ce5b8c2021-12-20 16:00:23.924root 11241100x8000000000000000774801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d58ca5644ff29442021-12-20 16:00:23.924root 11241100x8000000000000000774802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261ee2ca0153d1bb2021-12-20 16:00:23.924root 11241100x8000000000000000774803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262e5e3a2dd0a1302021-12-20 16:00:23.924root 11241100x8000000000000000774804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3b8aaaa371a9912021-12-20 16:00:23.925root 11241100x8000000000000000774805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a5d5e4b39b62722021-12-20 16:00:23.925root 11241100x8000000000000000774806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b821ec931a5af32021-12-20 16:00:23.925root 11241100x8000000000000000774807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7ad3dd5b8939e92021-12-20 16:00:24.424root 11241100x8000000000000000774808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e53466ba5286a992021-12-20 16:00:24.424root 11241100x8000000000000000774809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8234f296c3f62b6c2021-12-20 16:00:24.424root 11241100x8000000000000000774810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882a098a33100f682021-12-20 16:00:24.424root 11241100x8000000000000000774811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebabd6b16a5952d2021-12-20 16:00:24.425root 11241100x8000000000000000774812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47e63650f80ace62021-12-20 16:00:24.425root 11241100x8000000000000000774813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea1cf18acee9c822021-12-20 16:00:24.425root 11241100x8000000000000000774814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c524b85e5f833a2021-12-20 16:00:24.924root 11241100x8000000000000000774815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbb2f7d00e132bc2021-12-20 16:00:24.924root 11241100x8000000000000000774816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ceb06240fc2f91c2021-12-20 16:00:24.924root 11241100x8000000000000000774817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7e0c2a6121d38a2021-12-20 16:00:24.924root 11241100x8000000000000000774818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c427d3bc91ee3c2021-12-20 16:00:24.925root 11241100x8000000000000000774819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3462d1419ceac8072021-12-20 16:00:24.925root 11241100x8000000000000000774820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff95b899aa8430b52021-12-20 16:00:24.925root 354300x8000000000000000774821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.151{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51500-false10.0.1.12-8000- 11241100x8000000000000000774822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a144886ecd0909f2021-12-20 16:00:25.424root 11241100x8000000000000000774823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa1e899e09f1dad2021-12-20 16:00:25.424root 11241100x8000000000000000774824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98ad5e67e3035692021-12-20 16:00:25.424root 11241100x8000000000000000774825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d6d83ec5fe9f3a2021-12-20 16:00:25.424root 11241100x8000000000000000774826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9269af74fe9a4f2021-12-20 16:00:25.424root 11241100x8000000000000000774827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481989d3ce77c0a42021-12-20 16:00:25.424root 11241100x8000000000000000774828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b0d49cba259f5b2021-12-20 16:00:25.424root 11241100x8000000000000000774829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85d75f97e9f63b22021-12-20 16:00:25.424root 11241100x8000000000000000774830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3921b5bbdc4a889c2021-12-20 16:00:25.924root 11241100x8000000000000000774831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3341a2f410a86eb2021-12-20 16:00:25.924root 11241100x8000000000000000774832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f5fbd597f9881a2021-12-20 16:00:25.924root 11241100x8000000000000000774833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1970164402a159302021-12-20 16:00:25.924root 11241100x8000000000000000774834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9022d0b4cfc299f62021-12-20 16:00:25.924root 11241100x8000000000000000774835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73018bdbba6ac1f72021-12-20 16:00:25.924root 11241100x8000000000000000774836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9a77e448767eee2021-12-20 16:00:25.924root 11241100x8000000000000000774837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53934ec48465fea2021-12-20 16:00:25.925root 11241100x8000000000000000774838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d410e09499b229592021-12-20 16:00:26.424root 11241100x8000000000000000774839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4149033a897a422021-12-20 16:00:26.424root 11241100x8000000000000000774840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0404bbffc34a842021-12-20 16:00:26.424root 11241100x8000000000000000774841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a632ff77b8e4e92021-12-20 16:00:26.424root 11241100x8000000000000000774842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286399f0f6051ed72021-12-20 16:00:26.424root 11241100x8000000000000000774843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fda2667774bf3de2021-12-20 16:00:26.424root 11241100x8000000000000000774844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f43d8d89c5763a2021-12-20 16:00:26.424root 11241100x8000000000000000774845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9a4d5d19f491022021-12-20 16:00:26.425root 11241100x8000000000000000774846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c4865f4593bb402021-12-20 16:00:26.924root 11241100x8000000000000000774847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cbfcbcc9430b472021-12-20 16:00:26.924root 11241100x8000000000000000774848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edf72040e8a204a2021-12-20 16:00:26.924root 11241100x8000000000000000774849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2038c683869d9662021-12-20 16:00:26.924root 11241100x8000000000000000774850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc8e19db6ad297b2021-12-20 16:00:26.924root 11241100x8000000000000000774851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42419983447c8f882021-12-20 16:00:26.924root 11241100x8000000000000000774852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2862341a2deb79b2021-12-20 16:00:26.924root 11241100x8000000000000000774853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf2f19da6e374742021-12-20 16:00:26.925root 11241100x8000000000000000774854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec8a39d2b70ffda2021-12-20 16:00:27.424root 11241100x8000000000000000774855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcf525cfb4d00622021-12-20 16:00:27.424root 11241100x8000000000000000774856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3c32956d3124412021-12-20 16:00:27.424root 11241100x8000000000000000774857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab3780c4053f3792021-12-20 16:00:27.424root 11241100x8000000000000000774858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416fb0c5ed01a3ef2021-12-20 16:00:27.424root 11241100x8000000000000000774859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445ac5465e24b3d62021-12-20 16:00:27.424root 11241100x8000000000000000774860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d228c4cc22adb92021-12-20 16:00:27.424root 11241100x8000000000000000774861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76dcdb3b5946eff2021-12-20 16:00:27.424root 11241100x8000000000000000774862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc4220cf88093492021-12-20 16:00:27.924root 11241100x8000000000000000774863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d24dc94938240dc2021-12-20 16:00:27.924root 11241100x8000000000000000774864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87b7ba87f9e732c2021-12-20 16:00:27.924root 11241100x8000000000000000774865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c446429ff9fd2b2021-12-20 16:00:27.924root 11241100x8000000000000000774866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3f0a807059aae92021-12-20 16:00:27.924root 11241100x8000000000000000774867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2612b099264fe5362021-12-20 16:00:27.924root 11241100x8000000000000000774868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0646e76ed323add02021-12-20 16:00:27.924root 11241100x8000000000000000774869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758696910fad80ac2021-12-20 16:00:27.924root 11241100x8000000000000000774870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472f7064a79ad0e12021-12-20 16:00:28.424root 11241100x8000000000000000774871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bebf7d3f30e3a42021-12-20 16:00:28.424root 11241100x8000000000000000774872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84895bee2dff13012021-12-20 16:00:28.424root 11241100x8000000000000000774873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81488171c51c40d2021-12-20 16:00:28.424root 11241100x8000000000000000774874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a61c2eb49368e92021-12-20 16:00:28.424root 11241100x8000000000000000774875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256a9b0dae3b3fa52021-12-20 16:00:28.424root 11241100x8000000000000000774876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf818806ede1662a2021-12-20 16:00:28.424root 11241100x8000000000000000774877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a07c9de328c98d2021-12-20 16:00:28.424root 11241100x8000000000000000774878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18bc9440e86d93b2021-12-20 16:00:28.924root 11241100x8000000000000000774879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df19823e5847f9212021-12-20 16:00:28.924root 11241100x8000000000000000774880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e011d0e09e8ded2021-12-20 16:00:28.924root 11241100x8000000000000000774881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434e1edc7dbe350e2021-12-20 16:00:28.924root 11241100x8000000000000000774882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d989714da054322021-12-20 16:00:28.924root 11241100x8000000000000000774883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c7167b89af9ca92021-12-20 16:00:28.924root 11241100x8000000000000000774884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155ab45ddb0853e52021-12-20 16:00:28.924root 11241100x8000000000000000774885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7558ddced1be69c02021-12-20 16:00:28.924root 11241100x8000000000000000774886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90148c189406383d2021-12-20 16:00:29.424root 11241100x8000000000000000774887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5be39599a319c882021-12-20 16:00:29.424root 11241100x8000000000000000774888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4c928d207187a12021-12-20 16:00:29.424root 11241100x8000000000000000774889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1288a7907e0b77af2021-12-20 16:00:29.424root 11241100x8000000000000000774890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b0247bf7d9c7442021-12-20 16:00:29.424root 11241100x8000000000000000774891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655d62d058364b9e2021-12-20 16:00:29.424root 11241100x8000000000000000774892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0067111b57799ee02021-12-20 16:00:29.424root 11241100x8000000000000000774893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68de11896d6cc7ed2021-12-20 16:00:29.424root 11241100x8000000000000000774894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8c7a35547c66f72021-12-20 16:00:29.924root 11241100x8000000000000000774895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1acb88e2f238662021-12-20 16:00:29.924root 11241100x8000000000000000774896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e7a02553f56fd32021-12-20 16:00:29.924root 11241100x8000000000000000774897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4bec69059007c52021-12-20 16:00:29.924root 11241100x8000000000000000774898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d06543f132d800d2021-12-20 16:00:29.924root 11241100x8000000000000000774899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b121bce89c3a23a22021-12-20 16:00:29.924root 11241100x8000000000000000774900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b952ef2db946c72021-12-20 16:00:29.924root 11241100x8000000000000000774901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe0e0f523a13beb2021-12-20 16:00:29.924root 11241100x8000000000000000774902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d382242247cfbab2021-12-20 16:00:30.424root 11241100x8000000000000000774903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e62c92b5ba49992021-12-20 16:00:30.424root 11241100x8000000000000000774904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83eccf54b39cd7682021-12-20 16:00:30.424root 11241100x8000000000000000774905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413a0cf156637e592021-12-20 16:00:30.424root 11241100x8000000000000000774906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742a28ea797151142021-12-20 16:00:30.424root 11241100x8000000000000000774907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aed6e3f0580f052021-12-20 16:00:30.424root 11241100x8000000000000000774908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d296bc75a53506c2021-12-20 16:00:30.424root 11241100x8000000000000000774909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbab6aa20c9907e92021-12-20 16:00:30.424root 11241100x8000000000000000774910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c743cc3b5e8198d2021-12-20 16:00:30.924root 11241100x8000000000000000774911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6039a5095b785c2e2021-12-20 16:00:30.924root 11241100x8000000000000000774912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cf19fcc34df3eb2021-12-20 16:00:30.924root 11241100x8000000000000000774913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51baea5dc8f025762021-12-20 16:00:30.924root 11241100x8000000000000000774914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e7a3a1569f89e42021-12-20 16:00:30.924root 11241100x8000000000000000774915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc11f020eb6ddfd42021-12-20 16:00:30.924root 11241100x8000000000000000774916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149e919b7252512d2021-12-20 16:00:30.924root 11241100x8000000000000000774917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076d285db7d71bde2021-12-20 16:00:30.925root 354300x8000000000000000774918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.149{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51502-false10.0.1.12-8000- 11241100x8000000000000000774919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88ef0a82e0adaae2021-12-20 16:00:31.424root 11241100x8000000000000000774920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee3cc9a65478c6d2021-12-20 16:00:31.424root 11241100x8000000000000000774921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f332f4f2c4b01bdd2021-12-20 16:00:31.424root 11241100x8000000000000000774922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5e0096a2affe362021-12-20 16:00:31.424root 11241100x8000000000000000774923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f69e7cc9c717c6e2021-12-20 16:00:31.424root 11241100x8000000000000000774924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cac4f640eab0f2a2021-12-20 16:00:31.425root 11241100x8000000000000000774925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d361de3098216c2021-12-20 16:00:31.425root 11241100x8000000000000000774926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab2d821465f3e832021-12-20 16:00:31.425root 11241100x8000000000000000774927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e8ab07ea837d492021-12-20 16:00:31.425root 11241100x8000000000000000774928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee22cb4f6cfe624b2021-12-20 16:00:31.924root 11241100x8000000000000000774929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8f30c17de97f872021-12-20 16:00:31.924root 11241100x8000000000000000774930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26c98deb8674c512021-12-20 16:00:31.924root 11241100x8000000000000000774931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c7068a085565e02021-12-20 16:00:31.924root 11241100x8000000000000000774932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d803fff290d51ab32021-12-20 16:00:31.924root 11241100x8000000000000000774933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7351841c9c2bf7b02021-12-20 16:00:31.924root 11241100x8000000000000000774934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc7cdbac9762c5a2021-12-20 16:00:31.924root 11241100x8000000000000000774935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e30073f5ea592f32021-12-20 16:00:31.924root 11241100x8000000000000000774936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aeab9c82ec8bfca2021-12-20 16:00:31.924root 11241100x8000000000000000774937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8f6a6568d82f282021-12-20 16:00:32.424root 11241100x8000000000000000774938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a098daaf4a23636e2021-12-20 16:00:32.424root 11241100x8000000000000000774939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22699c20129a4bd02021-12-20 16:00:32.424root 11241100x8000000000000000774940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f8da2b662928952021-12-20 16:00:32.424root 11241100x8000000000000000774941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593a08f755c488ed2021-12-20 16:00:32.424root 11241100x8000000000000000774942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2127e11ebe38cdd02021-12-20 16:00:32.424root 11241100x8000000000000000774943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9401f53b2e1bf6622021-12-20 16:00:32.424root 11241100x8000000000000000774944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08a2f867261f13c2021-12-20 16:00:32.425root 11241100x8000000000000000774945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d51115dc33e81c2021-12-20 16:00:32.425root 11241100x8000000000000000774946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6151fdbcefe720e2021-12-20 16:00:32.924root 11241100x8000000000000000774947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82482ddaba012ad02021-12-20 16:00:32.924root 11241100x8000000000000000774948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aadec56778d0e52021-12-20 16:00:32.924root 11241100x8000000000000000774949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaaec584fbbd15db2021-12-20 16:00:32.924root 11241100x8000000000000000774950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e95b8017b66f412021-12-20 16:00:32.924root 11241100x8000000000000000774951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88592017f2b242552021-12-20 16:00:32.924root 11241100x8000000000000000774952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef1497ca34bae5f2021-12-20 16:00:32.925root 11241100x8000000000000000774953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbd8fe1ffdf03e42021-12-20 16:00:32.925root 11241100x8000000000000000774954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30e61ba5b8e21e42021-12-20 16:00:32.925root 11241100x8000000000000000774955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6eb8b7f17ac8e72021-12-20 16:00:33.424root 11241100x8000000000000000774956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb8fff1cf14774c2021-12-20 16:00:33.424root 11241100x8000000000000000774957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2440089c2302522021-12-20 16:00:33.424root 11241100x8000000000000000774958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d055b66209c1cfab2021-12-20 16:00:33.424root 11241100x8000000000000000774959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54134c196c7774d2021-12-20 16:00:33.424root 11241100x8000000000000000774960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686c344fb23959752021-12-20 16:00:33.424root 11241100x8000000000000000774961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de081451e07d9cc22021-12-20 16:00:33.424root 11241100x8000000000000000774962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0702b235b5f0042021-12-20 16:00:33.424root 11241100x8000000000000000774963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0851be970f1a182021-12-20 16:00:33.425root 11241100x8000000000000000774964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40193c87b7b2b6dd2021-12-20 16:00:33.924root 11241100x8000000000000000774965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6462b6e899b4282021-12-20 16:00:33.924root 11241100x8000000000000000774966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10217d95591175c12021-12-20 16:00:33.924root 11241100x8000000000000000774967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027bf3d2308badc82021-12-20 16:00:33.924root 11241100x8000000000000000774968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af01b7af123bc2142021-12-20 16:00:33.924root 11241100x8000000000000000774969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451c0b8d3b47a4232021-12-20 16:00:33.924root 11241100x8000000000000000774970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d04565d93663e12021-12-20 16:00:33.924root 11241100x8000000000000000774971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68e1d518abe7f992021-12-20 16:00:33.924root 11241100x8000000000000000774972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803fdb1de50704262021-12-20 16:00:33.925root 11241100x8000000000000000774973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80c811f02eaa5ed2021-12-20 16:00:34.424root 11241100x8000000000000000774974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f42542a688d788e2021-12-20 16:00:34.424root 11241100x8000000000000000774975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258097caf3d90df92021-12-20 16:00:34.424root 11241100x8000000000000000774976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a9d96ea9ba7eb02021-12-20 16:00:34.424root 11241100x8000000000000000774977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73da1b3dfa538a32021-12-20 16:00:34.424root 11241100x8000000000000000774978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee0ad50d0e6c5ea2021-12-20 16:00:34.424root 11241100x8000000000000000774979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6196c82691e2492021-12-20 16:00:34.424root 11241100x8000000000000000774980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eb4783074f98a22021-12-20 16:00:34.424root 11241100x8000000000000000774981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcaf7abda0534f22021-12-20 16:00:34.425root 11241100x8000000000000000774982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137f25127715fe662021-12-20 16:00:34.924root 11241100x8000000000000000774983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7680a5160e9b6bed2021-12-20 16:00:34.924root 11241100x8000000000000000774984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38ecfa33b44b5b62021-12-20 16:00:34.924root 11241100x8000000000000000774985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c113694b5047842021-12-20 16:00:34.924root 11241100x8000000000000000774986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031425600855b4062021-12-20 16:00:34.924root 11241100x8000000000000000774987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0254b01a72f59b02021-12-20 16:00:34.925root 11241100x8000000000000000774988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19376679aaa0dd062021-12-20 16:00:34.925root 11241100x8000000000000000774989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad85c1a2d6de9902021-12-20 16:00:34.925root 11241100x8000000000000000774990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83333ac191f0513c2021-12-20 16:00:34.925root 11241100x8000000000000000774991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f229f66a7f6e8ffa2021-12-20 16:00:35.424root 11241100x8000000000000000774992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f772e5c4aeb234702021-12-20 16:00:35.424root 11241100x8000000000000000774993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801c9ec4ca9c32cc2021-12-20 16:00:35.425root 11241100x8000000000000000774994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c725a7bcf5017ba2021-12-20 16:00:35.425root 11241100x8000000000000000774995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc65f70bc16a50802021-12-20 16:00:35.425root 11241100x8000000000000000774996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9895cf09fb4505fd2021-12-20 16:00:35.425root 11241100x8000000000000000774997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b2ef41bff39ad22021-12-20 16:00:35.425root 11241100x8000000000000000774998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfb57f78cf6aea42021-12-20 16:00:35.425root 11241100x8000000000000000774999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5088ffcb05383f12021-12-20 16:00:35.425root 11241100x8000000000000000775000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e257d32ca2c3163e2021-12-20 16:00:35.924root 11241100x8000000000000000775001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d416af0351102f2021-12-20 16:00:35.924root 11241100x8000000000000000775002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4572ded7cc32f9d62021-12-20 16:00:35.924root 11241100x8000000000000000775003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2010bb9485a108332021-12-20 16:00:35.924root 11241100x8000000000000000775004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2833f7e9e0dfd7d72021-12-20 16:00:35.924root 11241100x8000000000000000775005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8001ff458b42d68a2021-12-20 16:00:35.924root 11241100x8000000000000000775006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704bcc0d0c1d28762021-12-20 16:00:35.924root 11241100x8000000000000000775007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7023592574b2cfce2021-12-20 16:00:35.924root 11241100x8000000000000000775008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d312d734e87775072021-12-20 16:00:35.924root 11241100x8000000000000000775009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.067{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:00:36.067root 11241100x8000000000000000775010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227f066e439051662021-12-20 16:00:36.424root 11241100x8000000000000000775011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343bd79b499512402021-12-20 16:00:36.424root 11241100x8000000000000000775012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bed2823f52afaf22021-12-20 16:00:36.424root 11241100x8000000000000000775013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45e53f328deed762021-12-20 16:00:36.424root 11241100x8000000000000000775014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db65eba23f3a42c82021-12-20 16:00:36.424root 11241100x8000000000000000775015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc79fdea149816e2021-12-20 16:00:36.424root 11241100x8000000000000000775016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01bdf271d6d112f2021-12-20 16:00:36.424root 11241100x8000000000000000775017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7589abfe9daa5832021-12-20 16:00:36.424root 11241100x8000000000000000775018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181d843de87bb64c2021-12-20 16:00:36.425root 11241100x8000000000000000775019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0d700b3652f83f2021-12-20 16:00:36.425root 11241100x8000000000000000775020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9559bcdf8a23f6fb2021-12-20 16:00:36.924root 11241100x8000000000000000775021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff4d47e566028f2021-12-20 16:00:36.924root 11241100x8000000000000000775022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d776aa19e8d5076a2021-12-20 16:00:36.924root 11241100x8000000000000000775023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9961afbbd767337e2021-12-20 16:00:36.924root 11241100x8000000000000000775024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d8325ee5942cc82021-12-20 16:00:36.924root 11241100x8000000000000000775025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec7b34bd266d9662021-12-20 16:00:36.924root 11241100x8000000000000000775026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438bc2bf92a3dccc2021-12-20 16:00:36.924root 11241100x8000000000000000775027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5679b5e98dc38a2021-12-20 16:00:36.925root 11241100x8000000000000000775028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8752f7b7565a9a62021-12-20 16:00:36.925root 11241100x8000000000000000775029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3ae6d1e368fdc32021-12-20 16:00:36.925root 354300x8000000000000000775030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.124{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51504-false10.0.1.12-8000- 11241100x8000000000000000775031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3681e18da66df7982021-12-20 16:00:37.424root 11241100x8000000000000000775032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96bdcee8074fe9b2021-12-20 16:00:37.424root 11241100x8000000000000000775033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758b8ec7355b3c532021-12-20 16:00:37.424root 11241100x8000000000000000775034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b815f4e763712e692021-12-20 16:00:37.424root 11241100x8000000000000000775035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccaa37f79c65c0e2021-12-20 16:00:37.424root 11241100x8000000000000000775036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7086850fd91a382021-12-20 16:00:37.424root 11241100x8000000000000000775037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f56b7700a9c94b02021-12-20 16:00:37.424root 11241100x8000000000000000775038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70641d01c7fcad22021-12-20 16:00:37.425root 11241100x8000000000000000775039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec2bf69e1ec5ef32021-12-20 16:00:37.425root 11241100x8000000000000000775040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ed5fef221047942021-12-20 16:00:37.425root 11241100x8000000000000000775041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430f943d3350539b2021-12-20 16:00:37.425root 11241100x8000000000000000775042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1b32eb6fe9122b2021-12-20 16:00:37.924root 11241100x8000000000000000775043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6342db8356eb3ac02021-12-20 16:00:37.924root 11241100x8000000000000000775044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969cb58cc1b0e88a2021-12-20 16:00:37.924root 11241100x8000000000000000775045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0121c6e450c15d12021-12-20 16:00:37.924root 11241100x8000000000000000775046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ccd6e4bcb77d702021-12-20 16:00:37.924root 11241100x8000000000000000775047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f0f1bfbb6a70942021-12-20 16:00:37.924root 11241100x8000000000000000775048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14bcb38e4d18fca2021-12-20 16:00:37.924root 11241100x8000000000000000775049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d18066c4b6de47f2021-12-20 16:00:37.925root 11241100x8000000000000000775050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e601241667dea9a62021-12-20 16:00:37.925root 11241100x8000000000000000775051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6a882d6f2b40452021-12-20 16:00:37.925root 11241100x8000000000000000775052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eedaa0e66b8a2752021-12-20 16:00:37.925root 11241100x8000000000000000775053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5a479ff3e753af2021-12-20 16:00:38.424root 11241100x8000000000000000775054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f098f53e2fadce3c2021-12-20 16:00:38.424root 11241100x8000000000000000775055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d222f5f592645b9e2021-12-20 16:00:38.424root 11241100x8000000000000000775056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaf04f251ac97962021-12-20 16:00:38.425root 11241100x8000000000000000775057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf3a961beca7ad72021-12-20 16:00:38.425root 11241100x8000000000000000775058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9c16caa0c098392021-12-20 16:00:38.425root 11241100x8000000000000000775059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd857190737574342021-12-20 16:00:38.425root 11241100x8000000000000000775060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb326a3d4e024be2021-12-20 16:00:38.425root 11241100x8000000000000000775061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac8c799ce6b1cc42021-12-20 16:00:38.425root 11241100x8000000000000000775062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a070b32296e59fcd2021-12-20 16:00:38.425root 11241100x8000000000000000775063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3033a346a07cffc2021-12-20 16:00:38.426root 11241100x8000000000000000775064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9a1fa5d988fee82021-12-20 16:00:38.924root 11241100x8000000000000000775065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864087ce34c413552021-12-20 16:00:38.924root 11241100x8000000000000000775066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae185115e9f443b2021-12-20 16:00:38.924root 11241100x8000000000000000775067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017247bd2af4625a2021-12-20 16:00:38.925root 11241100x8000000000000000775068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea663a9ffaf7af92021-12-20 16:00:38.925root 11241100x8000000000000000775069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f861bccd37fc86a32021-12-20 16:00:38.925root 11241100x8000000000000000775070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0452445ecb77cfe2021-12-20 16:00:38.925root 11241100x8000000000000000775071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad0e01c368d5d352021-12-20 16:00:38.925root 11241100x8000000000000000775072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094c2cecd74132fc2021-12-20 16:00:38.925root 11241100x8000000000000000775073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb685e91274ff352021-12-20 16:00:38.925root 11241100x8000000000000000775074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3480638bb4d1b382021-12-20 16:00:38.925root 23542300x8000000000000000775075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000775076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2613528752a99a2021-12-20 16:00:39.424root 11241100x8000000000000000775077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6f53b00652a6402021-12-20 16:00:39.424root 11241100x8000000000000000775078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc01ecf4a424cda2021-12-20 16:00:39.424root 11241100x8000000000000000775079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f92220d0269be2021-12-20 16:00:39.424root 11241100x8000000000000000775080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2323f6e3afea0ee2021-12-20 16:00:39.424root 11241100x8000000000000000775081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1ff93efc00162a2021-12-20 16:00:39.424root 11241100x8000000000000000775082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4052cdc840c904712021-12-20 16:00:39.424root 11241100x8000000000000000775083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a7e5f89bc6aa232021-12-20 16:00:39.425root 11241100x8000000000000000775084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5576275ad8f3d0c2021-12-20 16:00:39.425root 11241100x8000000000000000775085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12b6e9d4b1b1ce62021-12-20 16:00:39.425root 11241100x8000000000000000775086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4311dd93dc12198a2021-12-20 16:00:39.425root 11241100x8000000000000000775087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f079a985faa69c2021-12-20 16:00:39.425root 11241100x8000000000000000775088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b560f626e353d4772021-12-20 16:00:39.924root 11241100x8000000000000000775089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e508fd6896db442021-12-20 16:00:39.924root 11241100x8000000000000000775090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26da9f5a4109c2fd2021-12-20 16:00:39.924root 11241100x8000000000000000775091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6f93f2af047c322021-12-20 16:00:39.924root 11241100x8000000000000000775092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5e8fed2b9afa622021-12-20 16:00:39.924root 11241100x8000000000000000775093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf90a73ee22e8ed92021-12-20 16:00:39.924root 11241100x8000000000000000775094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a248d18eb6c0a1872021-12-20 16:00:39.924root 11241100x8000000000000000775095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed577192f3fa3732021-12-20 16:00:39.925root 11241100x8000000000000000775096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c78daa1f5c9e082021-12-20 16:00:39.925root 11241100x8000000000000000775097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94154c62dcc6ecf52021-12-20 16:00:39.925root 11241100x8000000000000000775098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f0c2e765292d722021-12-20 16:00:39.925root 11241100x8000000000000000775099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5169ab6fd20b91e2021-12-20 16:00:39.925root 11241100x8000000000000000775100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6cbebc491725222021-12-20 16:00:40.424root 11241100x8000000000000000775101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ee2fdb7d9b80162021-12-20 16:00:40.424root 11241100x8000000000000000775102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607c543e626a3cb42021-12-20 16:00:40.424root 11241100x8000000000000000775103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee449e9eaa732992021-12-20 16:00:40.424root 11241100x8000000000000000775104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bd4571a489de2a2021-12-20 16:00:40.424root 11241100x8000000000000000775105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c615ad66a14452872021-12-20 16:00:40.424root 11241100x8000000000000000775106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d8de4325fada342021-12-20 16:00:40.424root 11241100x8000000000000000775107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8595c483e3d5ec2c2021-12-20 16:00:40.425root 11241100x8000000000000000775108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714a707775016caa2021-12-20 16:00:40.425root 11241100x8000000000000000775109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082d4804c5f875512021-12-20 16:00:40.425root 11241100x8000000000000000775110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f005891260e3652021-12-20 16:00:40.425root 11241100x8000000000000000775111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c711b734c7eee4ef2021-12-20 16:00:40.425root 11241100x8000000000000000775112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628d016a11ba49b12021-12-20 16:00:40.924root 11241100x8000000000000000775113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b504f77c8c72bfee2021-12-20 16:00:40.924root 11241100x8000000000000000775114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cad7ef6221fcd712021-12-20 16:00:40.924root 11241100x8000000000000000775115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a835f224c28dd2ce2021-12-20 16:00:40.924root 11241100x8000000000000000775116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49955d6f4fae17f02021-12-20 16:00:40.924root 11241100x8000000000000000775117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87305269f7b92632021-12-20 16:00:40.924root 11241100x8000000000000000775118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340a3b17f8b920ed2021-12-20 16:00:40.925root 11241100x8000000000000000775119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3190cb6afd73da2021-12-20 16:00:40.925root 11241100x8000000000000000775120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866ad33cd68f92d22021-12-20 16:00:40.925root 11241100x8000000000000000775121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70f37fd7da0ffea2021-12-20 16:00:40.925root 11241100x8000000000000000775122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caba1c2d66100022021-12-20 16:00:40.925root 11241100x8000000000000000775123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daacc7cec8e40c172021-12-20 16:00:40.925root 11241100x8000000000000000775124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6c47d4b70491402021-12-20 16:00:41.424root 11241100x8000000000000000775125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705454d0878fc3fd2021-12-20 16:00:41.424root 11241100x8000000000000000775126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879c711ed683ae6a2021-12-20 16:00:41.424root 11241100x8000000000000000775127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9357521f8f88ac272021-12-20 16:00:41.424root 11241100x8000000000000000775128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c13219edc4de792021-12-20 16:00:41.424root 11241100x8000000000000000775129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1630bfc007a0dba82021-12-20 16:00:41.425root 11241100x8000000000000000775130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70c8bfdf6e9a1fe2021-12-20 16:00:41.425root 11241100x8000000000000000775131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9058a67fc31ec0812021-12-20 16:00:41.425root 11241100x8000000000000000775132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692682bb27b7df932021-12-20 16:00:41.425root 11241100x8000000000000000775133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024c4b0e84e627692021-12-20 16:00:41.425root 11241100x8000000000000000775134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aece35a97f40692021-12-20 16:00:41.425root 11241100x8000000000000000775135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c43ac75018be322021-12-20 16:00:41.425root 11241100x8000000000000000775136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d117755a66b331752021-12-20 16:00:41.924root 11241100x8000000000000000775137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df858a17fe1c4d22021-12-20 16:00:41.924root 11241100x8000000000000000775138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad182c7db1ace9c2021-12-20 16:00:41.924root 11241100x8000000000000000775139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc8a8a2dc17c1542021-12-20 16:00:41.925root 11241100x8000000000000000775140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b805cc510e9d38d52021-12-20 16:00:41.925root 11241100x8000000000000000775141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289e86eccfb12ec02021-12-20 16:00:41.925root 11241100x8000000000000000775142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee1a1fb079bf1992021-12-20 16:00:41.925root 11241100x8000000000000000775143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12024066ba78ca742021-12-20 16:00:41.925root 11241100x8000000000000000775144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edcbe210cb408ae2021-12-20 16:00:41.925root 11241100x8000000000000000775145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8886aca77e8e5232021-12-20 16:00:41.925root 11241100x8000000000000000775146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a560bd2818149d7f2021-12-20 16:00:41.925root 11241100x8000000000000000775147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d2cff8794ae28f2021-12-20 16:00:41.925root 354300x8000000000000000775148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.160{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51506-false10.0.1.12-8000- 11241100x8000000000000000775149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3db44989dedf6e82021-12-20 16:00:42.424root 11241100x8000000000000000775150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a739fb8b60c444f92021-12-20 16:00:42.424root 11241100x8000000000000000775151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8268e5fbc197a52021-12-20 16:00:42.425root 11241100x8000000000000000775152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506658f18ebfc0182021-12-20 16:00:42.425root 11241100x8000000000000000775153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edf5cad9c1421912021-12-20 16:00:42.425root 11241100x8000000000000000775154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463cf52fc04f5d022021-12-20 16:00:42.425root 11241100x8000000000000000775155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb993e92812b4892021-12-20 16:00:42.425root 11241100x8000000000000000775156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5011df69cddadef92021-12-20 16:00:42.425root 11241100x8000000000000000775157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc4baa8ca7fa9b42021-12-20 16:00:42.425root 11241100x8000000000000000775158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d95878d4c8425d02021-12-20 16:00:42.425root 11241100x8000000000000000775159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283005122f25965d2021-12-20 16:00:42.425root 11241100x8000000000000000775160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c07598390ccb1d22021-12-20 16:00:42.425root 11241100x8000000000000000775161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bb4e48a560b1a82021-12-20 16:00:42.425root 11241100x8000000000000000775162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5df454c95a0f762021-12-20 16:00:42.924root 11241100x8000000000000000775163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756c01a7e064f9ba2021-12-20 16:00:42.924root 11241100x8000000000000000775164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b019a2688befe0d82021-12-20 16:00:42.924root 11241100x8000000000000000775165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325db6d12725c0a92021-12-20 16:00:42.924root 11241100x8000000000000000775166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65227668d143048d2021-12-20 16:00:42.924root 11241100x8000000000000000775167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee02555af57be4e42021-12-20 16:00:42.925root 11241100x8000000000000000775168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3905fdc461029142021-12-20 16:00:42.925root 11241100x8000000000000000775169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f5448e7bc6fde92021-12-20 16:00:42.925root 11241100x8000000000000000775170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f13462890eaabd2021-12-20 16:00:42.925root 11241100x8000000000000000775171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c34f3eea650a552021-12-20 16:00:42.925root 11241100x8000000000000000775172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3460b97ce3005c4c2021-12-20 16:00:42.925root 11241100x8000000000000000775173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf5c62dc8c8ac2d2021-12-20 16:00:42.925root 11241100x8000000000000000775174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99415575e3f4ec552021-12-20 16:00:42.925root 11241100x8000000000000000775175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4394390249e5e6912021-12-20 16:00:43.424root 11241100x8000000000000000775176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57db42b03b6df3d2021-12-20 16:00:43.424root 11241100x8000000000000000775177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38c2dc2bba769692021-12-20 16:00:43.424root 11241100x8000000000000000775178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c227129afc7cda242021-12-20 16:00:43.424root 11241100x8000000000000000775179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e9e0c320d201fa2021-12-20 16:00:43.424root 11241100x8000000000000000775180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1e77029c0633c02021-12-20 16:00:43.426root 11241100x8000000000000000775181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5c030f483315d22021-12-20 16:00:43.426root 11241100x8000000000000000775182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ea251623a7f3c82021-12-20 16:00:43.426root 11241100x8000000000000000775183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9dd2c0118713f52021-12-20 16:00:43.427root 11241100x8000000000000000775184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200e679d2dd128452021-12-20 16:00:43.427root 11241100x8000000000000000775185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76227b85e35194ac2021-12-20 16:00:43.427root 11241100x8000000000000000775186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81519e49367375102021-12-20 16:00:43.427root 11241100x8000000000000000775187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ce011af8f496202021-12-20 16:00:43.427root 11241100x8000000000000000775188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0169ea7ad21769032021-12-20 16:00:43.924root 11241100x8000000000000000775189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a2e2b9b56e31e22021-12-20 16:00:43.924root 11241100x8000000000000000775190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2b5f06e3a603192021-12-20 16:00:43.924root 11241100x8000000000000000775191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fcb1ad502f1b7d2021-12-20 16:00:43.924root 11241100x8000000000000000775192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80565a230a11e3172021-12-20 16:00:43.924root 11241100x8000000000000000775193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569e019ae5cbfc212021-12-20 16:00:43.924root 11241100x8000000000000000775194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40f2756e9b532062021-12-20 16:00:43.925root 11241100x8000000000000000775195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db302adc4d97c8e2021-12-20 16:00:43.925root 11241100x8000000000000000775196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb15b9ff3a846762021-12-20 16:00:43.925root 11241100x8000000000000000775197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2447985cd4bf32352021-12-20 16:00:43.925root 11241100x8000000000000000775198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7df6973b4a176e12021-12-20 16:00:43.925root 11241100x8000000000000000775199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164a29a0daec14112021-12-20 16:00:43.925root 11241100x8000000000000000775200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0e293daaf87e472021-12-20 16:00:43.925root 11241100x8000000000000000775201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671c000d09e74e642021-12-20 16:00:44.424root 11241100x8000000000000000775202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4541ea0228cedb5a2021-12-20 16:00:44.424root 11241100x8000000000000000775203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689433e00919b5e82021-12-20 16:00:44.424root 11241100x8000000000000000775204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6f797f50bfd6702021-12-20 16:00:44.424root 11241100x8000000000000000775205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7610efc45bcdefd2021-12-20 16:00:44.425root 11241100x8000000000000000775206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da4650e8b026a5b2021-12-20 16:00:44.425root 11241100x8000000000000000775207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c570abc5b61429482021-12-20 16:00:44.425root 11241100x8000000000000000775208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d613770caaa20e2021-12-20 16:00:44.425root 11241100x8000000000000000775209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3e0f11f8e5fdb02021-12-20 16:00:44.425root 11241100x8000000000000000775210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360bb476c3579a722021-12-20 16:00:44.425root 11241100x8000000000000000775211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3d1ada5e7534b2021-12-20 16:00:44.425root 11241100x8000000000000000775212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd11f7ff90da4c72021-12-20 16:00:44.425root 11241100x8000000000000000775213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e9b440313909992021-12-20 16:00:44.425root 11241100x8000000000000000775214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f0102e75f37d052021-12-20 16:00:44.924root 11241100x8000000000000000775215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6919f14f984091b2021-12-20 16:00:44.924root 11241100x8000000000000000775216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1698f16d330c3f52021-12-20 16:00:44.924root 11241100x8000000000000000775217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618a8d61612f55922021-12-20 16:00:44.924root 11241100x8000000000000000775218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02423005fdf2edf02021-12-20 16:00:44.924root 11241100x8000000000000000775219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0995d00e731ba252021-12-20 16:00:44.925root 11241100x8000000000000000775220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47208d891a1744d12021-12-20 16:00:44.925root 11241100x8000000000000000775221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fda1736a8261712021-12-20 16:00:44.925root 11241100x8000000000000000775222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667aeae74347257d2021-12-20 16:00:44.925root 11241100x8000000000000000775223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f75bd3a86988efd2021-12-20 16:00:44.925root 11241100x8000000000000000775224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de12f03fed3dda7d2021-12-20 16:00:44.925root 11241100x8000000000000000775225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b69240a4d2691d2021-12-20 16:00:44.925root 11241100x8000000000000000775226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778c7c29ec0a3df92021-12-20 16:00:44.925root 11241100x8000000000000000775227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c898b1105f8081512021-12-20 16:00:45.424root 11241100x8000000000000000775228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03daf5cd0c92b302021-12-20 16:00:45.424root 11241100x8000000000000000775229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12faad41ced1eadf2021-12-20 16:00:45.424root 11241100x8000000000000000775230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6a6b7e0f56975f2021-12-20 16:00:45.424root 11241100x8000000000000000775231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40a981dec1e83d22021-12-20 16:00:45.424root 11241100x8000000000000000775232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2544a2888218ad1f2021-12-20 16:00:45.425root 11241100x8000000000000000775233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20600c42810970f02021-12-20 16:00:45.425root 11241100x8000000000000000775234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aa75dab4b64abe2021-12-20 16:00:45.425root 11241100x8000000000000000775235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e299bfd60fe9c7632021-12-20 16:00:45.425root 11241100x8000000000000000775236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004312645595e57a2021-12-20 16:00:45.425root 11241100x8000000000000000775237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b68a5e232af16f2021-12-20 16:00:45.425root 11241100x8000000000000000775238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc95b8de130c5d92021-12-20 16:00:45.425root 11241100x8000000000000000775239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862ca429e4258b812021-12-20 16:00:45.425root 11241100x8000000000000000775240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97727ed71bfa6362021-12-20 16:00:45.924root 11241100x8000000000000000775241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0013e82e7f3134772021-12-20 16:00:45.925root 11241100x8000000000000000775242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1fba6d55c85db42021-12-20 16:00:45.925root 11241100x8000000000000000775243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23c66c32308b2432021-12-20 16:00:45.925root 11241100x8000000000000000775244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01da9d850c5e45f2021-12-20 16:00:45.925root 11241100x8000000000000000775245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b31e552ed28eaf22021-12-20 16:00:45.925root 11241100x8000000000000000775246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c413f491d989b42021-12-20 16:00:45.925root 11241100x8000000000000000775247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd9a82f13e0e9b72021-12-20 16:00:45.925root 11241100x8000000000000000775248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410a2ebd3edb9a5f2021-12-20 16:00:45.925root 11241100x8000000000000000775249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611b3803db55c55d2021-12-20 16:00:45.925root 11241100x8000000000000000775250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c42d1f93b2b8662021-12-20 16:00:45.925root 11241100x8000000000000000775251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f7bf80e5a97f162021-12-20 16:00:45.925root 11241100x8000000000000000775252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed5bcdae91cdf2d2021-12-20 16:00:45.925root 11241100x8000000000000000775253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972b4ce3382d93212021-12-20 16:00:46.424root 11241100x8000000000000000775254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c8cee77b7093ef2021-12-20 16:00:46.424root 11241100x8000000000000000775255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261dffda977228502021-12-20 16:00:46.425root 11241100x8000000000000000775256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da34bea70248a8802021-12-20 16:00:46.425root 11241100x8000000000000000775257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571b9dfe05a6c97a2021-12-20 16:00:46.425root 11241100x8000000000000000775258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e3f3952d3c67802021-12-20 16:00:46.426root 11241100x8000000000000000775259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada0791a5d43c5b52021-12-20 16:00:46.426root 11241100x8000000000000000775260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f4e3bf6c3c73d62021-12-20 16:00:46.426root 11241100x8000000000000000775261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692a4115fd52cc182021-12-20 16:00:46.426root 11241100x8000000000000000775262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3d441e5ee7fe2f2021-12-20 16:00:46.426root 11241100x8000000000000000775263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa15787e1aa22a12021-12-20 16:00:46.426root 11241100x8000000000000000775264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc07591303c6892a2021-12-20 16:00:46.427root 11241100x8000000000000000775265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7978e6f6e54bf62021-12-20 16:00:46.427root 11241100x8000000000000000775266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbbcd8cf67851342021-12-20 16:00:46.924root 11241100x8000000000000000775267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea414dede18d0e82021-12-20 16:00:46.924root 11241100x8000000000000000775268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54440f3444a9c5d2021-12-20 16:00:46.924root 11241100x8000000000000000775269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf444723d0274112021-12-20 16:00:46.925root 11241100x8000000000000000775270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42988784bafb1862021-12-20 16:00:46.925root 11241100x8000000000000000775271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86a881dc1055f292021-12-20 16:00:46.925root 11241100x8000000000000000775272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c32f961fd94ee82021-12-20 16:00:46.925root 11241100x8000000000000000775273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4aa6d6235c5f472021-12-20 16:00:46.925root 11241100x8000000000000000775274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf698613cb3adc42021-12-20 16:00:46.925root 11241100x8000000000000000775275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f236e1753cd9e72021-12-20 16:00:46.925root 11241100x8000000000000000775276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76854973e281ee772021-12-20 16:00:46.925root 11241100x8000000000000000775277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d54960933bac452021-12-20 16:00:46.926root 11241100x8000000000000000775278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f038c3c732cb8d2021-12-20 16:00:46.926root 354300x8000000000000000775279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.164{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51508-false10.0.1.12-8000- 11241100x8000000000000000775280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4c982ece2e5c7c2021-12-20 16:00:47.424root 11241100x8000000000000000775281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55f18feb77b32062021-12-20 16:00:47.424root 11241100x8000000000000000775282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4313b9915959f4c82021-12-20 16:00:47.424root 11241100x8000000000000000775283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05f0335f54cdf462021-12-20 16:00:47.424root 11241100x8000000000000000775284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9dd5077ecfb7d82021-12-20 16:00:47.425root 11241100x8000000000000000775285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871470576c3bc63d2021-12-20 16:00:47.425root 11241100x8000000000000000775286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f405c90b1370b7ca2021-12-20 16:00:47.425root 11241100x8000000000000000775287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246b2c06c9824eb82021-12-20 16:00:47.425root 11241100x8000000000000000775288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5214f8f43f6b6c2021-12-20 16:00:47.425root 11241100x8000000000000000775289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf0d681e2dfae962021-12-20 16:00:47.425root 11241100x8000000000000000775290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb10c8e413f757152021-12-20 16:00:47.425root 11241100x8000000000000000775291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ef3c7e5df8fc462021-12-20 16:00:47.425root 11241100x8000000000000000775292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feda006a0e04b0662021-12-20 16:00:47.425root 11241100x8000000000000000775293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8d6bab1438cc272021-12-20 16:00:47.425root 11241100x8000000000000000775294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f1db15f6d616d82021-12-20 16:00:47.924root 11241100x8000000000000000775295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5e3d6fe04c35442021-12-20 16:00:47.924root 11241100x8000000000000000775296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18492466e4d9bfc2021-12-20 16:00:47.924root 11241100x8000000000000000775297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af13b24595ba2882021-12-20 16:00:47.924root 11241100x8000000000000000775298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11c0643adf356b22021-12-20 16:00:47.925root 11241100x8000000000000000775299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9081260b97336f2021-12-20 16:00:47.925root 11241100x8000000000000000775300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064c6fd96083e9c62021-12-20 16:00:47.925root 11241100x8000000000000000775301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad752d2c6d00c572021-12-20 16:00:47.925root 11241100x8000000000000000775302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db66de4f74790b872021-12-20 16:00:47.925root 11241100x8000000000000000775303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0542714622e548952021-12-20 16:00:47.925root 11241100x8000000000000000775304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c8fd2d38a9c4a22021-12-20 16:00:47.925root 11241100x8000000000000000775305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23622833e1d799c62021-12-20 16:00:47.925root 11241100x8000000000000000775306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fddf1d572a01bf2021-12-20 16:00:47.925root 11241100x8000000000000000775307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a905072253e09bc2021-12-20 16:00:47.925root 11241100x8000000000000000775308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d3d84fd84a98322021-12-20 16:00:48.424root 11241100x8000000000000000775309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d5c198900585d82021-12-20 16:00:48.424root 11241100x8000000000000000775310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7a468aa2fb08042021-12-20 16:00:48.424root 11241100x8000000000000000775311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b34dda3535f7a32021-12-20 16:00:48.424root 11241100x8000000000000000775312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bf0125511ce4242021-12-20 16:00:48.424root 11241100x8000000000000000775313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd765818006bf1782021-12-20 16:00:48.425root 11241100x8000000000000000775314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817802bd6cbc89222021-12-20 16:00:48.425root 11241100x8000000000000000775315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a215bfb621ebdf72021-12-20 16:00:48.425root 11241100x8000000000000000775316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08f3dad2f230e5a2021-12-20 16:00:48.425root 11241100x8000000000000000775317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2630fcdc9cfb46062021-12-20 16:00:48.425root 11241100x8000000000000000775318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747a8936f8c334c62021-12-20 16:00:48.425root 11241100x8000000000000000775319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e90aa3403b5a1e52021-12-20 16:00:48.425root 11241100x8000000000000000775320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcfc8e8cede85bb2021-12-20 16:00:48.425root 11241100x8000000000000000775321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c74c4fcafe89e72021-12-20 16:00:48.425root 11241100x8000000000000000775322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfe3dcdaa513fbb2021-12-20 16:00:48.924root 11241100x8000000000000000775323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d2abc03b55a5b02021-12-20 16:00:48.924root 11241100x8000000000000000775324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e1789d0c1f1f012021-12-20 16:00:48.924root 11241100x8000000000000000775325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164e1dddfd9875982021-12-20 16:00:48.924root 11241100x8000000000000000775326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13da8f3bd27cacc02021-12-20 16:00:48.925root 11241100x8000000000000000775327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df2a7e30ff859462021-12-20 16:00:48.925root 11241100x8000000000000000775328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3edde4889ab44e2021-12-20 16:00:48.925root 11241100x8000000000000000775329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8f09cbe8b0c4f42021-12-20 16:00:48.925root 11241100x8000000000000000775330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cfd5831b878eeb2021-12-20 16:00:48.925root 11241100x8000000000000000775331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583afcf1bf330e512021-12-20 16:00:48.925root 11241100x8000000000000000775332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3b797ede1febae2021-12-20 16:00:48.925root 11241100x8000000000000000775333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ccdfef578ea4f72021-12-20 16:00:48.925root 11241100x8000000000000000775334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8102470518e0b5a2021-12-20 16:00:48.925root 11241100x8000000000000000775335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0098e5816e9a23962021-12-20 16:00:48.925root 11241100x8000000000000000775336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac69c36c92ecf072021-12-20 16:00:49.424root 11241100x8000000000000000775337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce041cf27b7ad002021-12-20 16:00:49.425root 11241100x8000000000000000775338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9e1209a0a47a582021-12-20 16:00:49.425root 11241100x8000000000000000775339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53388d61358d1f3a2021-12-20 16:00:49.425root 11241100x8000000000000000775340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8ca12ac85378d72021-12-20 16:00:49.425root 11241100x8000000000000000775341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5a40d9b04f6ab62021-12-20 16:00:49.425root 11241100x8000000000000000775342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f986b1950b9a8d6b2021-12-20 16:00:49.425root 11241100x8000000000000000775343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7818a771efb420f12021-12-20 16:00:49.425root 11241100x8000000000000000775344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cba985c59dadf32021-12-20 16:00:49.425root 11241100x8000000000000000775345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745dbfbe75382b862021-12-20 16:00:49.425root 11241100x8000000000000000775346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69dd2f6fb5412622021-12-20 16:00:49.425root 11241100x8000000000000000775347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1f182c587c2a772021-12-20 16:00:49.425root 11241100x8000000000000000775348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b82828c2fd535e2021-12-20 16:00:49.426root 11241100x8000000000000000775349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9e365c2694fa1e2021-12-20 16:00:49.426root 11241100x8000000000000000775350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3aab214d0b9e4572021-12-20 16:00:49.924root 11241100x8000000000000000775351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d0d13e5a87088c2021-12-20 16:00:49.924root 11241100x8000000000000000775352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cf4da2f8a340b52021-12-20 16:00:49.924root 11241100x8000000000000000775353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6292c8edcba058442021-12-20 16:00:49.925root 11241100x8000000000000000775354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240b8002696fe9e02021-12-20 16:00:49.925root 11241100x8000000000000000775355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814461d054c48cae2021-12-20 16:00:49.925root 11241100x8000000000000000775356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05567ad3ccb456be2021-12-20 16:00:49.925root 11241100x8000000000000000775357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d2e7c38b5b0a8e2021-12-20 16:00:49.925root 11241100x8000000000000000775358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56a317890b3c45c2021-12-20 16:00:49.925root 11241100x8000000000000000775359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234a3c0fc60267b32021-12-20 16:00:49.925root 11241100x8000000000000000775360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078ea9caaa3ad0192021-12-20 16:00:49.925root 11241100x8000000000000000775361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c53918b67fd83b2021-12-20 16:00:49.925root 11241100x8000000000000000775362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642c0089df568e332021-12-20 16:00:49.925root 11241100x8000000000000000775363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc862e47a2217d482021-12-20 16:00:49.925root 11241100x8000000000000000775364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7070a680699161a02021-12-20 16:00:50.424root 11241100x8000000000000000775365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c70a78be75ebee2021-12-20 16:00:50.424root 11241100x8000000000000000775366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da54b9f997f7af0e2021-12-20 16:00:50.424root 11241100x8000000000000000775367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22936e5b1fbecda72021-12-20 16:00:50.424root 11241100x8000000000000000775368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d54a1fabad26a02021-12-20 16:00:50.425root 11241100x8000000000000000775369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c3a3f8e4f9e9bc2021-12-20 16:00:50.425root 11241100x8000000000000000775370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1ca09d79c009092021-12-20 16:00:50.425root 11241100x8000000000000000775371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d262947f3b85cfc2021-12-20 16:00:50.425root 11241100x8000000000000000775372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a8128809be20042021-12-20 16:00:50.425root 11241100x8000000000000000775373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30747c00e1dff14a2021-12-20 16:00:50.425root 11241100x8000000000000000775374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ea47c0b04738d02021-12-20 16:00:50.425root 11241100x8000000000000000775375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2277b5cc96181a2021-12-20 16:00:50.425root 11241100x8000000000000000775376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549fcd64320e47592021-12-20 16:00:50.425root 11241100x8000000000000000775377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4350b0ee0c594e42021-12-20 16:00:50.425root 11241100x8000000000000000775378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8245f8494e73eca82021-12-20 16:00:50.924root 11241100x8000000000000000775379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d5b820d52653702021-12-20 16:00:50.924root 11241100x8000000000000000775380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d6493e3f1e74712021-12-20 16:00:50.924root 11241100x8000000000000000775381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f365a93be508c822021-12-20 16:00:50.924root 11241100x8000000000000000775382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19937b6af905a442021-12-20 16:00:50.924root 11241100x8000000000000000775383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570d331bedb703342021-12-20 16:00:50.924root 11241100x8000000000000000775384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c27fd0a221e9062021-12-20 16:00:50.924root 11241100x8000000000000000775385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc0b2f9af15d5f52021-12-20 16:00:50.924root 11241100x8000000000000000775386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6462c2c4301de2f12021-12-20 16:00:50.925root 11241100x8000000000000000775387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de4d2f3559a89222021-12-20 16:00:50.925root 11241100x8000000000000000775388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e347915361f18b2021-12-20 16:00:50.925root 11241100x8000000000000000775389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa89067331944fe2021-12-20 16:00:50.925root 11241100x8000000000000000775390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a931eeed0a72d912021-12-20 16:00:50.925root 11241100x8000000000000000775391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cfbf22f823e5c82021-12-20 16:00:50.925root 11241100x8000000000000000775392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89459624950785482021-12-20 16:00:51.424root 11241100x8000000000000000775393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240570b4cbebb5bc2021-12-20 16:00:51.424root 11241100x8000000000000000775394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e3c851fa289a792021-12-20 16:00:51.425root 11241100x8000000000000000775395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314b5fdf58f92ff62021-12-20 16:00:51.425root 11241100x8000000000000000775396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1847b3693027de82021-12-20 16:00:51.425root 11241100x8000000000000000775397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8f75cda91bf3e02021-12-20 16:00:51.425root 11241100x8000000000000000775398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b15a35653f0e412021-12-20 16:00:51.425root 11241100x8000000000000000775399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068251ad3046308c2021-12-20 16:00:51.425root 11241100x8000000000000000775400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc27042a84c85cc02021-12-20 16:00:51.425root 11241100x8000000000000000775401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a532c8ab2273cf2021-12-20 16:00:51.425root 11241100x8000000000000000775402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0325c4fb73333f422021-12-20 16:00:51.425root 11241100x8000000000000000775403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312df14b7007bbe12021-12-20 16:00:51.425root 11241100x8000000000000000775404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed983c6631046792021-12-20 16:00:51.425root 11241100x8000000000000000775405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952770570ed0984f2021-12-20 16:00:51.426root 11241100x8000000000000000775406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54cb883187174ed2021-12-20 16:00:51.924root 11241100x8000000000000000775407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42eb2f7457fd0cc2021-12-20 16:00:51.924root 11241100x8000000000000000775408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0173293321648b42021-12-20 16:00:51.924root 11241100x8000000000000000775409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55def7e124afae42021-12-20 16:00:51.924root 11241100x8000000000000000775410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df912f768563c1dd2021-12-20 16:00:51.924root 11241100x8000000000000000775411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db0af0cf182717c2021-12-20 16:00:51.925root 11241100x8000000000000000775412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89840ab6f0cf9f82021-12-20 16:00:51.925root 11241100x8000000000000000775413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aed7d7f909752052021-12-20 16:00:51.925root 11241100x8000000000000000775414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116961ec17e6b78f2021-12-20 16:00:51.925root 11241100x8000000000000000775415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d89d29e127af9352021-12-20 16:00:51.925root 11241100x8000000000000000775416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61528fbe70ecff3b2021-12-20 16:00:51.925root 11241100x8000000000000000775417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96ada2396d2c3cb2021-12-20 16:00:51.925root 11241100x8000000000000000775418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7483777f37624702021-12-20 16:00:51.925root 11241100x8000000000000000775419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ad63fcfa8290612021-12-20 16:00:51.925root 354300x8000000000000000775420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.220{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51510-false10.0.1.12-8000- 11241100x8000000000000000775421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.221{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8eeb07741a1be82021-12-20 16:00:52.221root 11241100x8000000000000000775422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.221{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7bc737d50f69e52021-12-20 16:00:52.221root 11241100x8000000000000000775423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.221{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cc67d31c113d232021-12-20 16:00:52.221root 11241100x8000000000000000775424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.221{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4722d010d59deb2021-12-20 16:00:52.221root 11241100x8000000000000000775425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.222{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0f52ef7367c6df2021-12-20 16:00:52.222root 11241100x8000000000000000775426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.222{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fc35c4c320b7c52021-12-20 16:00:52.222root 11241100x8000000000000000775427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.222{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e4ca6d260be7562021-12-20 16:00:52.222root 11241100x8000000000000000775428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.222{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f307cb03fc0db1a2021-12-20 16:00:52.222root 11241100x8000000000000000775429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.222{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f59ed2a7d234d052021-12-20 16:00:52.222root 11241100x8000000000000000775430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.222{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a58c4370b0901cc2021-12-20 16:00:52.222root 11241100x8000000000000000775431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.222{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad604ac5f4bb08912021-12-20 16:00:52.222root 11241100x8000000000000000775432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.222{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746ee49e51a222652021-12-20 16:00:52.222root 11241100x8000000000000000775433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.222{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d4364c07c6d0de2021-12-20 16:00:52.222root 11241100x8000000000000000775434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.222{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab5d097765897172021-12-20 16:00:52.222root 11241100x8000000000000000775435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.223{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4525912329367e772021-12-20 16:00:52.223root 11241100x8000000000000000775436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266efdeac6eb5cc22021-12-20 16:00:52.674root 11241100x8000000000000000775437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a38f5d6ca6c49532021-12-20 16:00:52.674root 11241100x8000000000000000775438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2d0bf9fd5fa8902021-12-20 16:00:52.675root 11241100x8000000000000000775439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f399c404480506452021-12-20 16:00:52.675root 11241100x8000000000000000775440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39749e0af42ef7322021-12-20 16:00:52.675root 11241100x8000000000000000775441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5fc6d244cd29382021-12-20 16:00:52.675root 11241100x8000000000000000775442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7472672311a69f52021-12-20 16:00:52.676root 11241100x8000000000000000775443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12180b70d988d4072021-12-20 16:00:52.676root 11241100x8000000000000000775444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160ba6bcab762a6a2021-12-20 16:00:52.676root 11241100x8000000000000000775445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05a6071c50bbe752021-12-20 16:00:52.676root 11241100x8000000000000000775446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aef7f939302c9342021-12-20 16:00:52.676root 11241100x8000000000000000775447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d631165da442ad32021-12-20 16:00:52.677root 11241100x8000000000000000775448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e9f20e0b30d6f52021-12-20 16:00:52.677root 11241100x8000000000000000775449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a4af7d3ed22522021-12-20 16:00:52.677root 11241100x8000000000000000775450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f4c13206024f012021-12-20 16:00:52.677root 11241100x8000000000000000775451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a22074bbfc6479d2021-12-20 16:00:53.174root 11241100x8000000000000000775452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8281a8d552b4c082021-12-20 16:00:53.174root 11241100x8000000000000000775453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82df6c58d0fbe262021-12-20 16:00:53.175root 11241100x8000000000000000775454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d66c48e597e7702021-12-20 16:00:53.175root 11241100x8000000000000000775455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c0d764859091af2021-12-20 16:00:53.175root 11241100x8000000000000000775456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af4694bd21e2bed2021-12-20 16:00:53.175root 11241100x8000000000000000775457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c93f31bbdef46b2021-12-20 16:00:53.176root 11241100x8000000000000000775458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d471c9e7210956c2021-12-20 16:00:53.176root 11241100x8000000000000000775459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4020292e67c27c2021-12-20 16:00:53.176root 11241100x8000000000000000775460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee70dafca996c9cf2021-12-20 16:00:53.176root 11241100x8000000000000000775461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3710aeb909d020602021-12-20 16:00:53.176root 11241100x8000000000000000775462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77b812fdc48e45c2021-12-20 16:00:53.176root 11241100x8000000000000000775463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8b2d461588d0972021-12-20 16:00:53.176root 11241100x8000000000000000775464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37333a2c3bddb522021-12-20 16:00:53.176root 11241100x8000000000000000775465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48fcf88507881702021-12-20 16:00:53.177root 11241100x8000000000000000775466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afacf7ef48ea55e42021-12-20 16:00:53.674root 11241100x8000000000000000775467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96754b0ae082ce72021-12-20 16:00:53.674root 11241100x8000000000000000775468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0320f088f25e1a2021-12-20 16:00:53.675root 11241100x8000000000000000775469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d320e13803e2f02021-12-20 16:00:53.675root 11241100x8000000000000000775470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9bd3135407d2152021-12-20 16:00:53.675root 11241100x8000000000000000775471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19013f75eb9022af2021-12-20 16:00:53.675root 11241100x8000000000000000775472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c362420af4212372021-12-20 16:00:53.675root 11241100x8000000000000000775473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7d5f012f9c129e2021-12-20 16:00:53.675root 11241100x8000000000000000775474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661d17afbd1b85792021-12-20 16:00:53.675root 11241100x8000000000000000775475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871946d42ee9e7a92021-12-20 16:00:53.675root 11241100x8000000000000000775476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4de2e1a1bbdaeb2021-12-20 16:00:53.676root 11241100x8000000000000000775477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ceea0a6c1d870f12021-12-20 16:00:53.676root 11241100x8000000000000000775478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39ea5bd7dc13b9a2021-12-20 16:00:53.676root 11241100x8000000000000000775479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2844293c887e6e2021-12-20 16:00:53.676root 11241100x8000000000000000775480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532565af54ed94982021-12-20 16:00:53.676root 11241100x8000000000000000775481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2729a4042bbfd22021-12-20 16:00:54.174root 11241100x8000000000000000775482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cc08069af64d2c2021-12-20 16:00:54.174root 11241100x8000000000000000775483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6109e67de304eea32021-12-20 16:00:54.175root 11241100x8000000000000000775484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc045b27cded0ecb2021-12-20 16:00:54.175root 11241100x8000000000000000775485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2b93c3ee7504d92021-12-20 16:00:54.175root 11241100x8000000000000000775486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a2a24783f4b4e52021-12-20 16:00:54.175root 11241100x8000000000000000775487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2c2bd87d4a7aec2021-12-20 16:00:54.175root 11241100x8000000000000000775488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c30ad747f0e1442021-12-20 16:00:54.175root 11241100x8000000000000000775489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f04febc1cec5e1f2021-12-20 16:00:54.176root 11241100x8000000000000000775490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e45502ea1956d42021-12-20 16:00:54.176root 11241100x8000000000000000775491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d317b9d8ed4ae32021-12-20 16:00:54.176root 11241100x8000000000000000775492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aff10a1508690102021-12-20 16:00:54.176root 11241100x8000000000000000775493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6357cc142c738b62021-12-20 16:00:54.176root 11241100x8000000000000000775494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d86e9c5efff7632021-12-20 16:00:54.177root 11241100x8000000000000000775495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d020e22472577892021-12-20 16:00:54.177root 11241100x8000000000000000775496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d983109764239b2021-12-20 16:00:54.674root 11241100x8000000000000000775497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe4513c1761ccad2021-12-20 16:00:54.674root 11241100x8000000000000000775498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50a63d394abb5142021-12-20 16:00:54.674root 11241100x8000000000000000775499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46254d55e85e8bae2021-12-20 16:00:54.675root 11241100x8000000000000000775500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc9c187b85d8e412021-12-20 16:00:54.675root 11241100x8000000000000000775501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c01d7c89ed7dd022021-12-20 16:00:54.675root 11241100x8000000000000000775502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5224bef0bf330d42021-12-20 16:00:54.675root 11241100x8000000000000000775503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227204c7d69e04162021-12-20 16:00:54.675root 11241100x8000000000000000775504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a03d0102f8d68272021-12-20 16:00:54.675root 11241100x8000000000000000775505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a81ef24bde2ed682021-12-20 16:00:54.675root 11241100x8000000000000000775506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bda400c5bfcb922021-12-20 16:00:54.675root 11241100x8000000000000000775507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868babb1844fa45c2021-12-20 16:00:54.675root 11241100x8000000000000000775508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8824930c27a3b62021-12-20 16:00:54.676root 11241100x8000000000000000775509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5428c85fa20de4e2021-12-20 16:00:54.676root 11241100x8000000000000000775510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e473b2bdd55da1442021-12-20 16:00:54.676root 11241100x8000000000000000775511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875c39a9bb37f02a2021-12-20 16:00:55.174root 11241100x8000000000000000775512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b51c647a418cb22021-12-20 16:00:55.174root 11241100x8000000000000000775513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52f3981dd7118e02021-12-20 16:00:55.175root 11241100x8000000000000000775514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5658c9b27785c4522021-12-20 16:00:55.175root 11241100x8000000000000000775515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dcc54475f0c8492021-12-20 16:00:55.175root 11241100x8000000000000000775516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fac7519ecb2213a2021-12-20 16:00:55.175root 11241100x8000000000000000775517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c7ae22eabe28702021-12-20 16:00:55.175root 11241100x8000000000000000775518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8319e5c69f29a4b42021-12-20 16:00:55.175root 11241100x8000000000000000775519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cf4d5a101fd78d2021-12-20 16:00:55.175root 11241100x8000000000000000775520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23d690f18a91f892021-12-20 16:00:55.175root 11241100x8000000000000000775521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794519ddfc8e6ffb2021-12-20 16:00:55.175root 11241100x8000000000000000775522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4d37139c484e612021-12-20 16:00:55.176root 11241100x8000000000000000775523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293361236b6206d32021-12-20 16:00:55.176root 11241100x8000000000000000775524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ee305727d4a2162021-12-20 16:00:55.176root 11241100x8000000000000000775525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebbf332e535b0622021-12-20 16:00:55.176root 11241100x8000000000000000775526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a637c034fafb1602021-12-20 16:00:55.674root 11241100x8000000000000000775527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9510e36c72ddc5cf2021-12-20 16:00:55.674root 11241100x8000000000000000775528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242cba55e72f45172021-12-20 16:00:55.674root 11241100x8000000000000000775529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d762b222a3f6bc2021-12-20 16:00:55.675root 11241100x8000000000000000775530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5358342c2e5588032021-12-20 16:00:55.675root 11241100x8000000000000000775531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa6d47fcbff9c1d2021-12-20 16:00:55.675root 11241100x8000000000000000775532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72777f28964a4492021-12-20 16:00:55.675root 11241100x8000000000000000775533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0823c7c5640b152021-12-20 16:00:55.675root 11241100x8000000000000000775534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5445e646a072705d2021-12-20 16:00:55.675root 11241100x8000000000000000775535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6164f082327ab92021-12-20 16:00:55.676root 11241100x8000000000000000775536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b1edb94c3aff922021-12-20 16:00:55.676root 11241100x8000000000000000775537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a044e3dd440de1d2021-12-20 16:00:55.676root 11241100x8000000000000000775538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8201f48cd8c2182021-12-20 16:00:55.676root 11241100x8000000000000000775539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9872e48440221912021-12-20 16:00:55.676root 11241100x8000000000000000775540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558adf69f9944e572021-12-20 16:00:55.676root 11241100x8000000000000000775541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a006e8d0ce2a27522021-12-20 16:00:56.174root 11241100x8000000000000000775542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9b7b8b66fc30552021-12-20 16:00:56.174root 11241100x8000000000000000775543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290d95f5c700f23c2021-12-20 16:00:56.174root 11241100x8000000000000000775544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcf8f398a3121c92021-12-20 16:00:56.174root 11241100x8000000000000000775545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af603ead53c53d3f2021-12-20 16:00:56.175root 11241100x8000000000000000775546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c2066a574873482021-12-20 16:00:56.175root 11241100x8000000000000000775547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4549dd72dfc431972021-12-20 16:00:56.175root 11241100x8000000000000000775548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d71d4f240c58d12021-12-20 16:00:56.175root 11241100x8000000000000000775549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff00bc6420651442021-12-20 16:00:56.175root 11241100x8000000000000000775550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633333ea7fe5722b2021-12-20 16:00:56.175root 11241100x8000000000000000775551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df219a4c9232ed52021-12-20 16:00:56.175root 11241100x8000000000000000775552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8dd2f092f6315e2021-12-20 16:00:56.176root 11241100x8000000000000000775553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290bc8ed555cf8c72021-12-20 16:00:56.176root 11241100x8000000000000000775554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b6c8a415fc36f62021-12-20 16:00:56.176root 11241100x8000000000000000775555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7bc27901fdb9e92021-12-20 16:00:56.176root 11241100x8000000000000000775556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab66e4bf770e17e32021-12-20 16:00:56.674root 11241100x8000000000000000775557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b852f3c75a643b8a2021-12-20 16:00:56.674root 11241100x8000000000000000775558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee9786315b9cb902021-12-20 16:00:56.675root 11241100x8000000000000000775559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5d946ce35928522021-12-20 16:00:56.675root 11241100x8000000000000000775560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3abe6bd8e9ef252021-12-20 16:00:56.675root 11241100x8000000000000000775561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d07b6185f226a92021-12-20 16:00:56.676root 11241100x8000000000000000775562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d987ab7e082970d2021-12-20 16:00:56.676root 11241100x8000000000000000775563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9a327b0f5a97932021-12-20 16:00:56.676root 11241100x8000000000000000775564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dd5643a7933d9e2021-12-20 16:00:56.676root 11241100x8000000000000000775565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3ac8b8ae765f782021-12-20 16:00:56.676root 11241100x8000000000000000775566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7994c4f2d373c32021-12-20 16:00:56.676root 11241100x8000000000000000775567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be728a631c2c07a12021-12-20 16:00:56.676root 11241100x8000000000000000775568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e218d2307679ef2021-12-20 16:00:56.677root 11241100x8000000000000000775569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046208f09c56d89a2021-12-20 16:00:56.677root 11241100x8000000000000000775570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd79294d47e369d2021-12-20 16:00:56.677root 11241100x8000000000000000775571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41190107ec14dbd22021-12-20 16:00:57.174root 11241100x8000000000000000775572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f6773fe45bef562021-12-20 16:00:57.174root 11241100x8000000000000000775573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074b98b22f5bb8bb2021-12-20 16:00:57.174root 11241100x8000000000000000775574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b5e2a20cf72cf12021-12-20 16:00:57.174root 11241100x8000000000000000775575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2f5e50496522622021-12-20 16:00:57.175root 11241100x8000000000000000775576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d112910d5be65c622021-12-20 16:00:57.175root 11241100x8000000000000000775577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b666778ffa683b9a2021-12-20 16:00:57.175root 11241100x8000000000000000775578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8a44c78c12d62f2021-12-20 16:00:57.175root 11241100x8000000000000000775579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8958446240b811702021-12-20 16:00:57.175root 11241100x8000000000000000775580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bf3ae83e8455762021-12-20 16:00:57.175root 11241100x8000000000000000775581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fc49531a7ed50b2021-12-20 16:00:57.175root 11241100x8000000000000000775582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28153c191098c2c2021-12-20 16:00:57.175root 11241100x8000000000000000775583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fdfca561465e272021-12-20 16:00:57.175root 11241100x8000000000000000775584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10ffc20f671ded22021-12-20 16:00:57.175root 11241100x8000000000000000775585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c572070d4048cf72021-12-20 16:00:57.175root 354300x8000000000000000775586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.233{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51512-false10.0.1.12-8000- 11241100x8000000000000000775587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551cf75fd6b16ca02021-12-20 16:00:57.674root 11241100x8000000000000000775588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebe6306e09623282021-12-20 16:00:57.674root 11241100x8000000000000000775589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb22448c16c32f72021-12-20 16:00:57.674root 11241100x8000000000000000775590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6895e2a67ce62d012021-12-20 16:00:57.674root 11241100x8000000000000000775591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6613261f11b71b7e2021-12-20 16:00:57.675root 11241100x8000000000000000775592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748df7cf15ad9fc02021-12-20 16:00:57.675root 11241100x8000000000000000775593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee5cc897665a5332021-12-20 16:00:57.675root 11241100x8000000000000000775594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93407ab8de89e76c2021-12-20 16:00:57.675root 11241100x8000000000000000775595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244c05b50602589b2021-12-20 16:00:57.675root 11241100x8000000000000000775596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d3fe633d714d062021-12-20 16:00:57.675root 11241100x8000000000000000775597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e97c789aee9e382021-12-20 16:00:57.675root 11241100x8000000000000000775598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1ccdd5e1bc06be2021-12-20 16:00:57.675root 11241100x8000000000000000775599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fdaeac7905a20b2021-12-20 16:00:57.675root 11241100x8000000000000000775600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d6d9748b0f610f2021-12-20 16:00:57.675root 11241100x8000000000000000775601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e967339c011a1e752021-12-20 16:00:57.675root 11241100x8000000000000000775602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f715d7540c1d4b32021-12-20 16:00:57.675root 11241100x8000000000000000775603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea01a6ca56d694132021-12-20 16:00:58.175root 11241100x8000000000000000775604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5182de994d92068e2021-12-20 16:00:58.175root 11241100x8000000000000000775605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4307c924e375247c2021-12-20 16:00:58.175root 11241100x8000000000000000775606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f3535b17232eaf2021-12-20 16:00:58.175root 11241100x8000000000000000775607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157dae67c2b4ecd62021-12-20 16:00:58.175root 11241100x8000000000000000775608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abc8a3eaf69446a2021-12-20 16:00:58.176root 11241100x8000000000000000775609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e26af3378c9257c2021-12-20 16:00:58.176root 11241100x8000000000000000775610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67156b975d3489c32021-12-20 16:00:58.176root 11241100x8000000000000000775611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbb8355b61271d62021-12-20 16:00:58.176root 11241100x8000000000000000775612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e696a71b0b51522021-12-20 16:00:58.177root 11241100x8000000000000000775613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1d5a45628e7cc12021-12-20 16:00:58.177root 11241100x8000000000000000775614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa129a0399ca70092021-12-20 16:00:58.177root 11241100x8000000000000000775615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814e8a5226389dc12021-12-20 16:00:58.178root 11241100x8000000000000000775616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097cc1d6eeeeabd92021-12-20 16:00:58.178root 11241100x8000000000000000775617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314d30a1dcc5615a2021-12-20 16:00:58.179root 11241100x8000000000000000775618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04328e68c7a6855c2021-12-20 16:00:58.179root 11241100x8000000000000000775619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc795d1639db8a72021-12-20 16:00:58.674root 11241100x8000000000000000775620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38ab48d7ffdb4752021-12-20 16:00:58.674root 11241100x8000000000000000775621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e270b574453360942021-12-20 16:00:58.675root 11241100x8000000000000000775622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2907f91f9b34ff992021-12-20 16:00:58.675root 11241100x8000000000000000775623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b525c8416661d02021-12-20 16:00:58.675root 11241100x8000000000000000775624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cfd3ab3d4dad3f2021-12-20 16:00:58.675root 11241100x8000000000000000775625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0cad04757accdf2021-12-20 16:00:58.675root 11241100x8000000000000000775626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce64286766ac1c52021-12-20 16:00:58.675root 11241100x8000000000000000775627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649bd1c52577d00b2021-12-20 16:00:58.676root 11241100x8000000000000000775628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82770213d389a1692021-12-20 16:00:58.676root 11241100x8000000000000000775629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80aa4899a026032d2021-12-20 16:00:58.676root 11241100x8000000000000000775630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091bdb5314473f2a2021-12-20 16:00:58.676root 11241100x8000000000000000775631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eef23bedb4789dc2021-12-20 16:00:58.676root 11241100x8000000000000000775632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5538b993faf4caa22021-12-20 16:00:58.676root 11241100x8000000000000000775633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2193c44096be2fb72021-12-20 16:00:58.676root 11241100x8000000000000000775634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c68d2f0867123e2021-12-20 16:00:58.676root 11241100x8000000000000000775635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6e8a9ebdd964bb2021-12-20 16:00:59.174root 11241100x8000000000000000775636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1df07ba29dd69b2021-12-20 16:00:59.174root 11241100x8000000000000000775637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61e0af3677487ed2021-12-20 16:00:59.174root 11241100x8000000000000000775638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150dac42f79313cc2021-12-20 16:00:59.175root 11241100x8000000000000000775639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4f5d843721a4342021-12-20 16:00:59.175root 11241100x8000000000000000775640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f50d2ad67105c72021-12-20 16:00:59.175root 11241100x8000000000000000775641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55207b46c28ba6852021-12-20 16:00:59.175root 11241100x8000000000000000775642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916002999bf9a1a22021-12-20 16:00:59.175root 11241100x8000000000000000775643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad1033f5319a0162021-12-20 16:00:59.175root 11241100x8000000000000000775644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32181871f5c0f5f22021-12-20 16:00:59.175root 11241100x8000000000000000775645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd54ab201638d6922021-12-20 16:00:59.175root 11241100x8000000000000000775646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38163ec1980d76cb2021-12-20 16:00:59.175root 11241100x8000000000000000775647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5aa1822275b3232021-12-20 16:00:59.176root 11241100x8000000000000000775648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d5378a28e681b2021-12-20 16:00:59.176root 11241100x8000000000000000775649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af573b19de98bee82021-12-20 16:00:59.176root 11241100x8000000000000000775650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4694707b16f76e942021-12-20 16:00:59.176root 11241100x8000000000000000775651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ad67127f6cbf932021-12-20 16:00:59.674root 11241100x8000000000000000775652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a098b215f9a03722021-12-20 16:00:59.674root 11241100x8000000000000000775653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eb664e16b908ef2021-12-20 16:00:59.674root 11241100x8000000000000000775654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c13ae71d75d4152021-12-20 16:00:59.675root 11241100x8000000000000000775655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd0202966265a972021-12-20 16:00:59.675root 11241100x8000000000000000775656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b81411174249f12021-12-20 16:00:59.675root 11241100x8000000000000000775657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fa9c671fd63df82021-12-20 16:00:59.675root 11241100x8000000000000000775658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c174208bb61f0922021-12-20 16:00:59.675root 11241100x8000000000000000775659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c85fe519bb88a292021-12-20 16:00:59.675root 11241100x8000000000000000775660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6511410291a8252021-12-20 16:00:59.675root 11241100x8000000000000000775661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2eb9af5c3071512021-12-20 16:00:59.675root 11241100x8000000000000000775662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b2f82d2811e4902021-12-20 16:00:59.675root 11241100x8000000000000000775663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1755e22b0989ddd2021-12-20 16:00:59.675root 11241100x8000000000000000775664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16ddccf28305df02021-12-20 16:00:59.676root 11241100x8000000000000000775665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8316cd1697f454a22021-12-20 16:00:59.676root 11241100x8000000000000000775666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:00:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d68a19c3a8b3e32021-12-20 16:00:59.676root 11241100x8000000000000000775667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd878ac390426992021-12-20 16:01:00.174root 11241100x8000000000000000775668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a74476383e02212021-12-20 16:01:00.174root 11241100x8000000000000000775669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5d32fd791127032021-12-20 16:01:00.174root 11241100x8000000000000000775670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7af6628e6626e52021-12-20 16:01:00.174root 11241100x8000000000000000775671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fede787eee80202021-12-20 16:01:00.174root 11241100x8000000000000000775672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75b188e678832982021-12-20 16:01:00.174root 11241100x8000000000000000775673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da5916b13cfa5002021-12-20 16:01:00.174root 11241100x8000000000000000775674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7d5f44fbfb3e832021-12-20 16:01:00.174root 11241100x8000000000000000775675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76151ead1a75989e2021-12-20 16:01:00.175root 11241100x8000000000000000775676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a9bd42bccc4b6a2021-12-20 16:01:00.175root 11241100x8000000000000000775677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76814189edfd77732021-12-20 16:01:00.175root 11241100x8000000000000000775678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32087500a70b72ba2021-12-20 16:01:00.175root 11241100x8000000000000000775679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf337ed2b8102af32021-12-20 16:01:00.175root 11241100x8000000000000000775680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3216edf109946db2021-12-20 16:01:00.175root 11241100x8000000000000000775681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc11520d3198b122021-12-20 16:01:00.175root 11241100x8000000000000000775682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f63487e32d3f112021-12-20 16:01:00.176root 11241100x8000000000000000775683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19094d1763602c02021-12-20 16:01:00.674root 11241100x8000000000000000775684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0d14f8b16d75672021-12-20 16:01:00.674root 11241100x8000000000000000775685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6cd091b683ef832021-12-20 16:01:00.674root 11241100x8000000000000000775686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0083ca12596f7eaa2021-12-20 16:01:00.674root 11241100x8000000000000000775687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c1c983de8ec5ec2021-12-20 16:01:00.675root 11241100x8000000000000000775688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e54f20472862772021-12-20 16:01:00.675root 11241100x8000000000000000775689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a655e24f59df1d2021-12-20 16:01:00.675root 11241100x8000000000000000775690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bda2b9dd7986b42021-12-20 16:01:00.675root 11241100x8000000000000000775691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85f20ecb2334bb12021-12-20 16:01:00.675root 11241100x8000000000000000775692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c02b088e7bd1842021-12-20 16:01:00.675root 11241100x8000000000000000775693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fd504f16e6361b2021-12-20 16:01:00.675root 11241100x8000000000000000775694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebcb0ba8832103a2021-12-20 16:01:00.675root 11241100x8000000000000000775695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3810350680c9828e2021-12-20 16:01:00.675root 11241100x8000000000000000775696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e55eac20b04ec6c2021-12-20 16:01:00.675root 11241100x8000000000000000775697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb452288ac0c585f2021-12-20 16:01:00.675root 11241100x8000000000000000775698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1836bdbd716805d32021-12-20 16:01:00.675root 11241100x8000000000000000775699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f1d90116d4ecc72021-12-20 16:01:01.174root 11241100x8000000000000000775700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ecd567b70453182021-12-20 16:01:01.175root 11241100x8000000000000000775701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfb7553821c8fa22021-12-20 16:01:01.175root 11241100x8000000000000000775702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb455a02121cac72021-12-20 16:01:01.175root 11241100x8000000000000000775703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dead03b4ac7bd222021-12-20 16:01:01.175root 11241100x8000000000000000775704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaf7b71a5bc01cd2021-12-20 16:01:01.175root 11241100x8000000000000000775705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ab9d957e8ff2e42021-12-20 16:01:01.175root 11241100x8000000000000000775706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd43487f6fdcf432021-12-20 16:01:01.175root 11241100x8000000000000000775707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a04ca36d34d56e2021-12-20 16:01:01.176root 11241100x8000000000000000775708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fab0adfb6c5c30f2021-12-20 16:01:01.176root 11241100x8000000000000000775709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166b5ef0eaaf1b4b2021-12-20 16:01:01.176root 11241100x8000000000000000775710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a0c3dec9340c192021-12-20 16:01:01.176root 11241100x8000000000000000775711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da1bd52b698b6422021-12-20 16:01:01.176root 11241100x8000000000000000775712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ddfe7f92129fe92021-12-20 16:01:01.176root 11241100x8000000000000000775713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b7ad30c01e1cef2021-12-20 16:01:01.176root 11241100x8000000000000000775714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3849e41fc1911352021-12-20 16:01:01.176root 11241100x8000000000000000775715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8745d37d5760072021-12-20 16:01:01.674root 11241100x8000000000000000775716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da713c18b58400802021-12-20 16:01:01.675root 11241100x8000000000000000775717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc973f9ff79f263a2021-12-20 16:01:01.675root 11241100x8000000000000000775718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cceb7d40a9518f72021-12-20 16:01:01.675root 11241100x8000000000000000775719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56339f8719e118b2021-12-20 16:01:01.675root 11241100x8000000000000000775720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b569db5f129c41962021-12-20 16:01:01.675root 11241100x8000000000000000775721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d85ba68a898b5282021-12-20 16:01:01.675root 11241100x8000000000000000775722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4935ffbd1fbcf3dc2021-12-20 16:01:01.675root 11241100x8000000000000000775723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61a505ee9b7bd802021-12-20 16:01:01.675root 11241100x8000000000000000775724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556ef10e6fc2670a2021-12-20 16:01:01.675root 11241100x8000000000000000775725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72c81c5d8c612782021-12-20 16:01:01.675root 11241100x8000000000000000775726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572eba08c23a98e22021-12-20 16:01:01.675root 11241100x8000000000000000775727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0921af22e2a9474a2021-12-20 16:01:01.676root 11241100x8000000000000000775728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae1d93d7649fb122021-12-20 16:01:01.676root 11241100x8000000000000000775729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add1e248a718f2932021-12-20 16:01:01.676root 11241100x8000000000000000775730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b0f3770c2af77c2021-12-20 16:01:01.676root 11241100x8000000000000000775731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db98e34fc6e401542021-12-20 16:01:02.174root 11241100x8000000000000000775732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cfc744746d09ae2021-12-20 16:01:02.174root 11241100x8000000000000000775733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f3747f81ba1f3f2021-12-20 16:01:02.175root 11241100x8000000000000000775734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bb12de3110de782021-12-20 16:01:02.175root 11241100x8000000000000000775735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b631bac96a0ed22021-12-20 16:01:02.175root 11241100x8000000000000000775736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356bd43b3c7815da2021-12-20 16:01:02.175root 11241100x8000000000000000775737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676696ac0a8899e12021-12-20 16:01:02.175root 11241100x8000000000000000775738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3142efa874add3712021-12-20 16:01:02.175root 11241100x8000000000000000775739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f1cb73421c33d32021-12-20 16:01:02.175root 11241100x8000000000000000775740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb833d0846ebfd62021-12-20 16:01:02.175root 11241100x8000000000000000775741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f70aa1220bda62b2021-12-20 16:01:02.175root 11241100x8000000000000000775742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7658c82bcb440a242021-12-20 16:01:02.175root 11241100x8000000000000000775743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef958386c5d9f1c2021-12-20 16:01:02.176root 11241100x8000000000000000775744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602bd1800f82612c2021-12-20 16:01:02.176root 11241100x8000000000000000775745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ca4821663f20c72021-12-20 16:01:02.176root 11241100x8000000000000000775746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf5d9bc8637d8462021-12-20 16:01:02.176root 11241100x8000000000000000775747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff5f091fa2599202021-12-20 16:01:02.674root 11241100x8000000000000000775748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1719047f22171032021-12-20 16:01:02.674root 11241100x8000000000000000775749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e90f61b04dcdd12021-12-20 16:01:02.674root 11241100x8000000000000000775750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98edece9450e3b362021-12-20 16:01:02.675root 11241100x8000000000000000775751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53115a0b9a800c692021-12-20 16:01:02.675root 11241100x8000000000000000775752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516a4fb0f0a7d62e2021-12-20 16:01:02.675root 11241100x8000000000000000775753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e786306e5026d62021-12-20 16:01:02.675root 11241100x8000000000000000775754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ad8581298b69662021-12-20 16:01:02.675root 11241100x8000000000000000775755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8daf0dbb73d0322021-12-20 16:01:02.675root 11241100x8000000000000000775756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264fcbe2fedd18b02021-12-20 16:01:02.675root 11241100x8000000000000000775757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074845cc6095c7402021-12-20 16:01:02.675root 11241100x8000000000000000775758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f47b15cc2859662021-12-20 16:01:02.675root 11241100x8000000000000000775759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129bc1b50e5ebf032021-12-20 16:01:02.676root 11241100x8000000000000000775760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42f8f5151a7b4a52021-12-20 16:01:02.676root 11241100x8000000000000000775761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55957f325b6e7f2e2021-12-20 16:01:02.676root 11241100x8000000000000000775762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ec5f7a9de995c2021-12-20 16:01:02.676root 11241100x8000000000000000775763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c324b9596b78d5a22021-12-20 16:01:03.174root 11241100x8000000000000000775764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e70c975f47064ed2021-12-20 16:01:03.175root 11241100x8000000000000000775765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e6d3ca4e94a7b22021-12-20 16:01:03.175root 11241100x8000000000000000775766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7960e45cc0845ebe2021-12-20 16:01:03.175root 11241100x8000000000000000775767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befc81fa3f8fe7b32021-12-20 16:01:03.175root 11241100x8000000000000000775768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07b7fc5ca4bb3d42021-12-20 16:01:03.175root 11241100x8000000000000000775769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3491ea50be3c274e2021-12-20 16:01:03.175root 11241100x8000000000000000775770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01acd92b86a1292b2021-12-20 16:01:03.176root 11241100x8000000000000000775771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e8c966e155d4aa2021-12-20 16:01:03.176root 11241100x8000000000000000775772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4958716ff46242d62021-12-20 16:01:03.176root 11241100x8000000000000000775773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96aa702d7accc542021-12-20 16:01:03.176root 11241100x8000000000000000775774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82c8e207c5caf232021-12-20 16:01:03.176root 11241100x8000000000000000775775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efddbc93712044982021-12-20 16:01:03.176root 11241100x8000000000000000775776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cd30f2b5d1b1702021-12-20 16:01:03.176root 11241100x8000000000000000775777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca7433b5e76942b2021-12-20 16:01:03.176root 11241100x8000000000000000775778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9382ae88c3e58e0b2021-12-20 16:01:03.176root 354300x8000000000000000775779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.216{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51514-false10.0.1.12-8000- 11241100x8000000000000000775780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba025a4ad6e369b2021-12-20 16:01:03.675root 11241100x8000000000000000775781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1213fcebb4a49ee2021-12-20 16:01:03.675root 11241100x8000000000000000775782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdec3b9848afcb122021-12-20 16:01:03.675root 11241100x8000000000000000775783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162d8735480aaf6c2021-12-20 16:01:03.675root 11241100x8000000000000000775784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0eed4ac47dfe4a2021-12-20 16:01:03.676root 11241100x8000000000000000775785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfce62e2c13165442021-12-20 16:01:03.676root 11241100x8000000000000000775786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abc64d2d4caf0b22021-12-20 16:01:03.676root 11241100x8000000000000000775787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7f93553378f7bd2021-12-20 16:01:03.676root 11241100x8000000000000000775788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0e4bdaedffea0a2021-12-20 16:01:03.676root 11241100x8000000000000000775789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b7d5e3671642c82021-12-20 16:01:03.676root 11241100x8000000000000000775790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e879e1b22008e37e2021-12-20 16:01:03.676root 11241100x8000000000000000775791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b14fe2f4a82f4b02021-12-20 16:01:03.676root 11241100x8000000000000000775792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5880a22213937ceb2021-12-20 16:01:03.676root 11241100x8000000000000000775793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7886dc5097ec53672021-12-20 16:01:03.677root 11241100x8000000000000000775794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa7450f1a8316852021-12-20 16:01:03.677root 11241100x8000000000000000775795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f53ab57cf2cf5112021-12-20 16:01:03.677root 11241100x8000000000000000775796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:03.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863276f41fab35462021-12-20 16:01:03.677root 11241100x8000000000000000775797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db6803314f1aa9c2021-12-20 16:01:04.174root 11241100x8000000000000000775798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa279a71935c78b2021-12-20 16:01:04.174root 11241100x8000000000000000775799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66622031df2f1e22021-12-20 16:01:04.174root 11241100x8000000000000000775800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c2a4d0356314522021-12-20 16:01:04.175root 11241100x8000000000000000775801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5a780e6c6dbbe52021-12-20 16:01:04.175root 11241100x8000000000000000775802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c32fee7e6050b52021-12-20 16:01:04.175root 11241100x8000000000000000775803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cde323b4af291942021-12-20 16:01:04.175root 11241100x8000000000000000775804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899205403b3dea4b2021-12-20 16:01:04.175root 11241100x8000000000000000775805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b437850e14a4462021-12-20 16:01:04.175root 11241100x8000000000000000775806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6fdeeabac3b8982021-12-20 16:01:04.175root 11241100x8000000000000000775807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289e79dcc1230c682021-12-20 16:01:04.175root 11241100x8000000000000000775808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93569f9e6193cb282021-12-20 16:01:04.175root 11241100x8000000000000000775809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f6136a9aaa8c832021-12-20 16:01:04.175root 11241100x8000000000000000775810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b391d6f27dfd9062021-12-20 16:01:04.175root 11241100x8000000000000000775811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46577ec8d828ec12021-12-20 16:01:04.175root 11241100x8000000000000000775812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685c79d04301e8b62021-12-20 16:01:04.175root 11241100x8000000000000000775813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf43842a82689e72021-12-20 16:01:04.176root 11241100x8000000000000000775814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea4efe4cab08fde2021-12-20 16:01:04.674root 11241100x8000000000000000775815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355b752549f0340f2021-12-20 16:01:04.675root 11241100x8000000000000000775816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6901b1990455c48c2021-12-20 16:01:04.675root 11241100x8000000000000000775817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49b54afd83641fe2021-12-20 16:01:04.675root 11241100x8000000000000000775818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df93d0ec702511412021-12-20 16:01:04.675root 11241100x8000000000000000775819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acea058320b938f2021-12-20 16:01:04.675root 11241100x8000000000000000775820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c77c5a2849c75f2021-12-20 16:01:04.676root 11241100x8000000000000000775821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3645241e14040d1e2021-12-20 16:01:04.676root 11241100x8000000000000000775822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af61c396f9a092522021-12-20 16:01:04.676root 11241100x8000000000000000775823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dee7386733705602021-12-20 16:01:04.676root 11241100x8000000000000000775824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d82fbb29752c9c2021-12-20 16:01:04.676root 11241100x8000000000000000775825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556e71748b0888612021-12-20 16:01:04.676root 11241100x8000000000000000775826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8899bb687d89c382021-12-20 16:01:04.677root 11241100x8000000000000000775827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cc68f1106b4e112021-12-20 16:01:04.677root 11241100x8000000000000000775828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afadc3a23c6c01cd2021-12-20 16:01:04.681root 11241100x8000000000000000775829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a68df01c5db083c2021-12-20 16:01:04.681root 11241100x8000000000000000775830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:04.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0db5dc47a11ee02021-12-20 16:01:04.681root 11241100x8000000000000000775831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02efd7a0b6c0a6b62021-12-20 16:01:05.174root 11241100x8000000000000000775832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b773fa33737c28d52021-12-20 16:01:05.175root 11241100x8000000000000000775833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9f62460a63ddd12021-12-20 16:01:05.175root 11241100x8000000000000000775834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c816c23cba2af12021-12-20 16:01:05.175root 11241100x8000000000000000775835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348d804aecbb9c172021-12-20 16:01:05.175root 11241100x8000000000000000775836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73e1f26852690122021-12-20 16:01:05.175root 11241100x8000000000000000775837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d080cd3acbad269f2021-12-20 16:01:05.176root 11241100x8000000000000000775838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fb5f4ba4de5a742021-12-20 16:01:05.176root 11241100x8000000000000000775839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dfe6edb569c6962021-12-20 16:01:05.176root 11241100x8000000000000000775840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527d2ec206a40d532021-12-20 16:01:05.176root 11241100x8000000000000000775841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0939a94fece9e072021-12-20 16:01:05.176root 11241100x8000000000000000775842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f03c21fcf6725492021-12-20 16:01:05.176root 11241100x8000000000000000775843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e10c2fae28b2832021-12-20 16:01:05.176root 11241100x8000000000000000775844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aee1e8ee55316e2021-12-20 16:01:05.177root 11241100x8000000000000000775845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2033a3d6338932722021-12-20 16:01:05.177root 11241100x8000000000000000775846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dc1b5a0097e1d42021-12-20 16:01:05.177root 11241100x8000000000000000775847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201e76991a4c1a9f2021-12-20 16:01:05.177root 11241100x8000000000000000775848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7db344d64f8f032021-12-20 16:01:05.674root 11241100x8000000000000000775849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5e7cd146081a232021-12-20 16:01:05.674root 11241100x8000000000000000775850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6be2094983e25ef2021-12-20 16:01:05.674root 11241100x8000000000000000775851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398b6611928940d72021-12-20 16:01:05.675root 11241100x8000000000000000775852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3ed98b74ec8aee2021-12-20 16:01:05.675root 11241100x8000000000000000775853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a438aef30d73fca2021-12-20 16:01:05.675root 11241100x8000000000000000775854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48089c485757e5ce2021-12-20 16:01:05.675root 11241100x8000000000000000775855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dba307d9d3ba8f2021-12-20 16:01:05.675root 11241100x8000000000000000775856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e9298b8097a2e32021-12-20 16:01:05.675root 11241100x8000000000000000775857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfa8beae53470832021-12-20 16:01:05.675root 11241100x8000000000000000775858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ebf670ff3ded512021-12-20 16:01:05.675root 11241100x8000000000000000775859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d588a2ce28a52ff2021-12-20 16:01:05.675root 11241100x8000000000000000775860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f469d2226d400862021-12-20 16:01:05.675root 11241100x8000000000000000775861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c6f1f18a5264812021-12-20 16:01:05.675root 11241100x8000000000000000775862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc01d448e447d7ea2021-12-20 16:01:05.675root 11241100x8000000000000000775863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41a2f8f16c96d9f2021-12-20 16:01:05.675root 11241100x8000000000000000775864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74d87e71b6263f52021-12-20 16:01:05.675root 11241100x8000000000000000775865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.067{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:01:06.067root 11241100x8000000000000000775866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6937a098c0a2cb2021-12-20 16:01:06.069root 11241100x8000000000000000775867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1045fda2fb4aa62021-12-20 16:01:06.070root 11241100x8000000000000000775868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab982206e27ae48e2021-12-20 16:01:06.070root 11241100x8000000000000000775869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9768d276faf7fd8d2021-12-20 16:01:06.071root 11241100x8000000000000000775870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08e9ae64122ecea2021-12-20 16:01:06.071root 11241100x8000000000000000775871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c35667839bcee82021-12-20 16:01:06.072root 11241100x8000000000000000775872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149b229528aebc502021-12-20 16:01:06.072root 11241100x8000000000000000775873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3162f5cc54cfd68e2021-12-20 16:01:06.072root 11241100x8000000000000000775874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3075e283de78725b2021-12-20 16:01:06.072root 11241100x8000000000000000775875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9376972fa6e3fa62021-12-20 16:01:06.072root 11241100x8000000000000000775876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12594d64f1e48d62021-12-20 16:01:06.072root 11241100x8000000000000000775877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d697306e0c60c62021-12-20 16:01:06.072root 11241100x8000000000000000775878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8229f3dd7e99d02021-12-20 16:01:06.072root 11241100x8000000000000000775879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5056a03c7e004adb2021-12-20 16:01:06.072root 11241100x8000000000000000775880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75270a8c47fea562021-12-20 16:01:06.072root 11241100x8000000000000000775881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbe20029b53e40b2021-12-20 16:01:06.072root 11241100x8000000000000000775882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9617bf0b2aa5cecd2021-12-20 16:01:06.072root 11241100x8000000000000000775883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b0afb2b73d28e82021-12-20 16:01:06.072root 11241100x8000000000000000775884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f582626b5374470b2021-12-20 16:01:06.424root 11241100x8000000000000000775885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e8c05564920b122021-12-20 16:01:06.424root 11241100x8000000000000000775886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989a83e1a364fb192021-12-20 16:01:06.424root 11241100x8000000000000000775887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5186963dbaee9202021-12-20 16:01:06.424root 11241100x8000000000000000775888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86cd3412748c3b12021-12-20 16:01:06.425root 11241100x8000000000000000775889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f10afbcd1b9667b2021-12-20 16:01:06.425root 11241100x8000000000000000775890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ebb067b9fb68402021-12-20 16:01:06.426root 11241100x8000000000000000775891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2faaa33dfebeda5d2021-12-20 16:01:06.427root 11241100x8000000000000000775892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57da7c3d8be060cc2021-12-20 16:01:06.427root 11241100x8000000000000000775893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8117200cf148a1ad2021-12-20 16:01:06.427root 11241100x8000000000000000775894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f923c3b4bcd8bc82021-12-20 16:01:06.428root 11241100x8000000000000000775895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d0497e72c07cf32021-12-20 16:01:06.428root 11241100x8000000000000000775896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0b9cc861b1ee232021-12-20 16:01:06.428root 11241100x8000000000000000775897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3d4a6df6d40e572021-12-20 16:01:06.428root 11241100x8000000000000000775898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a23534f79cd60d2021-12-20 16:01:06.429root 11241100x8000000000000000775899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8dd8353a10bee82021-12-20 16:01:06.429root 11241100x8000000000000000775900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58b5ad8a7b81b452021-12-20 16:01:06.429root 11241100x8000000000000000775901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4001a5335d0a2e02021-12-20 16:01:06.429root 11241100x8000000000000000775902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95472eb635f66a182021-12-20 16:01:06.429root 11241100x8000000000000000775903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21121e761f30d5a12021-12-20 16:01:06.430root 11241100x8000000000000000775904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615f3cf7aada83a62021-12-20 16:01:06.430root 11241100x8000000000000000775905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d33f0b70a5a3762021-12-20 16:01:06.430root 11241100x8000000000000000775906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8cb65cdf6553622021-12-20 16:01:06.430root 11241100x8000000000000000775907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59a4d166073b7192021-12-20 16:01:06.924root 11241100x8000000000000000775908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d2f9b826d4191f2021-12-20 16:01:06.924root 11241100x8000000000000000775909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd1b90453458d052021-12-20 16:01:06.925root 11241100x8000000000000000775910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e148781a09aaf40b2021-12-20 16:01:06.925root 11241100x8000000000000000775911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75abe4b5c36c20e2021-12-20 16:01:06.925root 11241100x8000000000000000775912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99df2428dcab8acb2021-12-20 16:01:06.925root 11241100x8000000000000000775913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc693d543e3f74db2021-12-20 16:01:06.925root 11241100x8000000000000000775914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd42cc7b49d9b1fc2021-12-20 16:01:06.925root 11241100x8000000000000000775915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c8828137805c1b2021-12-20 16:01:06.925root 11241100x8000000000000000775916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29a341ed533b65d2021-12-20 16:01:06.925root 11241100x8000000000000000775917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ce121a07c21fa42021-12-20 16:01:06.925root 11241100x8000000000000000775918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f544e581398dfc0b2021-12-20 16:01:06.925root 11241100x8000000000000000775919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dd96b032c126592021-12-20 16:01:06.926root 11241100x8000000000000000775920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c5e265af4e3fdb2021-12-20 16:01:06.926root 11241100x8000000000000000775921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381c9798513db64b2021-12-20 16:01:06.926root 11241100x8000000000000000775922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e548b8d4d2c29752021-12-20 16:01:06.926root 11241100x8000000000000000775923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac96bdcb3df0d982021-12-20 16:01:06.926root 11241100x8000000000000000775924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd191655673c6eaa2021-12-20 16:01:06.926root 11241100x8000000000000000775925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73bdae7b27dadbb2021-12-20 16:01:07.424root 11241100x8000000000000000775926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886134c9849b253e2021-12-20 16:01:07.424root 11241100x8000000000000000775927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e691815601b2eee62021-12-20 16:01:07.425root 11241100x8000000000000000775928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6398a7065a8bae672021-12-20 16:01:07.425root 11241100x8000000000000000775929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6d2d217a45c1ec2021-12-20 16:01:07.425root 11241100x8000000000000000775930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4283dfa49f59e0532021-12-20 16:01:07.425root 11241100x8000000000000000775931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e5795e9b8241a52021-12-20 16:01:07.425root 11241100x8000000000000000775932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12eed00e40430992021-12-20 16:01:07.425root 11241100x8000000000000000775933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380add4d3be92dc22021-12-20 16:01:07.425root 11241100x8000000000000000775934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ce4ce63042f8aa2021-12-20 16:01:07.425root 11241100x8000000000000000775935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3cd8efd704d5372021-12-20 16:01:07.425root 11241100x8000000000000000775936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b958e482f989c3e2021-12-20 16:01:07.425root 11241100x8000000000000000775937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad7baeacb825a152021-12-20 16:01:07.426root 11241100x8000000000000000775938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36111390910765de2021-12-20 16:01:07.426root 11241100x8000000000000000775939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7d3d41b88372882021-12-20 16:01:07.426root 11241100x8000000000000000775940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c14de55d1e7ebb2021-12-20 16:01:07.426root 11241100x8000000000000000775941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b1785f39af08232021-12-20 16:01:07.427root 11241100x8000000000000000775942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186cdd772b3cc2192021-12-20 16:01:07.427root 11241100x8000000000000000775943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d19b9c4cfbdf9da2021-12-20 16:01:07.924root 11241100x8000000000000000775944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427baf002d99c62e2021-12-20 16:01:07.924root 11241100x8000000000000000775945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9628e726ea3537d2021-12-20 16:01:07.924root 11241100x8000000000000000775946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b2fe3fc024c2772021-12-20 16:01:07.925root 11241100x8000000000000000775947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7662d300ccb9e9a2021-12-20 16:01:07.925root 11241100x8000000000000000775948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33cd444afb42c832021-12-20 16:01:07.925root 11241100x8000000000000000775949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b8f1f714f0dc702021-12-20 16:01:07.925root 11241100x8000000000000000775950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b6ccf6540812082021-12-20 16:01:07.925root 11241100x8000000000000000775951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85ab5d7056933462021-12-20 16:01:07.925root 11241100x8000000000000000775952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747f4da9d8deed4b2021-12-20 16:01:07.925root 11241100x8000000000000000775953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb14364e0291eb22021-12-20 16:01:07.925root 11241100x8000000000000000775954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbbce55bf9cf3b02021-12-20 16:01:07.925root 11241100x8000000000000000775955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452c42601cf040ca2021-12-20 16:01:07.925root 11241100x8000000000000000775956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134ab18043c4298d2021-12-20 16:01:07.926root 11241100x8000000000000000775957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ba26a34ea2a8792021-12-20 16:01:07.926root 11241100x8000000000000000775958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa345032bd401142021-12-20 16:01:07.926root 11241100x8000000000000000775959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92bc54bbf7e8a4a2021-12-20 16:01:07.926root 11241100x8000000000000000775960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1d8be4b15113da2021-12-20 16:01:07.926root 354300x8000000000000000775961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.223{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51516-false10.0.1.12-8000- 11241100x8000000000000000775962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.224{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5d87e2dfd470d12021-12-20 16:01:08.224root 11241100x8000000000000000775963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facf07d5fa7a21c12021-12-20 16:01:08.225root 11241100x8000000000000000775964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e20d77e07e8abae2021-12-20 16:01:08.225root 11241100x8000000000000000775965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32bfc9014fab99a2021-12-20 16:01:08.225root 11241100x8000000000000000775966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.225{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d8f7e3e27c5b332021-12-20 16:01:08.225root 11241100x8000000000000000775967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2e5a3ff2872dc72021-12-20 16:01:08.226root 11241100x8000000000000000775968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546fa4682367a1c12021-12-20 16:01:08.226root 11241100x8000000000000000775969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c706830d9c4f602021-12-20 16:01:08.226root 11241100x8000000000000000775970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a75021d3a618362021-12-20 16:01:08.226root 11241100x8000000000000000775971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6eb82f9c7ef6d82021-12-20 16:01:08.226root 11241100x8000000000000000775972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e435a0c91cbf4ea2021-12-20 16:01:08.226root 11241100x8000000000000000775973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3434847019e35c7d2021-12-20 16:01:08.226root 11241100x8000000000000000775974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d2e1de1d4a79eb2021-12-20 16:01:08.226root 11241100x8000000000000000775975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d33c8dd953acd12021-12-20 16:01:08.226root 11241100x8000000000000000775976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453ec313aa34904c2021-12-20 16:01:08.227root 11241100x8000000000000000775977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42daa179f15f39242021-12-20 16:01:08.227root 11241100x8000000000000000775978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faa4e3318f877c62021-12-20 16:01:08.227root 11241100x8000000000000000775979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b821166008b64a92021-12-20 16:01:08.227root 11241100x8000000000000000775980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3eeee4598504362021-12-20 16:01:08.227root 11241100x8000000000000000775981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f323f70aebccc082021-12-20 16:01:08.674root 11241100x8000000000000000775982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ecb13a6a31f8c52021-12-20 16:01:08.675root 11241100x8000000000000000775983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deee232351f2755a2021-12-20 16:01:08.675root 11241100x8000000000000000775984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051d9379c793eb582021-12-20 16:01:08.676root 11241100x8000000000000000775985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8d6b6867f896c42021-12-20 16:01:08.676root 11241100x8000000000000000775986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4df8a7879218d82021-12-20 16:01:08.676root 11241100x8000000000000000775987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47eb68a218461fb52021-12-20 16:01:08.678root 11241100x8000000000000000775988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93074cab7a55a66b2021-12-20 16:01:08.679root 11241100x8000000000000000775989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdb182a102049f22021-12-20 16:01:08.679root 11241100x8000000000000000775990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6e0df7106fc35a2021-12-20 16:01:08.679root 11241100x8000000000000000775991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44e3d825ae6e9042021-12-20 16:01:08.680root 11241100x8000000000000000775992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69e152962e2a2cf2021-12-20 16:01:08.680root 11241100x8000000000000000775993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f137c3ea698c1332021-12-20 16:01:08.684root 11241100x8000000000000000775994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb68f379fb524162021-12-20 16:01:08.685root 11241100x8000000000000000775995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97902a28eef96dd42021-12-20 16:01:08.685root 11241100x8000000000000000775996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b219573bcea1d632021-12-20 16:01:08.685root 11241100x8000000000000000775997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a26077d463968ea2021-12-20 16:01:08.685root 11241100x8000000000000000775998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f21f817b64cebe2021-12-20 16:01:08.685root 11241100x8000000000000000775999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:08.685{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fc69a86da16b272021-12-20 16:01:08.685root 23542300x8000000000000000776000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000776001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9786ef55e0100e752021-12-20 16:01:09.070root 11241100x8000000000000000776002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf5d5f2ec90b3162021-12-20 16:01:09.070root 11241100x8000000000000000776003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2708808c7910385b2021-12-20 16:01:09.070root 11241100x8000000000000000776004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc019948f59ae15b2021-12-20 16:01:09.070root 11241100x8000000000000000776005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180850be5cf25a5c2021-12-20 16:01:09.070root 11241100x8000000000000000776006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c98fdcffbcbf1532021-12-20 16:01:09.070root 11241100x8000000000000000776007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa486a40b7f7f432021-12-20 16:01:09.070root 11241100x8000000000000000776008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d667930f69de282021-12-20 16:01:09.070root 11241100x8000000000000000776009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa86ab19d8c2c2e2021-12-20 16:01:09.070root 11241100x8000000000000000776010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e48fae0f34d73d12021-12-20 16:01:09.071root 11241100x8000000000000000776011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117f255654305a882021-12-20 16:01:09.071root 11241100x8000000000000000776012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a73e8050992aadd2021-12-20 16:01:09.071root 11241100x8000000000000000776013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeeacda216639e282021-12-20 16:01:09.071root 11241100x8000000000000000776014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a03f599e2fc6cc02021-12-20 16:01:09.071root 11241100x8000000000000000776015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621853d0a1c47d8e2021-12-20 16:01:09.072root 11241100x8000000000000000776016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f519708fb0a76cac2021-12-20 16:01:09.072root 11241100x8000000000000000776017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482afdfd9fc38bde2021-12-20 16:01:09.072root 11241100x8000000000000000776018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44813fa7f0b044c2021-12-20 16:01:09.072root 11241100x8000000000000000776019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f897f0d4eedc242021-12-20 16:01:09.072root 11241100x8000000000000000776020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de18cc61242a1c492021-12-20 16:01:09.073root 11241100x8000000000000000776021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbf7de4e9a6af1d2021-12-20 16:01:09.424root 11241100x8000000000000000776022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bace302b12feb0972021-12-20 16:01:09.424root 11241100x8000000000000000776023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b68e88b89b25652021-12-20 16:01:09.424root 11241100x8000000000000000776024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821fedf183181cc52021-12-20 16:01:09.425root 11241100x8000000000000000776025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34047ed1f70d05cf2021-12-20 16:01:09.425root 11241100x8000000000000000776026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cf55acb73270eb2021-12-20 16:01:09.425root 11241100x8000000000000000776027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dfc8084be4da612021-12-20 16:01:09.425root 11241100x8000000000000000776028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2671e2d51df9c58a2021-12-20 16:01:09.425root 11241100x8000000000000000776029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff62ca0c42f50dd62021-12-20 16:01:09.425root 11241100x8000000000000000776030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85509fd0508575ce2021-12-20 16:01:09.425root 11241100x8000000000000000776031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57de74998e0e0c62021-12-20 16:01:09.425root 11241100x8000000000000000776032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a799c0ac35c4cc2021-12-20 16:01:09.425root 11241100x8000000000000000776033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c96a31b79e7a7302021-12-20 16:01:09.426root 11241100x8000000000000000776034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ba3df3d90034822021-12-20 16:01:09.426root 11241100x8000000000000000776035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c0fb74322b77b42021-12-20 16:01:09.426root 11241100x8000000000000000776036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cb43361fc02b092021-12-20 16:01:09.426root 11241100x8000000000000000776037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06344b4268f922a32021-12-20 16:01:09.426root 11241100x8000000000000000776038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe00b0c184c98032021-12-20 16:01:09.426root 11241100x8000000000000000776039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217e414a68bc95d12021-12-20 16:01:09.426root 11241100x8000000000000000776040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85da05054b00de0a2021-12-20 16:01:09.426root 11241100x8000000000000000776041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5595f55ab42c132021-12-20 16:01:09.924root 11241100x8000000000000000776042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f3125f8dcd77ef2021-12-20 16:01:09.924root 11241100x8000000000000000776043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173f94f81bac12ba2021-12-20 16:01:09.925root 11241100x8000000000000000776044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d64e1c399fc7502021-12-20 16:01:09.925root 11241100x8000000000000000776045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa7564f1e1ad10e2021-12-20 16:01:09.925root 11241100x8000000000000000776046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1df47e1c24f4992021-12-20 16:01:09.925root 11241100x8000000000000000776047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cded8561ae0d5dc2021-12-20 16:01:09.925root 11241100x8000000000000000776048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f80d16405a7ae4a2021-12-20 16:01:09.925root 11241100x8000000000000000776049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46325359c6e05332021-12-20 16:01:09.925root 11241100x8000000000000000776050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0577c51472dc3392021-12-20 16:01:09.925root 11241100x8000000000000000776051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd4c879a9bbf4912021-12-20 16:01:09.925root 11241100x8000000000000000776052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a251707d7cd8ded12021-12-20 16:01:09.925root 11241100x8000000000000000776053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703de83c698987cc2021-12-20 16:01:09.925root 11241100x8000000000000000776054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c292fe10151a362021-12-20 16:01:09.925root 11241100x8000000000000000776055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23bef164dc427ec2021-12-20 16:01:09.925root 11241100x8000000000000000776056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0041ae80311d78d02021-12-20 16:01:09.926root 11241100x8000000000000000776057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c767ee4bbed59e72021-12-20 16:01:09.926root 11241100x8000000000000000776058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5060bed2053ebeb2021-12-20 16:01:09.926root 11241100x8000000000000000776059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2d48b9da525dae2021-12-20 16:01:09.926root 11241100x8000000000000000776060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cd08bb23f2c18d2021-12-20 16:01:09.926root 11241100x8000000000000000776061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdd18d5b318ec472021-12-20 16:01:10.424root 11241100x8000000000000000776062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db2554188c16fe12021-12-20 16:01:10.424root 11241100x8000000000000000776063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e990b6271bc2262021-12-20 16:01:10.424root 11241100x8000000000000000776064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5dc04214ffc1222021-12-20 16:01:10.424root 11241100x8000000000000000776065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5177d73b74b5d8db2021-12-20 16:01:10.424root 11241100x8000000000000000776066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732347f92be678152021-12-20 16:01:10.424root 11241100x8000000000000000776067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab2a28ae1f64ff32021-12-20 16:01:10.424root 11241100x8000000000000000776068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652bc15435b20b9c2021-12-20 16:01:10.424root 11241100x8000000000000000776069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b651133e5df66bb22021-12-20 16:01:10.425root 11241100x8000000000000000776070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d6e0315439381e2021-12-20 16:01:10.425root 11241100x8000000000000000776071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5123fb52f9106db82021-12-20 16:01:10.425root 11241100x8000000000000000776072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9979cc66e1ef1212021-12-20 16:01:10.425root 11241100x8000000000000000776073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69aa98cdc823edb62021-12-20 16:01:10.425root 11241100x8000000000000000776074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3a315a060858212021-12-20 16:01:10.425root 11241100x8000000000000000776075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af00ecb6d82054e2021-12-20 16:01:10.425root 11241100x8000000000000000776076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dff9b112086cc762021-12-20 16:01:10.425root 11241100x8000000000000000776077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e5590beebb3ce92021-12-20 16:01:10.425root 11241100x8000000000000000776078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e4a9df16627b8a2021-12-20 16:01:10.425root 11241100x8000000000000000776079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af8011cceb4a34b2021-12-20 16:01:10.425root 11241100x8000000000000000776080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37ee0322f3a2f462021-12-20 16:01:10.425root 11241100x8000000000000000776081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4722a2a2d9d9fde52021-12-20 16:01:10.425root 11241100x8000000000000000776082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630fc479d75308242021-12-20 16:01:10.924root 11241100x8000000000000000776083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301bf5277c63bddb2021-12-20 16:01:10.924root 11241100x8000000000000000776084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa1ccc2ac3688ec2021-12-20 16:01:10.924root 11241100x8000000000000000776085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454f5e20db6ce93c2021-12-20 16:01:10.924root 11241100x8000000000000000776086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7831a5937c1c8f12021-12-20 16:01:10.924root 11241100x8000000000000000776087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d2eb03a63e612c2021-12-20 16:01:10.924root 11241100x8000000000000000776088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8e92bb7b3267a92021-12-20 16:01:10.924root 11241100x8000000000000000776089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409b67ba59cdbba22021-12-20 16:01:10.925root 11241100x8000000000000000776090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecdab188e995ef12021-12-20 16:01:10.925root 11241100x8000000000000000776091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd84d01d4675e1d22021-12-20 16:01:10.925root 11241100x8000000000000000776092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8487a031f3e4dd2021-12-20 16:01:10.925root 11241100x8000000000000000776093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae7cae736b111dc2021-12-20 16:01:10.925root 11241100x8000000000000000776094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d17f2cb8ac187f62021-12-20 16:01:10.925root 11241100x8000000000000000776095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b219d7e32b79af082021-12-20 16:01:10.925root 11241100x8000000000000000776096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feba0b3a708141882021-12-20 16:01:10.925root 11241100x8000000000000000776097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b836309b777cbbc52021-12-20 16:01:10.925root 11241100x8000000000000000776098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9410e916ec4aa332021-12-20 16:01:10.925root 11241100x8000000000000000776099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940715c3d70d08312021-12-20 16:01:10.926root 11241100x8000000000000000776100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc346d5380643bf2021-12-20 16:01:10.926root 11241100x8000000000000000776101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d6712026e67e552021-12-20 16:01:10.926root 11241100x8000000000000000776102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e387d4e37b6726c82021-12-20 16:01:11.424root 11241100x8000000000000000776103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7573625f958a566e2021-12-20 16:01:11.425root 11241100x8000000000000000776104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08a6f6cfb91496e2021-12-20 16:01:11.425root 11241100x8000000000000000776105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68704ab4051e303f2021-12-20 16:01:11.425root 11241100x8000000000000000776106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e8d8f2daf03daf2021-12-20 16:01:11.425root 11241100x8000000000000000776107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52147b587201ea142021-12-20 16:01:11.425root 11241100x8000000000000000776108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d126a72af6c4f9d72021-12-20 16:01:11.425root 11241100x8000000000000000776109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cbf62d7ed757512021-12-20 16:01:11.425root 11241100x8000000000000000776110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09dbccb00d68d142021-12-20 16:01:11.425root 11241100x8000000000000000776111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099e6b570d56d0ab2021-12-20 16:01:11.426root 11241100x8000000000000000776112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f02295b08497e02021-12-20 16:01:11.426root 11241100x8000000000000000776113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a2fbc01479842c2021-12-20 16:01:11.426root 11241100x8000000000000000776114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ad6d75740ca8632021-12-20 16:01:11.426root 11241100x8000000000000000776115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba96f22a7abe21d22021-12-20 16:01:11.426root 11241100x8000000000000000776116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee23f7b733bcb6f52021-12-20 16:01:11.426root 11241100x8000000000000000776117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2265dba931ccc5312021-12-20 16:01:11.426root 11241100x8000000000000000776118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff5a0583c5fadeb2021-12-20 16:01:11.426root 11241100x8000000000000000776119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987cb3c833016e732021-12-20 16:01:11.426root 11241100x8000000000000000776120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046e960478df58452021-12-20 16:01:11.426root 11241100x8000000000000000776121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca06b151231bf7432021-12-20 16:01:11.426root 11241100x8000000000000000776122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e40cb7d5507cd52021-12-20 16:01:11.924root 11241100x8000000000000000776123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa1a329e119c65f2021-12-20 16:01:11.924root 11241100x8000000000000000776124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caac9a0918880dbc2021-12-20 16:01:11.924root 11241100x8000000000000000776125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea84603d716ac8132021-12-20 16:01:11.925root 11241100x8000000000000000776126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd445aa061c561b52021-12-20 16:01:11.925root 11241100x8000000000000000776127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e30040035f6c272021-12-20 16:01:11.925root 11241100x8000000000000000776128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c454b3a20825940e2021-12-20 16:01:11.925root 11241100x8000000000000000776129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25750fb75fca07bf2021-12-20 16:01:11.925root 11241100x8000000000000000776130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd9f1665bbd293f2021-12-20 16:01:11.925root 11241100x8000000000000000776131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704ea6d448a6ca3b2021-12-20 16:01:11.925root 11241100x8000000000000000776132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d5f84950e6a3442021-12-20 16:01:11.925root 11241100x8000000000000000776133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3b15eab7637a522021-12-20 16:01:11.925root 11241100x8000000000000000776134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98dd95a485555f0a2021-12-20 16:01:11.926root 11241100x8000000000000000776135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f827d6475b82b162021-12-20 16:01:11.926root 11241100x8000000000000000776136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50e166729fa94652021-12-20 16:01:11.926root 11241100x8000000000000000776137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fa62af139d62012021-12-20 16:01:11.926root 11241100x8000000000000000776138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb06e783afe87032021-12-20 16:01:11.926root 11241100x8000000000000000776139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1879ed0e46b93212021-12-20 16:01:11.926root 11241100x8000000000000000776140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe57264ce956e892021-12-20 16:01:11.926root 11241100x8000000000000000776141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be6df569789718f2021-12-20 16:01:11.926root 11241100x8000000000000000776142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9201e98b0d21032021-12-20 16:01:12.424root 11241100x8000000000000000776143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e288f41e2c62d25e2021-12-20 16:01:12.425root 11241100x8000000000000000776144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f866259a239ff34e2021-12-20 16:01:12.425root 11241100x8000000000000000776145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6aa91ecf8b8ebb2021-12-20 16:01:12.426root 11241100x8000000000000000776146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92d120f30b3714f2021-12-20 16:01:12.426root 11241100x8000000000000000776147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2272a78d6518d5912021-12-20 16:01:12.426root 11241100x8000000000000000776148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8a861f22fe2c152021-12-20 16:01:12.426root 11241100x8000000000000000776149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbd77b2bdf0fdf52021-12-20 16:01:12.427root 11241100x8000000000000000776150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f35341f66110e02021-12-20 16:01:12.427root 11241100x8000000000000000776151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da3a2f825ce63852021-12-20 16:01:12.427root 11241100x8000000000000000776152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85300bad8be311ec2021-12-20 16:01:12.427root 11241100x8000000000000000776153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9da4fc2922e3852021-12-20 16:01:12.427root 11241100x8000000000000000776154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbc18f2799ada2e2021-12-20 16:01:12.427root 11241100x8000000000000000776155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f89aeba16848042021-12-20 16:01:12.427root 11241100x8000000000000000776156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b474f45b5379be6a2021-12-20 16:01:12.428root 11241100x8000000000000000776157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4fe77fa08922cc2021-12-20 16:01:12.428root 11241100x8000000000000000776158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091cf2a71f9d5b772021-12-20 16:01:12.428root 11241100x8000000000000000776159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8310059def515d3a2021-12-20 16:01:12.428root 11241100x8000000000000000776160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591829d8c58d8df52021-12-20 16:01:12.428root 11241100x8000000000000000776161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740d394fc704b3312021-12-20 16:01:12.428root 11241100x8000000000000000776162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5397d5995125c7a12021-12-20 16:01:12.924root 11241100x8000000000000000776163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f6de9d6799948f2021-12-20 16:01:12.924root 11241100x8000000000000000776164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8fa4dcdf796cd92021-12-20 16:01:12.924root 11241100x8000000000000000776165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baa4dfb86e4377c2021-12-20 16:01:12.925root 11241100x8000000000000000776166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5648378b4d32b4d42021-12-20 16:01:12.925root 11241100x8000000000000000776167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a955438fada8a0d2021-12-20 16:01:12.925root 11241100x8000000000000000776168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce689236197a7c52021-12-20 16:01:12.926root 11241100x8000000000000000776169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796a76958a6799bb2021-12-20 16:01:12.926root 11241100x8000000000000000776170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19752333f8e1a64e2021-12-20 16:01:12.926root 11241100x8000000000000000776171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e63c18f0260f87d2021-12-20 16:01:12.926root 11241100x8000000000000000776172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273e98e365160e592021-12-20 16:01:12.926root 11241100x8000000000000000776173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2663f0033aa413542021-12-20 16:01:12.927root 11241100x8000000000000000776174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6aff87316f83202021-12-20 16:01:12.927root 11241100x8000000000000000776175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6301a4cb9fd6ab62021-12-20 16:01:12.927root 11241100x8000000000000000776176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad98447369d4852021-12-20 16:01:12.927root 11241100x8000000000000000776177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb317470878c6ec2021-12-20 16:01:12.927root 11241100x8000000000000000776178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592dc64988d00172021-12-20 16:01:12.927root 11241100x8000000000000000776179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9be9a27861cbf92021-12-20 16:01:12.927root 11241100x8000000000000000776180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1b24bc6b20c9c52021-12-20 16:01:12.927root 11241100x8000000000000000776181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f53487d3718a8012021-12-20 16:01:12.928root 11241100x8000000000000000776182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547f6ad1b0c131072021-12-20 16:01:13.424root 11241100x8000000000000000776183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe616e967e15498d2021-12-20 16:01:13.424root 11241100x8000000000000000776184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847149dbdf4c48242021-12-20 16:01:13.424root 11241100x8000000000000000776185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e149d8fd1876e72021-12-20 16:01:13.424root 11241100x8000000000000000776186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e796020f704cc9912021-12-20 16:01:13.424root 11241100x8000000000000000776187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf2964ef24af0762021-12-20 16:01:13.425root 11241100x8000000000000000776188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ca28775f89051b2021-12-20 16:01:13.425root 11241100x8000000000000000776189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbfb0867c6459b32021-12-20 16:01:13.425root 11241100x8000000000000000776190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d985f9fe96783ad2021-12-20 16:01:13.425root 11241100x8000000000000000776191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f46174a7c2d9ba92021-12-20 16:01:13.426root 11241100x8000000000000000776192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f84fe587a1008eb2021-12-20 16:01:13.426root 11241100x8000000000000000776193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa66c4fe333ab7c2021-12-20 16:01:13.426root 11241100x8000000000000000776194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be83d5014a32444d2021-12-20 16:01:13.427root 11241100x8000000000000000776195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61705bc71881ee952021-12-20 16:01:13.427root 11241100x8000000000000000776196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e7894070356ecf2021-12-20 16:01:13.427root 11241100x8000000000000000776197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd871c7431162aa2021-12-20 16:01:13.427root 11241100x8000000000000000776198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a567c43058a93ac22021-12-20 16:01:13.427root 11241100x8000000000000000776199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f791933e0fc5e6772021-12-20 16:01:13.427root 11241100x8000000000000000776200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90e0b55b727e91a2021-12-20 16:01:13.428root 11241100x8000000000000000776201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77743df7d0fab0ea2021-12-20 16:01:13.428root 11241100x8000000000000000776202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff25b7d4d5bb54842021-12-20 16:01:13.428root 11241100x8000000000000000776203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4738ac755d399ad02021-12-20 16:01:13.428root 11241100x8000000000000000776204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a00ab4d6c92f9d2021-12-20 16:01:13.428root 11241100x8000000000000000776205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f22a6c300ec17f72021-12-20 16:01:13.428root 11241100x8000000000000000776206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bac23dafc8ad20a2021-12-20 16:01:13.428root 11241100x8000000000000000776207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48da8d6884d8a41b2021-12-20 16:01:13.429root 11241100x8000000000000000776208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233b560af1bab8302021-12-20 16:01:13.429root 11241100x8000000000000000776209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fede800f96402222021-12-20 16:01:13.429root 11241100x8000000000000000776210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bec8a9f9a3b6292021-12-20 16:01:13.429root 11241100x8000000000000000776211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aba4bc68196c7c2021-12-20 16:01:13.430root 11241100x8000000000000000776212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4090572b49181702021-12-20 16:01:13.430root 11241100x8000000000000000776213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf50583ea340d822021-12-20 16:01:13.924root 11241100x8000000000000000776214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb51373d1c41dfe42021-12-20 16:01:13.924root 11241100x8000000000000000776215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371ae5a5c01fa0172021-12-20 16:01:13.925root 11241100x8000000000000000776216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebcd69752a580b12021-12-20 16:01:13.925root 11241100x8000000000000000776217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f700fc02e2c412d2021-12-20 16:01:13.925root 11241100x8000000000000000776218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7b6c977f725d162021-12-20 16:01:13.925root 11241100x8000000000000000776219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe203a90ed10b1c2021-12-20 16:01:13.926root 11241100x8000000000000000776220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeaed096302959f72021-12-20 16:01:13.926root 11241100x8000000000000000776221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ad3ef2534029162021-12-20 16:01:13.926root 11241100x8000000000000000776222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bd873ba9364fe72021-12-20 16:01:13.926root 11241100x8000000000000000776223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9557abe760cd46b22021-12-20 16:01:13.926root 11241100x8000000000000000776224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77a98f14b7a624b2021-12-20 16:01:13.926root 11241100x8000000000000000776225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cf176a4143ddfe2021-12-20 16:01:13.927root 11241100x8000000000000000776226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5f5a477fd7e1e62021-12-20 16:01:13.927root 11241100x8000000000000000776227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8344b5effeea8e9f2021-12-20 16:01:13.927root 11241100x8000000000000000776228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ae0296392f259d2021-12-20 16:01:13.927root 11241100x8000000000000000776229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bdf950535ba8112021-12-20 16:01:13.927root 11241100x8000000000000000776230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2462ded5b573ba2021-12-20 16:01:13.927root 11241100x8000000000000000776231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab1fcc00584c1852021-12-20 16:01:13.928root 11241100x8000000000000000776232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:13.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbdd29fdb7847182021-12-20 16:01:13.929root 354300x8000000000000000776233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.214{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51518-false10.0.1.12-8000- 11241100x8000000000000000776234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.215{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8409daa284c7b85c2021-12-20 16:01:14.215root 11241100x8000000000000000776235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.215{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d86cb7adc40ece12021-12-20 16:01:14.215root 11241100x8000000000000000776236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.215{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807f92af588f73242021-12-20 16:01:14.215root 11241100x8000000000000000776237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.215{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb26eabdf1149bd2021-12-20 16:01:14.215root 11241100x8000000000000000776238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.215{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f027f9709483c8062021-12-20 16:01:14.215root 11241100x8000000000000000776239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.215{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91facf5d79e80d462021-12-20 16:01:14.215root 11241100x8000000000000000776240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.215{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6c305d4bdec32e2021-12-20 16:01:14.215root 11241100x8000000000000000776241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.216{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c3e8d370dc9d962021-12-20 16:01:14.216root 11241100x8000000000000000776242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.216{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf61d44a85dbeb82021-12-20 16:01:14.216root 11241100x8000000000000000776243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.216{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634963bc2ea61e462021-12-20 16:01:14.216root 11241100x8000000000000000776244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.216{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53298135899f5d6d2021-12-20 16:01:14.216root 11241100x8000000000000000776245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.216{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ba1463a3f1fd632021-12-20 16:01:14.216root 11241100x8000000000000000776246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.216{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347265acf4c40cb82021-12-20 16:01:14.216root 11241100x8000000000000000776247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.216{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a1f7f73afa1eeb2021-12-20 16:01:14.216root 11241100x8000000000000000776248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.216{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7e639266c6d9332021-12-20 16:01:14.216root 11241100x8000000000000000776249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.216{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b30f58186dce44d2021-12-20 16:01:14.216root 11241100x8000000000000000776250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.216{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eecc48c639ea1d42021-12-20 16:01:14.216root 11241100x8000000000000000776251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.217{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba951afeb64740e2021-12-20 16:01:14.217root 11241100x8000000000000000776252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.217{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30496107109494e2021-12-20 16:01:14.217root 11241100x8000000000000000776253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.217{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0e6dd7ef9481092021-12-20 16:01:14.217root 11241100x8000000000000000776254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.217{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e205f06f13f32e2021-12-20 16:01:14.217root 11241100x8000000000000000776255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.217{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad495854acbfaeb2021-12-20 16:01:14.217root 11241100x8000000000000000776256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.218{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d0698b3983688b2021-12-20 16:01:14.218root 11241100x8000000000000000776257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.218{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c17ac5eda264d372021-12-20 16:01:14.218root 11241100x8000000000000000776258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.218{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12295727dc6aa8212021-12-20 16:01:14.218root 11241100x8000000000000000776259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.218{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b0b334ce481f8a2021-12-20 16:01:14.218root 11241100x8000000000000000776260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.220{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f284e9948cc09c2021-12-20 16:01:14.220root 11241100x8000000000000000776261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bb246ba030ecce2021-12-20 16:01:14.674root 11241100x8000000000000000776262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e35862a5a4f84562021-12-20 16:01:14.674root 11241100x8000000000000000776263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d094ac11f6938872021-12-20 16:01:14.674root 11241100x8000000000000000776264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d098190223b46be02021-12-20 16:01:14.674root 11241100x8000000000000000776265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017cd9b6e137b7102021-12-20 16:01:14.674root 11241100x8000000000000000776266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b650af33fbf9849f2021-12-20 16:01:14.674root 11241100x8000000000000000776267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a6b6e6ae1b3e182021-12-20 16:01:14.674root 11241100x8000000000000000776268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7152f214adf693082021-12-20 16:01:14.675root 11241100x8000000000000000776269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eea26398a3338152021-12-20 16:01:14.675root 11241100x8000000000000000776270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163c037d2fd3cb952021-12-20 16:01:14.675root 11241100x8000000000000000776271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89031aef2f28459b2021-12-20 16:01:14.675root 11241100x8000000000000000776272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee09ab8a928b2e82021-12-20 16:01:14.675root 11241100x8000000000000000776273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e4c03c46e7a47e2021-12-20 16:01:14.675root 11241100x8000000000000000776274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a021b806e05fc782021-12-20 16:01:14.675root 11241100x8000000000000000776275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e02f50b3da08a42021-12-20 16:01:14.675root 11241100x8000000000000000776276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e185d5afc6ae3d2021-12-20 16:01:14.675root 11241100x8000000000000000776277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5408ebef7895a82021-12-20 16:01:14.675root 11241100x8000000000000000776278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42efaea6c6ce2a9b2021-12-20 16:01:14.676root 11241100x8000000000000000776279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df2b4d3e5dbb6262021-12-20 16:01:14.676root 11241100x8000000000000000776280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da10344d9c5343962021-12-20 16:01:14.676root 11241100x8000000000000000776281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:14.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33aa72fba97b3152021-12-20 16:01:14.676root 11241100x8000000000000000776282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97e99e6b6115d242021-12-20 16:01:15.174root 11241100x8000000000000000776283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e26c9026bd75df2021-12-20 16:01:15.174root 11241100x8000000000000000776284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440de19d761810622021-12-20 16:01:15.175root 11241100x8000000000000000776285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e668fc6d415337762021-12-20 16:01:15.175root 11241100x8000000000000000776286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c007f4fff2d6a7c2021-12-20 16:01:15.175root 11241100x8000000000000000776287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072c4fd68b2875ec2021-12-20 16:01:15.175root 11241100x8000000000000000776288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da00924f081509e2021-12-20 16:01:15.175root 11241100x8000000000000000776289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc14c083bed888a2021-12-20 16:01:15.175root 11241100x8000000000000000776290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7dab41382182f92021-12-20 16:01:15.175root 11241100x8000000000000000776291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3866c7056adebea2021-12-20 16:01:15.175root 11241100x8000000000000000776292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb6e279a0ac689e2021-12-20 16:01:15.175root 11241100x8000000000000000776293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56597ff05d19ecf92021-12-20 16:01:15.175root 11241100x8000000000000000776294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7894dc3562618b72021-12-20 16:01:15.176root 11241100x8000000000000000776295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c548e38239d2142021-12-20 16:01:15.176root 11241100x8000000000000000776296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cc3b8e32f577942021-12-20 16:01:15.176root 11241100x8000000000000000776297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1430a19941ad4352021-12-20 16:01:15.176root 11241100x8000000000000000776298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b784718789c50fba2021-12-20 16:01:15.176root 11241100x8000000000000000776299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd6c9a97a23ddb42021-12-20 16:01:15.176root 11241100x8000000000000000776300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3166d487ab7aee32021-12-20 16:01:15.176root 11241100x8000000000000000776301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce0fe49cf3859db2021-12-20 16:01:15.177root 11241100x8000000000000000776302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5299fd40355bab32021-12-20 16:01:15.177root 11241100x8000000000000000776303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55a3ab25042c3652021-12-20 16:01:15.674root 11241100x8000000000000000776304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cb3c48608dbd8b2021-12-20 16:01:15.675root 11241100x8000000000000000776305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c489382b12b86e62021-12-20 16:01:15.675root 11241100x8000000000000000776306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c2232c4a8458c72021-12-20 16:01:15.675root 11241100x8000000000000000776307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea2aa4a72c0bddd2021-12-20 16:01:15.675root 11241100x8000000000000000776308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1c6004e20afd632021-12-20 16:01:15.675root 11241100x8000000000000000776309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1542b869da091b622021-12-20 16:01:15.675root 11241100x8000000000000000776310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e763df011b546e422021-12-20 16:01:15.675root 11241100x8000000000000000776311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b960e79f08573a2021-12-20 16:01:15.675root 11241100x8000000000000000776312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11035f9c5aad2fd2021-12-20 16:01:15.675root 11241100x8000000000000000776313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08120a4ea7133922021-12-20 16:01:15.675root 11241100x8000000000000000776314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439192c7ddae84b82021-12-20 16:01:15.676root 11241100x8000000000000000776315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe715f9fe2467232021-12-20 16:01:15.676root 11241100x8000000000000000776316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f921896826305902021-12-20 16:01:15.676root 11241100x8000000000000000776317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca157fc4e8b128b2021-12-20 16:01:15.676root 11241100x8000000000000000776318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84928904e7e511d2021-12-20 16:01:15.676root 11241100x8000000000000000776319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80a34a1ee2acf482021-12-20 16:01:15.676root 11241100x8000000000000000776320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af4e4bed30bff642021-12-20 16:01:15.677root 11241100x8000000000000000776321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b004c9ab1321da02021-12-20 16:01:15.677root 11241100x8000000000000000776322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c065ee2bb28d0202021-12-20 16:01:15.679root 11241100x8000000000000000776323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:15.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833d672d4c4f135f2021-12-20 16:01:15.679root 11241100x8000000000000000776324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43352bdd9f336152021-12-20 16:01:16.175root 11241100x8000000000000000776325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952f16c02ee5991a2021-12-20 16:01:16.175root 11241100x8000000000000000776326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4310c9ac72721182021-12-20 16:01:16.175root 11241100x8000000000000000776327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310ef93abe9a3dcf2021-12-20 16:01:16.175root 11241100x8000000000000000776328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3190b7ad9bbea092021-12-20 16:01:16.175root 11241100x8000000000000000776329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08767175815d60a62021-12-20 16:01:16.175root 11241100x8000000000000000776330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9321f94b43c7fc052021-12-20 16:01:16.175root 11241100x8000000000000000776331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7d54eaa2ff744b2021-12-20 16:01:16.176root 11241100x8000000000000000776332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9cc8ad2b560db72021-12-20 16:01:16.176root 11241100x8000000000000000776333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde6bf38253fd00e2021-12-20 16:01:16.176root 11241100x8000000000000000776334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78eff9bb7441be72021-12-20 16:01:16.176root 11241100x8000000000000000776335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e492762d2921a0c62021-12-20 16:01:16.176root 11241100x8000000000000000776336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba6d14de57e16f32021-12-20 16:01:16.176root 11241100x8000000000000000776337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f660fbc922d0272021-12-20 16:01:16.176root 11241100x8000000000000000776338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb3fc061c9d66692021-12-20 16:01:16.176root 11241100x8000000000000000776339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f159feacbcc8662021-12-20 16:01:16.176root 11241100x8000000000000000776340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad775af09ed42d862021-12-20 16:01:16.177root 11241100x8000000000000000776341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0cc14aaa43f43e2021-12-20 16:01:16.177root 11241100x8000000000000000776342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1057e4a68580e5f12021-12-20 16:01:16.177root 11241100x8000000000000000776343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7c57803e2b2c092021-12-20 16:01:16.177root 11241100x8000000000000000776344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3588bfb9a3d68cd2021-12-20 16:01:16.177root 11241100x8000000000000000776345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caccce5113f1c9362021-12-20 16:01:16.674root 11241100x8000000000000000776346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e571dd041f44022021-12-20 16:01:16.675root 11241100x8000000000000000776347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec76439307d4cba2021-12-20 16:01:16.675root 11241100x8000000000000000776348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9c575a92c988332021-12-20 16:01:16.675root 11241100x8000000000000000776349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61cf18bd77b727e2021-12-20 16:01:16.675root 11241100x8000000000000000776350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ff8cc0534f6cbf2021-12-20 16:01:16.675root 11241100x8000000000000000776351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1a0cdb540bd2762021-12-20 16:01:16.675root 11241100x8000000000000000776352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41155410160d3bb2021-12-20 16:01:16.676root 11241100x8000000000000000776353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480b8b437df76e302021-12-20 16:01:16.676root 11241100x8000000000000000776354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b72fb7ca57ab772021-12-20 16:01:16.676root 11241100x8000000000000000776355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ffc946d1d827e92021-12-20 16:01:16.676root 11241100x8000000000000000776356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f419ffa9a924e0642021-12-20 16:01:16.677root 11241100x8000000000000000776357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae689c3634103f832021-12-20 16:01:16.677root 11241100x8000000000000000776358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f60928fcae13ff2021-12-20 16:01:16.677root 11241100x8000000000000000776359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9fb42ace937d492021-12-20 16:01:16.677root 11241100x8000000000000000776360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216b63b26c7fc0602021-12-20 16:01:16.677root 11241100x8000000000000000776361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1f272debee40852021-12-20 16:01:16.677root 11241100x8000000000000000776362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64ef13af31662612021-12-20 16:01:16.678root 11241100x8000000000000000776363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54992ca4387d74e2021-12-20 16:01:16.678root 11241100x8000000000000000776364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20e5869219c47ea2021-12-20 16:01:16.678root 11241100x8000000000000000776365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:16.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c942d23441c77d772021-12-20 16:01:16.678root 11241100x8000000000000000776366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782d2d55ed379c2a2021-12-20 16:01:17.174root 11241100x8000000000000000776367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a597e4101fafcab62021-12-20 16:01:17.174root 11241100x8000000000000000776368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9893eb59545809c2021-12-20 16:01:17.175root 11241100x8000000000000000776369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e18aa20f1af44c92021-12-20 16:01:17.175root 11241100x8000000000000000776370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41b8e0e06815a4a2021-12-20 16:01:17.175root 11241100x8000000000000000776371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81842af4b8490c112021-12-20 16:01:17.175root 11241100x8000000000000000776372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e00cb55841a5c62021-12-20 16:01:17.175root 11241100x8000000000000000776373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3801de09fe18b1222021-12-20 16:01:17.175root 11241100x8000000000000000776374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61efb6ee1b440df02021-12-20 16:01:17.176root 11241100x8000000000000000776375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dc7560e41c7f982021-12-20 16:01:17.176root 11241100x8000000000000000776376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b329a1ffdc6a99fa2021-12-20 16:01:17.176root 11241100x8000000000000000776377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedaa0a05bee17f92021-12-20 16:01:17.176root 11241100x8000000000000000776378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f489f7d53f77f6e2021-12-20 16:01:17.178root 11241100x8000000000000000776379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dd1502508614872021-12-20 16:01:17.178root 11241100x8000000000000000776380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1153d9886634142021-12-20 16:01:17.178root 11241100x8000000000000000776381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696130c02ff891cd2021-12-20 16:01:17.180root 11241100x8000000000000000776382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c63efc2d513ecba2021-12-20 16:01:17.180root 11241100x8000000000000000776383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab45fe39df530f82021-12-20 16:01:17.180root 11241100x8000000000000000776384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46bbd343d4f40042021-12-20 16:01:17.180root 11241100x8000000000000000776385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ad47d902d0cc462021-12-20 16:01:17.180root 11241100x8000000000000000776386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6eb22109f858362021-12-20 16:01:17.181root 11241100x8000000000000000776387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b260bbf00847662021-12-20 16:01:17.674root 11241100x8000000000000000776388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a89e0aae0d590392021-12-20 16:01:17.674root 11241100x8000000000000000776389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b8e08d5f164aec2021-12-20 16:01:17.674root 11241100x8000000000000000776390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b210ed7379ab46562021-12-20 16:01:17.674root 11241100x8000000000000000776391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf740d17163e1b52021-12-20 16:01:17.674root 11241100x8000000000000000776392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0f91e45f4b2f1d2021-12-20 16:01:17.674root 11241100x8000000000000000776393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605c20cd524435422021-12-20 16:01:17.675root 11241100x8000000000000000776394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de482fb86dcc20e2021-12-20 16:01:17.675root 11241100x8000000000000000776395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0dec5d75657d942021-12-20 16:01:17.675root 11241100x8000000000000000776396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6994551e5310c82021-12-20 16:01:17.675root 11241100x8000000000000000776397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6297fc5be4c92b012021-12-20 16:01:17.675root 11241100x8000000000000000776398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c6b6dfdd2f18d82021-12-20 16:01:17.675root 11241100x8000000000000000776399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac6e2360dcbc9032021-12-20 16:01:17.675root 11241100x8000000000000000776400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3523efea95ee93e42021-12-20 16:01:17.675root 11241100x8000000000000000776401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8387f555f60b08a2021-12-20 16:01:17.675root 11241100x8000000000000000776402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288b01f741c607242021-12-20 16:01:17.675root 11241100x8000000000000000776403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6abe1eb3e9f9762021-12-20 16:01:17.675root 11241100x8000000000000000776404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47942a6b997c2f292021-12-20 16:01:17.675root 11241100x8000000000000000776405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fc295ab74e54d72021-12-20 16:01:17.675root 11241100x8000000000000000776406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47d9eb6a71bc7e22021-12-20 16:01:17.675root 11241100x8000000000000000776407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fee3fffa9f06222021-12-20 16:01:17.676root 11241100x8000000000000000776408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d12577cb836c0f62021-12-20 16:01:17.676root 11241100x8000000000000000776409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec4bc6cbba478412021-12-20 16:01:17.676root 11241100x8000000000000000776410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:17.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbe43bacf33e7602021-12-20 16:01:17.676root 11241100x8000000000000000776411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06693a3f220bd7b82021-12-20 16:01:18.174root 11241100x8000000000000000776412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbda69ab9b676c52021-12-20 16:01:18.174root 11241100x8000000000000000776413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29fff62c7c8d2542021-12-20 16:01:18.174root 11241100x8000000000000000776414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e8a6615546a4a02021-12-20 16:01:18.174root 11241100x8000000000000000776415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe643be122e89632021-12-20 16:01:18.174root 11241100x8000000000000000776416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58b7ca4ba7d7aac2021-12-20 16:01:18.174root 11241100x8000000000000000776417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ffc36de86950582021-12-20 16:01:18.174root 11241100x8000000000000000776418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824e2db83b2c70872021-12-20 16:01:18.175root 11241100x8000000000000000776419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7250e5ff6f369882021-12-20 16:01:18.175root 11241100x8000000000000000776420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901faf96e63ce90b2021-12-20 16:01:18.175root 11241100x8000000000000000776421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d5c413b9158a9d2021-12-20 16:01:18.175root 11241100x8000000000000000776422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c6674c280ceffc2021-12-20 16:01:18.175root 11241100x8000000000000000776423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b7c9b18c4c90272021-12-20 16:01:18.175root 11241100x8000000000000000776424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7eb7eec91ba1812021-12-20 16:01:18.175root 11241100x8000000000000000776425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781171d604e152132021-12-20 16:01:18.175root 11241100x8000000000000000776426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0aedf52ad3cdde2021-12-20 16:01:18.175root 11241100x8000000000000000776427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70733f3d50b10872021-12-20 16:01:18.175root 11241100x8000000000000000776428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a009f2193ecf0382021-12-20 16:01:18.176root 11241100x8000000000000000776429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1654671eeb91d2c82021-12-20 16:01:18.176root 11241100x8000000000000000776430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf2f36799d27b612021-12-20 16:01:18.176root 11241100x8000000000000000776431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de4f05a3d25e812021-12-20 16:01:18.176root 11241100x8000000000000000776432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cadc499b4d68682021-12-20 16:01:18.674root 11241100x8000000000000000776433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384199f38ccff1342021-12-20 16:01:18.674root 11241100x8000000000000000776434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ec8ce76a1692832021-12-20 16:01:18.674root 11241100x8000000000000000776435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f241fda2edd741f2021-12-20 16:01:18.675root 11241100x8000000000000000776436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec7655e2a82d7ff2021-12-20 16:01:18.675root 11241100x8000000000000000776437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0259247aae67a482021-12-20 16:01:18.675root 11241100x8000000000000000776438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdfa170c8139be92021-12-20 16:01:18.675root 11241100x8000000000000000776439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca1fcf7e97284a42021-12-20 16:01:18.675root 11241100x8000000000000000776440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea07f453b568ebc2021-12-20 16:01:18.675root 11241100x8000000000000000776441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704873603f2ec21f2021-12-20 16:01:18.675root 11241100x8000000000000000776442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa07ba6210e3d0f2021-12-20 16:01:18.675root 11241100x8000000000000000776443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754bf81b23cfd3322021-12-20 16:01:18.675root 11241100x8000000000000000776444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47852c738ca1efde2021-12-20 16:01:18.675root 11241100x8000000000000000776445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eea20c6369e2f52021-12-20 16:01:18.675root 11241100x8000000000000000776446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0e8f58f7248a482021-12-20 16:01:18.676root 11241100x8000000000000000776447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c010149d35a8b8c2021-12-20 16:01:18.676root 11241100x8000000000000000776448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1ea71628c3d9e52021-12-20 16:01:18.676root 11241100x8000000000000000776449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a74cf614ad3fd22021-12-20 16:01:18.676root 11241100x8000000000000000776450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47acbede0e698b472021-12-20 16:01:18.676root 11241100x8000000000000000776451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c16c3146019c1662021-12-20 16:01:18.676root 11241100x8000000000000000776452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49443e4e261d84f02021-12-20 16:01:18.676root 11241100x8000000000000000776453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e600f358acedece42021-12-20 16:01:18.676root 11241100x8000000000000000776454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c092628f8c4fb012021-12-20 16:01:18.676root 11241100x8000000000000000776455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf42167f09e9d3d2021-12-20 16:01:18.677root 11241100x8000000000000000776456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2867dc208205622021-12-20 16:01:19.174root 11241100x8000000000000000776457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d453a6caff9c2f352021-12-20 16:01:19.174root 11241100x8000000000000000776458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1fd33ad61845532021-12-20 16:01:19.174root 11241100x8000000000000000776459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6813b811e839facd2021-12-20 16:01:19.175root 11241100x8000000000000000776460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7df4e8adce19602021-12-20 16:01:19.175root 11241100x8000000000000000776461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f177cf540869caa62021-12-20 16:01:19.175root 11241100x8000000000000000776462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2048f9aad8623ea2021-12-20 16:01:19.176root 11241100x8000000000000000776463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f14a4e7a8e4e91d2021-12-20 16:01:19.176root 11241100x8000000000000000776464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9737f8dad667342021-12-20 16:01:19.176root 11241100x8000000000000000776465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0022f999cedc74692021-12-20 16:01:19.176root 11241100x8000000000000000776466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5d24da761f7ee52021-12-20 16:01:19.176root 11241100x8000000000000000776467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc886fc1660063d42021-12-20 16:01:19.177root 11241100x8000000000000000776468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac04d814a7a7eb6b2021-12-20 16:01:19.177root 11241100x8000000000000000776469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93709aafd054302b2021-12-20 16:01:19.177root 11241100x8000000000000000776470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7ea369490af30e2021-12-20 16:01:19.178root 11241100x8000000000000000776471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61137c32bca70cc2021-12-20 16:01:19.178root 11241100x8000000000000000776472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed09214041fb9fa42021-12-20 16:01:19.178root 11241100x8000000000000000776473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8af8fe91cb63312021-12-20 16:01:19.179root 11241100x8000000000000000776474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabb6c83e311cef82021-12-20 16:01:19.179root 11241100x8000000000000000776475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494136432f2a2e822021-12-20 16:01:19.179root 11241100x8000000000000000776476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc4b2dc51702e192021-12-20 16:01:19.179root 11241100x8000000000000000776477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514f5a70629798122021-12-20 16:01:19.179root 11241100x8000000000000000776478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354a234f031541182021-12-20 16:01:19.179root 11241100x8000000000000000776479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab94abbfb07d5f5d2021-12-20 16:01:19.180root 11241100x8000000000000000776480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962bd5217d55e3b72021-12-20 16:01:19.180root 154100x8000000000000000776481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.348{ec2c97d1-a8cf-61c0-68d4-d88664550000}10230/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 534500x8000000000000000776482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.365{ec2c97d1-a8cf-61c0-68d4-d88664550000}10230/bin/psroot 11241100x8000000000000000776483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb95e250d10cdb482021-12-20 16:01:19.674root 11241100x8000000000000000776484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da00177f89931cc2021-12-20 16:01:19.675root 11241100x8000000000000000776485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105dd590d85152f52021-12-20 16:01:19.675root 11241100x8000000000000000776486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023ec0460b78a0932021-12-20 16:01:19.675root 11241100x8000000000000000776487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dbf557b36ed0c92021-12-20 16:01:19.675root 11241100x8000000000000000776488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024da807e12d7b0d2021-12-20 16:01:19.675root 11241100x8000000000000000776489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edac6ccb7807a0352021-12-20 16:01:19.675root 11241100x8000000000000000776490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a29f635d8108db2021-12-20 16:01:19.675root 11241100x8000000000000000776491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb05215e22f86cdb2021-12-20 16:01:19.675root 11241100x8000000000000000776492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3657949900e726042021-12-20 16:01:19.675root 11241100x8000000000000000776493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b204f80597c944f2021-12-20 16:01:19.676root 11241100x8000000000000000776494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf50ba0eb9c24d42021-12-20 16:01:19.676root 11241100x8000000000000000776495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e6d22e527f757d2021-12-20 16:01:19.676root 11241100x8000000000000000776496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e3c813334846e82021-12-20 16:01:19.676root 11241100x8000000000000000776497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850208ec695725f12021-12-20 16:01:19.676root 11241100x8000000000000000776498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff661a50584f3ca2021-12-20 16:01:19.676root 11241100x8000000000000000776499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2a4a13759060372021-12-20 16:01:19.677root 11241100x8000000000000000776500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8dbd5f14bdb0fc2021-12-20 16:01:19.677root 11241100x8000000000000000776501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfdbbee092e997b2021-12-20 16:01:19.678root 11241100x8000000000000000776502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c780f2a29fe58d2021-12-20 16:01:19.678root 11241100x8000000000000000776503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ec24ad35ddc8532021-12-20 16:01:19.678root 11241100x8000000000000000776504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af20a72d59aa97dc2021-12-20 16:01:19.678root 11241100x8000000000000000776505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5bacd7225ab2e32021-12-20 16:01:19.678root 354300x8000000000000000776506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.077{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46222-false10.0.1.12-8089- 11241100x8000000000000000776507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.078{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3357ce2c302f7bfb2021-12-20 16:01:20.078root 11241100x8000000000000000776508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.078{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432f15260d12a54f2021-12-20 16:01:20.078root 11241100x8000000000000000776509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff4ab2f4c310df42021-12-20 16:01:20.079root 11241100x8000000000000000776510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b373b2a4595ed182021-12-20 16:01:20.079root 11241100x8000000000000000776511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d193da5b54bfd82021-12-20 16:01:20.079root 11241100x8000000000000000776512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed078420bb4a90dd2021-12-20 16:01:20.079root 11241100x8000000000000000776513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81060a3f44babf842021-12-20 16:01:20.079root 11241100x8000000000000000776514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343619809b8e77d52021-12-20 16:01:20.079root 11241100x8000000000000000776515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3219889ada6cf72021-12-20 16:01:20.079root 11241100x8000000000000000776516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4917d0fa571511cc2021-12-20 16:01:20.079root 11241100x8000000000000000776517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f436c02976f4cc02021-12-20 16:01:20.079root 11241100x8000000000000000776518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e1c4db9035a75b2021-12-20 16:01:20.079root 11241100x8000000000000000776519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1c9070f91a5b142021-12-20 16:01:20.079root 11241100x8000000000000000776520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9390fd116676352021-12-20 16:01:20.079root 11241100x8000000000000000776521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.080{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a116a824f7cca3442021-12-20 16:01:20.080root 11241100x8000000000000000776522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.080{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5633c1ab4ea66bd82021-12-20 16:01:20.080root 11241100x8000000000000000776523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc36090bf78f724b2021-12-20 16:01:20.081root 11241100x8000000000000000776524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6572f0ad26ea50092021-12-20 16:01:20.081root 11241100x8000000000000000776525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb602711986d5d52021-12-20 16:01:20.081root 11241100x8000000000000000776526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91710f1e5176c3432021-12-20 16:01:20.081root 11241100x8000000000000000776527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdc72e27e85385b2021-12-20 16:01:20.081root 11241100x8000000000000000776528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5527bdc4721cd65b2021-12-20 16:01:20.081root 11241100x8000000000000000776529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.082{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eab07a94e66e27e2021-12-20 16:01:20.082root 11241100x8000000000000000776530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.082{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68459a61759b9e492021-12-20 16:01:20.082root 354300x8000000000000000776531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.199{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51522-false10.0.1.12-8000- 11241100x8000000000000000776532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b1290c8622d5762021-12-20 16:01:20.424root 11241100x8000000000000000776533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72b71cd064aee3e2021-12-20 16:01:20.424root 11241100x8000000000000000776534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363aa347594f41642021-12-20 16:01:20.425root 11241100x8000000000000000776535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820521bedfee35a42021-12-20 16:01:20.425root 11241100x8000000000000000776536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69a37ffa87a5a772021-12-20 16:01:20.425root 11241100x8000000000000000776537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86cef08cc6f5b512021-12-20 16:01:20.425root 11241100x8000000000000000776538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bae49e3886744f52021-12-20 16:01:20.425root 11241100x8000000000000000776539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab37ceb0a0d6e6d2021-12-20 16:01:20.426root 11241100x8000000000000000776540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d305dd818d6937152021-12-20 16:01:20.426root 11241100x8000000000000000776541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06857a555a71883f2021-12-20 16:01:20.426root 11241100x8000000000000000776542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6699560cff91a512021-12-20 16:01:20.427root 11241100x8000000000000000776543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974d99b0e487337e2021-12-20 16:01:20.427root 11241100x8000000000000000776544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59450ca88f681caf2021-12-20 16:01:20.427root 11241100x8000000000000000776545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8c38ea94734fef2021-12-20 16:01:20.427root 11241100x8000000000000000776546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfd72142bc9d1212021-12-20 16:01:20.427root 11241100x8000000000000000776547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b8353dd8f82f0c2021-12-20 16:01:20.428root 11241100x8000000000000000776548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e23c81ded9bac22021-12-20 16:01:20.428root 11241100x8000000000000000776549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b561f9d8e4f69d2021-12-20 16:01:20.428root 11241100x8000000000000000776550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c7ce001b3384c32021-12-20 16:01:20.429root 11241100x8000000000000000776551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a3a6eaf564d6492021-12-20 16:01:20.429root 11241100x8000000000000000776552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5171f9588a5437a2021-12-20 16:01:20.429root 11241100x8000000000000000776553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed17539b01cc43d02021-12-20 16:01:20.429root 11241100x8000000000000000776554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc1ba39167286ca2021-12-20 16:01:20.429root 11241100x8000000000000000776555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaad4a1a109ee1472021-12-20 16:01:20.429root 11241100x8000000000000000776556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03562366b1dbcafc2021-12-20 16:01:20.429root 11241100x8000000000000000776557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79866c6515b364af2021-12-20 16:01:20.924root 11241100x8000000000000000776558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dad1326c9d52bb72021-12-20 16:01:20.924root 11241100x8000000000000000776559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89618d027b44a442021-12-20 16:01:20.924root 11241100x8000000000000000776560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51de1bd72a499e12021-12-20 16:01:20.924root 11241100x8000000000000000776561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9782bb7a60bc41be2021-12-20 16:01:20.924root 11241100x8000000000000000776562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c0947382ec39da2021-12-20 16:01:20.925root 11241100x8000000000000000776563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c297502d1079962021-12-20 16:01:20.925root 11241100x8000000000000000776564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd25f203fd38bbc72021-12-20 16:01:20.925root 11241100x8000000000000000776565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b49638def7a60742021-12-20 16:01:20.925root 11241100x8000000000000000776566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4df99c3c7ad9c22021-12-20 16:01:20.925root 11241100x8000000000000000776567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9077ecad06b0b992021-12-20 16:01:20.925root 11241100x8000000000000000776568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11665fc7562cd2872021-12-20 16:01:20.925root 11241100x8000000000000000776569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b5674fd9654dd2021-12-20 16:01:20.925root 11241100x8000000000000000776570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a684119b8dd754112021-12-20 16:01:20.925root 11241100x8000000000000000776571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2376942cb3672e922021-12-20 16:01:20.926root 11241100x8000000000000000776572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bc4fcab21388f52021-12-20 16:01:20.926root 11241100x8000000000000000776573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1549735fc0fd08e22021-12-20 16:01:20.926root 11241100x8000000000000000776574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587736a20557640e2021-12-20 16:01:20.926root 11241100x8000000000000000776575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b13b3f1f7f854992021-12-20 16:01:20.926root 11241100x8000000000000000776576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327b43d06ecf62a52021-12-20 16:01:20.926root 11241100x8000000000000000776577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6847914c1e316bc2021-12-20 16:01:20.926root 11241100x8000000000000000776578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec974a71b7840d02021-12-20 16:01:20.926root 11241100x8000000000000000776579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e85f64fddc5fcd2021-12-20 16:01:20.926root 11241100x8000000000000000776580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b158abd8079a6dc2021-12-20 16:01:20.926root 11241100x8000000000000000776581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b94160fc308e1382021-12-20 16:01:20.927root 11241100x8000000000000000776582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91f98177217c7192021-12-20 16:01:20.927root 11241100x8000000000000000776583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dae19b11217ef6b2021-12-20 16:01:20.927root 11241100x8000000000000000776584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838f43b5cb441ed72021-12-20 16:01:21.424root 11241100x8000000000000000776585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faefb024eb50d11f2021-12-20 16:01:21.424root 11241100x8000000000000000776586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c19e085765b5022021-12-20 16:01:21.424root 11241100x8000000000000000776587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2089bb5d6316bca72021-12-20 16:01:21.425root 11241100x8000000000000000776588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8fc805493fc7c52021-12-20 16:01:21.425root 11241100x8000000000000000776589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbdcc2eba0a0b3e2021-12-20 16:01:21.425root 11241100x8000000000000000776590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c09b8bd596167a82021-12-20 16:01:21.425root 11241100x8000000000000000776591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3638f2d1318f0f2021-12-20 16:01:21.425root 11241100x8000000000000000776592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21eecab83dac748a2021-12-20 16:01:21.425root 11241100x8000000000000000776593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd2cf9cd97f8d5e2021-12-20 16:01:21.425root 11241100x8000000000000000776594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0311726d3eb4d5a2021-12-20 16:01:21.425root 11241100x8000000000000000776595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5aa0bf522cc4c372021-12-20 16:01:21.425root 11241100x8000000000000000776596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7b558c132001e62021-12-20 16:01:21.426root 11241100x8000000000000000776597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c767d4989da0c72021-12-20 16:01:21.426root 11241100x8000000000000000776598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a51f1c9b1e2466f2021-12-20 16:01:21.426root 11241100x8000000000000000776599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c363e2240647b432021-12-20 16:01:21.426root 11241100x8000000000000000776600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a504d4c42865cdfc2021-12-20 16:01:21.426root 11241100x8000000000000000776601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f53797f270bcca2021-12-20 16:01:21.427root 11241100x8000000000000000776602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e6e579306e01e72021-12-20 16:01:21.427root 11241100x8000000000000000776603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45cc066c6b9f7a92021-12-20 16:01:21.427root 11241100x8000000000000000776604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1241685c6a7ddf2021-12-20 16:01:21.427root 11241100x8000000000000000776605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280e8afb192be3112021-12-20 16:01:21.429root 11241100x8000000000000000776606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27990d451ac83d5f2021-12-20 16:01:21.429root 11241100x8000000000000000776607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e348a55874193acb2021-12-20 16:01:21.430root 11241100x8000000000000000776608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907b7a486e26ce2e2021-12-20 16:01:21.430root 11241100x8000000000000000776609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5c9a32edba990c2021-12-20 16:01:21.430root 11241100x8000000000000000776610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac85b95801c98612021-12-20 16:01:21.431root 11241100x8000000000000000776611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95d326c6ff4278d2021-12-20 16:01:21.924root 11241100x8000000000000000776612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152274bd1a8fac2a2021-12-20 16:01:21.924root 11241100x8000000000000000776613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd4771ad651ee0e2021-12-20 16:01:21.924root 11241100x8000000000000000776614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e9059633e75d1a2021-12-20 16:01:21.924root 11241100x8000000000000000776615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acf46db0016aa4b2021-12-20 16:01:21.924root 11241100x8000000000000000776616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723e0d3584159cda2021-12-20 16:01:21.925root 11241100x8000000000000000776617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4393ae34687a68062021-12-20 16:01:21.925root 11241100x8000000000000000776618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b7d48b1fe87eb92021-12-20 16:01:21.925root 11241100x8000000000000000776619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e07e9abb59c7de2021-12-20 16:01:21.925root 11241100x8000000000000000776620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d1d8a450e0aae82021-12-20 16:01:21.925root 11241100x8000000000000000776621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f7b59f5bc552432021-12-20 16:01:21.925root 11241100x8000000000000000776622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5170b669feafec592021-12-20 16:01:21.925root 11241100x8000000000000000776623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5078e54e4990c02021-12-20 16:01:21.925root 11241100x8000000000000000776624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed626f0e4dfce462021-12-20 16:01:21.925root 11241100x8000000000000000776625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8eb2387e7d11ed2021-12-20 16:01:21.925root 11241100x8000000000000000776626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d3e3272dc8a1bb2021-12-20 16:01:21.926root 11241100x8000000000000000776627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2c831a362c9a4b2021-12-20 16:01:21.926root 11241100x8000000000000000776628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a75402badf64382021-12-20 16:01:21.926root 11241100x8000000000000000776629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76467e02cb22ac652021-12-20 16:01:21.926root 11241100x8000000000000000776630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13eecb6e5db19b32021-12-20 16:01:21.926root 11241100x8000000000000000776631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682d92a72d6bf8fb2021-12-20 16:01:21.926root 11241100x8000000000000000776632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4df5d2a755c8b042021-12-20 16:01:21.926root 11241100x8000000000000000776633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fe8e6a2ea606a32021-12-20 16:01:21.926root 11241100x8000000000000000776634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada91c1aaec1f7ef2021-12-20 16:01:21.926root 11241100x8000000000000000776635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334890e24c24b13d2021-12-20 16:01:21.926root 11241100x8000000000000000776636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ba2f5ab30245282021-12-20 16:01:21.926root 11241100x8000000000000000776637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a74009f449e2ff82021-12-20 16:01:21.926root 11241100x8000000000000000776638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b382265d82c2ba62021-12-20 16:01:21.926root 11241100x8000000000000000776639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378693b506bd2b562021-12-20 16:01:21.926root 11241100x8000000000000000776640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6d3ee9cb11b8462021-12-20 16:01:21.926root 11241100x8000000000000000776641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37359443ad4679612021-12-20 16:01:21.927root 11241100x8000000000000000776642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91ea76dde621e1a2021-12-20 16:01:21.927root 11241100x8000000000000000776643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da4e0f44fc6f46b2021-12-20 16:01:22.424root 11241100x8000000000000000776644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d976f7c386fc022021-12-20 16:01:22.424root 11241100x8000000000000000776645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3f218392274d6a2021-12-20 16:01:22.424root 11241100x8000000000000000776646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69056f1dfccf3c812021-12-20 16:01:22.425root 11241100x8000000000000000776647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a84023e5ce73b32021-12-20 16:01:22.425root 11241100x8000000000000000776648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61818040aee65172021-12-20 16:01:22.425root 11241100x8000000000000000776649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09e8fc38e9e5ec32021-12-20 16:01:22.425root 11241100x8000000000000000776650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fe02ef8fcb85032021-12-20 16:01:22.425root 11241100x8000000000000000776651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7f008f16006e692021-12-20 16:01:22.425root 11241100x8000000000000000776652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f66cdfc3c5f631a2021-12-20 16:01:22.425root 11241100x8000000000000000776653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb16ae644416f0802021-12-20 16:01:22.425root 11241100x8000000000000000776654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccf676d90afad972021-12-20 16:01:22.425root 11241100x8000000000000000776655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba01f5c3f08722992021-12-20 16:01:22.426root 11241100x8000000000000000776656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a3654af886b39b2021-12-20 16:01:22.426root 11241100x8000000000000000776657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3258b9eb55096e872021-12-20 16:01:22.426root 11241100x8000000000000000776658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fc4707891a997a2021-12-20 16:01:22.426root 11241100x8000000000000000776659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4eaf916328ef682021-12-20 16:01:22.426root 11241100x8000000000000000776660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26656584a44082e2021-12-20 16:01:22.426root 11241100x8000000000000000776661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8a69ad87b425e12021-12-20 16:01:22.426root 11241100x8000000000000000776662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e53503cbbcc76d2021-12-20 16:01:22.426root 11241100x8000000000000000776663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4f54d46b8d0f632021-12-20 16:01:22.426root 11241100x8000000000000000776664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33218574efcce7d2021-12-20 16:01:22.426root 11241100x8000000000000000776665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7370c2a08c84cfe72021-12-20 16:01:22.427root 11241100x8000000000000000776666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387ebb44488693fd2021-12-20 16:01:22.427root 11241100x8000000000000000776667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9ec9a741052f152021-12-20 16:01:22.427root 11241100x8000000000000000776668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a7fa9da50596db2021-12-20 16:01:22.924root 11241100x8000000000000000776669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a1a419acecfaa12021-12-20 16:01:22.924root 11241100x8000000000000000776670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a66f869a613b2902021-12-20 16:01:22.924root 11241100x8000000000000000776671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9037adbbb1c1b2b52021-12-20 16:01:22.924root 11241100x8000000000000000776672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bbd71849e552d02021-12-20 16:01:22.924root 11241100x8000000000000000776673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29469446507666d2021-12-20 16:01:22.925root 11241100x8000000000000000776674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6544d95162926e82021-12-20 16:01:22.925root 11241100x8000000000000000776675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b546edc1046d1b2021-12-20 16:01:22.925root 11241100x8000000000000000776676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1f0ecb7436edc92021-12-20 16:01:22.925root 11241100x8000000000000000776677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35087335dfe47b882021-12-20 16:01:22.925root 11241100x8000000000000000776678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1100d2299291bce32021-12-20 16:01:22.925root 11241100x8000000000000000776679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d6cf6afa3c3ca52021-12-20 16:01:22.925root 11241100x8000000000000000776680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a3d440eef22c872021-12-20 16:01:22.925root 11241100x8000000000000000776681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d58f6c7eddf31f92021-12-20 16:01:22.925root 11241100x8000000000000000776682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879636b2bd4ecb692021-12-20 16:01:22.926root 11241100x8000000000000000776683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec63c31ff52078872021-12-20 16:01:22.926root 11241100x8000000000000000776684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba8f309eb177c972021-12-20 16:01:22.926root 11241100x8000000000000000776685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bdaa8fa372e19c2021-12-20 16:01:22.926root 11241100x8000000000000000776686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a7e5e65cea2b3d2021-12-20 16:01:22.926root 11241100x8000000000000000776687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0578105e9c53f3612021-12-20 16:01:22.926root 11241100x8000000000000000776688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfeb26caeb00af0a2021-12-20 16:01:22.927root 11241100x8000000000000000776689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84cfa5cd9ea51bb2021-12-20 16:01:22.927root 11241100x8000000000000000776690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3344f0752aef239e2021-12-20 16:01:22.927root 11241100x8000000000000000776691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907b9e005fe2ce192021-12-20 16:01:22.927root 11241100x8000000000000000776692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:22.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ae1d675e6c718c2021-12-20 16:01:22.927root 11241100x8000000000000000776693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2102c2b7761ffd62021-12-20 16:01:23.424root 11241100x8000000000000000776694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3948a6e033bd75d12021-12-20 16:01:23.424root 11241100x8000000000000000776695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1503d34679f523de2021-12-20 16:01:23.424root 11241100x8000000000000000776696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e975aba53590522021-12-20 16:01:23.424root 11241100x8000000000000000776697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9156a83db6d62162021-12-20 16:01:23.424root 11241100x8000000000000000776698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c438cb5f7752f7162021-12-20 16:01:23.424root 11241100x8000000000000000776699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e535425c71f5e42021-12-20 16:01:23.425root 11241100x8000000000000000776700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ece5871f8ff09b42021-12-20 16:01:23.425root 11241100x8000000000000000776701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749d16f9a62241c42021-12-20 16:01:23.425root 11241100x8000000000000000776702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f64f9bbec3f67d2021-12-20 16:01:23.425root 11241100x8000000000000000776703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c197f667db23c442021-12-20 16:01:23.425root 11241100x8000000000000000776704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ba45354ead35c92021-12-20 16:01:23.425root 11241100x8000000000000000776705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb658025d8587b12021-12-20 16:01:23.425root 11241100x8000000000000000776706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25de3430a84d22ba2021-12-20 16:01:23.425root 11241100x8000000000000000776707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a7d3c39f19724f2021-12-20 16:01:23.425root 11241100x8000000000000000776708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65c5124771372c82021-12-20 16:01:23.426root 11241100x8000000000000000776709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a839b48e7aff97f62021-12-20 16:01:23.426root 11241100x8000000000000000776710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ca6efbeac6fa152021-12-20 16:01:23.426root 11241100x8000000000000000776711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2355804dbd511fef2021-12-20 16:01:23.426root 11241100x8000000000000000776712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790786fa225591102021-12-20 16:01:23.426root 11241100x8000000000000000776713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cfaf8a65837ba42021-12-20 16:01:23.426root 11241100x8000000000000000776714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a350cdc1c55b3ccb2021-12-20 16:01:23.426root 11241100x8000000000000000776715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f76d57d507902152021-12-20 16:01:23.427root 11241100x8000000000000000776716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882768637ee201772021-12-20 16:01:23.427root 11241100x8000000000000000776717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e483e825d8b796c2021-12-20 16:01:23.427root 11241100x8000000000000000776718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41a3ba57808ef5a2021-12-20 16:01:23.427root 11241100x8000000000000000776719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9a2fa7e155d5382021-12-20 16:01:23.427root 11241100x8000000000000000776720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf124c890c5f8432021-12-20 16:01:23.427root 11241100x8000000000000000776721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9427ab6f9af5a56a2021-12-20 16:01:23.427root 11241100x8000000000000000776722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57ba9dbff2d8f1f2021-12-20 16:01:23.427root 11241100x8000000000000000776723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6632a6417c8f3d932021-12-20 16:01:23.924root 11241100x8000000000000000776724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e39a16263ab41502021-12-20 16:01:23.924root 11241100x8000000000000000776725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c44464e31037ee72021-12-20 16:01:23.924root 11241100x8000000000000000776726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac6eaa30dbd8f392021-12-20 16:01:23.924root 11241100x8000000000000000776727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd48a1e11b474942021-12-20 16:01:23.925root 11241100x8000000000000000776728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462b299f45362a322021-12-20 16:01:23.925root 11241100x8000000000000000776729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd602d507f5e2a32021-12-20 16:01:23.925root 11241100x8000000000000000776730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34a9f1bd0fca02c2021-12-20 16:01:23.925root 11241100x8000000000000000776731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c038d2a2565d57422021-12-20 16:01:23.925root 11241100x8000000000000000776732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e14ce53443d873a2021-12-20 16:01:23.925root 11241100x8000000000000000776733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18d32abc293e91b2021-12-20 16:01:23.925root 11241100x8000000000000000776734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a04347a31e7a152021-12-20 16:01:23.925root 11241100x8000000000000000776735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aadaddcdb48c7d2021-12-20 16:01:23.925root 11241100x8000000000000000776736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b637957fdd8fd642021-12-20 16:01:23.925root 11241100x8000000000000000776737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a9004dd3ef4f5f2021-12-20 16:01:23.925root 11241100x8000000000000000776738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c711a05c2cc7d74f2021-12-20 16:01:23.925root 11241100x8000000000000000776739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2a9ce8c75b95722021-12-20 16:01:23.925root 11241100x8000000000000000776740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61382b220c07ab492021-12-20 16:01:23.925root 11241100x8000000000000000776741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6d31d67862013f2021-12-20 16:01:23.926root 11241100x8000000000000000776742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0797ffc538ad4b632021-12-20 16:01:23.926root 11241100x8000000000000000776743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd46ff5bf6dbb312021-12-20 16:01:23.926root 11241100x8000000000000000776744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de51cd7968a072e82021-12-20 16:01:23.926root 11241100x8000000000000000776745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5333aa8bae435b02021-12-20 16:01:23.926root 11241100x8000000000000000776746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c53ec074ea8c06e2021-12-20 16:01:23.926root 11241100x8000000000000000776747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:23.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f440bde6dd95282021-12-20 16:01:23.926root 11241100x8000000000000000776748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0a2fe11e13f7a62021-12-20 16:01:24.424root 11241100x8000000000000000776749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17764e8ad9a1d3b2021-12-20 16:01:24.424root 11241100x8000000000000000776750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966ed7e88e23ae6a2021-12-20 16:01:24.425root 11241100x8000000000000000776751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da4bc7ee452a6b92021-12-20 16:01:24.425root 11241100x8000000000000000776752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45304156e6eced12021-12-20 16:01:24.425root 11241100x8000000000000000776753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fdd79de133669c2021-12-20 16:01:24.425root 11241100x8000000000000000776754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa0667a8d96bd7a2021-12-20 16:01:24.426root 11241100x8000000000000000776755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f6629e65f6cfcb2021-12-20 16:01:24.426root 11241100x8000000000000000776756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0336d9e17be615c02021-12-20 16:01:24.426root 11241100x8000000000000000776757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f0db5212d3c7892021-12-20 16:01:24.426root 11241100x8000000000000000776758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bee503eda4b0372021-12-20 16:01:24.426root 11241100x8000000000000000776759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c362db2a3dfb32712021-12-20 16:01:24.426root 11241100x8000000000000000776760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a4530dcecc4e3c2021-12-20 16:01:24.426root 11241100x8000000000000000776761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8385b3445441ef2021-12-20 16:01:24.426root 11241100x8000000000000000776762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21a3d0607720a902021-12-20 16:01:24.426root 11241100x8000000000000000776763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e84251716900032021-12-20 16:01:24.426root 11241100x8000000000000000776764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f00e1afd543a0582021-12-20 16:01:24.426root 11241100x8000000000000000776765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb60771230b55132021-12-20 16:01:24.427root 11241100x8000000000000000776766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4db9eee347b6582021-12-20 16:01:24.427root 11241100x8000000000000000776767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2825132488d29862021-12-20 16:01:24.427root 11241100x8000000000000000776768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ba9448e71b82ef2021-12-20 16:01:24.427root 11241100x8000000000000000776769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a099289ffeac478d2021-12-20 16:01:24.427root 11241100x8000000000000000776770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947773f96126c8322021-12-20 16:01:24.427root 11241100x8000000000000000776771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313c31022d6f67612021-12-20 16:01:24.427root 11241100x8000000000000000776772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1b6c67d03c5ed92021-12-20 16:01:24.427root 11241100x8000000000000000776773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6a9302e17c67f02021-12-20 16:01:24.427root 11241100x8000000000000000776774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9345bd1f021ebb072021-12-20 16:01:24.427root 11241100x8000000000000000776775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b300a3075ac5ff62021-12-20 16:01:24.427root 11241100x8000000000000000776776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad56c2e2a243e2cd2021-12-20 16:01:24.924root 11241100x8000000000000000776777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7972cd22eb32d22021-12-20 16:01:24.925root 11241100x8000000000000000776778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0e2d6ff8dde7cc2021-12-20 16:01:24.925root 11241100x8000000000000000776779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98da2008fd38a602021-12-20 16:01:24.925root 11241100x8000000000000000776780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da236454b46c4d42021-12-20 16:01:24.925root 11241100x8000000000000000776781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f65fa00b4287712021-12-20 16:01:24.925root 11241100x8000000000000000776782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5897918d60a9ded12021-12-20 16:01:24.925root 11241100x8000000000000000776783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768d43816137769f2021-12-20 16:01:24.926root 11241100x8000000000000000776784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde7ceac488764612021-12-20 16:01:24.926root 11241100x8000000000000000776785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43cceb36caa84e12021-12-20 16:01:24.926root 11241100x8000000000000000776786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7025ff8f94dc69402021-12-20 16:01:24.926root 11241100x8000000000000000776787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e42141bc464b562021-12-20 16:01:24.927root 11241100x8000000000000000776788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4101bb64f9b43b432021-12-20 16:01:24.927root 11241100x8000000000000000776789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff41a1a184de68c2021-12-20 16:01:24.927root 11241100x8000000000000000776790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff71b16e504e652c2021-12-20 16:01:24.927root 11241100x8000000000000000776791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073dbe3f5d7461a52021-12-20 16:01:24.927root 11241100x8000000000000000776792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88886310549a8adf2021-12-20 16:01:24.927root 11241100x8000000000000000776793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c709d6d5851fcbf2021-12-20 16:01:24.930root 11241100x8000000000000000776794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56dedbbf64344a52021-12-20 16:01:24.931root 11241100x8000000000000000776795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab67ea3242bcf2062021-12-20 16:01:24.931root 11241100x8000000000000000776796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1baaedbe2db4822021-12-20 16:01:24.932root 11241100x8000000000000000776797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc619d3fbf3bf2a2021-12-20 16:01:24.932root 11241100x8000000000000000776798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df91d22bbcfa0fc2021-12-20 16:01:24.932root 11241100x8000000000000000776799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e87394075abad72021-12-20 16:01:24.932root 11241100x8000000000000000776800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:24.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020f9feb2449ddb72021-12-20 16:01:24.933root 11241100x8000000000000000776801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c349beaf234c936d2021-12-20 16:01:25.424root 11241100x8000000000000000776802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3101a2969be1bec12021-12-20 16:01:25.424root 11241100x8000000000000000776803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1064e8f135c4ef9e2021-12-20 16:01:25.425root 11241100x8000000000000000776804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc90b68b9ea6493d2021-12-20 16:01:25.425root 11241100x8000000000000000776805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5e70c27f04bc652021-12-20 16:01:25.425root 11241100x8000000000000000776806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0136d6a6a9eeb9a62021-12-20 16:01:25.425root 11241100x8000000000000000776807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ab8bb036d71f2d2021-12-20 16:01:25.425root 11241100x8000000000000000776808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d741fefbc7d032192021-12-20 16:01:25.425root 11241100x8000000000000000776809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b510775454c81d92021-12-20 16:01:25.425root 11241100x8000000000000000776810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7b8f82cbe0ecac2021-12-20 16:01:25.425root 11241100x8000000000000000776811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6f9b6c38344e792021-12-20 16:01:25.425root 11241100x8000000000000000776812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c5ace9dab2d1112021-12-20 16:01:25.425root 11241100x8000000000000000776813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfa01b05fe40a8d2021-12-20 16:01:25.426root 11241100x8000000000000000776814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac364005f65e62d42021-12-20 16:01:25.426root 11241100x8000000000000000776815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04110aac69faa9e82021-12-20 16:01:25.426root 11241100x8000000000000000776816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48b93db46f13cd32021-12-20 16:01:25.426root 11241100x8000000000000000776817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986e2ec6f3d47c8d2021-12-20 16:01:25.426root 11241100x8000000000000000776818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cac94f795d2d1c12021-12-20 16:01:25.426root 11241100x8000000000000000776819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172ebd805cc4be172021-12-20 16:01:25.426root 11241100x8000000000000000776820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb5d3785f1b07b02021-12-20 16:01:25.426root 11241100x8000000000000000776821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dece68e3631dcf22021-12-20 16:01:25.426root 11241100x8000000000000000776822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f420ba7dd8f2222021-12-20 16:01:25.426root 11241100x8000000000000000776823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca41a8d28694d482021-12-20 16:01:25.426root 11241100x8000000000000000776824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e18dd2fa217b9c2021-12-20 16:01:25.427root 11241100x8000000000000000776825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1a9d50327095042021-12-20 16:01:25.427root 11241100x8000000000000000776826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239e13a79a50fd192021-12-20 16:01:25.924root 11241100x8000000000000000776827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df275d8b2d0df2d62021-12-20 16:01:25.924root 11241100x8000000000000000776828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2034784ff65f6052021-12-20 16:01:25.924root 11241100x8000000000000000776829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b249cb2864a3e392021-12-20 16:01:25.924root 11241100x8000000000000000776830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0359ed9087aebd82021-12-20 16:01:25.924root 11241100x8000000000000000776831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1d615862cf09c62021-12-20 16:01:25.924root 11241100x8000000000000000776832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61296bcd2af1c8ad2021-12-20 16:01:25.925root 11241100x8000000000000000776833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd09bb9bcfe213cb2021-12-20 16:01:25.925root 11241100x8000000000000000776834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6041681bfc3af8862021-12-20 16:01:25.925root 11241100x8000000000000000776835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cb6a15107d3baa2021-12-20 16:01:25.925root 11241100x8000000000000000776836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e191a66e8d62ecb2021-12-20 16:01:25.925root 11241100x8000000000000000776837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b730cd84ca106d62021-12-20 16:01:25.925root 11241100x8000000000000000776838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2ebee380da0f292021-12-20 16:01:25.926root 11241100x8000000000000000776839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a914fad517c379d2021-12-20 16:01:25.926root 11241100x8000000000000000776840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4c5fe4ef08c06e2021-12-20 16:01:25.926root 11241100x8000000000000000776841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e39848746d026bc2021-12-20 16:01:25.926root 11241100x8000000000000000776842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a95e0d5350108002021-12-20 16:01:25.926root 11241100x8000000000000000776843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac5d6552c3fa7662021-12-20 16:01:25.926root 11241100x8000000000000000776844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3215b907b7d4b1062021-12-20 16:01:25.927root 11241100x8000000000000000776845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30e14b8609bab2f2021-12-20 16:01:25.927root 11241100x8000000000000000776846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0819b6138977192021-12-20 16:01:25.927root 11241100x8000000000000000776847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2612db892b200e592021-12-20 16:01:25.927root 11241100x8000000000000000776848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60975c3943e0d552021-12-20 16:01:25.929root 11241100x8000000000000000776849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e19bb3baa22b802021-12-20 16:01:25.929root 11241100x8000000000000000776850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:25.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b513c9d991b24b2021-12-20 16:01:25.929root 354300x8000000000000000776851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.177{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51524-false10.0.1.12-8000- 11241100x8000000000000000776852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423b09767ab6d5ce2021-12-20 16:01:26.178root 11241100x8000000000000000776853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820564ae8dbdf0c52021-12-20 16:01:26.178root 11241100x8000000000000000776854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eae0d9b5f5b74e2021-12-20 16:01:26.178root 11241100x8000000000000000776855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b98f476c176ba622021-12-20 16:01:26.178root 11241100x8000000000000000776856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb3edf1d714d9262021-12-20 16:01:26.178root 11241100x8000000000000000776857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed80a9ecce6241312021-12-20 16:01:26.179root 11241100x8000000000000000776858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d8587fc54eeb142021-12-20 16:01:26.179root 11241100x8000000000000000776859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3e458665bc12c32021-12-20 16:01:26.179root 11241100x8000000000000000776860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d692b12d4021706a2021-12-20 16:01:26.179root 11241100x8000000000000000776861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a06c676f40683482021-12-20 16:01:26.179root 11241100x8000000000000000776862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da1d707f401a7492021-12-20 16:01:26.179root 11241100x8000000000000000776863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2000c11746cbdb3a2021-12-20 16:01:26.179root 11241100x8000000000000000776864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90659459b42afa562021-12-20 16:01:26.179root 11241100x8000000000000000776865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd3f6f0d45f4df42021-12-20 16:01:26.179root 11241100x8000000000000000776866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31cf193865f03722021-12-20 16:01:26.179root 11241100x8000000000000000776867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90871b7b54ad26ce2021-12-20 16:01:26.179root 11241100x8000000000000000776868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281880833beae1672021-12-20 16:01:26.179root 11241100x8000000000000000776869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88b224afd2b38e52021-12-20 16:01:26.180root 11241100x8000000000000000776870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff6b6af0050d00d2021-12-20 16:01:26.180root 11241100x8000000000000000776871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bd5f050ab1c07a2021-12-20 16:01:26.180root 11241100x8000000000000000776872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea296221226fb10c2021-12-20 16:01:26.180root 11241100x8000000000000000776873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30c9b555921a9872021-12-20 16:01:26.180root 11241100x8000000000000000776874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad0e9eeb1727f6c2021-12-20 16:01:26.180root 11241100x8000000000000000776875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed417f2f3d45fc442021-12-20 16:01:26.180root 11241100x8000000000000000776876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5adeb2d330694152021-12-20 16:01:26.180root 11241100x8000000000000000776877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a199ac917ce119932021-12-20 16:01:26.180root 11241100x8000000000000000776878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5ac65d2435d6452021-12-20 16:01:26.180root 11241100x8000000000000000776879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531a9bd81ced36cf2021-12-20 16:01:26.181root 11241100x8000000000000000776880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ba9b7ea707388b2021-12-20 16:01:26.181root 11241100x8000000000000000776881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7e87558cd6c4b72021-12-20 16:01:26.185root 11241100x8000000000000000776882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc666ab01f62c6f2021-12-20 16:01:26.185root 11241100x8000000000000000776883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d2e8836a5c74e52021-12-20 16:01:26.185root 11241100x8000000000000000776884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0499b2361d5bad0a2021-12-20 16:01:26.185root 11241100x8000000000000000776885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f5fe6ba47a3cb12021-12-20 16:01:26.185root 11241100x8000000000000000776886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ffad5df16142362021-12-20 16:01:26.185root 11241100x8000000000000000776887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202be59478c69eb72021-12-20 16:01:26.186root 11241100x8000000000000000776888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a9de4106a25b582021-12-20 16:01:26.186root 11241100x8000000000000000776889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227b15201bdd416f2021-12-20 16:01:26.186root 11241100x8000000000000000776890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5c7138c49ff5282021-12-20 16:01:26.186root 11241100x8000000000000000776891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3b86140e20d0132021-12-20 16:01:26.186root 11241100x8000000000000000776892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e38f5086fb62092021-12-20 16:01:26.186root 11241100x8000000000000000776893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e5edccb423e8432021-12-20 16:01:26.186root 11241100x8000000000000000776894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce6cc2df2d0179f2021-12-20 16:01:26.186root 11241100x8000000000000000776895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e29a9902ea254952021-12-20 16:01:26.187root 11241100x8000000000000000776896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caf12e874a1f1be2021-12-20 16:01:26.187root 11241100x8000000000000000776897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f251f5d378b9e57b2021-12-20 16:01:26.187root 11241100x8000000000000000776898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fbfc219c2f43432021-12-20 16:01:26.187root 11241100x8000000000000000776899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1591b21769bfb8192021-12-20 16:01:26.187root 11241100x8000000000000000776900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbcbdea6ca0b0482021-12-20 16:01:26.187root 11241100x8000000000000000776901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371818373a08c07d2021-12-20 16:01:26.187root 11241100x8000000000000000776902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2d1b10c18088a12021-12-20 16:01:26.187root 11241100x8000000000000000776903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eec53ae5600aae2021-12-20 16:01:26.187root 11241100x8000000000000000776904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a87c609d85d90f82021-12-20 16:01:26.187root 11241100x8000000000000000776905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aeb8300607c3872021-12-20 16:01:26.187root 11241100x8000000000000000776906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5441fa590e5921f62021-12-20 16:01:26.187root 11241100x8000000000000000776907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17044ac36ba169b2021-12-20 16:01:26.187root 11241100x8000000000000000776908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.187{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87ea0b24d44731e2021-12-20 16:01:26.187root 11241100x8000000000000000776909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8fd50886bb25a22021-12-20 16:01:26.188root 11241100x8000000000000000776910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5258fa0ef86180862021-12-20 16:01:26.188root 11241100x8000000000000000776911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc70af81f8b225ec2021-12-20 16:01:26.188root 11241100x8000000000000000776912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.188{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9069a25612daec2d2021-12-20 16:01:26.188root 11241100x8000000000000000776913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9334c8a0fc1ab52021-12-20 16:01:26.674root 11241100x8000000000000000776914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdf9f8dc4a841c02021-12-20 16:01:26.674root 11241100x8000000000000000776915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39500061a8cd4e802021-12-20 16:01:26.674root 11241100x8000000000000000776916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975c22600bbe8a322021-12-20 16:01:26.674root 11241100x8000000000000000776917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cb9ee3169237c22021-12-20 16:01:26.675root 11241100x8000000000000000776918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5f347f0f65304e2021-12-20 16:01:26.675root 11241100x8000000000000000776919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b742e809a44c03872021-12-20 16:01:26.675root 11241100x8000000000000000776920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4cf6908910edb32021-12-20 16:01:26.675root 11241100x8000000000000000776921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e553aa6bacfc932021-12-20 16:01:26.675root 11241100x8000000000000000776922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e21bab56b077f02021-12-20 16:01:26.676root 11241100x8000000000000000776923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5076db999bef3bb92021-12-20 16:01:26.676root 11241100x8000000000000000776924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d287ac18a8870a512021-12-20 16:01:26.676root 11241100x8000000000000000776925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c253b4b56597892021-12-20 16:01:26.676root 11241100x8000000000000000776926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e598d32035ad922021-12-20 16:01:26.677root 11241100x8000000000000000776927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce4f13348f378592021-12-20 16:01:26.677root 11241100x8000000000000000776928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb6935b3158d75c2021-12-20 16:01:26.677root 11241100x8000000000000000776929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc25af44eeff3b32021-12-20 16:01:26.678root 11241100x8000000000000000776930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db652f793880c28a2021-12-20 16:01:26.678root 11241100x8000000000000000776931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80084e1a06139e752021-12-20 16:01:26.678root 11241100x8000000000000000776932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaad12e75da14352021-12-20 16:01:26.679root 11241100x8000000000000000776933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496c07be471399da2021-12-20 16:01:26.679root 11241100x8000000000000000776934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5928776deebf5f302021-12-20 16:01:26.679root 11241100x8000000000000000776935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd72e2c03d232352021-12-20 16:01:26.679root 11241100x8000000000000000776936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4ea48bb242ab502021-12-20 16:01:26.680root 11241100x8000000000000000776937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fbfc1c78f7807b2021-12-20 16:01:26.680root 11241100x8000000000000000776938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e348682f1fd3e2ab2021-12-20 16:01:26.680root 11241100x8000000000000000776939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2371594a6278db4e2021-12-20 16:01:26.681root 11241100x8000000000000000776940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791cfd9f2ae9580f2021-12-20 16:01:26.681root 11241100x8000000000000000776941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1df99f6aa887f82021-12-20 16:01:26.681root 11241100x8000000000000000776942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7993e9458f5997fd2021-12-20 16:01:26.681root 11241100x8000000000000000776943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbee994f0093b2892021-12-20 16:01:26.681root 11241100x8000000000000000776944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2fa76c7ea3944e2021-12-20 16:01:26.681root 11241100x8000000000000000776945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:26.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9d135f1fe3eabd2021-12-20 16:01:26.682root 11241100x8000000000000000776946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bd8f0059322e1b2021-12-20 16:01:27.174root 11241100x8000000000000000776947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3969774ae2612f6a2021-12-20 16:01:27.174root 11241100x8000000000000000776948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47f98bf49a5239f2021-12-20 16:01:27.175root 11241100x8000000000000000776949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241dc68884775bb52021-12-20 16:01:27.175root 11241100x8000000000000000776950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61669ba98093dae72021-12-20 16:01:27.175root 11241100x8000000000000000776951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca82b3bdb51856a12021-12-20 16:01:27.176root 11241100x8000000000000000776952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2046ffaebe125682021-12-20 16:01:27.176root 11241100x8000000000000000776953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a799b0375ec3d82021-12-20 16:01:27.176root 11241100x8000000000000000776954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee6f9e40d21702b2021-12-20 16:01:27.177root 11241100x8000000000000000776955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bbb11994188cb12021-12-20 16:01:27.177root 11241100x8000000000000000776956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cea20cfb17e70922021-12-20 16:01:27.177root 11241100x8000000000000000776957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c95de2229aac782021-12-20 16:01:27.177root 11241100x8000000000000000776958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def2e605c813f8df2021-12-20 16:01:27.177root 11241100x8000000000000000776959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaaadfae1b344922021-12-20 16:01:27.178root 11241100x8000000000000000776960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f234df890d38152021-12-20 16:01:27.178root 11241100x8000000000000000776961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e1019f05ec750f2021-12-20 16:01:27.178root 11241100x8000000000000000776962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85b0dc3045b136a2021-12-20 16:01:27.178root 11241100x8000000000000000776963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102fe18363ce1dce2021-12-20 16:01:27.178root 11241100x8000000000000000776964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f172067545d289c2021-12-20 16:01:27.178root 11241100x8000000000000000776965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4390c6703e633be2021-12-20 16:01:27.178root 11241100x8000000000000000776966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c0ae475cfe5eea2021-12-20 16:01:27.178root 11241100x8000000000000000776967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafdb4e541e287102021-12-20 16:01:27.178root 11241100x8000000000000000776968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca33b1f8f997736e2021-12-20 16:01:27.179root 11241100x8000000000000000776969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec60ff84e6fb585a2021-12-20 16:01:27.179root 11241100x8000000000000000776970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3e6cf19f8b98222021-12-20 16:01:27.179root 11241100x8000000000000000776971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3c42d9500849392021-12-20 16:01:27.179root 11241100x8000000000000000776972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc0878f1fe8251c2021-12-20 16:01:27.675root 11241100x8000000000000000776973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7d0953281a6b902021-12-20 16:01:27.675root 11241100x8000000000000000776974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d585f26289589a632021-12-20 16:01:27.675root 11241100x8000000000000000776975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa86587173e11362021-12-20 16:01:27.675root 11241100x8000000000000000776976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160a9c8efeaee5c92021-12-20 16:01:27.675root 11241100x8000000000000000776977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fa64fee13280de2021-12-20 16:01:27.675root 11241100x8000000000000000776978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdb64312af1598e2021-12-20 16:01:27.675root 11241100x8000000000000000776979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aeb254dfa6c31b2021-12-20 16:01:27.675root 11241100x8000000000000000776980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427a673797de7ea52021-12-20 16:01:27.676root 11241100x8000000000000000776981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfb561d3ddbe72a2021-12-20 16:01:27.676root 11241100x8000000000000000776982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf26e4147a87498f2021-12-20 16:01:27.676root 11241100x8000000000000000776983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a43767cd4ce13042021-12-20 16:01:27.676root 11241100x8000000000000000776984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd01187af1d21a52021-12-20 16:01:27.676root 11241100x8000000000000000776985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfea45ceedd6e7d2021-12-20 16:01:27.676root 11241100x8000000000000000776986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72535374c6f661e72021-12-20 16:01:27.676root 11241100x8000000000000000776987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4015d3856210fe2021-12-20 16:01:27.676root 11241100x8000000000000000776988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cb3046a797be3d2021-12-20 16:01:27.676root 11241100x8000000000000000776989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499a904bb56622bc2021-12-20 16:01:27.677root 11241100x8000000000000000776990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b1b70f6d778c3f2021-12-20 16:01:27.677root 11241100x8000000000000000776991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa531ac6d10cb522021-12-20 16:01:27.677root 11241100x8000000000000000776992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ca45c1798fa4e52021-12-20 16:01:27.677root 11241100x8000000000000000776993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e663fc7c78ad84e92021-12-20 16:01:27.677root 11241100x8000000000000000776994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d9d0ae90bf39d22021-12-20 16:01:27.677root 11241100x8000000000000000776995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f2b62a6450b4632021-12-20 16:01:27.677root 11241100x8000000000000000776996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb99052635d0fd32021-12-20 16:01:27.677root 11241100x8000000000000000776997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c38289c672edf42021-12-20 16:01:27.677root 11241100x8000000000000000776998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d4d1a2061fca6b2021-12-20 16:01:28.174root 11241100x8000000000000000776999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc92282c0a2aed582021-12-20 16:01:28.174root 11241100x8000000000000000777000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0d2c0d3699e0d92021-12-20 16:01:28.175root 11241100x8000000000000000777001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f204111b6af963532021-12-20 16:01:28.175root 11241100x8000000000000000777002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92830e14692e6de52021-12-20 16:01:28.175root 11241100x8000000000000000777003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e1d323864658412021-12-20 16:01:28.175root 11241100x8000000000000000777004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332b602865c5e4742021-12-20 16:01:28.176root 11241100x8000000000000000777005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed16f1243188bf52021-12-20 16:01:28.176root 11241100x8000000000000000777006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec706e6cc7ce96912021-12-20 16:01:28.176root 11241100x8000000000000000777007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22876666dbe3be172021-12-20 16:01:28.176root 11241100x8000000000000000777008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7076a313553b2952021-12-20 16:01:28.177root 11241100x8000000000000000777009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021f4f1fabde21d52021-12-20 16:01:28.177root 11241100x8000000000000000777010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94550a80a465c23d2021-12-20 16:01:28.177root 11241100x8000000000000000777011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4ac0b8a4634b3b2021-12-20 16:01:28.177root 11241100x8000000000000000777012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b50a140ce146d2c2021-12-20 16:01:28.177root 11241100x8000000000000000777013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4d2c40272505172021-12-20 16:01:28.177root 11241100x8000000000000000777014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1526da5e441d8342021-12-20 16:01:28.177root 11241100x8000000000000000777015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09193087960db832021-12-20 16:01:28.178root 11241100x8000000000000000777016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcbbb7e2652e2ca2021-12-20 16:01:28.178root 11241100x8000000000000000777017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013ffcc10a14fce52021-12-20 16:01:28.178root 11241100x8000000000000000777018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5077e5abe82d3f862021-12-20 16:01:28.178root 11241100x8000000000000000777019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec7d39fb495a8002021-12-20 16:01:28.178root 11241100x8000000000000000777020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32825c08e477a3e2021-12-20 16:01:28.178root 11241100x8000000000000000777021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e002f18db7542b2021-12-20 16:01:28.178root 11241100x8000000000000000777022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c65db342faac992021-12-20 16:01:28.178root 11241100x8000000000000000777023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f29434d8b71c442021-12-20 16:01:28.178root 11241100x8000000000000000777024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157fdc76b00264b32021-12-20 16:01:28.178root 11241100x8000000000000000777025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dc2fa7ba6656642021-12-20 16:01:28.674root 11241100x8000000000000000777026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ccd59c2f24152c2021-12-20 16:01:28.674root 11241100x8000000000000000777027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3818ab66327a6aa82021-12-20 16:01:28.674root 11241100x8000000000000000777028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0825416cc200ad72021-12-20 16:01:28.674root 11241100x8000000000000000777029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3151903362d1a312021-12-20 16:01:28.675root 11241100x8000000000000000777030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e6aabe09ec45282021-12-20 16:01:28.675root 11241100x8000000000000000777031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79540a75bd32ec12021-12-20 16:01:28.675root 11241100x8000000000000000777032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee9f50d3f814f1a2021-12-20 16:01:28.675root 11241100x8000000000000000777033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf4c0e21ec0f3742021-12-20 16:01:28.675root 11241100x8000000000000000777034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50959ee38b4218252021-12-20 16:01:28.676root 11241100x8000000000000000777035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34107d05ff89a6b42021-12-20 16:01:28.676root 11241100x8000000000000000777036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c054d1e1e6f997542021-12-20 16:01:28.676root 11241100x8000000000000000777037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a751c8015831fb02021-12-20 16:01:28.676root 11241100x8000000000000000777038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57272f95490d0182021-12-20 16:01:28.676root 11241100x8000000000000000777039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74903690a035f78e2021-12-20 16:01:28.677root 11241100x8000000000000000777040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74525a5b32c6bf6e2021-12-20 16:01:28.677root 11241100x8000000000000000777041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2e6fcf4620273c2021-12-20 16:01:28.677root 11241100x8000000000000000777042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526753e40952ec882021-12-20 16:01:28.677root 11241100x8000000000000000777043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bced2f536ea6bb3c2021-12-20 16:01:28.678root 11241100x8000000000000000777044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5bd867364208262021-12-20 16:01:28.678root 11241100x8000000000000000777045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f154ad1be9950f2021-12-20 16:01:28.678root 11241100x8000000000000000777046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ce0b44827bbe852021-12-20 16:01:28.678root 11241100x8000000000000000777047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af5703a3207cff22021-12-20 16:01:28.679root 11241100x8000000000000000777048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb8c8c71a08d5ed2021-12-20 16:01:28.679root 11241100x8000000000000000777049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913c4ba14ec39cf62021-12-20 16:01:28.679root 11241100x8000000000000000777050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73293d69a43c4c62021-12-20 16:01:28.679root 11241100x8000000000000000777051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:28.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8b9fd430acb7c52021-12-20 16:01:28.680root 11241100x8000000000000000777052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ea795dc13b5f922021-12-20 16:01:29.174root 11241100x8000000000000000777053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c70c47bf99c57412021-12-20 16:01:29.175root 11241100x8000000000000000777054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1689cae09e7764302021-12-20 16:01:29.175root 11241100x8000000000000000777055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d2a2d8d1a253372021-12-20 16:01:29.175root 11241100x8000000000000000777056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912fbcc6592cdb192021-12-20 16:01:29.175root 11241100x8000000000000000777057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b5203fade6063c2021-12-20 16:01:29.176root 11241100x8000000000000000777058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea20f5d275480bd2021-12-20 16:01:29.176root 11241100x8000000000000000777059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674950d8a0f8395e2021-12-20 16:01:29.176root 11241100x8000000000000000777060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ab19b6657511902021-12-20 16:01:29.176root 11241100x8000000000000000777061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d26bab8e34c120a2021-12-20 16:01:29.176root 11241100x8000000000000000777062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc35ed8719b50822021-12-20 16:01:29.177root 11241100x8000000000000000777063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e549fd67c188f3c72021-12-20 16:01:29.177root 11241100x8000000000000000777064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f121538f346a54452021-12-20 16:01:29.177root 11241100x8000000000000000777065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc73880e433b3d1c2021-12-20 16:01:29.177root 11241100x8000000000000000777066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a7a58797e35d632021-12-20 16:01:29.177root 11241100x8000000000000000777067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f1f35a8ed028cf2021-12-20 16:01:29.178root 11241100x8000000000000000777068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99102549382377f32021-12-20 16:01:29.178root 11241100x8000000000000000777069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cc7acca1ca36d82021-12-20 16:01:29.178root 11241100x8000000000000000777070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba9a2778ea7cc7f2021-12-20 16:01:29.178root 11241100x8000000000000000777071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92c5795d04233962021-12-20 16:01:29.178root 11241100x8000000000000000777072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e618e379e80a6c2021-12-20 16:01:29.178root 11241100x8000000000000000777073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fc283daf4b78b22021-12-20 16:01:29.179root 11241100x8000000000000000777074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae748c0b6215d692021-12-20 16:01:29.179root 11241100x8000000000000000777075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bc219a421c7faa2021-12-20 16:01:29.179root 11241100x8000000000000000777076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db83168e601d634f2021-12-20 16:01:29.179root 11241100x8000000000000000777077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad1bc9f33f9a9ad2021-12-20 16:01:29.179root 11241100x8000000000000000777078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fafb8082aca6122021-12-20 16:01:29.674root 11241100x8000000000000000777079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9b3fc92523b80f2021-12-20 16:01:29.674root 11241100x8000000000000000777080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52859a7e6f697c172021-12-20 16:01:29.674root 11241100x8000000000000000777081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99462f4e851815f2021-12-20 16:01:29.674root 11241100x8000000000000000777082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c5e1c5cc6c914e2021-12-20 16:01:29.675root 11241100x8000000000000000777083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c717254b31bc1442021-12-20 16:01:29.675root 11241100x8000000000000000777084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33814b027f522372021-12-20 16:01:29.675root 11241100x8000000000000000777085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad097f64d94e5c12021-12-20 16:01:29.675root 11241100x8000000000000000777086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe0f0a3d408c5f02021-12-20 16:01:29.675root 11241100x8000000000000000777087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ba5e0e842caceb2021-12-20 16:01:29.676root 11241100x8000000000000000777088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db6c5b1ed7d8d112021-12-20 16:01:29.676root 11241100x8000000000000000777089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea760cc205671b02021-12-20 16:01:29.676root 11241100x8000000000000000777090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f61fd7fdf98e062021-12-20 16:01:29.676root 11241100x8000000000000000777091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ea66664d9883832021-12-20 16:01:29.676root 11241100x8000000000000000777092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900b4c83fc2dfaf42021-12-20 16:01:29.677root 11241100x8000000000000000777093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ba13349ac0cae92021-12-20 16:01:29.677root 11241100x8000000000000000777094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb690fed3e1a5122021-12-20 16:01:29.677root 11241100x8000000000000000777095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd60d066c57febd42021-12-20 16:01:29.677root 11241100x8000000000000000777096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f45c8d17d596c7b2021-12-20 16:01:29.677root 11241100x8000000000000000777097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5371e394ecf273d52021-12-20 16:01:29.678root 11241100x8000000000000000777098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dde62d3af983202021-12-20 16:01:29.678root 11241100x8000000000000000777099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bf9e9b562efdf02021-12-20 16:01:29.678root 11241100x8000000000000000777100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541a5fc9533a81842021-12-20 16:01:29.678root 11241100x8000000000000000777101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235ae7f08360034e2021-12-20 16:01:29.678root 11241100x8000000000000000777102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f26b71fa50aecd2021-12-20 16:01:29.678root 11241100x8000000000000000777103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81db571a8d3dfd302021-12-20 16:01:29.679root 11241100x8000000000000000777104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599597d0e60fd9612021-12-20 16:01:29.679root 11241100x8000000000000000777105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4c97fd54f6965a2021-12-20 16:01:29.679root 11241100x8000000000000000777106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79022d9ed75aa45c2021-12-20 16:01:30.174root 11241100x8000000000000000777107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174620dd863df5c52021-12-20 16:01:30.174root 11241100x8000000000000000777108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44967a45aa7265f2021-12-20 16:01:30.174root 11241100x8000000000000000777109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dced5212915ba71e2021-12-20 16:01:30.174root 11241100x8000000000000000777110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3110cd7002903072021-12-20 16:01:30.175root 11241100x8000000000000000777111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0800c2da6f11382021-12-20 16:01:30.175root 11241100x8000000000000000777112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27821c021d4d58262021-12-20 16:01:30.175root 11241100x8000000000000000777113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614338e13a11cbc92021-12-20 16:01:30.175root 11241100x8000000000000000777114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac4a66a214b9bcf2021-12-20 16:01:30.175root 11241100x8000000000000000777115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce89c739b31715f2021-12-20 16:01:30.176root 11241100x8000000000000000777116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d41ebc5a6308672021-12-20 16:01:30.176root 11241100x8000000000000000777117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf73bea0e222da62021-12-20 16:01:30.176root 11241100x8000000000000000777118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b061e3117887642021-12-20 16:01:30.176root 11241100x8000000000000000777119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98152eac765135922021-12-20 16:01:30.177root 11241100x8000000000000000777120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c37181d5d9ba492021-12-20 16:01:30.177root 11241100x8000000000000000777121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4fed634aa38dbb2021-12-20 16:01:30.177root 11241100x8000000000000000777122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39a6f500cd447c82021-12-20 16:01:30.177root 11241100x8000000000000000777123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e733ebec1193dab42021-12-20 16:01:30.177root 11241100x8000000000000000777124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe7d503e7b0ff712021-12-20 16:01:30.178root 11241100x8000000000000000777125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56414738981210952021-12-20 16:01:30.178root 11241100x8000000000000000777126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e836336c19c9e162021-12-20 16:01:30.178root 11241100x8000000000000000777127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c00a703ad559ea2021-12-20 16:01:30.178root 11241100x8000000000000000777128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02db3abed9ca2c382021-12-20 16:01:30.183root 11241100x8000000000000000777129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88796f81580168fb2021-12-20 16:01:30.183root 11241100x8000000000000000777130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b44a8455d4a6982021-12-20 16:01:30.183root 11241100x8000000000000000777131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4613347420561c512021-12-20 16:01:30.184root 11241100x8000000000000000777132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30920d35f68835902021-12-20 16:01:30.184root 11241100x8000000000000000777133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8a46fb32eb58cc2021-12-20 16:01:30.674root 11241100x8000000000000000777134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d370bbce11361272021-12-20 16:01:30.675root 11241100x8000000000000000777135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223b0042db8416b52021-12-20 16:01:30.675root 11241100x8000000000000000777136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7268515531de2da2021-12-20 16:01:30.675root 11241100x8000000000000000777137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4e9704f48da85b2021-12-20 16:01:30.675root 11241100x8000000000000000777138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27c3450948d213a2021-12-20 16:01:30.675root 11241100x8000000000000000777139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24d32bf6ff5f16e2021-12-20 16:01:30.675root 11241100x8000000000000000777140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca689c877c2655492021-12-20 16:01:30.676root 11241100x8000000000000000777141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248f66643bad49132021-12-20 16:01:30.676root 11241100x8000000000000000777142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40747fe64947f1b22021-12-20 16:01:30.676root 11241100x8000000000000000777143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc8be07dabd5bab2021-12-20 16:01:30.676root 11241100x8000000000000000777144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c360ffd94eb426722021-12-20 16:01:30.676root 11241100x8000000000000000777145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d07bfa382caebaa2021-12-20 16:01:30.677root 11241100x8000000000000000777146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548fc477d3d8ea282021-12-20 16:01:30.677root 11241100x8000000000000000777147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e34f18372c231f52021-12-20 16:01:30.677root 11241100x8000000000000000777148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f86a7490a0c85d2021-12-20 16:01:30.678root 11241100x8000000000000000777149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b82d0700c0c544d2021-12-20 16:01:30.678root 11241100x8000000000000000777150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae19f4e7428c9d7d2021-12-20 16:01:30.678root 11241100x8000000000000000777151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b97c813d15b0b72021-12-20 16:01:30.678root 11241100x8000000000000000777152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbeccdf6a2e95b12021-12-20 16:01:30.679root 11241100x8000000000000000777153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcafc28457b23b02021-12-20 16:01:30.679root 11241100x8000000000000000777154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a04bb0846ea18092021-12-20 16:01:30.679root 11241100x8000000000000000777155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40aaf87199f2a6f2021-12-20 16:01:30.679root 11241100x8000000000000000777156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d665b326cb4847bb2021-12-20 16:01:30.679root 11241100x8000000000000000777157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b4e4a1e7bf0cb32021-12-20 16:01:30.680root 11241100x8000000000000000777158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:30.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b596fd24dd76202021-12-20 16:01:30.680root 11241100x8000000000000000777159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c77dd3824a883c72021-12-20 16:01:31.174root 11241100x8000000000000000777160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c9dcf554599f5d2021-12-20 16:01:31.175root 11241100x8000000000000000777161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad02acd7bebc922e2021-12-20 16:01:31.175root 11241100x8000000000000000777162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d230a748a0913dd2021-12-20 16:01:31.175root 11241100x8000000000000000777163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37d8acf43f6b8ff2021-12-20 16:01:31.175root 11241100x8000000000000000777164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418d074d0377e69f2021-12-20 16:01:31.175root 11241100x8000000000000000777165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d271daf6a2f7eca2021-12-20 16:01:31.176root 11241100x8000000000000000777166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeee27ac3d12ac1a2021-12-20 16:01:31.176root 11241100x8000000000000000777167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8480faefe86302cc2021-12-20 16:01:31.176root 11241100x8000000000000000777168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c638699c0708f44d2021-12-20 16:01:31.176root 11241100x8000000000000000777169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c522b39d9a0e1c222021-12-20 16:01:31.176root 11241100x8000000000000000777170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0991dcd9067c4df32021-12-20 16:01:31.177root 11241100x8000000000000000777171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253b1f1d290b3d742021-12-20 16:01:31.177root 11241100x8000000000000000777172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df56baf119929042021-12-20 16:01:31.177root 11241100x8000000000000000777173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1846578fa8d575562021-12-20 16:01:31.177root 11241100x8000000000000000777174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eab90f81e880a12021-12-20 16:01:31.177root 11241100x8000000000000000777175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ffb500097bf8642021-12-20 16:01:31.182root 11241100x8000000000000000777176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460c70e2888388ab2021-12-20 16:01:31.183root 11241100x8000000000000000777177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0369ea5e9dfba562021-12-20 16:01:31.183root 11241100x8000000000000000777178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcd5eb19a31f5982021-12-20 16:01:31.183root 11241100x8000000000000000777179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c45755d5a6b82142021-12-20 16:01:31.183root 11241100x8000000000000000777180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b07b97bc8de6aa2021-12-20 16:01:31.183root 11241100x8000000000000000777181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10a0f025fbf659d2021-12-20 16:01:31.184root 11241100x8000000000000000777182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9db2be2c37964e42021-12-20 16:01:31.184root 11241100x8000000000000000777183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157fe07828ac58df2021-12-20 16:01:31.186root 11241100x8000000000000000777184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.186{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f26300a9a86e852021-12-20 16:01:31.186root 11241100x8000000000000000777185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f059fbc5f3289c42021-12-20 16:01:31.675root 11241100x8000000000000000777186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ef66666b720d442021-12-20 16:01:31.675root 11241100x8000000000000000777187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3177196b7930563b2021-12-20 16:01:31.675root 11241100x8000000000000000777188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb60e5dd7ff0ee32021-12-20 16:01:31.675root 11241100x8000000000000000777189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2b3a8f617fb7b42021-12-20 16:01:31.676root 11241100x8000000000000000777190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a019ff14955368092021-12-20 16:01:31.676root 11241100x8000000000000000777191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9790cc9f64933c982021-12-20 16:01:31.676root 11241100x8000000000000000777192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb1330a3632c7bc2021-12-20 16:01:31.676root 11241100x8000000000000000777193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d993467e9d6696fa2021-12-20 16:01:31.677root 11241100x8000000000000000777194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90e6a44d9110ea92021-12-20 16:01:31.677root 11241100x8000000000000000777195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66601f7bd6aca88d2021-12-20 16:01:31.677root 11241100x8000000000000000777196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dcb7335b444b712021-12-20 16:01:31.677root 11241100x8000000000000000777197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4367398643a9212021-12-20 16:01:31.677root 11241100x8000000000000000777198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3651c9650646b62021-12-20 16:01:31.678root 11241100x8000000000000000777199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adf096b511076882021-12-20 16:01:31.678root 11241100x8000000000000000777200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2220a824711ca7ac2021-12-20 16:01:31.678root 11241100x8000000000000000777201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebb701cf4c6a2382021-12-20 16:01:31.678root 11241100x8000000000000000777202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c066cc5764b8bf12021-12-20 16:01:31.679root 11241100x8000000000000000777203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ac805e21bd20942021-12-20 16:01:31.679root 11241100x8000000000000000777204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a938bb15dbd838972021-12-20 16:01:31.679root 11241100x8000000000000000777205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10df21b0854126a12021-12-20 16:01:31.679root 11241100x8000000000000000777206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ba0bd6bc1fd42a2021-12-20 16:01:31.679root 11241100x8000000000000000777207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8bdf96a00d443f2021-12-20 16:01:31.679root 11241100x8000000000000000777208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7f9b482b0b52ec2021-12-20 16:01:31.679root 11241100x8000000000000000777209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557d1c6042486ba42021-12-20 16:01:31.680root 11241100x8000000000000000777210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:31.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d810b956c3bd08aa2021-12-20 16:01:31.680root 354300x8000000000000000777211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.163{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51526-false10.0.1.12-8000- 11241100x8000000000000000777212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.164{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638594b17225e72b2021-12-20 16:01:32.164root 11241100x8000000000000000777213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.164{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b9bb28a23ea0122021-12-20 16:01:32.164root 11241100x8000000000000000777214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.164{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f090b2bba866cd2021-12-20 16:01:32.164root 11241100x8000000000000000777215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.164{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81af5d4078bdb6932021-12-20 16:01:32.164root 11241100x8000000000000000777216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.164{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3225bb14785744ad2021-12-20 16:01:32.164root 11241100x8000000000000000777217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.164{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab6b127a45eadaf2021-12-20 16:01:32.164root 11241100x8000000000000000777218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.164{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd7d0ba55300f9d2021-12-20 16:01:32.164root 11241100x8000000000000000777219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.164{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d99e79005f2ae982021-12-20 16:01:32.164root 11241100x8000000000000000777220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.164{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af00fc12716fb0d2021-12-20 16:01:32.164root 11241100x8000000000000000777221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.165{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d68c7385f17d992021-12-20 16:01:32.165root 11241100x8000000000000000777222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.165{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02860ec412b873c2021-12-20 16:01:32.165root 11241100x8000000000000000777223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.165{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07888cc9fd5db0612021-12-20 16:01:32.165root 11241100x8000000000000000777224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.165{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118a6cbed94c45b82021-12-20 16:01:32.165root 11241100x8000000000000000777225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.165{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e2c9b30f5aa4392021-12-20 16:01:32.165root 11241100x8000000000000000777226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.165{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91e1dbd77849f942021-12-20 16:01:32.165root 11241100x8000000000000000777227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.166{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82569874bcd2d0ce2021-12-20 16:01:32.166root 11241100x8000000000000000777228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.166{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1310cbe46887d5b22021-12-20 16:01:32.166root 11241100x8000000000000000777229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.166{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed465e4a1bfaa032021-12-20 16:01:32.166root 11241100x8000000000000000777230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.166{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f490ad059ef1ff742021-12-20 16:01:32.166root 11241100x8000000000000000777231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.166{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f00d1c31a6ddf762021-12-20 16:01:32.166root 11241100x8000000000000000777232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.167{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62afe943adbc13452021-12-20 16:01:32.167root 11241100x8000000000000000777233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.167{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f864ad6e1de3b8952021-12-20 16:01:32.167root 11241100x8000000000000000777234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.167{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd1254f033e15a32021-12-20 16:01:32.167root 11241100x8000000000000000777235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.167{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc3ab77da0d67572021-12-20 16:01:32.167root 11241100x8000000000000000777236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.168{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c24157380ab32ef2021-12-20 16:01:32.168root 11241100x8000000000000000777237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.168{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1cb8e0886254182021-12-20 16:01:32.168root 11241100x8000000000000000777238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.168{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209128677a3f8a7b2021-12-20 16:01:32.168root 11241100x8000000000000000777239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.168{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f4a3c53980a9282021-12-20 16:01:32.168root 11241100x8000000000000000777240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.169{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ac0a7e5f8a8c872021-12-20 16:01:32.169root 11241100x8000000000000000777241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b5bc3c615c7b382021-12-20 16:01:32.424root 11241100x8000000000000000777242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff8b6df4b3f8d1d2021-12-20 16:01:32.424root 11241100x8000000000000000777243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c469b52618325bd2021-12-20 16:01:32.424root 11241100x8000000000000000777244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6620928650c60ace2021-12-20 16:01:32.424root 11241100x8000000000000000777245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd45764a2e91a80b2021-12-20 16:01:32.424root 11241100x8000000000000000777246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79b6ea63e685d332021-12-20 16:01:32.424root 11241100x8000000000000000777247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d224474377e8382021-12-20 16:01:32.424root 11241100x8000000000000000777248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb3a480110a41b12021-12-20 16:01:32.424root 11241100x8000000000000000777249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164cbba429e3a5cb2021-12-20 16:01:32.424root 11241100x8000000000000000777250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24df75fcb17f1ada2021-12-20 16:01:32.425root 11241100x8000000000000000777251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70713693200da96e2021-12-20 16:01:32.425root 11241100x8000000000000000777252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2194c0f40255e2762021-12-20 16:01:32.425root 11241100x8000000000000000777253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23c4159774b29ca2021-12-20 16:01:32.425root 11241100x8000000000000000777254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e696d6acb12ae6a2021-12-20 16:01:32.425root 11241100x8000000000000000777255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74ac1e64de4cec12021-12-20 16:01:32.425root 11241100x8000000000000000777256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f81e39662a3068e2021-12-20 16:01:32.425root 11241100x8000000000000000777257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d082c1338a2fdae2021-12-20 16:01:32.425root 11241100x8000000000000000777258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae6ffb166fbf5602021-12-20 16:01:32.425root 11241100x8000000000000000777259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876a3be13706d6792021-12-20 16:01:32.425root 11241100x8000000000000000777260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a90f38c9ad763b2021-12-20 16:01:32.426root 11241100x8000000000000000777261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da41f2e06886f6bd2021-12-20 16:01:32.426root 11241100x8000000000000000777262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c451f7eb4695e752021-12-20 16:01:32.426root 11241100x8000000000000000777263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853a7fd33a900e712021-12-20 16:01:32.426root 11241100x8000000000000000777264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aec3a26e428fd092021-12-20 16:01:32.426root 11241100x8000000000000000777265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df7e02fdc69691b2021-12-20 16:01:32.426root 11241100x8000000000000000777266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b351c8cd20e4fc4e2021-12-20 16:01:32.426root 11241100x8000000000000000777267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38224fd830a95b962021-12-20 16:01:32.426root 11241100x8000000000000000777268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27104a17113ea9dc2021-12-20 16:01:32.426root 11241100x8000000000000000777269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092d58b671410d2a2021-12-20 16:01:32.924root 11241100x8000000000000000777270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb0249eba90914b2021-12-20 16:01:32.924root 11241100x8000000000000000777271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd8a4a8b885d6472021-12-20 16:01:32.924root 11241100x8000000000000000777272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3673480f1148ab922021-12-20 16:01:32.925root 11241100x8000000000000000777273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e65899e90b29d842021-12-20 16:01:32.925root 11241100x8000000000000000777274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e966c2f9f27a022021-12-20 16:01:32.925root 11241100x8000000000000000777275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c5ae81ea886c8e2021-12-20 16:01:32.925root 11241100x8000000000000000777276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29808762044deda2021-12-20 16:01:32.925root 11241100x8000000000000000777277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ebdc8255345e852021-12-20 16:01:32.925root 11241100x8000000000000000777278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7694ce30971ca0422021-12-20 16:01:32.925root 11241100x8000000000000000777279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f8973f8c32ece62021-12-20 16:01:32.925root 11241100x8000000000000000777280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e36536a72a285e82021-12-20 16:01:32.925root 11241100x8000000000000000777281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638f7ff78200e84c2021-12-20 16:01:32.925root 11241100x8000000000000000777282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec62239f01b00f32021-12-20 16:01:32.926root 11241100x8000000000000000777283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03da115ce1b6f6172021-12-20 16:01:32.926root 11241100x8000000000000000777284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f71c868889ce342021-12-20 16:01:32.926root 11241100x8000000000000000777285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1c41b545b8f7082021-12-20 16:01:32.926root 11241100x8000000000000000777286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173b3fff56b1f7aa2021-12-20 16:01:32.926root 11241100x8000000000000000777287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13703241b3d708482021-12-20 16:01:32.926root 11241100x8000000000000000777288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef296046dd7c55d62021-12-20 16:01:32.926root 11241100x8000000000000000777289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c19d6f11057bc52021-12-20 16:01:32.926root 11241100x8000000000000000777290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214ca1d8ec79fc1d2021-12-20 16:01:32.926root 11241100x8000000000000000777291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3b9ecd86e495832021-12-20 16:01:32.926root 11241100x8000000000000000777292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee9fe01b56e6b042021-12-20 16:01:32.926root 11241100x8000000000000000777293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6e43d64d31733f2021-12-20 16:01:32.926root 11241100x8000000000000000777294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77244a742f7f3b02021-12-20 16:01:32.926root 11241100x8000000000000000777295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db66a3f7d3d08ce72021-12-20 16:01:32.926root 11241100x8000000000000000777296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cdb24cec8b9f9f2021-12-20 16:01:32.926root 11241100x8000000000000000777297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac6dc6f2f77feb12021-12-20 16:01:32.927root 11241100x8000000000000000777298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae288187fec0da62021-12-20 16:01:32.927root 11241100x8000000000000000777299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970ca85b45dc467e2021-12-20 16:01:33.424root 11241100x8000000000000000777300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cff8ac534788abc2021-12-20 16:01:33.424root 11241100x8000000000000000777301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f22fdd1c5c7f4972021-12-20 16:01:33.424root 11241100x8000000000000000777302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7806827376af8b2021-12-20 16:01:33.424root 11241100x8000000000000000777303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c890083248f11fb2021-12-20 16:01:33.425root 11241100x8000000000000000777304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea7a66f70dca7b82021-12-20 16:01:33.425root 11241100x8000000000000000777305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cf19b10c7189f92021-12-20 16:01:33.425root 11241100x8000000000000000777306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4a3042ce81295e2021-12-20 16:01:33.425root 11241100x8000000000000000777307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2ef561a85ff30c2021-12-20 16:01:33.425root 11241100x8000000000000000777308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7435fed27a3f312021-12-20 16:01:33.425root 11241100x8000000000000000777309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e8a6f44b1b3de22021-12-20 16:01:33.425root 11241100x8000000000000000777310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb2eb4fdae2cafe2021-12-20 16:01:33.425root 11241100x8000000000000000777311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4cd22698f0ae8a2021-12-20 16:01:33.425root 11241100x8000000000000000777312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0b8ba3712f71e92021-12-20 16:01:33.425root 11241100x8000000000000000777313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895943bff972be8d2021-12-20 16:01:33.425root 11241100x8000000000000000777314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b707344c6556bd32021-12-20 16:01:33.426root 11241100x8000000000000000777315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ee0d07cdb57fb02021-12-20 16:01:33.426root 11241100x8000000000000000777316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c4d40b7d22e8be2021-12-20 16:01:33.426root 11241100x8000000000000000777317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b07bb828d70b732021-12-20 16:01:33.426root 11241100x8000000000000000777318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b7914d33ae79802021-12-20 16:01:33.426root 11241100x8000000000000000777319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13db3a1a581f69422021-12-20 16:01:33.426root 11241100x8000000000000000777320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4327d698e5c9e152021-12-20 16:01:33.426root 11241100x8000000000000000777321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d937ef78d9b4112021-12-20 16:01:33.426root 11241100x8000000000000000777322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f51f814b10a90bd2021-12-20 16:01:33.426root 11241100x8000000000000000777323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972fbf4c9bd889a32021-12-20 16:01:33.426root 11241100x8000000000000000777324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d973289d6c7435c82021-12-20 16:01:33.427root 11241100x8000000000000000777325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8424db0f257bf6502021-12-20 16:01:33.427root 11241100x8000000000000000777326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bfb9856c5643d42021-12-20 16:01:33.924root 11241100x8000000000000000777327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe915e8764f6ac12021-12-20 16:01:33.924root 11241100x8000000000000000777328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ace74954274a8fd2021-12-20 16:01:33.924root 11241100x8000000000000000777329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32794b95299897c2021-12-20 16:01:33.925root 11241100x8000000000000000777330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847e20f54b41392c2021-12-20 16:01:33.925root 11241100x8000000000000000777331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c88b09231a4d1d72021-12-20 16:01:33.925root 11241100x8000000000000000777332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba13d86f3e755d72021-12-20 16:01:33.925root 11241100x8000000000000000777333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd1c5c2b55933ae2021-12-20 16:01:33.925root 11241100x8000000000000000777334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c5dbfb1fc455482021-12-20 16:01:33.925root 11241100x8000000000000000777335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59886d6f0ab7bf132021-12-20 16:01:33.925root 11241100x8000000000000000777336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb2a74b2cd74d082021-12-20 16:01:33.925root 11241100x8000000000000000777337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c984b59c30e6c1c22021-12-20 16:01:33.925root 11241100x8000000000000000777338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f3c65de7989b12021-12-20 16:01:33.925root 11241100x8000000000000000777339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2463a9aa0f1776d2021-12-20 16:01:33.926root 11241100x8000000000000000777340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988763f8073e8f552021-12-20 16:01:33.926root 11241100x8000000000000000777341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f2c0e586ceef4d2021-12-20 16:01:33.926root 11241100x8000000000000000777342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9939fbb6bc9f43f12021-12-20 16:01:33.926root 11241100x8000000000000000777343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf8f2c1cfd8e6082021-12-20 16:01:33.926root 11241100x8000000000000000777344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe8bcc122cd67242021-12-20 16:01:33.926root 11241100x8000000000000000777345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a5242864d9ae672021-12-20 16:01:33.926root 11241100x8000000000000000777346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6523e7cec321c32021-12-20 16:01:33.926root 11241100x8000000000000000777347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6677d19229e2a02021-12-20 16:01:33.926root 11241100x8000000000000000777348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a023204ecdb0532021-12-20 16:01:33.927root 11241100x8000000000000000777349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95475d94e48814042021-12-20 16:01:33.927root 11241100x8000000000000000777350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1d3cb8243448412021-12-20 16:01:33.927root 11241100x8000000000000000777351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c8debe2cec12cc2021-12-20 16:01:33.927root 11241100x8000000000000000777352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c11c4abd446fe12021-12-20 16:01:33.927root 11241100x8000000000000000777353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96675fd80ece8a092021-12-20 16:01:34.424root 11241100x8000000000000000777354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756d6f19c8ab6a6f2021-12-20 16:01:34.424root 11241100x8000000000000000777355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391d038fa053ce042021-12-20 16:01:34.424root 11241100x8000000000000000777356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc39c9f5951f44802021-12-20 16:01:34.424root 11241100x8000000000000000777357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b124c48be2ec67462021-12-20 16:01:34.424root 11241100x8000000000000000777358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7894e4d42c7390e52021-12-20 16:01:34.425root 11241100x8000000000000000777359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9297900d6e8b7ff92021-12-20 16:01:34.425root 11241100x8000000000000000777360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5671f44ee28de22021-12-20 16:01:34.425root 11241100x8000000000000000777361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c7692ab3e7ff602021-12-20 16:01:34.425root 11241100x8000000000000000777362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a277c186a953f4f2021-12-20 16:01:34.425root 11241100x8000000000000000777363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ac7ffad8c70b652021-12-20 16:01:34.426root 11241100x8000000000000000777364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd818026e299a352021-12-20 16:01:34.426root 11241100x8000000000000000777365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fda4f7cb459498a2021-12-20 16:01:34.426root 11241100x8000000000000000777366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b591c9afd79a98a62021-12-20 16:01:34.426root 11241100x8000000000000000777367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48ee231bb30d4f92021-12-20 16:01:34.426root 11241100x8000000000000000777368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15d7565ce6bb7d52021-12-20 16:01:34.427root 11241100x8000000000000000777369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a783eaac286369e42021-12-20 16:01:34.427root 11241100x8000000000000000777370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd21e89796058262021-12-20 16:01:34.427root 11241100x8000000000000000777371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0d7cc35bd03ad42021-12-20 16:01:34.427root 11241100x8000000000000000777372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411c7551022b053d2021-12-20 16:01:34.427root 11241100x8000000000000000777373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec012d1be8056262021-12-20 16:01:34.427root 11241100x8000000000000000777374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6e5a452d7ed96c2021-12-20 16:01:34.427root 11241100x8000000000000000777375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fc03e59f2be1c92021-12-20 16:01:34.427root 11241100x8000000000000000777376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beeb642eb337fe02021-12-20 16:01:34.427root 11241100x8000000000000000777377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16b3806c96c92582021-12-20 16:01:34.428root 11241100x8000000000000000777378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbd148df2eb89372021-12-20 16:01:34.428root 11241100x8000000000000000777379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234306088b9bd1e82021-12-20 16:01:34.428root 11241100x8000000000000000777380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c074d77543b1e5e2021-12-20 16:01:34.924root 11241100x8000000000000000777381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a29ccee6eb676a72021-12-20 16:01:34.924root 11241100x8000000000000000777382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f056fcb1532aab2021-12-20 16:01:34.924root 11241100x8000000000000000777383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6508f040af7fa5af2021-12-20 16:01:34.924root 11241100x8000000000000000777384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc3dbeb163032812021-12-20 16:01:34.925root 11241100x8000000000000000777385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe123e4953fb4cd2021-12-20 16:01:34.925root 11241100x8000000000000000777386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e0d0edff34252e2021-12-20 16:01:34.925root 11241100x8000000000000000777387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e988623318e6a6a02021-12-20 16:01:34.925root 11241100x8000000000000000777388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2367044e82afa14e2021-12-20 16:01:34.925root 11241100x8000000000000000777389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ae3aa132d198b22021-12-20 16:01:34.925root 11241100x8000000000000000777390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d73827133f6e9072021-12-20 16:01:34.925root 11241100x8000000000000000777391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e8309f40a467362021-12-20 16:01:34.925root 11241100x8000000000000000777392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5359ee83732a1102021-12-20 16:01:34.925root 11241100x8000000000000000777393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41af5e15ce5deb192021-12-20 16:01:34.926root 11241100x8000000000000000777394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1490c176bb6dddba2021-12-20 16:01:34.926root 11241100x8000000000000000777395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f428bad212aae6492021-12-20 16:01:34.926root 11241100x8000000000000000777396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb98f4207a1ec102021-12-20 16:01:34.926root 11241100x8000000000000000777397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8afe42112149cb2021-12-20 16:01:34.926root 11241100x8000000000000000777398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8f4831491bdb572021-12-20 16:01:34.926root 11241100x8000000000000000777399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f836e5f2655a266c2021-12-20 16:01:34.926root 11241100x8000000000000000777400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13137ea792670532021-12-20 16:01:34.926root 11241100x8000000000000000777401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616084d2054be9302021-12-20 16:01:34.927root 11241100x8000000000000000777402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ee4dc85c892712021-12-20 16:01:34.927root 11241100x8000000000000000777403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abcadb57cffa04a2021-12-20 16:01:34.927root 11241100x8000000000000000777404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb16b83c89bdd8b82021-12-20 16:01:34.927root 11241100x8000000000000000777405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935d3bd2492157232021-12-20 16:01:34.927root 11241100x8000000000000000777406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7256b78861b09a2021-12-20 16:01:34.927root 11241100x8000000000000000777407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeae9bc699f89af32021-12-20 16:01:35.424root 11241100x8000000000000000777408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb8d040aceadd6a2021-12-20 16:01:35.424root 11241100x8000000000000000777409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3bdc92789167e62021-12-20 16:01:35.424root 11241100x8000000000000000777410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c94d254f0c2d462021-12-20 16:01:35.424root 11241100x8000000000000000777411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb88725fd27a66f2021-12-20 16:01:35.425root 11241100x8000000000000000777412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533c08185643a6ce2021-12-20 16:01:35.425root 11241100x8000000000000000777413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a859c9733cb7e7d2021-12-20 16:01:35.425root 11241100x8000000000000000777414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd26047cb652c012021-12-20 16:01:35.425root 11241100x8000000000000000777415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ce0181a080d15f2021-12-20 16:01:35.425root 11241100x8000000000000000777416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06da87b6f2864922021-12-20 16:01:35.425root 11241100x8000000000000000777417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7d8655d7b9ba242021-12-20 16:01:35.426root 11241100x8000000000000000777418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343aba905154b4d82021-12-20 16:01:35.426root 11241100x8000000000000000777419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8645730c8a237d612021-12-20 16:01:35.426root 11241100x8000000000000000777420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1df510e21450c12021-12-20 16:01:35.426root 11241100x8000000000000000777421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a37ae06e3e6d0e2021-12-20 16:01:35.427root 11241100x8000000000000000777422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638aba7166121fa12021-12-20 16:01:35.427root 11241100x8000000000000000777423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523aa1e970ef21702021-12-20 16:01:35.427root 11241100x8000000000000000777424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e541b2686c508962021-12-20 16:01:35.427root 11241100x8000000000000000777425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d700a8cedfd51012021-12-20 16:01:35.427root 11241100x8000000000000000777426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d858cf9a88254ab2021-12-20 16:01:35.427root 11241100x8000000000000000777427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600b3f7762b66a472021-12-20 16:01:35.428root 11241100x8000000000000000777428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6846f2b08eb5e6c2021-12-20 16:01:35.428root 11241100x8000000000000000777429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9972603a04275d052021-12-20 16:01:35.428root 11241100x8000000000000000777430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347fca194c6b20652021-12-20 16:01:35.428root 11241100x8000000000000000777431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5e2bf80bdd6ccc2021-12-20 16:01:35.428root 11241100x8000000000000000777432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba1f7a90d9b03b2021-12-20 16:01:35.428root 11241100x8000000000000000777433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62c4bd728fbf6942021-12-20 16:01:35.428root 11241100x8000000000000000777434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7043890d8813cc552021-12-20 16:01:35.428root 11241100x8000000000000000777435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21285a75d1034c172021-12-20 16:01:35.428root 11241100x8000000000000000777436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9aea657cce45352021-12-20 16:01:35.924root 11241100x8000000000000000777437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba1b4ea8805f02a2021-12-20 16:01:35.924root 11241100x8000000000000000777438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4d6e064d20df192021-12-20 16:01:35.924root 11241100x8000000000000000777439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58284f7f671dedeb2021-12-20 16:01:35.925root 11241100x8000000000000000777440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad26b0add8599c462021-12-20 16:01:35.925root 11241100x8000000000000000777441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea973f4af781f24f2021-12-20 16:01:35.925root 11241100x8000000000000000777442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41128a01ecdbf412021-12-20 16:01:35.925root 11241100x8000000000000000777443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ec319f818bcb562021-12-20 16:01:35.925root 11241100x8000000000000000777444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f2fb65358d06ba2021-12-20 16:01:35.925root 11241100x8000000000000000777445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e8fc5d167964c82021-12-20 16:01:35.925root 11241100x8000000000000000777446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441ade339c10a4982021-12-20 16:01:35.926root 11241100x8000000000000000777447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522e96aae1ae60fd2021-12-20 16:01:35.926root 11241100x8000000000000000777448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfb797083ab636f2021-12-20 16:01:35.926root 11241100x8000000000000000777449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de18132c5a42afa42021-12-20 16:01:35.926root 11241100x8000000000000000777450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3b8f442a781f862021-12-20 16:01:35.926root 11241100x8000000000000000777451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5ffde9750198ac2021-12-20 16:01:35.926root 11241100x8000000000000000777452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a528655cf6b0e22021-12-20 16:01:35.927root 11241100x8000000000000000777453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bca4c8bc48fdd22021-12-20 16:01:35.927root 11241100x8000000000000000777454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63f0c8eb9c2807f2021-12-20 16:01:35.927root 11241100x8000000000000000777455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73404d8abd07f0322021-12-20 16:01:35.927root 11241100x8000000000000000777456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d78e2ebfbab07e62021-12-20 16:01:35.927root 11241100x8000000000000000777457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e5fe651dcd94d02021-12-20 16:01:35.928root 11241100x8000000000000000777458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f255cb027e20502021-12-20 16:01:35.928root 11241100x8000000000000000777459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfbf4a5233be1ff2021-12-20 16:01:35.928root 11241100x8000000000000000777460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524355a9daa564fb2021-12-20 16:01:35.928root 11241100x8000000000000000777461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9758468a83113e002021-12-20 16:01:35.928root 11241100x8000000000000000777462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5204bc46a39cd42021-12-20 16:01:35.928root 11241100x8000000000000000777463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.067{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:01:36.067root 11241100x8000000000000000777464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6380ee433223a1da2021-12-20 16:01:36.424root 11241100x8000000000000000777465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50d046f3fdb68352021-12-20 16:01:36.424root 11241100x8000000000000000777466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0867a627da565d2021-12-20 16:01:36.425root 11241100x8000000000000000777467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120fb27dac9330512021-12-20 16:01:36.425root 11241100x8000000000000000777468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ef773786e2207f2021-12-20 16:01:36.425root 11241100x8000000000000000777469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596218235c5e6dfd2021-12-20 16:01:36.425root 11241100x8000000000000000777470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723cf7b963ea02042021-12-20 16:01:36.425root 11241100x8000000000000000777471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5ae8ac04bf64cd2021-12-20 16:01:36.426root 11241100x8000000000000000777472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10182c39d5b288db2021-12-20 16:01:36.426root 11241100x8000000000000000777473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac07cb5d0f7a4a2c2021-12-20 16:01:36.426root 11241100x8000000000000000777474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af92fac54808e63b2021-12-20 16:01:36.426root 11241100x8000000000000000777475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb4a45c464054ab2021-12-20 16:01:36.426root 11241100x8000000000000000777476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e034d77db07a829e2021-12-20 16:01:36.426root 11241100x8000000000000000777477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919a546f0d2c9a6c2021-12-20 16:01:36.426root 11241100x8000000000000000777478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8857047cc8a6af622021-12-20 16:01:36.427root 11241100x8000000000000000777479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbde0bba4a914f12021-12-20 16:01:36.427root 11241100x8000000000000000777480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa1f7229a0d66be2021-12-20 16:01:36.427root 11241100x8000000000000000777481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54635bd9d1c77f462021-12-20 16:01:36.427root 11241100x8000000000000000777482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6794b0ce17f2e25f2021-12-20 16:01:36.427root 11241100x8000000000000000777483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49c53cc1cf695162021-12-20 16:01:36.427root 11241100x8000000000000000777484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e29ffd58ee7fc52021-12-20 16:01:36.428root 11241100x8000000000000000777485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a820be00927655d92021-12-20 16:01:36.428root 11241100x8000000000000000777486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621d1eab5c7feaa72021-12-20 16:01:36.428root 11241100x8000000000000000777487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a9c2aeae35510f2021-12-20 16:01:36.429root 11241100x8000000000000000777488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd090fd97d3e6ae2021-12-20 16:01:36.429root 11241100x8000000000000000777489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfae2d4b4ac944342021-12-20 16:01:36.430root 11241100x8000000000000000777490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4a44c303d5522e2021-12-20 16:01:36.430root 11241100x8000000000000000777491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7d4b9aa226853d2021-12-20 16:01:36.430root 11241100x8000000000000000777492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58185d88250a94252021-12-20 16:01:36.430root 11241100x8000000000000000777493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8856702d7befa942021-12-20 16:01:36.924root 11241100x8000000000000000777494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb51d5848f81968d2021-12-20 16:01:36.924root 11241100x8000000000000000777495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c8d855ad53ddc42021-12-20 16:01:36.924root 11241100x8000000000000000777496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ce0d9bb757635f2021-12-20 16:01:36.924root 11241100x8000000000000000777497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65e484fbfed3d012021-12-20 16:01:36.925root 11241100x8000000000000000777498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bff65720f2fc4a12021-12-20 16:01:36.925root 11241100x8000000000000000777499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c361db95b5406092021-12-20 16:01:36.925root 11241100x8000000000000000777500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7874d60440d4f5d2021-12-20 16:01:36.925root 11241100x8000000000000000777501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2f78ad43d085002021-12-20 16:01:36.925root 11241100x8000000000000000777502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa7e0dd3675243b2021-12-20 16:01:36.925root 11241100x8000000000000000777503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a921665cd1c89e12021-12-20 16:01:36.925root 11241100x8000000000000000777504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64205c596537efb02021-12-20 16:01:36.925root 11241100x8000000000000000777505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30b494c46aec50d2021-12-20 16:01:36.925root 11241100x8000000000000000777506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a17c928a9928c42021-12-20 16:01:36.925root 11241100x8000000000000000777507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3cccdbcffd2e782021-12-20 16:01:36.925root 11241100x8000000000000000777508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad350428e222c3d2021-12-20 16:01:36.925root 11241100x8000000000000000777509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cd218df0bf1cf32021-12-20 16:01:36.925root 11241100x8000000000000000777510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771a2e50ac0a574e2021-12-20 16:01:36.925root 11241100x8000000000000000777511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d233b96c446841b22021-12-20 16:01:36.926root 11241100x8000000000000000777512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5de92d70022b652021-12-20 16:01:36.926root 11241100x8000000000000000777513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6b4577cccdc0882021-12-20 16:01:36.926root 11241100x8000000000000000777514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1253d93f1e3143d92021-12-20 16:01:36.926root 11241100x8000000000000000777515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2891c57860306582021-12-20 16:01:36.926root 11241100x8000000000000000777516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d993869fa3d827a12021-12-20 16:01:36.926root 11241100x8000000000000000777517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b21ab2d23ade6f2021-12-20 16:01:36.926root 11241100x8000000000000000777518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4c9cb4fb1d84f12021-12-20 16:01:36.926root 11241100x8000000000000000777519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691b627d1495a6132021-12-20 16:01:36.926root 11241100x8000000000000000777520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9557baa393522c2021-12-20 16:01:36.927root 11241100x8000000000000000777521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf5e89c9b6b8622021-12-20 16:01:36.927root 11241100x8000000000000000777522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071409abf69b88a2021-12-20 16:01:37.424root 11241100x8000000000000000777523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d17bf15e9d41c9d2021-12-20 16:01:37.424root 11241100x8000000000000000777524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b83ff6e28cdfc5f2021-12-20 16:01:37.424root 11241100x8000000000000000777525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4d45fd0c9df8d72021-12-20 16:01:37.424root 11241100x8000000000000000777526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7371d26eb66ddd62021-12-20 16:01:37.425root 11241100x8000000000000000777527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e59939a42bbb1642021-12-20 16:01:37.425root 11241100x8000000000000000777528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351bf63fadfeca762021-12-20 16:01:37.425root 11241100x8000000000000000777529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76adfad010a5d2ea2021-12-20 16:01:37.425root 11241100x8000000000000000777530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d0136b100937722021-12-20 16:01:37.425root 11241100x8000000000000000777531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06226b13e97ec80a2021-12-20 16:01:37.425root 11241100x8000000000000000777532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee513716ab2ba4d02021-12-20 16:01:37.425root 11241100x8000000000000000777533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349bd5aaf95f80b92021-12-20 16:01:37.425root 11241100x8000000000000000777534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96a9d9d5af879882021-12-20 16:01:37.425root 11241100x8000000000000000777535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6249a579f72c6d822021-12-20 16:01:37.425root 11241100x8000000000000000777536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee23aca4a11cbf962021-12-20 16:01:37.426root 11241100x8000000000000000777537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb0f3220d6117d62021-12-20 16:01:37.426root 11241100x8000000000000000777538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358074c398ccb51f2021-12-20 16:01:37.426root 11241100x8000000000000000777539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39f701f671895692021-12-20 16:01:37.426root 11241100x8000000000000000777540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808eaa61b735acc62021-12-20 16:01:37.426root 11241100x8000000000000000777541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75eee3706ff416142021-12-20 16:01:37.426root 11241100x8000000000000000777542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80e4eb352af56ca2021-12-20 16:01:37.426root 11241100x8000000000000000777543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49282d3f49de82e2021-12-20 16:01:37.426root 11241100x8000000000000000777544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8029b1490b868d782021-12-20 16:01:37.426root 11241100x8000000000000000777545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ddb97acfaacd6a2021-12-20 16:01:37.426root 11241100x8000000000000000777546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59598571086eadaa2021-12-20 16:01:37.426root 11241100x8000000000000000777547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1b526c61e381e22021-12-20 16:01:37.426root 11241100x8000000000000000777548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9b30a616e972e82021-12-20 16:01:37.426root 11241100x8000000000000000777549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ea485965f0b8612021-12-20 16:01:37.426root 11241100x8000000000000000777550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5c08a60b48606e2021-12-20 16:01:37.426root 11241100x8000000000000000777551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab34c0cf7cd991502021-12-20 16:01:37.427root 11241100x8000000000000000777552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f3d61d5fe8374e2021-12-20 16:01:37.924root 11241100x8000000000000000777553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fede908991b312ca2021-12-20 16:01:37.924root 11241100x8000000000000000777554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc6beae2fa49ddd2021-12-20 16:01:37.925root 11241100x8000000000000000777555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa07372507add13c2021-12-20 16:01:37.925root 11241100x8000000000000000777556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e91f1e246e83ad2021-12-20 16:01:37.925root 11241100x8000000000000000777557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7be59b337d920942021-12-20 16:01:37.925root 11241100x8000000000000000777558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355f2afc5bb46abf2021-12-20 16:01:37.925root 11241100x8000000000000000777559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f7769d6315c90f2021-12-20 16:01:37.925root 11241100x8000000000000000777560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f90196f24eb365c2021-12-20 16:01:37.925root 11241100x8000000000000000777561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb34f1a4f9ce9b42021-12-20 16:01:37.926root 11241100x8000000000000000777562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfadbc8d554d534d2021-12-20 16:01:37.926root 11241100x8000000000000000777563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8159e71ad093e0b2021-12-20 16:01:37.926root 11241100x8000000000000000777564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9a886beb44bab22021-12-20 16:01:37.926root 11241100x8000000000000000777565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4634c13c9f2f002021-12-20 16:01:37.926root 11241100x8000000000000000777566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c4d97b683fda092021-12-20 16:01:37.926root 11241100x8000000000000000777567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa24a58f853fd7222021-12-20 16:01:37.926root 11241100x8000000000000000777568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93deb32b94f99f432021-12-20 16:01:37.926root 11241100x8000000000000000777569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dca7a5179474be12021-12-20 16:01:37.926root 11241100x8000000000000000777570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0003f13d7f23e3ab2021-12-20 16:01:37.926root 11241100x8000000000000000777571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8618e201aba14e02021-12-20 16:01:37.927root 11241100x8000000000000000777572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1a2ecd519c81642021-12-20 16:01:37.927root 11241100x8000000000000000777573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06d3392c986f9172021-12-20 16:01:37.927root 11241100x8000000000000000777574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc675c0ede0ca162021-12-20 16:01:37.927root 11241100x8000000000000000777575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e78ca17672521232021-12-20 16:01:37.927root 11241100x8000000000000000777576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2fa0782e4da3ec2021-12-20 16:01:37.927root 11241100x8000000000000000777577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be7c36676bdf4fc2021-12-20 16:01:37.928root 11241100x8000000000000000777578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf86bacffce425b32021-12-20 16:01:37.928root 11241100x8000000000000000777579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b925458c5da46a52021-12-20 16:01:37.928root 11241100x8000000000000000777580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17bfbd41ae648ba2021-12-20 16:01:37.928root 354300x8000000000000000777581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.134{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51528-false10.0.1.12-8000- 11241100x8000000000000000777582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47ee17733b0a6d82021-12-20 16:01:38.424root 11241100x8000000000000000777583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2b6dc198d24b752021-12-20 16:01:38.424root 11241100x8000000000000000777584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4849b97692c5632021-12-20 16:01:38.424root 11241100x8000000000000000777585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10732b44b08add4a2021-12-20 16:01:38.424root 11241100x8000000000000000777586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92793e3cb8abf0d2021-12-20 16:01:38.424root 11241100x8000000000000000777587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7c4fe0628576902021-12-20 16:01:38.424root 11241100x8000000000000000777588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029380bfcec7b6a32021-12-20 16:01:38.424root 11241100x8000000000000000777589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae85920f449e0142021-12-20 16:01:38.424root 11241100x8000000000000000777590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556b803a65b2b57d2021-12-20 16:01:38.424root 11241100x8000000000000000777591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482f88c3888230a22021-12-20 16:01:38.425root 11241100x8000000000000000777592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bba4aeeacf29fb2021-12-20 16:01:38.425root 11241100x8000000000000000777593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da040e100a51e2d2021-12-20 16:01:38.425root 11241100x8000000000000000777594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5d6843b19658a72021-12-20 16:01:38.425root 11241100x8000000000000000777595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefd729fc5b9e5fe2021-12-20 16:01:38.425root 11241100x8000000000000000777596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07914db1d3d09112021-12-20 16:01:38.425root 11241100x8000000000000000777597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdba77d7f66901652021-12-20 16:01:38.425root 11241100x8000000000000000777598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f24bc392c07f812021-12-20 16:01:38.425root 11241100x8000000000000000777599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09d49ecdcc76a1f2021-12-20 16:01:38.425root 11241100x8000000000000000777600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efb3a7b975327142021-12-20 16:01:38.425root 11241100x8000000000000000777601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c69e7b251d50ff2021-12-20 16:01:38.426root 11241100x8000000000000000777602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e73f82a29c9821a2021-12-20 16:01:38.426root 11241100x8000000000000000777603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9599a7607080097e2021-12-20 16:01:38.426root 11241100x8000000000000000777604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a97233479cc7872021-12-20 16:01:38.426root 11241100x8000000000000000777605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46b39df4d39b3ea2021-12-20 16:01:38.426root 11241100x8000000000000000777606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76187cfef1fcb0492021-12-20 16:01:38.426root 11241100x8000000000000000777607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e8ad204f16579e2021-12-20 16:01:38.426root 11241100x8000000000000000777608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc11660502425292021-12-20 16:01:38.426root 11241100x8000000000000000777609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db815a75a62f373e2021-12-20 16:01:38.426root 11241100x8000000000000000777610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051b1d9026f4fefb2021-12-20 16:01:38.426root 11241100x8000000000000000777611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c7183a0695a4102021-12-20 16:01:38.427root 11241100x8000000000000000777612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c5f7c171b26f562021-12-20 16:01:38.427root 11241100x8000000000000000777613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbad84f406df1102021-12-20 16:01:38.427root 11241100x8000000000000000777614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c903c1e541be0d62021-12-20 16:01:38.427root 11241100x8000000000000000777615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88796456ac487eca2021-12-20 16:01:38.427root 11241100x8000000000000000777616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fcc9d9b1c647052021-12-20 16:01:38.427root 11241100x8000000000000000777617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf867ace6545b1b2021-12-20 16:01:38.428root 11241100x8000000000000000777618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ab7e3ffc36ab892021-12-20 16:01:38.428root 11241100x8000000000000000777619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f798d31d5fb1841d2021-12-20 16:01:38.430root 11241100x8000000000000000777620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa00efb03beda5cb2021-12-20 16:01:38.430root 11241100x8000000000000000777621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8df3a28a76a06152021-12-20 16:01:38.430root 11241100x8000000000000000777622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82144c1d1afb52162021-12-20 16:01:38.430root 11241100x8000000000000000777623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe788f94d2f5d4f2021-12-20 16:01:38.430root 11241100x8000000000000000777624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c225e7186eb2a02021-12-20 16:01:38.431root 11241100x8000000000000000777625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d491cab8d650e03b2021-12-20 16:01:38.431root 11241100x8000000000000000777626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2becb821afaadb42021-12-20 16:01:38.431root 11241100x8000000000000000777627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9f051a0363496e2021-12-20 16:01:38.431root 11241100x8000000000000000777628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8451f589428d6a5f2021-12-20 16:01:38.432root 11241100x8000000000000000777629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4d7e7b6d7299272021-12-20 16:01:38.432root 11241100x8000000000000000777630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64148a74812536d2021-12-20 16:01:38.432root 11241100x8000000000000000777631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c321ac2ef7578872021-12-20 16:01:38.432root 11241100x8000000000000000777632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839e3eb15d5eb1d72021-12-20 16:01:38.432root 11241100x8000000000000000777633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33577e93426cc562021-12-20 16:01:38.434root 11241100x8000000000000000777634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b4bd43d86efc3d2021-12-20 16:01:38.434root 11241100x8000000000000000777635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad7c230facc1f682021-12-20 16:01:38.434root 11241100x8000000000000000777636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df071fabdee9cd022021-12-20 16:01:38.434root 11241100x8000000000000000777637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189660be6936e6652021-12-20 16:01:38.434root 11241100x8000000000000000777638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2db185bbab18092021-12-20 16:01:38.434root 11241100x8000000000000000777639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a326ca496914702021-12-20 16:01:38.434root 11241100x8000000000000000777640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212bc7e0da08580b2021-12-20 16:01:38.434root 11241100x8000000000000000777641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5937715a8e4384bb2021-12-20 16:01:38.434root 11241100x8000000000000000777642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16882f74604b18a2021-12-20 16:01:38.434root 11241100x8000000000000000777643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f56549e13ab27ea2021-12-20 16:01:38.435root 11241100x8000000000000000777644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385d48a3776849a82021-12-20 16:01:38.435root 11241100x8000000000000000777645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3842498a5fb05c6c2021-12-20 16:01:38.435root 11241100x8000000000000000777646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c027aaf469658c2021-12-20 16:01:38.435root 11241100x8000000000000000777647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03ed65000c0a0cc2021-12-20 16:01:38.435root 11241100x8000000000000000777648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73d5a2f340a11602021-12-20 16:01:38.924root 11241100x8000000000000000777649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e9ff8026aa5a5b2021-12-20 16:01:38.924root 11241100x8000000000000000777650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f667a989823193d2021-12-20 16:01:38.925root 11241100x8000000000000000777651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c43de3798cb25e52021-12-20 16:01:38.925root 11241100x8000000000000000777652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8a91d313ba22a52021-12-20 16:01:38.925root 11241100x8000000000000000777653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ad00a1be418b092021-12-20 16:01:38.925root 11241100x8000000000000000777654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af70f724c4cf2c92021-12-20 16:01:38.925root 11241100x8000000000000000777655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b288a805224cc2a62021-12-20 16:01:38.925root 11241100x8000000000000000777656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2f7120e4bba7e02021-12-20 16:01:38.925root 11241100x8000000000000000777657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8834482d018f159b2021-12-20 16:01:38.925root 11241100x8000000000000000777658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48760d3fa8dc8e622021-12-20 16:01:38.926root 11241100x8000000000000000777659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b503c4471cf2da62021-12-20 16:01:38.926root 11241100x8000000000000000777660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7b9ee1969d4fc52021-12-20 16:01:38.926root 11241100x8000000000000000777661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567a2be948fb2f6e2021-12-20 16:01:38.926root 11241100x8000000000000000777662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b303b68b162ce62021-12-20 16:01:38.926root 11241100x8000000000000000777663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f480cc8b36383c2021-12-20 16:01:38.926root 11241100x8000000000000000777664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9ba074414e27c72021-12-20 16:01:38.926root 11241100x8000000000000000777665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f185b6cdb2debe2021-12-20 16:01:38.926root 11241100x8000000000000000777666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac59eaf11c7824a2021-12-20 16:01:38.926root 11241100x8000000000000000777667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27184ea1ce00ec6b2021-12-20 16:01:38.927root 11241100x8000000000000000777668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fb4989d54146222021-12-20 16:01:38.927root 11241100x8000000000000000777669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422e3dc5a4f229842021-12-20 16:01:38.927root 11241100x8000000000000000777670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3664e315db622c2021-12-20 16:01:38.927root 11241100x8000000000000000777671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a0104b7c39725b2021-12-20 16:01:38.927root 11241100x8000000000000000777672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af75205509d07f622021-12-20 16:01:38.927root 11241100x8000000000000000777673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a78493ab90e01b62021-12-20 16:01:38.927root 11241100x8000000000000000777674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6372ff1d72e35a972021-12-20 16:01:38.927root 11241100x8000000000000000777675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bf942f1b1091a52021-12-20 16:01:38.927root 11241100x8000000000000000777676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8955c1bdeb6b05c82021-12-20 16:01:38.928root 11241100x8000000000000000777677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e800ea6740c6aad2021-12-20 16:01:38.929root 11241100x8000000000000000777678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b96a8cc1a38fc12021-12-20 16:01:38.929root 11241100x8000000000000000777679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082b393cb0e199842021-12-20 16:01:38.931root 11241100x8000000000000000777680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:38.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf65e8c469972692021-12-20 16:01:38.931root 23542300x8000000000000000777681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000777682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af51051c51923cf2021-12-20 16:01:39.424root 11241100x8000000000000000777683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630ebf33b143c1d22021-12-20 16:01:39.424root 11241100x8000000000000000777684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37867f44f781ce82021-12-20 16:01:39.424root 11241100x8000000000000000777685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bb719c9c6a1ead2021-12-20 16:01:39.424root 11241100x8000000000000000777686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6867b1b8c94ed39a2021-12-20 16:01:39.424root 11241100x8000000000000000777687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad9af2e6fddef842021-12-20 16:01:39.424root 11241100x8000000000000000777688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e762f0755f4083c32021-12-20 16:01:39.425root 11241100x8000000000000000777689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63a99f2bd59d2e62021-12-20 16:01:39.425root 11241100x8000000000000000777690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ad21ae431585d62021-12-20 16:01:39.425root 11241100x8000000000000000777691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4932c3a2f66c605f2021-12-20 16:01:39.425root 11241100x8000000000000000777692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bab0899b66086462021-12-20 16:01:39.425root 11241100x8000000000000000777693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b728fcc573945012021-12-20 16:01:39.426root 11241100x8000000000000000777694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75edc019ed41b2f2021-12-20 16:01:39.426root 11241100x8000000000000000777695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1704c62d22151662021-12-20 16:01:39.426root 11241100x8000000000000000777696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5575f398748596032021-12-20 16:01:39.426root 11241100x8000000000000000777697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75d55552a3643a62021-12-20 16:01:39.427root 11241100x8000000000000000777698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7512c8481a4b68a2021-12-20 16:01:39.427root 11241100x8000000000000000777699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a85e3e57c44e9e22021-12-20 16:01:39.427root 11241100x8000000000000000777700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d593952065db1d3e2021-12-20 16:01:39.427root 11241100x8000000000000000777701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff53eab8f46ea62f2021-12-20 16:01:39.427root 11241100x8000000000000000777702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e7b2d15d9e975f2021-12-20 16:01:39.428root 11241100x8000000000000000777703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a93e13f22d9dc1f2021-12-20 16:01:39.428root 11241100x8000000000000000777704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc06d9f6ab989df72021-12-20 16:01:39.428root 11241100x8000000000000000777705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d31865f9ef292d92021-12-20 16:01:39.428root 11241100x8000000000000000777706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6268b70df743c5a2021-12-20 16:01:39.428root 11241100x8000000000000000777707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c85854782e55f342021-12-20 16:01:39.428root 11241100x8000000000000000777708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8fa5e6c551acf02021-12-20 16:01:39.428root 11241100x8000000000000000777709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890472109889747b2021-12-20 16:01:39.428root 11241100x8000000000000000777710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0dcefa7d1047192021-12-20 16:01:39.428root 11241100x8000000000000000777711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e611dd2a1be2adc2021-12-20 16:01:39.429root 11241100x8000000000000000777712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b189fa370c7941092021-12-20 16:01:39.429root 11241100x8000000000000000777713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ea863516369b712021-12-20 16:01:39.429root 11241100x8000000000000000777714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c425b6d1ef314d2021-12-20 16:01:39.429root 11241100x8000000000000000777715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a0126769ac6ede2021-12-20 16:01:39.429root 11241100x8000000000000000777716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb21be09aac53992021-12-20 16:01:39.429root 11241100x8000000000000000777717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8971e43d757c7b6e2021-12-20 16:01:39.429root 11241100x8000000000000000777718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e10f65f5fc7cbb42021-12-20 16:01:39.429root 11241100x8000000000000000777719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22caa2b625288fde2021-12-20 16:01:39.429root 11241100x8000000000000000777720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46386acad6eb3bcd2021-12-20 16:01:39.429root 11241100x8000000000000000777721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fc66e31597a0eb2021-12-20 16:01:39.429root 11241100x8000000000000000777722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8aea691cc7d00272021-12-20 16:01:39.429root 11241100x8000000000000000777723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b910029b75abcff52021-12-20 16:01:39.429root 11241100x8000000000000000777724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9dd6a046c8b7c92021-12-20 16:01:39.429root 11241100x8000000000000000777725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8969a42edebb828a2021-12-20 16:01:39.430root 11241100x8000000000000000777726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ca208a3d8a2a5d2021-12-20 16:01:39.430root 11241100x8000000000000000777727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c73c2a4abdb2a092021-12-20 16:01:39.924root 11241100x8000000000000000777728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ee16e62dfb53222021-12-20 16:01:39.924root 11241100x8000000000000000777729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606d9ff54a7b21322021-12-20 16:01:39.924root 11241100x8000000000000000777730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d886dc41c0082a4c2021-12-20 16:01:39.925root 11241100x8000000000000000777731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e51fa922fa7ad52021-12-20 16:01:39.925root 11241100x8000000000000000777732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11fe665dfec591e2021-12-20 16:01:39.925root 11241100x8000000000000000777733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df76e6bd332e73d2021-12-20 16:01:39.925root 11241100x8000000000000000777734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d8c20fd4f7738a2021-12-20 16:01:39.925root 11241100x8000000000000000777735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ede81ae0b3404e2021-12-20 16:01:39.925root 11241100x8000000000000000777736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d650d108cfbf5c172021-12-20 16:01:39.925root 11241100x8000000000000000777737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb05e9cf788812032021-12-20 16:01:39.925root 11241100x8000000000000000777738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a40f9d1ed531d052021-12-20 16:01:39.926root 11241100x8000000000000000777739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cfeb7341227e532021-12-20 16:01:39.926root 11241100x8000000000000000777740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f9168ac4db54682021-12-20 16:01:39.926root 11241100x8000000000000000777741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9d562cdd4058152021-12-20 16:01:39.926root 11241100x8000000000000000777742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf53f92aacd6f232021-12-20 16:01:39.926root 11241100x8000000000000000777743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a9db3fd68a74132021-12-20 16:01:39.926root 11241100x8000000000000000777744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f85da3db259ec02021-12-20 16:01:39.926root 11241100x8000000000000000777745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8432811af20e98632021-12-20 16:01:39.927root 11241100x8000000000000000777746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a6e518f511b23e2021-12-20 16:01:39.927root 11241100x8000000000000000777747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8b5e9fa360efbe2021-12-20 16:01:39.927root 11241100x8000000000000000777748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7359b9715cf32d902021-12-20 16:01:39.927root 11241100x8000000000000000777749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d081cef2dfa8432021-12-20 16:01:39.927root 11241100x8000000000000000777750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fab34d5426526e22021-12-20 16:01:39.927root 11241100x8000000000000000777751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701cf7a691c77cc32021-12-20 16:01:39.927root 11241100x8000000000000000777752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f726eb07a021f42021-12-20 16:01:39.927root 11241100x8000000000000000777753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ea9013e2e2fdee2021-12-20 16:01:39.927root 11241100x8000000000000000777754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e179fc67e8f1db2021-12-20 16:01:39.927root 11241100x8000000000000000777755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9e39e5af5b929c2021-12-20 16:01:39.928root 11241100x8000000000000000777756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4a92b88ed6f6342021-12-20 16:01:39.928root 11241100x8000000000000000777757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba890b792a41e9b32021-12-20 16:01:40.424root 11241100x8000000000000000777758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095863651effbf092021-12-20 16:01:40.424root 11241100x8000000000000000777759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed32be16febc01bd2021-12-20 16:01:40.424root 11241100x8000000000000000777760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfcb0ef2ed910bc2021-12-20 16:01:40.424root 11241100x8000000000000000777761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4515a4ed0c7635c2021-12-20 16:01:40.424root 11241100x8000000000000000777762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3037ee081471b62021-12-20 16:01:40.424root 11241100x8000000000000000777763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c3b5a2103edb892021-12-20 16:01:40.424root 11241100x8000000000000000777764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4afe9022b936c202021-12-20 16:01:40.425root 11241100x8000000000000000777765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8627e733e8405e2021-12-20 16:01:40.425root 11241100x8000000000000000777766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd98223eb08c5162021-12-20 16:01:40.425root 11241100x8000000000000000777767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c296227cf558282021-12-20 16:01:40.425root 11241100x8000000000000000777768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeaa02c83a2108802021-12-20 16:01:40.425root 11241100x8000000000000000777769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb38809909ab146a2021-12-20 16:01:40.425root 11241100x8000000000000000777770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e6e4f670dfe0392021-12-20 16:01:40.426root 11241100x8000000000000000777771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214e729b579b6f792021-12-20 16:01:40.426root 11241100x8000000000000000777772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c48c5af10ee1e372021-12-20 16:01:40.426root 11241100x8000000000000000777773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47ffc8f2ab5c7b12021-12-20 16:01:40.426root 11241100x8000000000000000777774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37654ac6ec9837c52021-12-20 16:01:40.426root 11241100x8000000000000000777775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e1e9bef4e9dc7e2021-12-20 16:01:40.427root 11241100x8000000000000000777776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b8f2f9c84c70712021-12-20 16:01:40.427root 11241100x8000000000000000777777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16d1ff068708a102021-12-20 16:01:40.427root 11241100x8000000000000000777778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108a27cbcd0e27982021-12-20 16:01:40.427root 11241100x8000000000000000777779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8e6d3189e02ff22021-12-20 16:01:40.427root 11241100x8000000000000000777780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f40943d1d0af082021-12-20 16:01:40.427root 11241100x8000000000000000777781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3dcd4150f5dec22021-12-20 16:01:40.427root 11241100x8000000000000000777782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe8fb4b03e264932021-12-20 16:01:40.428root 11241100x8000000000000000777783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e1aab37dd48752021-12-20 16:01:40.428root 11241100x8000000000000000777784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a591136d82ceba2021-12-20 16:01:40.428root 11241100x8000000000000000777785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11206922f90b8a062021-12-20 16:01:40.428root 11241100x8000000000000000777786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcf9b1b97dca55a2021-12-20 16:01:40.430root 11241100x8000000000000000777787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bebe71f3df679d62021-12-20 16:01:40.430root 11241100x8000000000000000777788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70204a6be3ba3a22021-12-20 16:01:40.430root 11241100x8000000000000000777789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be61efd94ca9bf9f2021-12-20 16:01:40.430root 11241100x8000000000000000777790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f79f6ec47e028a2021-12-20 16:01:40.430root 11241100x8000000000000000777791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c955239239aec6f2021-12-20 16:01:40.430root 11241100x8000000000000000777792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0307b226d83767dd2021-12-20 16:01:40.430root 11241100x8000000000000000777793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85da3772439e520a2021-12-20 16:01:40.430root 11241100x8000000000000000777794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068751f2d04c10052021-12-20 16:01:40.431root 11241100x8000000000000000777795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fc3cee19e2d1ea2021-12-20 16:01:40.431root 11241100x8000000000000000777796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825ba0bc644efbf52021-12-20 16:01:40.924root 11241100x8000000000000000777797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d140e0825aa08632021-12-20 16:01:40.924root 11241100x8000000000000000777798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e740820281f1b2952021-12-20 16:01:40.924root 11241100x8000000000000000777799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14aad1e8e69f4902021-12-20 16:01:40.924root 11241100x8000000000000000777800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392142dbf2b11c122021-12-20 16:01:40.924root 11241100x8000000000000000777801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551810c3b1606e8d2021-12-20 16:01:40.924root 11241100x8000000000000000777802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69a455a8a339e982021-12-20 16:01:40.925root 11241100x8000000000000000777803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa3087ebc1425462021-12-20 16:01:40.925root 11241100x8000000000000000777804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07338784645c6e22021-12-20 16:01:40.925root 11241100x8000000000000000777805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46fb034dee29dea2021-12-20 16:01:40.925root 11241100x8000000000000000777806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf3dac5bf51e0072021-12-20 16:01:40.925root 11241100x8000000000000000777807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038871cd4de1461c2021-12-20 16:01:40.925root 11241100x8000000000000000777808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31edc839a1112f502021-12-20 16:01:40.925root 11241100x8000000000000000777809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6203808a97ebe3212021-12-20 16:01:40.926root 11241100x8000000000000000777810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcdfaa6c8aebccd2021-12-20 16:01:40.926root 11241100x8000000000000000777811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78c221574a157972021-12-20 16:01:40.926root 11241100x8000000000000000777812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadb54684b52a2812021-12-20 16:01:40.926root 11241100x8000000000000000777813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37d8bc4b92c15832021-12-20 16:01:40.926root 11241100x8000000000000000777814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfc8f8a942e1a822021-12-20 16:01:40.926root 11241100x8000000000000000777815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2128b9aed2b345c72021-12-20 16:01:40.926root 11241100x8000000000000000777816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3574ec79c100cfee2021-12-20 16:01:40.926root 11241100x8000000000000000777817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395467f07d97fcd52021-12-20 16:01:40.926root 11241100x8000000000000000777818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7828c1523e016a2021-12-20 16:01:40.927root 11241100x8000000000000000777819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cd48b534ea2e622021-12-20 16:01:40.927root 11241100x8000000000000000777820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a41d160ab067cbd2021-12-20 16:01:40.927root 11241100x8000000000000000777821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ba92db2f0e8ada2021-12-20 16:01:40.927root 11241100x8000000000000000777822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b22dc8b028ae692021-12-20 16:01:40.927root 11241100x8000000000000000777823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5815cb3c193440502021-12-20 16:01:40.927root 11241100x8000000000000000777824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500a2e8b07257c712021-12-20 16:01:40.927root 11241100x8000000000000000777825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86538cbe2bb5d362021-12-20 16:01:40.927root 11241100x8000000000000000777826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff6d5fcb3b3f7722021-12-20 16:01:40.928root 11241100x8000000000000000777827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161d9e3c35c0ee3b2021-12-20 16:01:40.928root 11241100x8000000000000000777828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a60a169c1361662021-12-20 16:01:40.928root 11241100x8000000000000000777829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cf26d1bb74012f2021-12-20 16:01:40.928root 11241100x8000000000000000777830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8375a26c6261c492021-12-20 16:01:40.928root 11241100x8000000000000000777831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cb045d81873bf22021-12-20 16:01:40.928root 11241100x8000000000000000777832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc738e542aec56e02021-12-20 16:01:40.928root 11241100x8000000000000000777833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:40.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8861b9b2d81b43a52021-12-20 16:01:40.928root 11241100x8000000000000000777834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120afd9d075fee082021-12-20 16:01:41.424root 11241100x8000000000000000777835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00abd65e850baad2021-12-20 16:01:41.424root 11241100x8000000000000000777836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbeab6da588796632021-12-20 16:01:41.425root 11241100x8000000000000000777837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47906267b71eb5f42021-12-20 16:01:41.425root 11241100x8000000000000000777838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa4f33068365f362021-12-20 16:01:41.425root 11241100x8000000000000000777839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fcee5c1d8001732021-12-20 16:01:41.425root 11241100x8000000000000000777840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b256a7b754d454442021-12-20 16:01:41.426root 11241100x8000000000000000777841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4f13a98a6008732021-12-20 16:01:41.426root 11241100x8000000000000000777842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55538fb6605486a2021-12-20 16:01:41.426root 11241100x8000000000000000777843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bb0d399e5600342021-12-20 16:01:41.426root 11241100x8000000000000000777844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295eb37472a254382021-12-20 16:01:41.426root 11241100x8000000000000000777845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e1f0f37d1938b72021-12-20 16:01:41.427root 11241100x8000000000000000777846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72b7b0fab8af8d12021-12-20 16:01:41.427root 11241100x8000000000000000777847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d8c62e6e1c1c9b2021-12-20 16:01:41.427root 11241100x8000000000000000777848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3704e480e4b1c52021-12-20 16:01:41.427root 11241100x8000000000000000777849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1009b0d35508c42021-12-20 16:01:41.427root 11241100x8000000000000000777850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2255ae3e7b86c0f22021-12-20 16:01:41.427root 11241100x8000000000000000777851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a59187d54cc2e212021-12-20 16:01:41.427root 11241100x8000000000000000777852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26cdaa50fb0ec832021-12-20 16:01:41.428root 11241100x8000000000000000777853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995f7c3d4aa5ba772021-12-20 16:01:41.428root 11241100x8000000000000000777854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0963d75a2775e3ec2021-12-20 16:01:41.428root 11241100x8000000000000000777855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005afdfb5fb588b92021-12-20 16:01:41.428root 11241100x8000000000000000777856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8123990cff8182c42021-12-20 16:01:41.428root 11241100x8000000000000000777857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca9fb16667640c32021-12-20 16:01:41.428root 11241100x8000000000000000777858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64741e2c5ae5df162021-12-20 16:01:41.428root 11241100x8000000000000000777859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfbb7acbc7e91b32021-12-20 16:01:41.428root 11241100x8000000000000000777860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c936190f3cb42782021-12-20 16:01:41.428root 11241100x8000000000000000777861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8946ea98023baf2021-12-20 16:01:41.428root 11241100x8000000000000000777862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f2c317bc2209a72021-12-20 16:01:41.428root 11241100x8000000000000000777863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904dec210a4dd5552021-12-20 16:01:41.429root 11241100x8000000000000000777864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cf279e8e85925f2021-12-20 16:01:41.924root 11241100x8000000000000000777865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac547bb739afe262021-12-20 16:01:41.925root 11241100x8000000000000000777866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5166a95fd848fd9e2021-12-20 16:01:41.925root 11241100x8000000000000000777867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e4540c6e9baef62021-12-20 16:01:41.925root 11241100x8000000000000000777868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85691d51311ed8672021-12-20 16:01:41.925root 11241100x8000000000000000777869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8f876478d061742021-12-20 16:01:41.925root 11241100x8000000000000000777870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa94c1180472bec2021-12-20 16:01:41.925root 11241100x8000000000000000777871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e645ad1a96e4f6b72021-12-20 16:01:41.925root 11241100x8000000000000000777872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b08778818b9b6c2021-12-20 16:01:41.925root 11241100x8000000000000000777873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12c1a88967b08b42021-12-20 16:01:41.925root 11241100x8000000000000000777874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ebc286877a40b62021-12-20 16:01:41.926root 11241100x8000000000000000777875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6fd922614fb6d02021-12-20 16:01:41.926root 11241100x8000000000000000777876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0f9c75a3cf559b2021-12-20 16:01:41.926root 11241100x8000000000000000777877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c13f94fc10a9fdb2021-12-20 16:01:41.926root 11241100x8000000000000000777878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e255d1dc0652a732021-12-20 16:01:41.926root 11241100x8000000000000000777879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0d825d3c775f792021-12-20 16:01:41.926root 11241100x8000000000000000777880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31da7b3b6ee7ec702021-12-20 16:01:41.926root 11241100x8000000000000000777881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dbe5d8e01501aa2021-12-20 16:01:41.926root 11241100x8000000000000000777882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800f9ac6ae660e5b2021-12-20 16:01:41.926root 11241100x8000000000000000777883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068b0de1d45c32ba2021-12-20 16:01:41.927root 11241100x8000000000000000777884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38277dd6d368c8342021-12-20 16:01:41.927root 11241100x8000000000000000777885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2225af949a9661632021-12-20 16:01:41.927root 11241100x8000000000000000777886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b80a00790115212021-12-20 16:01:41.927root 11241100x8000000000000000777887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2faaf438df750f2021-12-20 16:01:41.927root 11241100x8000000000000000777888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61255222931879ba2021-12-20 16:01:41.927root 11241100x8000000000000000777889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350702aa70d7662a2021-12-20 16:01:41.927root 11241100x8000000000000000777890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26da465a29c594f42021-12-20 16:01:41.927root 11241100x8000000000000000777891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e30b1fccc9cba352021-12-20 16:01:41.927root 11241100x8000000000000000777892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeb37177b59ac232021-12-20 16:01:41.928root 11241100x8000000000000000777893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d84fb4acd527e42021-12-20 16:01:41.928root 11241100x8000000000000000777894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac854b135edaf662021-12-20 16:01:41.928root 11241100x8000000000000000777895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23ebca04262fb4f2021-12-20 16:01:41.928root 11241100x8000000000000000777896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54005ee5b1fed9c92021-12-20 16:01:42.424root 11241100x8000000000000000777897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e25afd45639d4f2021-12-20 16:01:42.424root 11241100x8000000000000000777898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd5729d689156932021-12-20 16:01:42.424root 11241100x8000000000000000777899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5140d11ba9d998f32021-12-20 16:01:42.424root 11241100x8000000000000000777900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee0b98b4047adec2021-12-20 16:01:42.425root 11241100x8000000000000000777901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ef0506c747cdd22021-12-20 16:01:42.425root 11241100x8000000000000000777902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ca750c7a873cfd2021-12-20 16:01:42.425root 11241100x8000000000000000777903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878a7adb6f21f9572021-12-20 16:01:42.425root 11241100x8000000000000000777904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ba3eaa0481fcee2021-12-20 16:01:42.426root 11241100x8000000000000000777905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678315c36f4474f32021-12-20 16:01:42.426root 11241100x8000000000000000777906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf059b23e48b4472021-12-20 16:01:42.426root 11241100x8000000000000000777907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba2459ee302dd4e2021-12-20 16:01:42.426root 11241100x8000000000000000777908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a55a704f7c751872021-12-20 16:01:42.427root 11241100x8000000000000000777909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc158940f32fd412021-12-20 16:01:42.427root 11241100x8000000000000000777910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75026679beae31c32021-12-20 16:01:42.427root 11241100x8000000000000000777911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4867fd334331e02021-12-20 16:01:42.427root 11241100x8000000000000000777912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67cc3b13406c9052021-12-20 16:01:42.427root 11241100x8000000000000000777913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0444ae9f193011012021-12-20 16:01:42.427root 11241100x8000000000000000777914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac216c4aa7f23862021-12-20 16:01:42.428root 11241100x8000000000000000777915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0148cdba38c62bb82021-12-20 16:01:42.428root 11241100x8000000000000000777916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcd08e988e3f65e2021-12-20 16:01:42.428root 11241100x8000000000000000777917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a8eecc2e55d2a12021-12-20 16:01:42.428root 11241100x8000000000000000777918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3085ad5469dcaf232021-12-20 16:01:42.428root 11241100x8000000000000000777919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa589a36ca3e9042021-12-20 16:01:42.429root 11241100x8000000000000000777920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e831bd5789bc8e012021-12-20 16:01:42.429root 11241100x8000000000000000777921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7eadf180cd29472021-12-20 16:01:42.429root 11241100x8000000000000000777922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0047d8b5f4b881112021-12-20 16:01:42.429root 11241100x8000000000000000777923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255be791a6c380902021-12-20 16:01:42.429root 11241100x8000000000000000777924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f49bc61aa2d1812021-12-20 16:01:42.429root 11241100x8000000000000000777925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b44867bc8cb82c2021-12-20 16:01:42.430root 11241100x8000000000000000777926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae9d9b48fba698e2021-12-20 16:01:42.430root 11241100x8000000000000000777927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c976aab721aa0ee2021-12-20 16:01:42.430root 11241100x8000000000000000777928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33c125017bf18ca2021-12-20 16:01:42.430root 11241100x8000000000000000777929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea2f9ed76e6593c2021-12-20 16:01:42.430root 11241100x8000000000000000777930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99eca108d5f6f602021-12-20 16:01:42.924root 11241100x8000000000000000777931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2e35f5d2f590752021-12-20 16:01:42.924root 11241100x8000000000000000777932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37d5fecf6c5446f2021-12-20 16:01:42.924root 11241100x8000000000000000777933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7b9c07bd3d57e12021-12-20 16:01:42.924root 11241100x8000000000000000777934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2c47c75a9cfa1d2021-12-20 16:01:42.924root 11241100x8000000000000000777935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b13d888e9c2fc12021-12-20 16:01:42.924root 11241100x8000000000000000777936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0975e2d01efd302021-12-20 16:01:42.924root 11241100x8000000000000000777937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e791e38c567902882021-12-20 16:01:42.924root 11241100x8000000000000000777938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e80cc275a6eb13e2021-12-20 16:01:42.924root 11241100x8000000000000000777939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712eb6f30228f7f42021-12-20 16:01:42.925root 11241100x8000000000000000777940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f73ef1c9af9a9772021-12-20 16:01:42.925root 11241100x8000000000000000777941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6814e7ab59eb89f32021-12-20 16:01:42.925root 11241100x8000000000000000777942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c14fb407a319532021-12-20 16:01:42.925root 11241100x8000000000000000777943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b6c4c53b9149e22021-12-20 16:01:42.925root 11241100x8000000000000000777944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3b50d42b33f4352021-12-20 16:01:42.925root 11241100x8000000000000000777945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0045d829e16d22021-12-20 16:01:42.926root 11241100x8000000000000000777946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2134f5375fe96192021-12-20 16:01:42.926root 11241100x8000000000000000777947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32686e4c63ecc5622021-12-20 16:01:42.926root 11241100x8000000000000000777948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f07c2b80fdf1e4c2021-12-20 16:01:42.926root 11241100x8000000000000000777949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75e7458dd72192b2021-12-20 16:01:42.926root 11241100x8000000000000000777950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316e993b48c8b9d62021-12-20 16:01:42.926root 11241100x8000000000000000777951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9541069428699c852021-12-20 16:01:42.926root 11241100x8000000000000000777952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa2c9d5e5292bb32021-12-20 16:01:42.926root 11241100x8000000000000000777953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ba343cac3ef65e2021-12-20 16:01:42.926root 11241100x8000000000000000777954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977dffa95c5d0a342021-12-20 16:01:42.927root 11241100x8000000000000000777955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c046bb0f0c5a32fa2021-12-20 16:01:42.927root 11241100x8000000000000000777956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2c19d14a73525b2021-12-20 16:01:42.927root 11241100x8000000000000000777957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb677a12d46063c12021-12-20 16:01:42.927root 11241100x8000000000000000777958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b26657368b1f122021-12-20 16:01:42.927root 11241100x8000000000000000777959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093ce1a2ad8039062021-12-20 16:01:42.927root 11241100x8000000000000000777960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fdf22abd915ba32021-12-20 16:01:42.927root 11241100x8000000000000000777961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d67c30cef7b5022021-12-20 16:01:42.927root 11241100x8000000000000000777962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e844719866174b242021-12-20 16:01:42.927root 11241100x8000000000000000777963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16bca18d16395052021-12-20 16:01:42.927root 11241100x8000000000000000777964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e238ec0e3d22b1a52021-12-20 16:01:42.927root 11241100x8000000000000000777965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9160e3db5e12382021-12-20 16:01:42.927root 11241100x8000000000000000777966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2efe2f83b1f58dc2021-12-20 16:01:42.928root 11241100x8000000000000000777967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9535c5f238b1d2262021-12-20 16:01:42.928root 11241100x8000000000000000777968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909885cf510564fc2021-12-20 16:01:42.928root 11241100x8000000000000000777969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa341940e8ec20462021-12-20 16:01:43.424root 11241100x8000000000000000777970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025390cc9bc074342021-12-20 16:01:43.424root 11241100x8000000000000000777971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aacfe7acfe160a42021-12-20 16:01:43.424root 11241100x8000000000000000777972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276f15d2a08414432021-12-20 16:01:43.425root 11241100x8000000000000000777973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a3b3e91a5545442021-12-20 16:01:43.425root 11241100x8000000000000000777974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba776e00ff7421352021-12-20 16:01:43.425root 11241100x8000000000000000777975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1171cb0aa52fae5b2021-12-20 16:01:43.425root 11241100x8000000000000000777976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f547863898908a32021-12-20 16:01:43.425root 11241100x8000000000000000777977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aac57b7e402394b2021-12-20 16:01:43.425root 11241100x8000000000000000777978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e40e2bf6fa9b3672021-12-20 16:01:43.425root 11241100x8000000000000000777979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4132dac601f928f92021-12-20 16:01:43.426root 11241100x8000000000000000777980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a761f2760488abe62021-12-20 16:01:43.426root 11241100x8000000000000000777981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524fe86abb8df77d2021-12-20 16:01:43.426root 11241100x8000000000000000777982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37130d754f4de7a12021-12-20 16:01:43.426root 11241100x8000000000000000777983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8877709618ba48592021-12-20 16:01:43.426root 11241100x8000000000000000777984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e931fb7685b4edc2021-12-20 16:01:43.426root 11241100x8000000000000000777985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea3c8e0c5f0af852021-12-20 16:01:43.426root 11241100x8000000000000000777986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039f52bf80673fc82021-12-20 16:01:43.427root 11241100x8000000000000000777987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c57523b877c6e272021-12-20 16:01:43.427root 11241100x8000000000000000777988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0b4fb9e87ffbdc2021-12-20 16:01:43.427root 11241100x8000000000000000777989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4374da6204da376b2021-12-20 16:01:43.427root 11241100x8000000000000000777990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c3f352809950982021-12-20 16:01:43.427root 11241100x8000000000000000777991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8200a155a6f9aa772021-12-20 16:01:43.427root 11241100x8000000000000000777992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991c6877b6235f652021-12-20 16:01:43.428root 11241100x8000000000000000777993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3869808cdfd5a52021-12-20 16:01:43.428root 11241100x8000000000000000777994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282bd8ef2560d90a2021-12-20 16:01:43.428root 11241100x8000000000000000777995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5f0fbe87067d752021-12-20 16:01:43.428root 11241100x8000000000000000777996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c143bd2c87f0f9a2021-12-20 16:01:43.428root 11241100x8000000000000000777997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34f4e4c50521cbe2021-12-20 16:01:43.428root 11241100x8000000000000000777998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90470f3ead572092021-12-20 16:01:43.428root 11241100x8000000000000000777999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adf282c214f8a332021-12-20 16:01:43.429root 11241100x8000000000000000778000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de4134c4b5010772021-12-20 16:01:43.924root 11241100x8000000000000000778001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e84c427b4b46e522021-12-20 16:01:43.924root 11241100x8000000000000000778002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3a26d68294dc642021-12-20 16:01:43.924root 11241100x8000000000000000778003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6384c9d5c5c2371e2021-12-20 16:01:43.924root 11241100x8000000000000000778004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b106de929edae5532021-12-20 16:01:43.924root 11241100x8000000000000000778005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20bc89758e1ed3c2021-12-20 16:01:43.925root 11241100x8000000000000000778006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59747c7317cf801d2021-12-20 16:01:43.925root 11241100x8000000000000000778007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379252779ca3fcd72021-12-20 16:01:43.925root 11241100x8000000000000000778008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7221f99695d6c762021-12-20 16:01:43.925root 11241100x8000000000000000778009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a135583eac7570c2021-12-20 16:01:43.925root 11241100x8000000000000000778010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556a2d556aa5acfc2021-12-20 16:01:43.925root 11241100x8000000000000000778011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2affad36a7389be2021-12-20 16:01:43.925root 11241100x8000000000000000778012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c610d75ced655a2021-12-20 16:01:43.925root 11241100x8000000000000000778013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fda17a1c1f3986b2021-12-20 16:01:43.925root 11241100x8000000000000000778014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4fb9d22d1d23942021-12-20 16:01:43.925root 11241100x8000000000000000778015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae20d17f0008b28c2021-12-20 16:01:43.925root 11241100x8000000000000000778016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b877901f790f82222021-12-20 16:01:43.925root 11241100x8000000000000000778017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431219436c810b252021-12-20 16:01:43.925root 11241100x8000000000000000778018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fba039c302982d2021-12-20 16:01:43.925root 11241100x8000000000000000778019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf538b30c9fe9a72021-12-20 16:01:43.925root 11241100x8000000000000000778020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9b642b655da6872021-12-20 16:01:43.926root 11241100x8000000000000000778021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715a14b923b892862021-12-20 16:01:43.926root 11241100x8000000000000000778022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480812ba7b8b77722021-12-20 16:01:43.926root 11241100x8000000000000000778023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d724954bc6d3bab2021-12-20 16:01:43.926root 11241100x8000000000000000778024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8110ca7dad201292021-12-20 16:01:43.926root 11241100x8000000000000000778025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde6408629349b5b2021-12-20 16:01:43.926root 11241100x8000000000000000778026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac245a4cbe5d1d7c2021-12-20 16:01:43.926root 11241100x8000000000000000778027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6191e38793f5fd22021-12-20 16:01:43.926root 11241100x8000000000000000778028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babc06f5dee2069a2021-12-20 16:01:43.926root 11241100x8000000000000000778029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72859b21a35c69692021-12-20 16:01:43.926root 354300x8000000000000000778030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.105{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51530-false10.0.1.12-8000- 11241100x8000000000000000778031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0cbcd28790dde52021-12-20 16:01:44.424root 11241100x8000000000000000778032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5844a92897a5131e2021-12-20 16:01:44.424root 11241100x8000000000000000778033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a13117ef69888942021-12-20 16:01:44.425root 11241100x8000000000000000778034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c118da81bdeda812021-12-20 16:01:44.425root 11241100x8000000000000000778035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbe7dd754222dae2021-12-20 16:01:44.425root 11241100x8000000000000000778036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f9e837735db58f2021-12-20 16:01:44.426root 11241100x8000000000000000778037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6193f889d2e0045f2021-12-20 16:01:44.426root 11241100x8000000000000000778038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bbcb92bc70011c2021-12-20 16:01:44.426root 11241100x8000000000000000778039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ead01448176f4d82021-12-20 16:01:44.427root 11241100x8000000000000000778040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50236b7b95c02de2021-12-20 16:01:44.427root 11241100x8000000000000000778041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e72c860dda729162021-12-20 16:01:44.427root 11241100x8000000000000000778042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c9c719972d6e082021-12-20 16:01:44.428root 11241100x8000000000000000778043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966e8fabdacb83372021-12-20 16:01:44.428root 11241100x8000000000000000778044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466baca94791fd042021-12-20 16:01:44.429root 11241100x8000000000000000778045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086ef056357e7f052021-12-20 16:01:44.430root 11241100x8000000000000000778046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157b2d429d0443082021-12-20 16:01:44.430root 11241100x8000000000000000778047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb70920faa180a12021-12-20 16:01:44.430root 11241100x8000000000000000778048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e8e76e6c2945002021-12-20 16:01:44.431root 11241100x8000000000000000778049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972f19f362ef801b2021-12-20 16:01:44.431root 11241100x8000000000000000778050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df2e4e783b41b5f2021-12-20 16:01:44.431root 11241100x8000000000000000778051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4203403b2ad212ba2021-12-20 16:01:44.431root 11241100x8000000000000000778052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587dedb0c89917122021-12-20 16:01:44.431root 11241100x8000000000000000778053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae45710d8f17948a2021-12-20 16:01:44.431root 11241100x8000000000000000778054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a477f27edda522021-12-20 16:01:44.432root 11241100x8000000000000000778055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee5387789f88d412021-12-20 16:01:44.432root 11241100x8000000000000000778056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cfca2067b04aa32021-12-20 16:01:44.432root 11241100x8000000000000000778057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bfdbc20d3722452021-12-20 16:01:44.432root 11241100x8000000000000000778058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0947b0b891097e2021-12-20 16:01:44.432root 11241100x8000000000000000778059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f69bf454f154f12021-12-20 16:01:44.433root 11241100x8000000000000000778060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601a2cbb7a02cc932021-12-20 16:01:44.433root 11241100x8000000000000000778061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13563a38762688212021-12-20 16:01:44.433root 11241100x8000000000000000778062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32fbe4c688f7eb92021-12-20 16:01:44.433root 11241100x8000000000000000778063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720f078c7e632c652021-12-20 16:01:44.433root 11241100x8000000000000000778064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac53204c087b55092021-12-20 16:01:44.924root 11241100x8000000000000000778065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9f6cdfb92547922021-12-20 16:01:44.924root 11241100x8000000000000000778066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20e50e1401a530b2021-12-20 16:01:44.925root 11241100x8000000000000000778067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc230391af9dc4952021-12-20 16:01:44.925root 11241100x8000000000000000778068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83d15ebb5efb06a2021-12-20 16:01:44.925root 11241100x8000000000000000778069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655b8c94e2abd0752021-12-20 16:01:44.925root 11241100x8000000000000000778070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ad93c7000c9ed02021-12-20 16:01:44.925root 11241100x8000000000000000778071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f70214a84f44fe2021-12-20 16:01:44.925root 11241100x8000000000000000778072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e3ac60fd1004b92021-12-20 16:01:44.925root 11241100x8000000000000000778073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a8ea5d6b57eb882021-12-20 16:01:44.925root 11241100x8000000000000000778074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823bf811dc25cb1d2021-12-20 16:01:44.925root 11241100x8000000000000000778075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490c4bbaad94e8ef2021-12-20 16:01:44.925root 11241100x8000000000000000778076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486b5d286639921a2021-12-20 16:01:44.926root 11241100x8000000000000000778077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666cd6eaec8942152021-12-20 16:01:44.926root 11241100x8000000000000000778078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1c2f64071812df2021-12-20 16:01:44.926root 11241100x8000000000000000778079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1226f7bdcf6f88482021-12-20 16:01:44.926root 11241100x8000000000000000778080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac194de8b78fe50c2021-12-20 16:01:44.926root 11241100x8000000000000000778081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65e75318954df952021-12-20 16:01:44.926root 11241100x8000000000000000778082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6579bc599bf0ce1b2021-12-20 16:01:44.926root 11241100x8000000000000000778083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa787b06eb452952021-12-20 16:01:44.926root 11241100x8000000000000000778084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38efd38e9a0fcca12021-12-20 16:01:44.926root 11241100x8000000000000000778085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cef387394b866ce2021-12-20 16:01:44.927root 11241100x8000000000000000778086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32af5701d99511ff2021-12-20 16:01:44.927root 11241100x8000000000000000778087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2b5acf26319f652021-12-20 16:01:44.927root 11241100x8000000000000000778088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7868da3a5806790e2021-12-20 16:01:44.927root 11241100x8000000000000000778089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d80ddfa34b40a82021-12-20 16:01:44.927root 11241100x8000000000000000778090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5ec1786d6afc3a2021-12-20 16:01:44.927root 11241100x8000000000000000778091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c855de0bf55d52a2021-12-20 16:01:44.927root 11241100x8000000000000000778092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59aa5544bd5d1d72021-12-20 16:01:44.927root 11241100x8000000000000000778093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a60e1938aa1fa472021-12-20 16:01:44.927root 11241100x8000000000000000778094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab883ab9dd54c4f92021-12-20 16:01:44.927root 11241100x8000000000000000778095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7975d7a0fd1d2742021-12-20 16:01:45.424root 11241100x8000000000000000778096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a821c5fb6df90322021-12-20 16:01:45.424root 11241100x8000000000000000778097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89efe0f92621319e2021-12-20 16:01:45.424root 11241100x8000000000000000778098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43565e3f0da23042021-12-20 16:01:45.425root 11241100x8000000000000000778099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3930e533d1b90d132021-12-20 16:01:45.425root 11241100x8000000000000000778100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd488f7edf6beef2021-12-20 16:01:45.425root 11241100x8000000000000000778101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88d38224fc04f9b2021-12-20 16:01:45.425root 11241100x8000000000000000778102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c790e872a7309c2021-12-20 16:01:45.425root 11241100x8000000000000000778103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc27cf43e17d4c12021-12-20 16:01:45.425root 11241100x8000000000000000778104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cb3ec0ccbd7fb82021-12-20 16:01:45.425root 11241100x8000000000000000778105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f070c66ac00cb6f2021-12-20 16:01:45.425root 11241100x8000000000000000778106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a960e4db47714ec82021-12-20 16:01:45.425root 11241100x8000000000000000778107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ee47dfafff57022021-12-20 16:01:45.426root 11241100x8000000000000000778108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f2fd7794e677e02021-12-20 16:01:45.426root 11241100x8000000000000000778109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033fb4ca449f88de2021-12-20 16:01:45.426root 11241100x8000000000000000778110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d9dcd09555a91e2021-12-20 16:01:45.426root 11241100x8000000000000000778111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08a0c87ad7d86b52021-12-20 16:01:45.426root 11241100x8000000000000000778112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e5b8333bba799f2021-12-20 16:01:45.426root 11241100x8000000000000000778113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11751635977cbca12021-12-20 16:01:45.426root 11241100x8000000000000000778114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f77e2ff8e13c6de2021-12-20 16:01:45.426root 11241100x8000000000000000778115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee78d1adfa7a8e52021-12-20 16:01:45.427root 11241100x8000000000000000778116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5f909920dd7eec2021-12-20 16:01:45.427root 11241100x8000000000000000778117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d54caabf27f7bc2021-12-20 16:01:45.427root 11241100x8000000000000000778118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26bd7ec033cd4272021-12-20 16:01:45.427root 11241100x8000000000000000778119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f601946d33f74d72021-12-20 16:01:45.428root 11241100x8000000000000000778120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeb8e25cf11e0e72021-12-20 16:01:45.428root 11241100x8000000000000000778121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6abb7af8c3a93b62021-12-20 16:01:45.428root 11241100x8000000000000000778122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cdb5b259c00eb62021-12-20 16:01:45.429root 11241100x8000000000000000778123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca43ba21f8bfc942021-12-20 16:01:45.429root 11241100x8000000000000000778124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b70f2fa0be9a2d22021-12-20 16:01:45.429root 11241100x8000000000000000778125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7e680af85291632021-12-20 16:01:45.429root 11241100x8000000000000000778126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6bf0add83e04762021-12-20 16:01:45.429root 11241100x8000000000000000778127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e83a7d99ac16252021-12-20 16:01:45.430root 11241100x8000000000000000778128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ffb70f2fcf60f72021-12-20 16:01:45.430root 11241100x8000000000000000778129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fda2377fce023c82021-12-20 16:01:45.431root 11241100x8000000000000000778130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af636de411f3b412021-12-20 16:01:45.431root 11241100x8000000000000000778131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3219b2ec788af92021-12-20 16:01:45.431root 11241100x8000000000000000778132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900b9fc8d0f3208a2021-12-20 16:01:45.924root 11241100x8000000000000000778133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e216f93e52dc675b2021-12-20 16:01:45.924root 11241100x8000000000000000778134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129ca00efd4feeba2021-12-20 16:01:45.924root 11241100x8000000000000000778135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4d5d155396a2f42021-12-20 16:01:45.924root 11241100x8000000000000000778136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb33d0e05a70fd52021-12-20 16:01:45.925root 11241100x8000000000000000778137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e770cb02e259ef22021-12-20 16:01:45.925root 11241100x8000000000000000778138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ea4502303007b2021-12-20 16:01:45.925root 11241100x8000000000000000778139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7930a06c98c4f12021-12-20 16:01:45.925root 11241100x8000000000000000778140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675efb5ef89e35212021-12-20 16:01:45.925root 11241100x8000000000000000778141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90db0278dddb60b72021-12-20 16:01:45.925root 11241100x8000000000000000778142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d702ad90698d9ef02021-12-20 16:01:45.925root 11241100x8000000000000000778143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b0559c44b4667a2021-12-20 16:01:45.925root 11241100x8000000000000000778144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa14f6bd68cc2c6d2021-12-20 16:01:45.925root 11241100x8000000000000000778145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3732c4fa1a99e1072021-12-20 16:01:45.925root 11241100x8000000000000000778146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7b32028d45aeae2021-12-20 16:01:45.926root 11241100x8000000000000000778147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7303ceaf1939b4c42021-12-20 16:01:45.926root 11241100x8000000000000000778148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea083c900b8ec0c2021-12-20 16:01:45.926root 11241100x8000000000000000778149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433efc9e9e329a9d2021-12-20 16:01:45.926root 11241100x8000000000000000778150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a27506b488f5132021-12-20 16:01:45.926root 11241100x8000000000000000778151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5419a7fed0ad88302021-12-20 16:01:45.926root 11241100x8000000000000000778152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb2467b7d2aa1762021-12-20 16:01:45.926root 11241100x8000000000000000778153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997930f455cc73472021-12-20 16:01:45.926root 11241100x8000000000000000778154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee032e93f0feff3a2021-12-20 16:01:45.927root 11241100x8000000000000000778155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b0b344ae266f3b2021-12-20 16:01:45.927root 11241100x8000000000000000778156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7ca2b689134dfa2021-12-20 16:01:45.927root 11241100x8000000000000000778157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4377d3e090bb50152021-12-20 16:01:45.927root 11241100x8000000000000000778158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e25ba29afca6822021-12-20 16:01:45.927root 11241100x8000000000000000778159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b3c056d938a3812021-12-20 16:01:45.927root 11241100x8000000000000000778160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7bdfd8c5909e782021-12-20 16:01:45.927root 11241100x8000000000000000778161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616f3cbd51a9c3cc2021-12-20 16:01:45.928root 11241100x8000000000000000778162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b84f66a1cd80dd2021-12-20 16:01:45.928root 11241100x8000000000000000778163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7015d608257280452021-12-20 16:01:45.928root 11241100x8000000000000000778164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff511aa9c476f8f2021-12-20 16:01:46.424root 11241100x8000000000000000778165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cec8fd07a513b062021-12-20 16:01:46.424root 11241100x8000000000000000778166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67a401ca69acef92021-12-20 16:01:46.424root 11241100x8000000000000000778167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322bd90cea159d162021-12-20 16:01:46.425root 11241100x8000000000000000778168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62be651eb23f4022021-12-20 16:01:46.425root 11241100x8000000000000000778169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41029f42a68051d92021-12-20 16:01:46.425root 11241100x8000000000000000778170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f35f1a04416fe32021-12-20 16:01:46.425root 11241100x8000000000000000778171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9040bad27da8ad2021-12-20 16:01:46.425root 11241100x8000000000000000778172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b1fa86639a8acf2021-12-20 16:01:46.425root 11241100x8000000000000000778173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589f2e48ad46c3f02021-12-20 16:01:46.425root 11241100x8000000000000000778174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971e4228cdafd4b22021-12-20 16:01:46.425root 11241100x8000000000000000778175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5288d028f5bdedd32021-12-20 16:01:46.425root 11241100x8000000000000000778176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081ce0633a7307922021-12-20 16:01:46.425root 11241100x8000000000000000778177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4766a0529206166f2021-12-20 16:01:46.425root 11241100x8000000000000000778178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f06461fd8c7ef072021-12-20 16:01:46.426root 11241100x8000000000000000778179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df47d868134bcc82021-12-20 16:01:46.426root 11241100x8000000000000000778180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a27d5b9ff3326f2021-12-20 16:01:46.426root 11241100x8000000000000000778181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5246138f5f3fd662021-12-20 16:01:46.426root 11241100x8000000000000000778182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a738a86bcb00ceeb2021-12-20 16:01:46.426root 11241100x8000000000000000778183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e957fd356087b6f2021-12-20 16:01:46.426root 11241100x8000000000000000778184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f867fed7480ef72021-12-20 16:01:46.426root 11241100x8000000000000000778185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcea08cad1c856b82021-12-20 16:01:46.426root 11241100x8000000000000000778186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37e527644e33ba92021-12-20 16:01:46.426root 11241100x8000000000000000778187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63618d1ba14f4f852021-12-20 16:01:46.427root 11241100x8000000000000000778188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd724ce78ef62cd2021-12-20 16:01:46.427root 11241100x8000000000000000778189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9f00624e59c0ad2021-12-20 16:01:46.427root 11241100x8000000000000000778190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16653bb8e62b90ce2021-12-20 16:01:46.427root 11241100x8000000000000000778191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce98fd4b3735c3262021-12-20 16:01:46.427root 11241100x8000000000000000778192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af733d66f0b862a2021-12-20 16:01:46.427root 11241100x8000000000000000778193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462b2ae3078c4b562021-12-20 16:01:46.427root 11241100x8000000000000000778194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bbf18936a150702021-12-20 16:01:46.428root 11241100x8000000000000000778195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837f20dfe810311d2021-12-20 16:01:46.428root 11241100x8000000000000000778196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b1a71edd1028cc2021-12-20 16:01:46.924root 11241100x8000000000000000778197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33caf1969fefefdb2021-12-20 16:01:46.924root 11241100x8000000000000000778198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbb045ce855b0bf2021-12-20 16:01:46.924root 11241100x8000000000000000778199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0bbeecaf752ccc2021-12-20 16:01:46.925root 11241100x8000000000000000778200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634ec1a4e83a89b42021-12-20 16:01:46.925root 11241100x8000000000000000778201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4081b4ec1a47d18e2021-12-20 16:01:46.925root 11241100x8000000000000000778202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539ec892842422b02021-12-20 16:01:46.925root 11241100x8000000000000000778203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca9d48ac005f68d2021-12-20 16:01:46.925root 11241100x8000000000000000778204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40efa454a03ef2862021-12-20 16:01:46.925root 11241100x8000000000000000778205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e9aded8bacf3162021-12-20 16:01:46.926root 11241100x8000000000000000778206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95008c2f6d23992e2021-12-20 16:01:46.926root 11241100x8000000000000000778207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a81c5afcf799ce42021-12-20 16:01:46.926root 11241100x8000000000000000778208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fba35bc0b7b7fab2021-12-20 16:01:46.926root 11241100x8000000000000000778209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce9ea4969b259022021-12-20 16:01:46.926root 11241100x8000000000000000778210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fc3e8ac36266ea2021-12-20 16:01:46.926root 11241100x8000000000000000778211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fe10fbdffa252e2021-12-20 16:01:46.927root 11241100x8000000000000000778212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5202e7cb19a9042021-12-20 16:01:46.927root 11241100x8000000000000000778213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754607e249341a142021-12-20 16:01:46.927root 11241100x8000000000000000778214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27145672921acc262021-12-20 16:01:46.927root 11241100x8000000000000000778215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0dc0ca5ed28c2a82021-12-20 16:01:46.927root 11241100x8000000000000000778216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce47d71888eab282021-12-20 16:01:46.927root 11241100x8000000000000000778217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df06ab7244f086952021-12-20 16:01:46.928root 11241100x8000000000000000778218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475791f4d32873782021-12-20 16:01:46.928root 11241100x8000000000000000778219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea499708da4e5ba72021-12-20 16:01:46.928root 11241100x8000000000000000778220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1907d7175f2985562021-12-20 16:01:46.928root 11241100x8000000000000000778221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6677897d8e40a32021-12-20 16:01:46.928root 11241100x8000000000000000778222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1a0029619d40922021-12-20 16:01:46.928root 11241100x8000000000000000778223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a45ef56f41b23c2021-12-20 16:01:46.929root 11241100x8000000000000000778224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4000c251037a1a72021-12-20 16:01:46.929root 11241100x8000000000000000778225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e239aab3627c5512021-12-20 16:01:46.929root 11241100x8000000000000000778226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1997b635a42bee5a2021-12-20 16:01:46.929root 11241100x8000000000000000778227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcc6645e567582c2021-12-20 16:01:46.929root 11241100x8000000000000000778228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcd29987c9176d72021-12-20 16:01:46.929root 11241100x8000000000000000778229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df36613d4591b33e2021-12-20 16:01:46.929root 11241100x8000000000000000778230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134ad35f506716d72021-12-20 16:01:47.424root 11241100x8000000000000000778231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a963f47bbe83bbb2021-12-20 16:01:47.424root 11241100x8000000000000000778232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc1bbe220b7499a2021-12-20 16:01:47.424root 11241100x8000000000000000778233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e5440cf8c88d1f2021-12-20 16:01:47.424root 11241100x8000000000000000778234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812c6af80b6cef882021-12-20 16:01:47.425root 11241100x8000000000000000778235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d17fb1fc2f14f9c2021-12-20 16:01:47.425root 11241100x8000000000000000778236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9a315bd7f42e132021-12-20 16:01:47.425root 11241100x8000000000000000778237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36f7c6268ff865d2021-12-20 16:01:47.425root 11241100x8000000000000000778238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1014f3d2dc39ebd52021-12-20 16:01:47.425root 11241100x8000000000000000778239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7973c6302500972021-12-20 16:01:47.425root 11241100x8000000000000000778240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10134b5ba0e534a2021-12-20 16:01:47.425root 11241100x8000000000000000778241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe8f9e03380ea222021-12-20 16:01:47.425root 11241100x8000000000000000778242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb810047ddfd4392021-12-20 16:01:47.426root 11241100x8000000000000000778243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d418f02131f6f1a2021-12-20 16:01:47.426root 11241100x8000000000000000778244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b170dea8a9b38f2021-12-20 16:01:47.426root 11241100x8000000000000000778245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c2325a4c60ffdf2021-12-20 16:01:47.426root 11241100x8000000000000000778246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e451102fe08c5d2021-12-20 16:01:47.426root 11241100x8000000000000000778247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6be8823f33b0662021-12-20 16:01:47.426root 11241100x8000000000000000778248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833cb2ee271669022021-12-20 16:01:47.426root 11241100x8000000000000000778249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebb294c77f91bbf2021-12-20 16:01:47.427root 11241100x8000000000000000778250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace5bba5e875c88f2021-12-20 16:01:47.427root 11241100x8000000000000000778251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c08b7fd863395f2021-12-20 16:01:47.427root 11241100x8000000000000000778252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6456fd703b14cb5e2021-12-20 16:01:47.427root 11241100x8000000000000000778253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed82594b854d5ce82021-12-20 16:01:47.427root 11241100x8000000000000000778254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01cac5cac3cf8b32021-12-20 16:01:47.427root 11241100x8000000000000000778255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32283991da947ac62021-12-20 16:01:47.427root 11241100x8000000000000000778256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62ec4e721272b812021-12-20 16:01:47.428root 11241100x8000000000000000778257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c81bb50ac5527fe2021-12-20 16:01:47.428root 11241100x8000000000000000778258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ba8cc07c201bf82021-12-20 16:01:47.428root 11241100x8000000000000000778259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ddcbd029a9932b2021-12-20 16:01:47.428root 11241100x8000000000000000778260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e07aeccb91a69c2021-12-20 16:01:47.429root 11241100x8000000000000000778261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfb6030be8d548f2021-12-20 16:01:47.924root 11241100x8000000000000000778262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47749aafd07fada12021-12-20 16:01:47.924root 11241100x8000000000000000778263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e172135debc68ea2021-12-20 16:01:47.925root 11241100x8000000000000000778264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bf857c335cd59e2021-12-20 16:01:47.925root 11241100x8000000000000000778265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3dc6c254b18b9b2021-12-20 16:01:47.925root 11241100x8000000000000000778266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546003009297e3312021-12-20 16:01:47.926root 11241100x8000000000000000778267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e470df4312baf122021-12-20 16:01:47.926root 11241100x8000000000000000778268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2340509ddc0701f2021-12-20 16:01:47.927root 11241100x8000000000000000778269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b58380d5fda75d2021-12-20 16:01:47.927root 11241100x8000000000000000778270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e70ed863d555512021-12-20 16:01:47.927root 11241100x8000000000000000778271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe374f2cd1d8c4f2021-12-20 16:01:47.927root 11241100x8000000000000000778272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c87f5cc2a63377b2021-12-20 16:01:47.927root 11241100x8000000000000000778273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76849c660aa8f3702021-12-20 16:01:47.927root 11241100x8000000000000000778274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32310505b746cf272021-12-20 16:01:47.928root 11241100x8000000000000000778275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2210454a1c77e8432021-12-20 16:01:47.928root 11241100x8000000000000000778276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dee489a97910bc2021-12-20 16:01:47.928root 11241100x8000000000000000778277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fabefe384732ae2021-12-20 16:01:47.928root 11241100x8000000000000000778278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e21fd51d2f721d2021-12-20 16:01:47.929root 11241100x8000000000000000778279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b827354781c3a322021-12-20 16:01:47.929root 11241100x8000000000000000778280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a34edc4e0924042021-12-20 16:01:47.930root 11241100x8000000000000000778281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6ac185b985e1172021-12-20 16:01:47.930root 11241100x8000000000000000778282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94ca14e2349b1eb2021-12-20 16:01:47.930root 11241100x8000000000000000778283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a376b1de7e35f98c2021-12-20 16:01:47.930root 11241100x8000000000000000778284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc47b9db74b8c742021-12-20 16:01:47.931root 11241100x8000000000000000778285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b225ce336fac992021-12-20 16:01:47.932root 11241100x8000000000000000778286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d885635597f42fa52021-12-20 16:01:47.932root 11241100x8000000000000000778287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f698463b243d9b2021-12-20 16:01:47.932root 11241100x8000000000000000778288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba1946ae817f9672021-12-20 16:01:47.932root 11241100x8000000000000000778289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3515bba91f33a402021-12-20 16:01:47.934root 11241100x8000000000000000778290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f63cb90cb35f7d2021-12-20 16:01:47.934root 11241100x8000000000000000778291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c639ab703989ec152021-12-20 16:01:47.934root 11241100x8000000000000000778292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ed1a17119c6e9d2021-12-20 16:01:47.935root 11241100x8000000000000000778293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:47.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b9e723470efe612021-12-20 16:01:47.935root 11241100x8000000000000000778294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8472fe78913632222021-12-20 16:01:48.424root 11241100x8000000000000000778295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175fa1db8c7117ba2021-12-20 16:01:48.424root 11241100x8000000000000000778296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da088c2ee97bd3e2021-12-20 16:01:48.425root 11241100x8000000000000000778297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562d3bb4bb3c3e9f2021-12-20 16:01:48.425root 11241100x8000000000000000778298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cfc52130e8b7472021-12-20 16:01:48.425root 11241100x8000000000000000778299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46c4ea8d0a7cd0b2021-12-20 16:01:48.425root 11241100x8000000000000000778300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd90d1ffe667f3bc2021-12-20 16:01:48.425root 11241100x8000000000000000778301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4e48a2b74a21e92021-12-20 16:01:48.426root 11241100x8000000000000000778302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78230d137209c8892021-12-20 16:01:48.426root 11241100x8000000000000000778303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfd2bbe3e744b422021-12-20 16:01:48.426root 11241100x8000000000000000778304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5966b1f9d91de8262021-12-20 16:01:48.427root 11241100x8000000000000000778305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24d7b1a9fc1c2982021-12-20 16:01:48.427root 11241100x8000000000000000778306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a202988783d30022021-12-20 16:01:48.427root 11241100x8000000000000000778307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a01c70e9ba4c282021-12-20 16:01:48.427root 11241100x8000000000000000778308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3112db64817b2a342021-12-20 16:01:48.428root 11241100x8000000000000000778309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a421864f8624ed72021-12-20 16:01:48.428root 11241100x8000000000000000778310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986031aaa2c619892021-12-20 16:01:48.428root 11241100x8000000000000000778311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a0cc4447ff48152021-12-20 16:01:48.428root 11241100x8000000000000000778312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cd2dbb8d1a3b412021-12-20 16:01:48.429root 11241100x8000000000000000778313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b012f6fa4a7db352021-12-20 16:01:48.429root 11241100x8000000000000000778314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27057ce1ef2e56242021-12-20 16:01:48.429root 11241100x8000000000000000778315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519168730d83e8722021-12-20 16:01:48.429root 11241100x8000000000000000778316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982ed6a16634c1f12021-12-20 16:01:48.429root 11241100x8000000000000000778317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f5ec58df05f59c2021-12-20 16:01:48.429root 11241100x8000000000000000778318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b49d5f05234c6b72021-12-20 16:01:48.429root 11241100x8000000000000000778319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0010a225ebf2f3d2021-12-20 16:01:48.429root 11241100x8000000000000000778320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f643b0fef36de1302021-12-20 16:01:48.430root 11241100x8000000000000000778321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff5011d14118bba2021-12-20 16:01:48.430root 11241100x8000000000000000778322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cbd1875d5c88702021-12-20 16:01:48.430root 11241100x8000000000000000778323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b935165dc9b45d2021-12-20 16:01:48.430root 11241100x8000000000000000778324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1752f88196d2b62b2021-12-20 16:01:48.431root 11241100x8000000000000000778325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9070234112b8dd0b2021-12-20 16:01:48.924root 11241100x8000000000000000778326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b55a06307ebc952021-12-20 16:01:48.924root 11241100x8000000000000000778327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991bae076ef4abb82021-12-20 16:01:48.925root 11241100x8000000000000000778328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78c28baa6eb791c2021-12-20 16:01:48.925root 11241100x8000000000000000778329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35a66ce2d65133e2021-12-20 16:01:48.925root 11241100x8000000000000000778330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc8d47156687ce12021-12-20 16:01:48.925root 11241100x8000000000000000778331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a934b038009026ab2021-12-20 16:01:48.926root 11241100x8000000000000000778332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5d42f81f606a582021-12-20 16:01:48.926root 11241100x8000000000000000778333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563e5d58fea438412021-12-20 16:01:48.926root 11241100x8000000000000000778334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d437bd205b835d2021-12-20 16:01:48.926root 11241100x8000000000000000778335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39b23bc4b3a11222021-12-20 16:01:48.926root 11241100x8000000000000000778336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a949c2ae4bfcf1fd2021-12-20 16:01:48.926root 11241100x8000000000000000778337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3078f506b0405922021-12-20 16:01:48.927root 11241100x8000000000000000778338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5537630243249f2021-12-20 16:01:48.927root 11241100x8000000000000000778339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c71055b15576cc2021-12-20 16:01:48.927root 11241100x8000000000000000778340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0ae3942c2198da2021-12-20 16:01:48.927root 11241100x8000000000000000778341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c11d0660b777ab2021-12-20 16:01:48.928root 11241100x8000000000000000778342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671d5ddf5e0b96292021-12-20 16:01:48.928root 11241100x8000000000000000778343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a359986d054daa212021-12-20 16:01:48.928root 11241100x8000000000000000778344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a31a0f2d4add9e72021-12-20 16:01:48.928root 11241100x8000000000000000778345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d888a58e93e118322021-12-20 16:01:48.929root 11241100x8000000000000000778346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61a8ed59aa087db2021-12-20 16:01:48.929root 11241100x8000000000000000778347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c408a848ee7d33c2021-12-20 16:01:48.932root 11241100x8000000000000000778348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e77ae281727e152021-12-20 16:01:48.932root 11241100x8000000000000000778349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f824519b093fdbc92021-12-20 16:01:48.932root 11241100x8000000000000000778350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd78142b5c30bf242021-12-20 16:01:48.932root 11241100x8000000000000000778351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49f1a4fd71588252021-12-20 16:01:48.934root 11241100x8000000000000000778352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d20432462e391ac2021-12-20 16:01:48.934root 11241100x8000000000000000778353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f508473e31ad3e8d2021-12-20 16:01:48.934root 11241100x8000000000000000778354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7793755553177e922021-12-20 16:01:48.937root 11241100x8000000000000000778355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a134218cf5b1b2732021-12-20 16:01:48.937root 11241100x8000000000000000778356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:48.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddce81f85be54072021-12-20 16:01:48.937root 11241100x8000000000000000778357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c0e0b7ac2f40d12021-12-20 16:01:49.424root 11241100x8000000000000000778358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee841fa358466e532021-12-20 16:01:49.425root 11241100x8000000000000000778359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f0b1512452b8912021-12-20 16:01:49.425root 11241100x8000000000000000778360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96673dd7fa79c6c2021-12-20 16:01:49.425root 11241100x8000000000000000778361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8edfb75eb16f872021-12-20 16:01:49.425root 11241100x8000000000000000778362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69704d6fca872d92021-12-20 16:01:49.425root 11241100x8000000000000000778363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492c37d8c2c486f82021-12-20 16:01:49.425root 11241100x8000000000000000778364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b7400c54d33422021-12-20 16:01:49.425root 11241100x8000000000000000778365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a9a64563005d0d2021-12-20 16:01:49.425root 11241100x8000000000000000778366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9f2e3f687f20912021-12-20 16:01:49.425root 11241100x8000000000000000778367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54e607edcf7eddd2021-12-20 16:01:49.425root 11241100x8000000000000000778368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a2fc5c32e4a3562021-12-20 16:01:49.426root 11241100x8000000000000000778369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c86c758de2994d2021-12-20 16:01:49.426root 11241100x8000000000000000778370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c5f022eb1937b02021-12-20 16:01:49.426root 11241100x8000000000000000778371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdf68129b55d6b52021-12-20 16:01:49.426root 11241100x8000000000000000778372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f52143e253a50932021-12-20 16:01:49.426root 11241100x8000000000000000778373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43922571fe3144b2021-12-20 16:01:49.426root 11241100x8000000000000000778374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc302cb4ac1bf0b2021-12-20 16:01:49.426root 11241100x8000000000000000778375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d92ccc1bd8f2c22021-12-20 16:01:49.426root 11241100x8000000000000000778376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f568120443458a72021-12-20 16:01:49.426root 11241100x8000000000000000778377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200f45ed5e437b842021-12-20 16:01:49.426root 11241100x8000000000000000778378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d9771922a24ada2021-12-20 16:01:49.427root 11241100x8000000000000000778379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af33d962d4100d72021-12-20 16:01:49.427root 11241100x8000000000000000778380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0513c39fcc72040f2021-12-20 16:01:49.427root 11241100x8000000000000000778381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887f185d618f9de12021-12-20 16:01:49.427root 11241100x8000000000000000778382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3030b9d63d9a2dce2021-12-20 16:01:49.427root 11241100x8000000000000000778383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12301c62e7555552021-12-20 16:01:49.427root 11241100x8000000000000000778384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e867ac49ed2783a2021-12-20 16:01:49.427root 11241100x8000000000000000778385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad57123d07b29d0b2021-12-20 16:01:49.427root 11241100x8000000000000000778386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c891507a9ee10612021-12-20 16:01:49.428root 11241100x8000000000000000778387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb98bd3b4965a9b2021-12-20 16:01:49.428root 11241100x8000000000000000778388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b43d561f02e8a2021-12-20 16:01:49.428root 11241100x8000000000000000778389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727465de8038eb8c2021-12-20 16:01:49.924root 11241100x8000000000000000778390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6979781d4f4ee3c2021-12-20 16:01:49.924root 11241100x8000000000000000778391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3577797a5310be42021-12-20 16:01:49.924root 11241100x8000000000000000778392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b365be1bb66d1f002021-12-20 16:01:49.925root 11241100x8000000000000000778393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4e531f885221582021-12-20 16:01:49.925root 11241100x8000000000000000778394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ea8163151e23ec2021-12-20 16:01:49.925root 11241100x8000000000000000778395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079f2e9f6de68e602021-12-20 16:01:49.925root 11241100x8000000000000000778396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74da12594adc290c2021-12-20 16:01:49.925root 11241100x8000000000000000778397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474d3cddc645e8f12021-12-20 16:01:49.925root 11241100x8000000000000000778398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9f9f51c976a8a92021-12-20 16:01:49.925root 11241100x8000000000000000778399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda09d73427172ac2021-12-20 16:01:49.925root 11241100x8000000000000000778400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9109b97fe34996202021-12-20 16:01:49.925root 11241100x8000000000000000778401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e4146970260592021-12-20 16:01:49.925root 11241100x8000000000000000778402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b670b2efa57d9202021-12-20 16:01:49.926root 11241100x8000000000000000778403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676ec98e27baaadf2021-12-20 16:01:49.926root 11241100x8000000000000000778404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1638d666c41727b2021-12-20 16:01:49.926root 11241100x8000000000000000778405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb53eda069b18fc22021-12-20 16:01:49.927root 11241100x8000000000000000778406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db317b6fb3b7fe782021-12-20 16:01:49.927root 11241100x8000000000000000778407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a61fad52e94e422021-12-20 16:01:49.927root 11241100x8000000000000000778408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8720939b1c5c5da12021-12-20 16:01:49.927root 11241100x8000000000000000778409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5beacb0ab9f13d712021-12-20 16:01:49.928root 11241100x8000000000000000778410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8af78b0a08911c2021-12-20 16:01:49.928root 11241100x8000000000000000778411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19331e91a985c382021-12-20 16:01:49.930root 11241100x8000000000000000778412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b288434eb21f9f2021-12-20 16:01:49.931root 11241100x8000000000000000778413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de907cccd32f1f82021-12-20 16:01:49.931root 11241100x8000000000000000778414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee7de39489f930a2021-12-20 16:01:49.932root 11241100x8000000000000000778415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad011e3c17d6ec72021-12-20 16:01:49.932root 11241100x8000000000000000778416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaf054de47e53842021-12-20 16:01:49.932root 11241100x8000000000000000778417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc33dc775bf22a12021-12-20 16:01:49.932root 11241100x8000000000000000778418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9f5727513a49202021-12-20 16:01:49.933root 11241100x8000000000000000778419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567d3437045454012021-12-20 16:01:49.933root 11241100x8000000000000000778420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:49.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4877ecd0d4f5b1ab2021-12-20 16:01:49.933root 354300x8000000000000000778421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.067{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51532-false10.0.1.12-8000- 11241100x8000000000000000778422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85424416ec5d40122021-12-20 16:01:50.424root 11241100x8000000000000000778423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ba5a872e12a2032021-12-20 16:01:50.424root 11241100x8000000000000000778424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d692e8098fe46d82021-12-20 16:01:50.424root 11241100x8000000000000000778425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cd7ecbc21c92f12021-12-20 16:01:50.425root 11241100x8000000000000000778426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02021a0c12dce0e12021-12-20 16:01:50.425root 11241100x8000000000000000778427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9441fdeba8d068bf2021-12-20 16:01:50.425root 11241100x8000000000000000778428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b00b27878eef5f2021-12-20 16:01:50.425root 11241100x8000000000000000778429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bdd53a7e45ba312021-12-20 16:01:50.425root 11241100x8000000000000000778430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ab2e1cc57d35522021-12-20 16:01:50.425root 11241100x8000000000000000778431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c33c31788d2df12021-12-20 16:01:50.425root 11241100x8000000000000000778432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c65cb0c3e6518322021-12-20 16:01:50.425root 11241100x8000000000000000778433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8774737c4d126bd2021-12-20 16:01:50.425root 11241100x8000000000000000778434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015c5f1308096e4c2021-12-20 16:01:50.426root 11241100x8000000000000000778435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050d9efadee635ea2021-12-20 16:01:50.426root 11241100x8000000000000000778436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adc68fb052a7d522021-12-20 16:01:50.426root 11241100x8000000000000000778437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c908da21b6d04a22021-12-20 16:01:50.426root 11241100x8000000000000000778438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcf322cca29188a2021-12-20 16:01:50.426root 11241100x8000000000000000778439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2585ad05de745a2021-12-20 16:01:50.426root 11241100x8000000000000000778440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36763abb3b72c8f32021-12-20 16:01:50.427root 11241100x8000000000000000778441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe84f91263a65092021-12-20 16:01:50.427root 11241100x8000000000000000778442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a03d56125ca6e72021-12-20 16:01:50.427root 11241100x8000000000000000778443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56c13a1af122fc52021-12-20 16:01:50.427root 11241100x8000000000000000778444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2a7c8e43436b6d2021-12-20 16:01:50.427root 11241100x8000000000000000778445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c0fe5c4d0ddbc02021-12-20 16:01:50.428root 11241100x8000000000000000778446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7931dcddabce2d02021-12-20 16:01:50.428root 11241100x8000000000000000778447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427708609de372bc2021-12-20 16:01:50.428root 11241100x8000000000000000778448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97a46b185cce0e22021-12-20 16:01:50.429root 11241100x8000000000000000778449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbfe9c4279911ff2021-12-20 16:01:50.429root 11241100x8000000000000000778450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b6f70f592bbb702021-12-20 16:01:50.429root 11241100x8000000000000000778451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a3b012f2d076522021-12-20 16:01:50.429root 11241100x8000000000000000778452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aaea96338c86e3e2021-12-20 16:01:50.429root 11241100x8000000000000000778453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14609e89a375cc462021-12-20 16:01:50.429root 11241100x8000000000000000778454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb602801df334252021-12-20 16:01:50.429root 11241100x8000000000000000778455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59370e1719a5a6c2021-12-20 16:01:50.430root 11241100x8000000000000000778456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce1fcfa1988cf322021-12-20 16:01:50.430root 11241100x8000000000000000778457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9bc3f2220914ae2021-12-20 16:01:50.431root 11241100x8000000000000000778458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d502cd34e1325c082021-12-20 16:01:50.431root 11241100x8000000000000000778459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b223a56e640237012021-12-20 16:01:50.431root 11241100x8000000000000000778460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd7004e3820ac352021-12-20 16:01:50.432root 11241100x8000000000000000778461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a74e720778e5e62021-12-20 16:01:50.432root 11241100x8000000000000000778462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acfb140ae0076fe2021-12-20 16:01:50.432root 11241100x8000000000000000778463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f306ff975da9412021-12-20 16:01:50.432root 11241100x8000000000000000778464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff785134d3ca922021-12-20 16:01:50.433root 11241100x8000000000000000778465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155a5337ddc9b2c82021-12-20 16:01:50.433root 11241100x8000000000000000778466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2a94b97a21881e2021-12-20 16:01:50.433root 11241100x8000000000000000778467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d7aeab4f4383492021-12-20 16:01:50.433root 11241100x8000000000000000778468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ee33ebc25d7c982021-12-20 16:01:50.434root 11241100x8000000000000000778469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccc7eb8e08042492021-12-20 16:01:50.434root 11241100x8000000000000000778470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec681e0c4c7a66262021-12-20 16:01:50.435root 11241100x8000000000000000778471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33735d1e8971b682021-12-20 16:01:50.435root 11241100x8000000000000000778472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d304deff6867679c2021-12-20 16:01:50.435root 11241100x8000000000000000778473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2399e505e50c3dc12021-12-20 16:01:50.924root 11241100x8000000000000000778474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2e4531d529ac3d2021-12-20 16:01:50.924root 11241100x8000000000000000778475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bb233f3cb668fa2021-12-20 16:01:50.925root 11241100x8000000000000000778476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546a7d58812aacc82021-12-20 16:01:50.925root 11241100x8000000000000000778477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf97973eb6ed0862021-12-20 16:01:50.925root 11241100x8000000000000000778478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b178b4c3da84b432021-12-20 16:01:50.925root 11241100x8000000000000000778479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb48c30b61cf5552021-12-20 16:01:50.925root 11241100x8000000000000000778480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b264327d38dc084d2021-12-20 16:01:50.925root 11241100x8000000000000000778481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6fa4c44f90a6c32021-12-20 16:01:50.926root 11241100x8000000000000000778482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7364519c1ff6d82021-12-20 16:01:50.926root 11241100x8000000000000000778483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ec36d8eb4e1e792021-12-20 16:01:50.926root 11241100x8000000000000000778484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10ae602e4069c162021-12-20 16:01:50.926root 11241100x8000000000000000778485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31598a3601562fb62021-12-20 16:01:50.927root 11241100x8000000000000000778486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df2043df9fbd7a82021-12-20 16:01:50.927root 11241100x8000000000000000778487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c26e5b930ac0192021-12-20 16:01:50.928root 11241100x8000000000000000778488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d345429ee3bb482c2021-12-20 16:01:50.928root 11241100x8000000000000000778489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033174446a3d76522021-12-20 16:01:50.929root 11241100x8000000000000000778490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5249c6719f75682021-12-20 16:01:50.929root 11241100x8000000000000000778491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350cd62b9dacdca02021-12-20 16:01:50.929root 11241100x8000000000000000778492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c68a7343c7ec1932021-12-20 16:01:50.930root 11241100x8000000000000000778493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6140e2d40a1a7fe92021-12-20 16:01:50.931root 11241100x8000000000000000778494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fd4ec48146cc272021-12-20 16:01:50.931root 11241100x8000000000000000778495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9a9d5b7a4118c02021-12-20 16:01:50.931root 11241100x8000000000000000778496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cff86835fdad5332021-12-20 16:01:50.931root 11241100x8000000000000000778497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32007d5729a08c92021-12-20 16:01:50.931root 11241100x8000000000000000778498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3b3bca0a91215f2021-12-20 16:01:50.932root 11241100x8000000000000000778499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8c5e278b6baf5a2021-12-20 16:01:50.932root 11241100x8000000000000000778500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd9ddce14cd8d8c2021-12-20 16:01:50.932root 11241100x8000000000000000778501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa0eef7fc9875ff2021-12-20 16:01:50.932root 11241100x8000000000000000778502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec0f5db08b381462021-12-20 16:01:50.932root 11241100x8000000000000000778503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72920c65133ca99e2021-12-20 16:01:50.932root 11241100x8000000000000000778504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7559cd7b848afa932021-12-20 16:01:50.932root 11241100x8000000000000000778505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:50.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e870bb5acd151122021-12-20 16:01:50.934root 11241100x8000000000000000778506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408e3bfcf6f0919d2021-12-20 16:01:51.424root 11241100x8000000000000000778507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee41bb1b694d66ac2021-12-20 16:01:51.424root 11241100x8000000000000000778508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4d99558261dd612021-12-20 16:01:51.424root 11241100x8000000000000000778509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5285429e273903f82021-12-20 16:01:51.425root 11241100x8000000000000000778510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3340b881254d3092021-12-20 16:01:51.425root 11241100x8000000000000000778511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bef4271a67126e2021-12-20 16:01:51.425root 11241100x8000000000000000778512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa4aca63e3958542021-12-20 16:01:51.425root 11241100x8000000000000000778513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb320e5a4a709d92021-12-20 16:01:51.426root 11241100x8000000000000000778514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275a32d6cbb46c9c2021-12-20 16:01:51.426root 11241100x8000000000000000778515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588867d5a1f5dda62021-12-20 16:01:51.426root 11241100x8000000000000000778516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6de2c0e0ed036952021-12-20 16:01:51.426root 11241100x8000000000000000778517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75d695a670085ae2021-12-20 16:01:51.427root 11241100x8000000000000000778518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c303b845e578d52021-12-20 16:01:51.427root 11241100x8000000000000000778519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e1108df9ea5a252021-12-20 16:01:51.427root 11241100x8000000000000000778520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e1dab95f928fd82021-12-20 16:01:51.427root 11241100x8000000000000000778521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651e03eca2fac4d22021-12-20 16:01:51.427root 11241100x8000000000000000778522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568420b5baa0b4db2021-12-20 16:01:51.427root 11241100x8000000000000000778523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5e8db7936ea1bc2021-12-20 16:01:51.427root 11241100x8000000000000000778524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390c645fbdb5253e2021-12-20 16:01:51.428root 11241100x8000000000000000778525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae8b4605702ba072021-12-20 16:01:51.428root 11241100x8000000000000000778526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960ff173cb8a12a92021-12-20 16:01:51.428root 11241100x8000000000000000778527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c57bc7fe46dc572021-12-20 16:01:51.428root 11241100x8000000000000000778528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e020b68786827cfe2021-12-20 16:01:51.428root 11241100x8000000000000000778529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3f48b0f8775a652021-12-20 16:01:51.428root 11241100x8000000000000000778530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627ce12b5edcd5c92021-12-20 16:01:51.428root 11241100x8000000000000000778531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3260264a649ff1922021-12-20 16:01:51.428root 11241100x8000000000000000778532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d559fcad9d4230d2021-12-20 16:01:51.428root 11241100x8000000000000000778533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61e34dc9a5a04d72021-12-20 16:01:51.429root 11241100x8000000000000000778534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f4620173135f3b2021-12-20 16:01:51.429root 11241100x8000000000000000778535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4667e6041a4763a52021-12-20 16:01:51.429root 11241100x8000000000000000778536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5e745f1b0466032021-12-20 16:01:51.429root 11241100x8000000000000000778537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee63c5c944751542021-12-20 16:01:51.429root 11241100x8000000000000000778538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac15dba40805ff82021-12-20 16:01:51.924root 11241100x8000000000000000778539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aeaa83e6f6418b2021-12-20 16:01:51.924root 11241100x8000000000000000778540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593b2b8c1241c7b02021-12-20 16:01:51.925root 11241100x8000000000000000778541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09f4fa0f2d8ab292021-12-20 16:01:51.925root 11241100x8000000000000000778542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ffae2d91c3cc922021-12-20 16:01:51.925root 11241100x8000000000000000778543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6885083caf4102d52021-12-20 16:01:51.925root 11241100x8000000000000000778544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d7dc9df6f90d4a2021-12-20 16:01:51.926root 11241100x8000000000000000778545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2800c4c3edf97a0d2021-12-20 16:01:51.926root 11241100x8000000000000000778546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236677af6ca2b2352021-12-20 16:01:51.926root 11241100x8000000000000000778547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25cd01113be1e3c2021-12-20 16:01:51.926root 11241100x8000000000000000778548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bfeb9e399995812021-12-20 16:01:51.926root 11241100x8000000000000000778549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e57815f2c27cf0b2021-12-20 16:01:51.926root 11241100x8000000000000000778550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6961484f486484112021-12-20 16:01:51.926root 11241100x8000000000000000778551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6877b8a3236a3e52021-12-20 16:01:51.926root 11241100x8000000000000000778552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc10ef5974947e12021-12-20 16:01:51.926root 11241100x8000000000000000778553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f86ebac19268ea82021-12-20 16:01:51.927root 11241100x8000000000000000778554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d31e1114f59b0282021-12-20 16:01:51.927root 11241100x8000000000000000778555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd185ea80f2512cc2021-12-20 16:01:51.927root 11241100x8000000000000000778556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2d1aebdb7cec1c2021-12-20 16:01:51.927root 11241100x8000000000000000778557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42969d13aebe513d2021-12-20 16:01:51.927root 11241100x8000000000000000778558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f9ccb30461f1b82021-12-20 16:01:51.927root 11241100x8000000000000000778559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4936ca9d7866232021-12-20 16:01:51.927root 11241100x8000000000000000778560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694c81c8031aa0c52021-12-20 16:01:51.927root 11241100x8000000000000000778561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ec2284c8aa5fc62021-12-20 16:01:51.928root 11241100x8000000000000000778562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305061cc6432c0682021-12-20 16:01:51.928root 11241100x8000000000000000778563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ec23c6bfcdcd6a2021-12-20 16:01:51.928root 11241100x8000000000000000778564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f1c3a6e66de1632021-12-20 16:01:51.928root 11241100x8000000000000000778565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32648b8913a033fb2021-12-20 16:01:51.928root 11241100x8000000000000000778566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc3f43f05b139d02021-12-20 16:01:51.928root 11241100x8000000000000000778567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184800483f544a792021-12-20 16:01:51.928root 11241100x8000000000000000778568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe984e5f579c03042021-12-20 16:01:51.929root 11241100x8000000000000000778569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89a9cbb28c63e572021-12-20 16:01:51.929root 11241100x8000000000000000778570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47a4b79ef4bafb22021-12-20 16:01:51.929root 11241100x8000000000000000778571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc0a6aafd95f0512021-12-20 16:01:51.929root 11241100x8000000000000000778572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2521b2a08ae04fd22021-12-20 16:01:51.929root 11241100x8000000000000000778573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a09e1fcbf8148e2021-12-20 16:01:51.929root 11241100x8000000000000000778574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac8f9aee40672aa2021-12-20 16:01:52.424root 11241100x8000000000000000778575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6660723e5ae10472021-12-20 16:01:52.424root 11241100x8000000000000000778576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebe9492c1615bf32021-12-20 16:01:52.424root 11241100x8000000000000000778577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c70303404cce1f12021-12-20 16:01:52.424root 11241100x8000000000000000778578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c014b3403b173f412021-12-20 16:01:52.425root 11241100x8000000000000000778579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe218f6e2f5aa4d12021-12-20 16:01:52.425root 11241100x8000000000000000778580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fb202ca98d86d52021-12-20 16:01:52.425root 11241100x8000000000000000778581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdd08a5d9de40fc2021-12-20 16:01:52.425root 11241100x8000000000000000778582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed3de6e7366ce202021-12-20 16:01:52.426root 11241100x8000000000000000778583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10bb6b8120e4e292021-12-20 16:01:52.426root 11241100x8000000000000000778584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1277b5e5c564986d2021-12-20 16:01:52.426root 11241100x8000000000000000778585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7880a1000bc5840a2021-12-20 16:01:52.427root 11241100x8000000000000000778586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aee197e0c6b1252021-12-20 16:01:52.427root 11241100x8000000000000000778587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c23c9d1b0cd8e522021-12-20 16:01:52.427root 11241100x8000000000000000778588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7640011ebb2d86fd2021-12-20 16:01:52.427root 11241100x8000000000000000778589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fb01d0346eb6fc2021-12-20 16:01:52.428root 11241100x8000000000000000778590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875f9930570bef6a2021-12-20 16:01:52.428root 11241100x8000000000000000778591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2821543ad1b0ac432021-12-20 16:01:52.428root 11241100x8000000000000000778592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad49a9b9dbf283d2021-12-20 16:01:52.428root 11241100x8000000000000000778593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3550dbcbcee295522021-12-20 16:01:52.428root 11241100x8000000000000000778594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440e2403fa33a6eb2021-12-20 16:01:52.428root 11241100x8000000000000000778595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa14822675a3a8972021-12-20 16:01:52.428root 11241100x8000000000000000778596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d091a0af535a97102021-12-20 16:01:52.428root 11241100x8000000000000000778597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00237bf17b27f7e2021-12-20 16:01:52.428root 11241100x8000000000000000778598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c5eefb3d6e4e9d2021-12-20 16:01:52.429root 11241100x8000000000000000778599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a815a04089fab72021-12-20 16:01:52.429root 11241100x8000000000000000778600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa25bccedfa118f32021-12-20 16:01:52.429root 11241100x8000000000000000778601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6426734d998d31f12021-12-20 16:01:52.429root 11241100x8000000000000000778602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03ef5a6bc30648f2021-12-20 16:01:52.429root 11241100x8000000000000000778603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ab2849f7011c002021-12-20 16:01:52.429root 11241100x8000000000000000778604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f379360b1709afa2021-12-20 16:01:52.429root 11241100x8000000000000000778605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21980158ccf69ae52021-12-20 16:01:52.429root 11241100x8000000000000000778606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0a2aaa51f5790b2021-12-20 16:01:52.429root 11241100x8000000000000000778607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2309f4174e3b6542021-12-20 16:01:52.430root 11241100x8000000000000000778608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438b8c05dcac3a3a2021-12-20 16:01:52.430root 11241100x8000000000000000778609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a273071ba6e69142021-12-20 16:01:52.430root 11241100x8000000000000000778610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4150ab529be9bbc82021-12-20 16:01:52.430root 11241100x8000000000000000778611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77b6ac5f895f9ae2021-12-20 16:01:52.924root 11241100x8000000000000000778612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526eac9336ec5b312021-12-20 16:01:52.925root 11241100x8000000000000000778613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe0aea6a88987702021-12-20 16:01:52.925root 11241100x8000000000000000778614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e759a4ed1cf14332021-12-20 16:01:52.925root 11241100x8000000000000000778615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb5a05b9ecbf1fe2021-12-20 16:01:52.925root 11241100x8000000000000000778616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0d4f8ebfc0ebaf2021-12-20 16:01:52.926root 11241100x8000000000000000778617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7645d4d60d1c19002021-12-20 16:01:52.926root 11241100x8000000000000000778618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953324ad9eedc1132021-12-20 16:01:52.926root 11241100x8000000000000000778619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32b95821037a1052021-12-20 16:01:52.926root 11241100x8000000000000000778620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e743899ecc895e2021-12-20 16:01:52.926root 11241100x8000000000000000778621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaf20c17c6f49ab2021-12-20 16:01:52.927root 11241100x8000000000000000778622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c40e88cf23d4e62021-12-20 16:01:52.927root 11241100x8000000000000000778623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2827ca9cd52d0f402021-12-20 16:01:52.927root 11241100x8000000000000000778624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9545d5ff0f31959d2021-12-20 16:01:52.927root 11241100x8000000000000000778625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a2a76af16e11352021-12-20 16:01:52.928root 11241100x8000000000000000778626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35afddd59faebb92021-12-20 16:01:52.928root 11241100x8000000000000000778627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a2900a58daf32c2021-12-20 16:01:52.928root 11241100x8000000000000000778628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1aa55d2b4bf4682021-12-20 16:01:52.928root 11241100x8000000000000000778629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7e72349a077d622021-12-20 16:01:52.928root 11241100x8000000000000000778630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b1e2095e1786e02021-12-20 16:01:52.929root 11241100x8000000000000000778631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a679728eca2ed8c62021-12-20 16:01:52.929root 11241100x8000000000000000778632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2384be07c59dcc492021-12-20 16:01:52.929root 11241100x8000000000000000778633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0178a434f4ae9512021-12-20 16:01:52.929root 11241100x8000000000000000778634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ed996f2bcfbc0c2021-12-20 16:01:52.929root 11241100x8000000000000000778635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9895e49e6a3e61662021-12-20 16:01:52.930root 11241100x8000000000000000778636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a6b178373e16102021-12-20 16:01:52.930root 11241100x8000000000000000778637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a763e26938144a2021-12-20 16:01:52.930root 11241100x8000000000000000778638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ccd03c526e5ab52021-12-20 16:01:52.930root 11241100x8000000000000000778639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af817f20d898a9282021-12-20 16:01:52.930root 11241100x8000000000000000778640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d85a9e83bfc1782021-12-20 16:01:52.931root 11241100x8000000000000000778641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8876cf6a90836ca92021-12-20 16:01:52.931root 11241100x8000000000000000778642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47445e8591a8a5a2021-12-20 16:01:52.931root 11241100x8000000000000000778643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42717c6d5e27f472021-12-20 16:01:52.931root 11241100x8000000000000000778644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9e6eea8e3c70ca2021-12-20 16:01:53.424root 11241100x8000000000000000778645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81300d15c4720902021-12-20 16:01:53.424root 11241100x8000000000000000778646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2975609899e5b2d2021-12-20 16:01:53.425root 11241100x8000000000000000778647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94528e4b5e54f34d2021-12-20 16:01:53.425root 11241100x8000000000000000778648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5a975438dd28452021-12-20 16:01:53.425root 11241100x8000000000000000778649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe84a7f25d4c3c32021-12-20 16:01:53.425root 11241100x8000000000000000778650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dc355a266cfbc72021-12-20 16:01:53.425root 11241100x8000000000000000778651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44b68f80f93a4732021-12-20 16:01:53.425root 11241100x8000000000000000778652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09d91641b7c5da62021-12-20 16:01:53.425root 11241100x8000000000000000778653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907d6acc345ea62f2021-12-20 16:01:53.425root 11241100x8000000000000000778654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae3d315ceb1d8602021-12-20 16:01:53.425root 11241100x8000000000000000778655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84103302fc81cc822021-12-20 16:01:53.425root 11241100x8000000000000000778656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8716cde4f38ea4562021-12-20 16:01:53.425root 11241100x8000000000000000778657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1552bc5a8f3538372021-12-20 16:01:53.426root 11241100x8000000000000000778658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84370cb7ee3acfb2021-12-20 16:01:53.426root 11241100x8000000000000000778659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295d2861a940fd8b2021-12-20 16:01:53.426root 11241100x8000000000000000778660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f62f9f939fddef52021-12-20 16:01:53.426root 11241100x8000000000000000778661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb376e2a0d677c692021-12-20 16:01:53.426root 11241100x8000000000000000778662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35ee9ae033d013a2021-12-20 16:01:53.426root 11241100x8000000000000000778663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62ee032d501035a2021-12-20 16:01:53.427root 11241100x8000000000000000778664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e2b7d9b9f6e7e72021-12-20 16:01:53.427root 11241100x8000000000000000778665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cb956bc84dfbc12021-12-20 16:01:53.427root 11241100x8000000000000000778666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31341e83c61f17a2021-12-20 16:01:53.427root 11241100x8000000000000000778667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643a48b457581e7c2021-12-20 16:01:53.428root 11241100x8000000000000000778668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59177c5a876f1022021-12-20 16:01:53.428root 11241100x8000000000000000778669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f777749d825d61442021-12-20 16:01:53.429root 11241100x8000000000000000778670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98c799cbc916ba22021-12-20 16:01:53.429root 11241100x8000000000000000778671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669993f9f0e8b96a2021-12-20 16:01:53.430root 11241100x8000000000000000778672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a139d26caddb75342021-12-20 16:01:53.430root 11241100x8000000000000000778673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6409c413751a08f2021-12-20 16:01:53.430root 11241100x8000000000000000778674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce0f91971c268802021-12-20 16:01:53.437root 11241100x8000000000000000778675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2257a83a181c4a42021-12-20 16:01:53.438root 11241100x8000000000000000778676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7bc5e976fdef482021-12-20 16:01:53.438root 11241100x8000000000000000778677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8134956975c8823c2021-12-20 16:01:53.924root 11241100x8000000000000000778678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1da4ae24e959f5b2021-12-20 16:01:53.925root 11241100x8000000000000000778679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736b46a157b92f892021-12-20 16:01:53.925root 11241100x8000000000000000778680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9670e097d517a6e12021-12-20 16:01:53.925root 11241100x8000000000000000778681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d5ddf27a5a80842021-12-20 16:01:53.925root 11241100x8000000000000000778682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06520775c309fe22021-12-20 16:01:53.925root 11241100x8000000000000000778683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bcb9483125a62c2021-12-20 16:01:53.926root 11241100x8000000000000000778684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7feb709312d8f1742021-12-20 16:01:53.926root 11241100x8000000000000000778685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e6b27862145cae2021-12-20 16:01:53.926root 11241100x8000000000000000778686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e1e91991ec74882021-12-20 16:01:53.926root 11241100x8000000000000000778687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc2c0e4c69fc7262021-12-20 16:01:53.926root 11241100x8000000000000000778688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b3787d9e8a6e592021-12-20 16:01:53.926root 11241100x8000000000000000778689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a98823d63336e32021-12-20 16:01:53.926root 11241100x8000000000000000778690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02cd7a6a64f6a712021-12-20 16:01:53.926root 11241100x8000000000000000778691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf18b91053a197eb2021-12-20 16:01:53.927root 11241100x8000000000000000778692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4993d13d0adaca2021-12-20 16:01:53.927root 11241100x8000000000000000778693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f3f58e47be442d2021-12-20 16:01:53.927root 11241100x8000000000000000778694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c7fae1eaa75e022021-12-20 16:01:53.927root 11241100x8000000000000000778695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d33d4ddadf8f682021-12-20 16:01:53.927root 11241100x8000000000000000778696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e66db8f4ef768022021-12-20 16:01:53.927root 11241100x8000000000000000778697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d0c834d4fcfca92021-12-20 16:01:53.927root 11241100x8000000000000000778698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e06eb753c653052021-12-20 16:01:53.927root 11241100x8000000000000000778699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361d9212e6229a072021-12-20 16:01:53.927root 11241100x8000000000000000778700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25427c4d6014bd662021-12-20 16:01:53.927root 11241100x8000000000000000778701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098c747cba5056292021-12-20 16:01:53.928root 11241100x8000000000000000778702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad66ab76081979e22021-12-20 16:01:53.928root 11241100x8000000000000000778703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea78033ba9bb7422021-12-20 16:01:53.928root 11241100x8000000000000000778704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b126d4bb14da5cb2021-12-20 16:01:53.928root 11241100x8000000000000000778705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21197b57c2eec3d2021-12-20 16:01:53.928root 11241100x8000000000000000778706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cfb27a04cce73d2021-12-20 16:01:53.929root 11241100x8000000000000000778707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ea1a137cfde3352021-12-20 16:01:53.929root 11241100x8000000000000000778708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1e6d86b6b6cd792021-12-20 16:01:53.929root 11241100x8000000000000000778709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844f3c07119497a52021-12-20 16:01:53.929root 11241100x8000000000000000778710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:53.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909f0d0ed19892fd2021-12-20 16:01:53.929root 11241100x8000000000000000778711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7704b0a1f0777f42021-12-20 16:01:54.424root 11241100x8000000000000000778712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e778a318caa09702021-12-20 16:01:54.424root 11241100x8000000000000000778713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648ca40bd017ff8f2021-12-20 16:01:54.424root 11241100x8000000000000000778714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ece62ee76be9e8e2021-12-20 16:01:54.424root 11241100x8000000000000000778715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d5af5fe2da33aa2021-12-20 16:01:54.425root 11241100x8000000000000000778716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1590f264f761a72021-12-20 16:01:54.425root 11241100x8000000000000000778717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b426577590ffb52021-12-20 16:01:54.425root 11241100x8000000000000000778718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1243cd0a27b0496a2021-12-20 16:01:54.425root 11241100x8000000000000000778719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d98c236280e56ef2021-12-20 16:01:54.425root 11241100x8000000000000000778720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e63121062fa38a2021-12-20 16:01:54.425root 11241100x8000000000000000778721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fb0acab3c5a43d2021-12-20 16:01:54.425root 11241100x8000000000000000778722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77117b1a6112c1ad2021-12-20 16:01:54.425root 11241100x8000000000000000778723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0097c1e7ca6672c12021-12-20 16:01:54.425root 11241100x8000000000000000778724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f82bd23745a2e02021-12-20 16:01:54.426root 11241100x8000000000000000778725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c5766e3a90949e2021-12-20 16:01:54.426root 11241100x8000000000000000778726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb832a9340ae8812021-12-20 16:01:54.426root 11241100x8000000000000000778727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7991f7672ccb262021-12-20 16:01:54.426root 11241100x8000000000000000778728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686a0e512a9bf7e02021-12-20 16:01:54.426root 11241100x8000000000000000778729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6872316afa9eb3b2021-12-20 16:01:54.426root 11241100x8000000000000000778730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc49185ef188c2b2021-12-20 16:01:54.427root 11241100x8000000000000000778731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8353abd1e4729e532021-12-20 16:01:54.427root 11241100x8000000000000000778732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6e407804babac02021-12-20 16:01:54.427root 11241100x8000000000000000778733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b392ce13dd845c632021-12-20 16:01:54.427root 11241100x8000000000000000778734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada9cdb09bbc506c2021-12-20 16:01:54.427root 11241100x8000000000000000778735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3676664dc96cbbfb2021-12-20 16:01:54.428root 11241100x8000000000000000778736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28e837013e5fb102021-12-20 16:01:54.428root 11241100x8000000000000000778737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae480e5f5f456452021-12-20 16:01:54.428root 11241100x8000000000000000778738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdea794aee3a9e32021-12-20 16:01:54.429root 11241100x8000000000000000778739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c56110bc2215f72021-12-20 16:01:54.429root 11241100x8000000000000000778740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4335319ee5cd139e2021-12-20 16:01:54.429root 11241100x8000000000000000778741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d021bf4b0f5de6ab2021-12-20 16:01:54.429root 11241100x8000000000000000778742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd9c87f9531f322021-12-20 16:01:54.430root 534500x8000000000000000778743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.915{00000000-0000-0000-0000-000000000000}10231<unknown process>ubuntu 11241100x8000000000000000778744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.916{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bash/tmp/sh-thd.DbSIeu2021-12-20 16:01:54.916ubuntu 23542300x8000000000000000778745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.916{ec2c97d1-9cd7-61c0-0864-408b87550000}9810ubuntu/bin/bash/tmp/sh-thd.DbSIeu--- 11241100x8000000000000000778746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.916{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c91ff83fa61db12021-12-20 16:01:54.916root 11241100x8000000000000000778747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.916{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c493f6d4f74b07702021-12-20 16:01:54.916root 11241100x8000000000000000778748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.917{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28d118fa104e34b2021-12-20 16:01:54.917root 534500x8000000000000000778749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.917{00000000-0000-0000-0000-000000000000}10232<unknown process>ubuntu 11241100x8000000000000000778750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.917{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bash/tmp/sh-thd.N9jP1t2021-12-20 16:01:54.917ubuntu 23542300x8000000000000000778751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.917{ec2c97d1-9cd7-61c0-0864-408b87550000}9810ubuntu/bin/bash/tmp/sh-thd.N9jP1t--- 11241100x8000000000000000778752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.918{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e796648190cbb5f2021-12-20 16:01:54.918root 11241100x8000000000000000778753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.918{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0149aae54009db692021-12-20 16:01:54.918root 11241100x8000000000000000778754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.918{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc52496e5b94e902021-12-20 16:01:54.918root 11241100x8000000000000000778755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.918{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82feb5a1eac63d7a2021-12-20 16:01:54.918root 11241100x8000000000000000778756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.918{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf062bc5cc07c6612021-12-20 16:01:54.918root 11241100x8000000000000000778757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.918{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92870a385bf7b1c2021-12-20 16:01:54.918root 11241100x8000000000000000778758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.919{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6f28b82bd53ab92021-12-20 16:01:54.919root 11241100x8000000000000000778759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.919{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486e0e6356d372fd2021-12-20 16:01:54.919root 11241100x8000000000000000778760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.919{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8eb89d486e2b702021-12-20 16:01:54.919root 11241100x8000000000000000778761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.919{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f50ce87e3cd3be2021-12-20 16:01:54.919root 11241100x8000000000000000778762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.919{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae98539ac93d8fc02021-12-20 16:01:54.919root 11241100x8000000000000000778763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.919{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e2dd7aaaa7a6032021-12-20 16:01:54.919root 11241100x8000000000000000778764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.919{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e821282c51619dd22021-12-20 16:01:54.919root 11241100x8000000000000000778765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.919{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515ed703267c0d502021-12-20 16:01:54.919root 11241100x8000000000000000778766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.919{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f45077f13c44352021-12-20 16:01:54.919root 11241100x8000000000000000778767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c0ce1987d12f6a2021-12-20 16:01:54.920root 11241100x8000000000000000778768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2de82f3bc23ff762021-12-20 16:01:54.920root 11241100x8000000000000000778769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd7d7a6857014ff2021-12-20 16:01:54.920root 11241100x8000000000000000778770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a370217d7327592021-12-20 16:01:54.920root 11241100x8000000000000000778771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdef91a73ebaeffa2021-12-20 16:01:54.920root 11241100x8000000000000000778772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5491eee523dc7502021-12-20 16:01:54.920root 11241100x8000000000000000778773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c3bc5b995625ee2021-12-20 16:01:54.920root 11241100x8000000000000000778774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20ca0cfd0c648e42021-12-20 16:01:54.920root 11241100x8000000000000000778775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d39b21c718f7e742021-12-20 16:01:54.920root 11241100x8000000000000000778776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a252b07a13635d2021-12-20 16:01:54.920root 11241100x8000000000000000778777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.920{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597121be1df63fdd2021-12-20 16:01:54.920root 11241100x8000000000000000778778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.921{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfeff4ed81d975002021-12-20 16:01:54.921root 11241100x8000000000000000778779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.921{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dda888f464cf2d2021-12-20 16:01:54.921root 11241100x8000000000000000778780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.921{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d369a5dc4767dc2021-12-20 16:01:54.921root 11241100x8000000000000000778781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.921{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056180228e059fde2021-12-20 16:01:54.921root 11241100x8000000000000000778782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.921{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c616d3858d031e2021-12-20 16:01:54.921root 11241100x8000000000000000778783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.921{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99691a2dfb40deb2021-12-20 16:01:54.921root 11241100x8000000000000000778784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.921{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31c4ca50e1b979c2021-12-20 16:01:54.921root 11241100x8000000000000000778785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.921{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a011688986871a22021-12-20 16:01:54.921root 11241100x8000000000000000778786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.921{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db549f0b01e83d222021-12-20 16:01:54.921root 11241100x8000000000000000778787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:54.921{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a42191039dcb7a2021-12-20 16:01:54.921root 11241100x8000000000000000778788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226e5c24f286c8a82021-12-20 16:01:55.175root 11241100x8000000000000000778789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547fc26057dd30552021-12-20 16:01:55.175root 11241100x8000000000000000778790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d37080a67213162021-12-20 16:01:55.175root 11241100x8000000000000000778791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97af87939440f8552021-12-20 16:01:55.175root 11241100x8000000000000000778792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3d65260db9ba222021-12-20 16:01:55.175root 11241100x8000000000000000778793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b27f58892892ec2021-12-20 16:01:55.176root 11241100x8000000000000000778794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e871047891c25dc02021-12-20 16:01:55.176root 11241100x8000000000000000778795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d139408582c0e92021-12-20 16:01:55.176root 11241100x8000000000000000778796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c179e7b7caca8af2021-12-20 16:01:55.176root 11241100x8000000000000000778797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a43b5b7e02a7dfa2021-12-20 16:01:55.176root 11241100x8000000000000000778798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643bf273bb0fb2772021-12-20 16:01:55.176root 11241100x8000000000000000778799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02ac059fafa440e2021-12-20 16:01:55.176root 11241100x8000000000000000778800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13315c6d2565e5b2021-12-20 16:01:55.176root 11241100x8000000000000000778801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8950e2a11fdee8d12021-12-20 16:01:55.176root 11241100x8000000000000000778802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54234a7858a69182021-12-20 16:01:55.177root 11241100x8000000000000000778803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f884f8018fe8612021-12-20 16:01:55.177root 11241100x8000000000000000778804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ae39d76d0605ab2021-12-20 16:01:55.177root 11241100x8000000000000000778805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80d0c8f0ac3fe6d2021-12-20 16:01:55.177root 11241100x8000000000000000778806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c324c9dcfa87411d2021-12-20 16:01:55.177root 11241100x8000000000000000778807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14475d9c7d55cb1f2021-12-20 16:01:55.177root 11241100x8000000000000000778808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b664cb8ada7327782021-12-20 16:01:55.177root 11241100x8000000000000000778809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d1cc1a668435a12021-12-20 16:01:55.178root 11241100x8000000000000000778810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f894859e91af0ff32021-12-20 16:01:55.178root 11241100x8000000000000000778811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ab243e9c378f9a2021-12-20 16:01:55.178root 11241100x8000000000000000778812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0e0bb3c579da5c2021-12-20 16:01:55.178root 11241100x8000000000000000778813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d8b5c8a7756fb72021-12-20 16:01:55.178root 11241100x8000000000000000778814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641489c11fd458642021-12-20 16:01:55.178root 11241100x8000000000000000778815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b91929bd1ba3f6b2021-12-20 16:01:55.178root 11241100x8000000000000000778816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f7e15a839982dd2021-12-20 16:01:55.179root 11241100x8000000000000000778817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0278a49653f811b2021-12-20 16:01:55.179root 11241100x8000000000000000778818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fc23d277d2d5c52021-12-20 16:01:55.179root 11241100x8000000000000000778819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87c96a8775613c52021-12-20 16:01:55.179root 11241100x8000000000000000778820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d570b03ff84cbfb2021-12-20 16:01:55.179root 11241100x8000000000000000778821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de9f5d268ac54812021-12-20 16:01:55.180root 11241100x8000000000000000778822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8654f27af517762021-12-20 16:01:55.180root 11241100x8000000000000000778823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9165abd1ac1f582021-12-20 16:01:55.180root 11241100x8000000000000000778824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9860bf08fc28325f2021-12-20 16:01:55.180root 11241100x8000000000000000778825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb639b6bc5967932021-12-20 16:01:55.180root 11241100x8000000000000000778826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4416484fc387e4b02021-12-20 16:01:55.675root 11241100x8000000000000000778827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541c7437aa9ab9352021-12-20 16:01:55.675root 11241100x8000000000000000778828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdb2b5c70bc798b2021-12-20 16:01:55.676root 11241100x8000000000000000778829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71dd558a6cad9752021-12-20 16:01:55.676root 11241100x8000000000000000778830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1d3d84ec1769b02021-12-20 16:01:55.676root 11241100x8000000000000000778831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab2cbc89862a4f22021-12-20 16:01:55.676root 11241100x8000000000000000778832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba8e4a4a8af073d2021-12-20 16:01:55.676root 11241100x8000000000000000778833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eda282feff13e472021-12-20 16:01:55.676root 11241100x8000000000000000778834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0460c8986ef6c622021-12-20 16:01:55.677root 11241100x8000000000000000778835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310799e165d18e6b2021-12-20 16:01:55.677root 11241100x8000000000000000778836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11eb1100be17427e2021-12-20 16:01:55.677root 11241100x8000000000000000778837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532eb4be11b202e52021-12-20 16:01:55.677root 11241100x8000000000000000778838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4993b481a62d98732021-12-20 16:01:55.677root 11241100x8000000000000000778839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25efb9056e70e9a12021-12-20 16:01:55.677root 11241100x8000000000000000778840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0d2b18293ffdf82021-12-20 16:01:55.677root 11241100x8000000000000000778841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05d950a608adc822021-12-20 16:01:55.677root 11241100x8000000000000000778842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2d32a0bb58e30e2021-12-20 16:01:55.677root 11241100x8000000000000000778843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb02489b4003a4832021-12-20 16:01:55.677root 11241100x8000000000000000778844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800aae5be98388452021-12-20 16:01:55.678root 11241100x8000000000000000778845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27ec4ac2a8757022021-12-20 16:01:55.678root 11241100x8000000000000000778846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0418f17c05ccc7f52021-12-20 16:01:55.678root 11241100x8000000000000000778847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc529cceea3e66c82021-12-20 16:01:55.678root 11241100x8000000000000000778848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d349760ac784dd702021-12-20 16:01:55.678root 11241100x8000000000000000778849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203a1c29c7ca10f42021-12-20 16:01:55.678root 11241100x8000000000000000778850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60a3c641d4cce0b2021-12-20 16:01:55.678root 11241100x8000000000000000778851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be85be75562b2d432021-12-20 16:01:55.678root 11241100x8000000000000000778852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212fa8c9cf87066a2021-12-20 16:01:55.678root 11241100x8000000000000000778853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7889061336ba84762021-12-20 16:01:55.678root 11241100x8000000000000000778854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0680dfa19a4a44c2021-12-20 16:01:55.678root 11241100x8000000000000000778855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554f7b9ae3125f252021-12-20 16:01:55.678root 11241100x8000000000000000778856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de630c6fc0ab2db2021-12-20 16:01:55.678root 11241100x8000000000000000778857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6236c7e6995b26452021-12-20 16:01:55.678root 11241100x8000000000000000778858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9c978b5a447bea2021-12-20 16:01:55.678root 11241100x8000000000000000778859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e1bc9929ed53bd2021-12-20 16:01:55.679root 11241100x8000000000000000778860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7935238727a9892021-12-20 16:01:55.679root 11241100x8000000000000000778861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2024b6171200c82021-12-20 16:01:55.679root 11241100x8000000000000000778862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4c6280923b63522021-12-20 16:01:55.679root 11241100x8000000000000000778863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:55.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7f4cd26ed2cfd32021-12-20 16:01:55.679root 354300x8000000000000000778864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.047{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51534-false10.0.1.12-8000- 11241100x8000000000000000778865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da40232662cbb3a12021-12-20 16:01:56.048root 11241100x8000000000000000778866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.048{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c62dfe197b8b0c32021-12-20 16:01:56.048root 11241100x8000000000000000778867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f64d96aa1fd2842021-12-20 16:01:56.049root 11241100x8000000000000000778868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf19dc62be3fe742021-12-20 16:01:56.049root 11241100x8000000000000000778869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b0d1d18df8b7a32021-12-20 16:01:56.049root 11241100x8000000000000000778870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8a7a3179580bf32021-12-20 16:01:56.049root 11241100x8000000000000000778871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24eb178bf4abd002021-12-20 16:01:56.049root 11241100x8000000000000000778872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eb2e850b83f0452021-12-20 16:01:56.049root 11241100x8000000000000000778873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3ea85c968c5c252021-12-20 16:01:56.049root 11241100x8000000000000000778874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6762a4a6d73c0cee2021-12-20 16:01:56.049root 11241100x8000000000000000778875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7ffb1a8c86cdca2021-12-20 16:01:56.049root 11241100x8000000000000000778876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903adf182bfce6202021-12-20 16:01:56.049root 11241100x8000000000000000778877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.049{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1691f49ff2843c702021-12-20 16:01:56.049root 11241100x8000000000000000778878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d35e58ca9b460c62021-12-20 16:01:56.050root 11241100x8000000000000000778879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c8f741ce8c19772021-12-20 16:01:56.050root 11241100x8000000000000000778880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2b3fd1a357a7702021-12-20 16:01:56.050root 11241100x8000000000000000778881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c0e1de7ced81412021-12-20 16:01:56.050root 11241100x8000000000000000778882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aca0beed64f698d2021-12-20 16:01:56.050root 11241100x8000000000000000778883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2eef08ff68522f2021-12-20 16:01:56.050root 11241100x8000000000000000778884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c83788ad83f38c82021-12-20 16:01:56.050root 11241100x8000000000000000778885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d402583ff9ca03a12021-12-20 16:01:56.050root 11241100x8000000000000000778886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09617beb24b404912021-12-20 16:01:56.050root 11241100x8000000000000000778887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.050{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968ef68dc1e040df2021-12-20 16:01:56.050root 11241100x8000000000000000778888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dde4607cae755f2021-12-20 16:01:56.051root 11241100x8000000000000000778889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c476d3183400f4902021-12-20 16:01:56.051root 11241100x8000000000000000778890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710461a7c2b71e822021-12-20 16:01:56.051root 11241100x8000000000000000778891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ff0bcba4715b342021-12-20 16:01:56.051root 11241100x8000000000000000778892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.051{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4f402826bd7bf52021-12-20 16:01:56.051root 11241100x8000000000000000778893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4964664084996e52021-12-20 16:01:56.052root 11241100x8000000000000000778894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c08e5135aab2ca42021-12-20 16:01:56.052root 11241100x8000000000000000778895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d9e7b638af04f22021-12-20 16:01:56.052root 11241100x8000000000000000778896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1745259815bb09eb2021-12-20 16:01:56.052root 11241100x8000000000000000778897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.052{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb8a71a5212f5ad2021-12-20 16:01:56.052root 11241100x8000000000000000778898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58c559496858d7f2021-12-20 16:01:56.053root 11241100x8000000000000000778899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.053{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06fb77b1407ac3d2021-12-20 16:01:56.053root 11241100x8000000000000000778900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934baecdd7e97ada2021-12-20 16:01:56.054root 11241100x8000000000000000778901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0147996cd1774f112021-12-20 16:01:56.054root 11241100x8000000000000000778902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4070f12cf7100c082021-12-20 16:01:56.054root 11241100x8000000000000000778903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.054{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88080d5d02eb54bb2021-12-20 16:01:56.054root 11241100x8000000000000000778904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0884bd052b604af92021-12-20 16:01:56.055root 11241100x8000000000000000778905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42250adab7ccd2d62021-12-20 16:01:56.055root 11241100x8000000000000000778906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c55fb36f65bf632021-12-20 16:01:56.055root 11241100x8000000000000000778907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790e36c0b7eaee632021-12-20 16:01:56.055root 11241100x8000000000000000778908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fb1f23bc4021962021-12-20 16:01:56.055root 11241100x8000000000000000778909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30c6b5076ab604b2021-12-20 16:01:56.055root 11241100x8000000000000000778910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23003422cc9e98732021-12-20 16:01:56.055root 154100x8000000000000000778911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.316{ec2c97d1-a8f4-61c0-e836-144bc6550000}10233/bin/ls-----ls --color=auto -l /etc/profile.d/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 11241100x8000000000000000778912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.317{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e40383b4b562fb22021-12-20 16:01:56.317root 11241100x8000000000000000778913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.318{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5985248f3538a3952021-12-20 16:01:56.318root 11241100x8000000000000000778914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.318{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd424540576e63d62021-12-20 16:01:56.318root 11241100x8000000000000000778915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.318{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e5a90974f749f62021-12-20 16:01:56.318root 11241100x8000000000000000778916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.318{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4108bf0c744d282021-12-20 16:01:56.318root 11241100x8000000000000000778917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.318{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b845c9f99317c12021-12-20 16:01:56.318root 534500x8000000000000000778918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.319{ec2c97d1-a8f4-61c0-e836-144bc6550000}10233/bin/lsubuntu 11241100x8000000000000000778919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.319{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c0bb4449926b472021-12-20 16:01:56.319root 11241100x8000000000000000778920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.320{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0f68579916b72b2021-12-20 16:01:56.320root 11241100x8000000000000000778921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.320{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ff281e4fa48ff22021-12-20 16:01:56.320root 11241100x8000000000000000778922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.320{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163bbec9b14c27bb2021-12-20 16:01:56.320root 11241100x8000000000000000778923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.320{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2269450df7f1f52021-12-20 16:01:56.320root 11241100x8000000000000000778924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.320{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bac9289cedf87d2021-12-20 16:01:56.320root 11241100x8000000000000000778925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.320{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca4062537fe89642021-12-20 16:01:56.320root 11241100x8000000000000000778926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.320{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df70c9670ef5cdea2021-12-20 16:01:56.320root 11241100x8000000000000000778927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.320{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014a6ea238db68b92021-12-20 16:01:56.320root 11241100x8000000000000000778928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.320{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0162b6d70b74d22021-12-20 16:01:56.320root 11241100x8000000000000000778929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.320{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef865038407c8f52021-12-20 16:01:56.320root 11241100x8000000000000000778930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.321{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175536eeee3232b42021-12-20 16:01:56.321root 11241100x8000000000000000778931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.321{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e636f9694db8ef2021-12-20 16:01:56.321root 11241100x8000000000000000778932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.321{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac6693e441913a42021-12-20 16:01:56.321root 11241100x8000000000000000778933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.321{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a060d5291fbf6c542021-12-20 16:01:56.321root 11241100x8000000000000000778934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.321{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03217a3f91654e632021-12-20 16:01:56.321root 11241100x8000000000000000778935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.322{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2857083c9c4d6da92021-12-20 16:01:56.322root 11241100x8000000000000000778936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.322{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0b3e6d71a304ef2021-12-20 16:01:56.322root 11241100x8000000000000000778937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.322{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13fa21ebcc4135c2021-12-20 16:01:56.322root 11241100x8000000000000000778938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.322{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6508898ef27080b02021-12-20 16:01:56.322root 11241100x8000000000000000778939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.322{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6907d815fdc291482021-12-20 16:01:56.322root 11241100x8000000000000000778940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.323{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ce6c8ff3c8ac562021-12-20 16:01:56.323root 11241100x8000000000000000778941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.323{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a130cd63ee76b4902021-12-20 16:01:56.323root 11241100x8000000000000000778942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.323{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644810c61c57a6222021-12-20 16:01:56.323root 11241100x8000000000000000778943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.323{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39c33fbe73f5c4b2021-12-20 16:01:56.323root 11241100x8000000000000000778944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.323{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5805835cf721dc2021-12-20 16:01:56.323root 11241100x8000000000000000778945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.324{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a1e9edd2c267532021-12-20 16:01:56.324root 11241100x8000000000000000778946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.324{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc789df6ded77cb2021-12-20 16:01:56.324root 11241100x8000000000000000778947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.324{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533ecff3628535bb2021-12-20 16:01:56.324root 11241100x8000000000000000778948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.324{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f01733791ed52e2021-12-20 16:01:56.324root 11241100x8000000000000000778949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.324{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3278c8e94c078562021-12-20 16:01:56.324root 11241100x8000000000000000778950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.324{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c873cc988e14982021-12-20 16:01:56.324root 11241100x8000000000000000778951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.324{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486dbea07341f5d42021-12-20 16:01:56.324root 11241100x8000000000000000778952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.324{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcd4ed60e8d98022021-12-20 16:01:56.324root 11241100x8000000000000000778953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcbf9d7d62c265f2021-12-20 16:01:56.325root 11241100x8000000000000000778954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481992b6840558402021-12-20 16:01:56.325root 11241100x8000000000000000778955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1620fd07e0f7bb82021-12-20 16:01:56.325root 11241100x8000000000000000778956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d0cd0267d3b2ae2021-12-20 16:01:56.325root 11241100x8000000000000000778957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3347de6a4311324d2021-12-20 16:01:56.325root 11241100x8000000000000000778958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fb8495c51d723a2021-12-20 16:01:56.325root 11241100x8000000000000000778959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ab2096bf1d3f5c2021-12-20 16:01:56.325root 11241100x8000000000000000778960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93ca5ebe8b3a04d2021-12-20 16:01:56.325root 11241100x8000000000000000778961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4855592bc3966cb62021-12-20 16:01:56.325root 11241100x8000000000000000778962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.325{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6e5a255cb528482021-12-20 16:01:56.325root 11241100x8000000000000000778963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.326{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8846b4909bae642021-12-20 16:01:56.326root 11241100x8000000000000000778964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.326{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa9fc47ca4846f92021-12-20 16:01:56.326root 11241100x8000000000000000778965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.326{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67a1e7049956d7c2021-12-20 16:01:56.326root 11241100x8000000000000000778966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.326{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3477358c109017ce2021-12-20 16:01:56.326root 11241100x8000000000000000778967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380fdc1b4065a9cd2021-12-20 16:01:56.676root 11241100x8000000000000000778968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85969bc246a6c7e02021-12-20 16:01:56.676root 11241100x8000000000000000778969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61d0ce78dc13f362021-12-20 16:01:56.676root 11241100x8000000000000000778970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db3087ca5e3792b2021-12-20 16:01:56.676root 11241100x8000000000000000778971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1520043660ccbf0a2021-12-20 16:01:56.676root 11241100x8000000000000000778972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065449e8ee8edd2a2021-12-20 16:01:56.677root 11241100x8000000000000000778973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c65e89f75a50f72021-12-20 16:01:56.677root 11241100x8000000000000000778974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9617eedfc14db9ab2021-12-20 16:01:56.677root 11241100x8000000000000000778975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e694ea617b9fdd2021-12-20 16:01:56.677root 11241100x8000000000000000778976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63f91589e160e122021-12-20 16:01:56.677root 11241100x8000000000000000778977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11584245b29373aa2021-12-20 16:01:56.677root 11241100x8000000000000000778978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633115df7f01281d2021-12-20 16:01:56.677root 11241100x8000000000000000778979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074e423a2e5ab1372021-12-20 16:01:56.677root 11241100x8000000000000000778980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e1a0ddca6ee3ec2021-12-20 16:01:56.677root 11241100x8000000000000000778981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fc4a421cc0f7192021-12-20 16:01:56.677root 11241100x8000000000000000778982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6a7efe7ef213302021-12-20 16:01:56.677root 11241100x8000000000000000778983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e04ff38dd7831792021-12-20 16:01:56.677root 11241100x8000000000000000778984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523a1c2759e976f12021-12-20 16:01:56.677root 11241100x8000000000000000778985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df9615b97497c602021-12-20 16:01:56.677root 11241100x8000000000000000778986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf69f83b9e10c252021-12-20 16:01:56.677root 11241100x8000000000000000778987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2255c127366fc54f2021-12-20 16:01:56.678root 11241100x8000000000000000778988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cf55792aec81ce2021-12-20 16:01:56.678root 11241100x8000000000000000778989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5838c1d3c8d09caa2021-12-20 16:01:56.678root 11241100x8000000000000000778990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695f5801559286f12021-12-20 16:01:56.678root 11241100x8000000000000000778991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3207049884decfe82021-12-20 16:01:56.678root 11241100x8000000000000000778992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe1f74c96204bf12021-12-20 16:01:56.678root 11241100x8000000000000000778993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f708739188d41f2021-12-20 16:01:56.678root 11241100x8000000000000000778994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b00f70e3065ade2021-12-20 16:01:56.678root 11241100x8000000000000000778995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da7cd1341b3a3492021-12-20 16:01:56.678root 11241100x8000000000000000778996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48f84b07afbd46f2021-12-20 16:01:56.678root 11241100x8000000000000000778997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5efcb4ca0bb6342021-12-20 16:01:56.678root 11241100x8000000000000000778998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371393ee52d928d62021-12-20 16:01:56.678root 11241100x8000000000000000778999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c96897ec74563662021-12-20 16:01:56.678root 11241100x8000000000000000779000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dde56bfece572f02021-12-20 16:01:56.678root 11241100x8000000000000000779001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793f3c5543c4fa832021-12-20 16:01:56.678root 11241100x8000000000000000779002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c4aed4f031bb202021-12-20 16:01:56.679root 11241100x8000000000000000779003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6384ed20111fe91f2021-12-20 16:01:56.679root 11241100x8000000000000000779004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7be9cdc221d5d82021-12-20 16:01:56.679root 11241100x8000000000000000779005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983690845947db7a2021-12-20 16:01:56.679root 11241100x8000000000000000779006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfac352642f4dde2021-12-20 16:01:56.679root 11241100x8000000000000000779007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:56.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c2efc8644b190f2021-12-20 16:01:56.679root 11241100x8000000000000000779008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aa52d4a6c272a52021-12-20 16:01:57.175root 11241100x8000000000000000779009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e713239aed07d82021-12-20 16:01:57.176root 11241100x8000000000000000779010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f5f1eca44757f22021-12-20 16:01:57.176root 11241100x8000000000000000779011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6960a246bc97551d2021-12-20 16:01:57.176root 11241100x8000000000000000779012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cd9ec2b8871d9d2021-12-20 16:01:57.176root 11241100x8000000000000000779013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2efa0339be4883e2021-12-20 16:01:57.176root 11241100x8000000000000000779014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc902db9b351a002021-12-20 16:01:57.177root 11241100x8000000000000000779015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79797c3a03767c0a2021-12-20 16:01:57.177root 11241100x8000000000000000779016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca10b401fe8436e32021-12-20 16:01:57.177root 11241100x8000000000000000779017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f2fc2c8b82afe22021-12-20 16:01:57.177root 11241100x8000000000000000779018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b36a437c62adcc52021-12-20 16:01:57.177root 11241100x8000000000000000779019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07b423020f4725d2021-12-20 16:01:57.177root 11241100x8000000000000000779020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de686c26fe17e9f72021-12-20 16:01:57.177root 11241100x8000000000000000779021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5dd2c9641983ec2021-12-20 16:01:57.178root 11241100x8000000000000000779022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e083c076e00837d2021-12-20 16:01:57.178root 11241100x8000000000000000779023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c266f54cdbd7de32021-12-20 16:01:57.178root 11241100x8000000000000000779024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ea57e518fbdc8f2021-12-20 16:01:57.178root 11241100x8000000000000000779025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6f6f64153db66d2021-12-20 16:01:57.178root 11241100x8000000000000000779026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d126fca17b1c3c9e2021-12-20 16:01:57.178root 11241100x8000000000000000779027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2ef157ae72afa22021-12-20 16:01:57.178root 11241100x8000000000000000779028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df98f68b8bdc47812021-12-20 16:01:57.178root 11241100x8000000000000000779029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9ee8ebcd1be85b2021-12-20 16:01:57.178root 11241100x8000000000000000779030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62daf6b6db7650c62021-12-20 16:01:57.178root 11241100x8000000000000000779031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6602d4e21e2a4a92021-12-20 16:01:57.178root 11241100x8000000000000000779032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925b5e3f57ad78972021-12-20 16:01:57.179root 11241100x8000000000000000779033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d28947b0a4e04112021-12-20 16:01:57.179root 11241100x8000000000000000779034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fa7565a6a529ef2021-12-20 16:01:57.179root 11241100x8000000000000000779035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df788e8d0f039ca2021-12-20 16:01:57.179root 11241100x8000000000000000779036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb05c503b27f2d052021-12-20 16:01:57.179root 11241100x8000000000000000779037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9afe59502f732af2021-12-20 16:01:57.179root 11241100x8000000000000000779038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a010b5ed44b7842021-12-20 16:01:57.179root 11241100x8000000000000000779039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e4817b7aebd40f2021-12-20 16:01:57.179root 11241100x8000000000000000779040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e6d31f586f6b9f2021-12-20 16:01:57.179root 11241100x8000000000000000779041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0df14f9893a26ed2021-12-20 16:01:57.179root 11241100x8000000000000000779042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e28bf3774c21902021-12-20 16:01:57.179root 11241100x8000000000000000779043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d596ff51ae38c5f22021-12-20 16:01:57.179root 11241100x8000000000000000779044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51400e5105ac0c02021-12-20 16:01:57.180root 11241100x8000000000000000779045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7311208ef703b3e02021-12-20 16:01:57.180root 11241100x8000000000000000779046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8593dbb15e48001d2021-12-20 16:01:57.180root 11241100x8000000000000000779047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8466b3ac8506e13a2021-12-20 16:01:57.180root 11241100x8000000000000000779048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09eefe9279b90bd2021-12-20 16:01:57.180root 11241100x8000000000000000779049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9dd43033c239a22021-12-20 16:01:57.675root 11241100x8000000000000000779050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d629a6ca6805534f2021-12-20 16:01:57.675root 11241100x8000000000000000779051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699be444a7a454df2021-12-20 16:01:57.675root 11241100x8000000000000000779052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b7264f765237602021-12-20 16:01:57.676root 11241100x8000000000000000779053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10564478df47e2bc2021-12-20 16:01:57.676root 11241100x8000000000000000779054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead1503d8df25a7b2021-12-20 16:01:57.676root 11241100x8000000000000000779055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475e3e48e802cab32021-12-20 16:01:57.676root 11241100x8000000000000000779056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf59e61ddaaec582021-12-20 16:01:57.676root 11241100x8000000000000000779057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf7c9b7fb6b50362021-12-20 16:01:57.676root 11241100x8000000000000000779058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a67e7beb720b9e2021-12-20 16:01:57.676root 11241100x8000000000000000779059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc89da859799dc42021-12-20 16:01:57.676root 11241100x8000000000000000779060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8c3e18726680b32021-12-20 16:01:57.676root 11241100x8000000000000000779061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ec4adce24a48932021-12-20 16:01:57.676root 11241100x8000000000000000779062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e70996aeab93aa12021-12-20 16:01:57.676root 11241100x8000000000000000779063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841b4188110554e42021-12-20 16:01:57.676root 11241100x8000000000000000779064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b382c29a7d1840ef2021-12-20 16:01:57.676root 11241100x8000000000000000779065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a262a8b7c34c782021-12-20 16:01:57.676root 11241100x8000000000000000779066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca47a600a83ed142021-12-20 16:01:57.676root 11241100x8000000000000000779067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c21153e892776c2021-12-20 16:01:57.677root 11241100x8000000000000000779068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aa5d9ea635e2652021-12-20 16:01:57.677root 11241100x8000000000000000779069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06ec336e524d5162021-12-20 16:01:57.677root 11241100x8000000000000000779070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ad15c97dbb46ea2021-12-20 16:01:57.677root 11241100x8000000000000000779071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f915d92cdcc1e32021-12-20 16:01:57.677root 11241100x8000000000000000779072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c98b0d1429d54db2021-12-20 16:01:57.677root 11241100x8000000000000000779073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4216da68b53853072021-12-20 16:01:57.677root 11241100x8000000000000000779074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb220cb4675a33da2021-12-20 16:01:57.677root 11241100x8000000000000000779075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11b930e2fef29492021-12-20 16:01:57.677root 11241100x8000000000000000779076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e8a121cf8278942021-12-20 16:01:57.677root 11241100x8000000000000000779077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe043caee21d7082021-12-20 16:01:57.677root 11241100x8000000000000000779078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043fc990fdd803a22021-12-20 16:01:57.677root 11241100x8000000000000000779079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f537345d6ec7fc72021-12-20 16:01:57.677root 11241100x8000000000000000779080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0daefdff2d0fe802021-12-20 16:01:57.677root 11241100x8000000000000000779081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e5efab45d419082021-12-20 16:01:57.677root 11241100x8000000000000000779082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4fe55daae79a2e2021-12-20 16:01:57.678root 11241100x8000000000000000779083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc5798f518ed1d12021-12-20 16:01:57.678root 11241100x8000000000000000779084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1504f950886ae5df2021-12-20 16:01:57.678root 11241100x8000000000000000779085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c056cfdd66ef6c52021-12-20 16:01:57.678root 11241100x8000000000000000779086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0d6cc8a2d2bdb02021-12-20 16:01:57.678root 11241100x8000000000000000779087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388dac2cc38a2d2f2021-12-20 16:01:57.678root 11241100x8000000000000000779088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce08aeadbd1520c2021-12-20 16:01:57.678root 11241100x8000000000000000779089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:57.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148feb4a894ed5122021-12-20 16:01:57.678root 11241100x8000000000000000779090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bbbc7615d97a222021-12-20 16:01:58.175root 11241100x8000000000000000779091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4bc228d35bdb4c2021-12-20 16:01:58.175root 11241100x8000000000000000779092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ddeda060ba79e02021-12-20 16:01:58.176root 11241100x8000000000000000779093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52208ab57f1eabcc2021-12-20 16:01:58.176root 11241100x8000000000000000779094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ef1e0c71e7b9772021-12-20 16:01:58.176root 11241100x8000000000000000779095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69421b24eeee87382021-12-20 16:01:58.176root 11241100x8000000000000000779096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c4d385ec14eafe2021-12-20 16:01:58.176root 11241100x8000000000000000779097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bd669d082a82422021-12-20 16:01:58.176root 11241100x8000000000000000779098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0fcfeddd9e7f8b2021-12-20 16:01:58.176root 11241100x8000000000000000779099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e16154d8ff3c9142021-12-20 16:01:58.176root 11241100x8000000000000000779100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5b99042febdfb62021-12-20 16:01:58.176root 11241100x8000000000000000779101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700a34143014e9022021-12-20 16:01:58.176root 11241100x8000000000000000779102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fa373e063a8dd22021-12-20 16:01:58.177root 11241100x8000000000000000779103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2abaed8524083f32021-12-20 16:01:58.177root 11241100x8000000000000000779104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90da2b2eae054b2d2021-12-20 16:01:58.177root 11241100x8000000000000000779105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd7d698cc258d22021-12-20 16:01:58.177root 11241100x8000000000000000779106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8075f7512c5a4eb02021-12-20 16:01:58.177root 11241100x8000000000000000779107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ca33c393197f652021-12-20 16:01:58.177root 11241100x8000000000000000779108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ec27d17138fa012021-12-20 16:01:58.177root 11241100x8000000000000000779109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ea75ac920a6b152021-12-20 16:01:58.177root 11241100x8000000000000000779110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6396088feb33cd2021-12-20 16:01:58.177root 11241100x8000000000000000779111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b30112e9a2b0eb2021-12-20 16:01:58.177root 11241100x8000000000000000779112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daabce6ea55d261d2021-12-20 16:01:58.177root 11241100x8000000000000000779113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56623e044fc554e42021-12-20 16:01:58.178root 11241100x8000000000000000779114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665411c54c8953ce2021-12-20 16:01:58.178root 11241100x8000000000000000779115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3c66931ff248572021-12-20 16:01:58.178root 11241100x8000000000000000779116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d25ff1e59cd2d802021-12-20 16:01:58.178root 11241100x8000000000000000779117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defa993f519674a42021-12-20 16:01:58.178root 11241100x8000000000000000779118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e4f4990bf3a2c72021-12-20 16:01:58.178root 11241100x8000000000000000779119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e4cbec5a056c902021-12-20 16:01:58.178root 11241100x8000000000000000779120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3716a311680b6d82021-12-20 16:01:58.178root 11241100x8000000000000000779121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571fc823aa2289f82021-12-20 16:01:58.178root 11241100x8000000000000000779122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205d2a6cfd4b053b2021-12-20 16:01:58.178root 11241100x8000000000000000779123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b76fec1ef23ea82021-12-20 16:01:58.178root 11241100x8000000000000000779124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d96d15da70920772021-12-20 16:01:58.179root 11241100x8000000000000000779125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47070a4c05be9fa92021-12-20 16:01:58.179root 11241100x8000000000000000779126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56295ba49ec365bf2021-12-20 16:01:58.179root 11241100x8000000000000000779127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f240823f71e8c62021-12-20 16:01:58.179root 11241100x8000000000000000779128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeb477197416cf12021-12-20 16:01:58.179root 11241100x8000000000000000779129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccdef0daf56b6922021-12-20 16:01:58.179root 11241100x8000000000000000779130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b678fa6b8e6235f2021-12-20 16:01:58.179root 11241100x8000000000000000779131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3417ca36f32b5d2021-12-20 16:01:58.675root 11241100x8000000000000000779132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98340abe89bfcbe2021-12-20 16:01:58.675root 11241100x8000000000000000779133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fc408e80c823dc2021-12-20 16:01:58.676root 11241100x8000000000000000779134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8e74fef47be01f2021-12-20 16:01:58.676root 11241100x8000000000000000779135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcdc46e4c7ec8c72021-12-20 16:01:58.676root 11241100x8000000000000000779136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be5d64833ca17f62021-12-20 16:01:58.676root 11241100x8000000000000000779137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26a9742904ed6e92021-12-20 16:01:58.676root 11241100x8000000000000000779138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031b68d3f2b7d8652021-12-20 16:01:58.676root 11241100x8000000000000000779139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2358ddf0d314cdc62021-12-20 16:01:58.676root 11241100x8000000000000000779140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a40691a8d8dc7732021-12-20 16:01:58.676root 11241100x8000000000000000779141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58098efbbf26bb982021-12-20 16:01:58.676root 11241100x8000000000000000779142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029a52ff1e228e962021-12-20 16:01:58.676root 11241100x8000000000000000779143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e314a93a8d8e9742021-12-20 16:01:58.676root 11241100x8000000000000000779144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64b9ef04e9d74342021-12-20 16:01:58.676root 11241100x8000000000000000779145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cf8c268e4a64852021-12-20 16:01:58.676root 11241100x8000000000000000779146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4399f4b262c51b1f2021-12-20 16:01:58.676root 11241100x8000000000000000779147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a078b9b4a5119b2021-12-20 16:01:58.677root 11241100x8000000000000000779148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327cc62863b9119b2021-12-20 16:01:58.677root 11241100x8000000000000000779149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fead61edc895af2021-12-20 16:01:58.677root 11241100x8000000000000000779150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b8f8b040d49ba92021-12-20 16:01:58.677root 11241100x8000000000000000779151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec55d6ef89ce2ca72021-12-20 16:01:58.677root 11241100x8000000000000000779152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18826ccd403687f82021-12-20 16:01:58.677root 11241100x8000000000000000779153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3965ba50f4b7cc92021-12-20 16:01:58.677root 11241100x8000000000000000779154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935370932c133e402021-12-20 16:01:58.677root 11241100x8000000000000000779155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1e78b4e7a89a3e2021-12-20 16:01:58.677root 11241100x8000000000000000779156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d91af06b4294232021-12-20 16:01:58.677root 11241100x8000000000000000779157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149ddc7108d2c0582021-12-20 16:01:58.677root 11241100x8000000000000000779158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc18e62dff57e3a02021-12-20 16:01:58.677root 11241100x8000000000000000779159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12999e0bcf29ae5e2021-12-20 16:01:58.677root 11241100x8000000000000000779160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370167c2540fc6192021-12-20 16:01:58.677root 11241100x8000000000000000779161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac25750db6591aa2021-12-20 16:01:58.677root 11241100x8000000000000000779162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2faf6509a4d8742021-12-20 16:01:58.677root 11241100x8000000000000000779163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cd6a8000e8edd12021-12-20 16:01:58.678root 11241100x8000000000000000779164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5d66a9e33f09942021-12-20 16:01:58.680root 11241100x8000000000000000779165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c6be13fd839752021-12-20 16:01:58.680root 11241100x8000000000000000779166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56264a1b8e248fb22021-12-20 16:01:58.680root 11241100x8000000000000000779167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a5bc9215c8eea02021-12-20 16:01:58.680root 11241100x8000000000000000779168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7895b4b6ba8c301f2021-12-20 16:01:58.680root 11241100x8000000000000000779169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df88a2ee7ed31982021-12-20 16:01:58.680root 11241100x8000000000000000779170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c3e19451af46c2021-12-20 16:01:58.680root 11241100x8000000000000000779171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:58.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56049cf2591b6c592021-12-20 16:01:58.680root 11241100x8000000000000000779172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50713204e799ecb02021-12-20 16:01:59.175root 11241100x8000000000000000779173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77be9646e0b2ac802021-12-20 16:01:59.175root 11241100x8000000000000000779174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedc9553370499d12021-12-20 16:01:59.175root 11241100x8000000000000000779175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30faa4bb92f2e8032021-12-20 16:01:59.176root 11241100x8000000000000000779176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903b0c8e9724a3752021-12-20 16:01:59.176root 11241100x8000000000000000779177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b7a17274864ad32021-12-20 16:01:59.176root 11241100x8000000000000000779178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f898f2c44aaf5a2021-12-20 16:01:59.176root 11241100x8000000000000000779179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7bd4bb75e282152021-12-20 16:01:59.176root 11241100x8000000000000000779180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357f23b0f826e7b42021-12-20 16:01:59.176root 11241100x8000000000000000779181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806c3a6cb38890702021-12-20 16:01:59.176root 11241100x8000000000000000779182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e15b19d01376362021-12-20 16:01:59.176root 11241100x8000000000000000779183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee3ec2ea162b70f2021-12-20 16:01:59.176root 11241100x8000000000000000779184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d6f0c6a47343a82021-12-20 16:01:59.176root 11241100x8000000000000000779185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b21524a66c4dff2021-12-20 16:01:59.176root 11241100x8000000000000000779186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce66583c46acedf2021-12-20 16:01:59.176root 11241100x8000000000000000779187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2b6db42a54e1282021-12-20 16:01:59.176root 11241100x8000000000000000779188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a04e28c06533962021-12-20 16:01:59.176root 11241100x8000000000000000779189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a780caec4010722021-12-20 16:01:59.176root 11241100x8000000000000000779190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518f837594c570602021-12-20 16:01:59.177root 11241100x8000000000000000779191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132e15bf38219ca12021-12-20 16:01:59.177root 11241100x8000000000000000779192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a69bd4771db7e32021-12-20 16:01:59.177root 11241100x8000000000000000779193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1760049a5fff6b5a2021-12-20 16:01:59.177root 11241100x8000000000000000779194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc90b99f61336052021-12-20 16:01:59.177root 11241100x8000000000000000779195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16701b1b2558f29d2021-12-20 16:01:59.177root 11241100x8000000000000000779196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e46c932420eed12021-12-20 16:01:59.177root 11241100x8000000000000000779197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b15294ad2320a82021-12-20 16:01:59.177root 11241100x8000000000000000779198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e45275cebdc9e312021-12-20 16:01:59.177root 11241100x8000000000000000779199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa22ef14a1af895f2021-12-20 16:01:59.177root 11241100x8000000000000000779200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30494125e62d94652021-12-20 16:01:59.177root 11241100x8000000000000000779201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917dedc27bdf8aa52021-12-20 16:01:59.177root 11241100x8000000000000000779202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1487fde5a4ff6002021-12-20 16:01:59.177root 11241100x8000000000000000779203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4074c44a84534e762021-12-20 16:01:59.177root 11241100x8000000000000000779204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70e844b513f9de22021-12-20 16:01:59.177root 11241100x8000000000000000779205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18e0a7a15f027a52021-12-20 16:01:59.178root 11241100x8000000000000000779206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4074f77621dc04c2021-12-20 16:01:59.178root 11241100x8000000000000000779207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c57d5df63a956bf2021-12-20 16:01:59.178root 11241100x8000000000000000779208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef9d6dce7a5b09f2021-12-20 16:01:59.178root 11241100x8000000000000000779209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9263bb5c81285772021-12-20 16:01:59.178root 11241100x8000000000000000779210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fdeffd7a1a104b2021-12-20 16:01:59.178root 11241100x8000000000000000779211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6329eb7febe48ed32021-12-20 16:01:59.178root 11241100x8000000000000000779212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f180273b8e055e2021-12-20 16:01:59.178root 11241100x8000000000000000779213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3464203484b70492021-12-20 16:01:59.675root 11241100x8000000000000000779214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80bc14f84f9f5662021-12-20 16:01:59.675root 11241100x8000000000000000779215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93490ea72436053b2021-12-20 16:01:59.677root 11241100x8000000000000000779216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e57ce74dda6d642021-12-20 16:01:59.677root 11241100x8000000000000000779217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e5312f00ebef182021-12-20 16:01:59.677root 11241100x8000000000000000779218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b061a569361095362021-12-20 16:01:59.677root 11241100x8000000000000000779219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e28f6a3ec16f632021-12-20 16:01:59.677root 11241100x8000000000000000779220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c4adff7fe92c062021-12-20 16:01:59.677root 11241100x8000000000000000779221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835868de5f72e2aa2021-12-20 16:01:59.677root 11241100x8000000000000000779222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ff6cc8b2b2cf362021-12-20 16:01:59.677root 11241100x8000000000000000779223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424e7a1ec9efba042021-12-20 16:01:59.678root 11241100x8000000000000000779224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453a9bf0ae9efb0d2021-12-20 16:01:59.678root 11241100x8000000000000000779225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9418147e5ae923d82021-12-20 16:01:59.678root 11241100x8000000000000000779226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a96bae746bf79c02021-12-20 16:01:59.678root 11241100x8000000000000000779227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6593e5783808f42021-12-20 16:01:59.678root 11241100x8000000000000000779228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac8e13ca7e670572021-12-20 16:01:59.678root 11241100x8000000000000000779229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6c6ec0277d399a2021-12-20 16:01:59.678root 11241100x8000000000000000779230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dd6ce08e2bb7f22021-12-20 16:01:59.678root 11241100x8000000000000000779231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f4950ff41f191b2021-12-20 16:01:59.678root 11241100x8000000000000000779232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6266b0e8a010e10a2021-12-20 16:01:59.678root 11241100x8000000000000000779233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d2cf234e16dd462021-12-20 16:01:59.678root 11241100x8000000000000000779234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9449c745145d1032021-12-20 16:01:59.678root 11241100x8000000000000000779235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef544640b8742ce12021-12-20 16:01:59.678root 11241100x8000000000000000779236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d4776002a90cc82021-12-20 16:01:59.678root 11241100x8000000000000000779237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dde5358f2a1a2ae2021-12-20 16:01:59.678root 11241100x8000000000000000779238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aec60d20fdeb8d42021-12-20 16:01:59.679root 11241100x8000000000000000779239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4783ad2a5866d1dd2021-12-20 16:01:59.679root 11241100x8000000000000000779240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabfa048cf6d44e92021-12-20 16:01:59.679root 11241100x8000000000000000779241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da968261c8dbfb72021-12-20 16:01:59.679root 11241100x8000000000000000779242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e426bf4e0d3015012021-12-20 16:01:59.679root 11241100x8000000000000000779243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928af71779265f492021-12-20 16:01:59.679root 11241100x8000000000000000779244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2464b43ebda58d9e2021-12-20 16:01:59.679root 11241100x8000000000000000779245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1281c590a814db812021-12-20 16:01:59.679root 11241100x8000000000000000779246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67635c611c9a0f62021-12-20 16:01:59.679root 11241100x8000000000000000779247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de13d4ff96a6d6b2021-12-20 16:01:59.679root 11241100x8000000000000000779248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1caac76488d1832021-12-20 16:01:59.679root 11241100x8000000000000000779249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0cabfb690d3e4a2021-12-20 16:01:59.679root 11241100x8000000000000000779250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e68a583339ef012021-12-20 16:01:59.679root 11241100x8000000000000000779251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdacb0fe6d2e41822021-12-20 16:01:59.679root 11241100x8000000000000000779252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ebb83646950f0d2021-12-20 16:01:59.679root 11241100x8000000000000000779253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:01:59.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98597b9e4086ec472021-12-20 16:01:59.679root 11241100x8000000000000000779254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0559052a5c4987a2021-12-20 16:02:00.174root 11241100x8000000000000000779255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5449dc64db3988b32021-12-20 16:02:00.174root 11241100x8000000000000000779256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc2d9a22796723e2021-12-20 16:02:00.174root 11241100x8000000000000000779257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb95e87287a7dacf2021-12-20 16:02:00.174root 11241100x8000000000000000779258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10df7d237641a1402021-12-20 16:02:00.174root 11241100x8000000000000000779259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed64979a4114a5e92021-12-20 16:02:00.175root 11241100x8000000000000000779260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ac35adaf54ab032021-12-20 16:02:00.175root 11241100x8000000000000000779261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0bf47ea98351f52021-12-20 16:02:00.175root 11241100x8000000000000000779262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6a9ea5e4507e1f2021-12-20 16:02:00.175root 11241100x8000000000000000779263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ba4fb730e405c22021-12-20 16:02:00.175root 11241100x8000000000000000779264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ca1245d0db86792021-12-20 16:02:00.176root 11241100x8000000000000000779265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62522086da168f222021-12-20 16:02:00.176root 11241100x8000000000000000779266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1343e9d465f7c52021-12-20 16:02:00.176root 11241100x8000000000000000779267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0f84d51d13c6b02021-12-20 16:02:00.176root 11241100x8000000000000000779268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2854bd792ea7852021-12-20 16:02:00.176root 11241100x8000000000000000779269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5024a5d21db3cd332021-12-20 16:02:00.176root 11241100x8000000000000000779270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec01484f712248ae2021-12-20 16:02:00.176root 11241100x8000000000000000779271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f84cbe89537021b2021-12-20 16:02:00.177root 11241100x8000000000000000779272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25c1cebf5098aec2021-12-20 16:02:00.177root 11241100x8000000000000000779273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c03078d726c9e82021-12-20 16:02:00.177root 11241100x8000000000000000779274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93485c2157e368582021-12-20 16:02:00.177root 11241100x8000000000000000779275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f9c369abf5805f2021-12-20 16:02:00.177root 11241100x8000000000000000779276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fbc990c2135cab2021-12-20 16:02:00.177root 11241100x8000000000000000779277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d3052855c675502021-12-20 16:02:00.177root 11241100x8000000000000000779278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cb744933acabf82021-12-20 16:02:00.177root 11241100x8000000000000000779279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4555d5eb96cb1d22021-12-20 16:02:00.178root 11241100x8000000000000000779280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6490693e085daa2021-12-20 16:02:00.178root 11241100x8000000000000000779281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5739487bc9b9a4b2021-12-20 16:02:00.178root 11241100x8000000000000000779282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7fbb1cafba42be2021-12-20 16:02:00.179root 11241100x8000000000000000779283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f72bb594f631f32021-12-20 16:02:00.179root 11241100x8000000000000000779284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476f5be2dcf669a62021-12-20 16:02:00.179root 11241100x8000000000000000779285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245d1e9633b283ae2021-12-20 16:02:00.179root 11241100x8000000000000000779286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa67ecb322594d292021-12-20 16:02:00.179root 11241100x8000000000000000779287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3678fa25df8ff32021-12-20 16:02:00.179root 11241100x8000000000000000779288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a4f5fa316acf5f2021-12-20 16:02:00.180root 11241100x8000000000000000779289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1234218584ad7562021-12-20 16:02:00.180root 11241100x8000000000000000779290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91aa9658c808a53e2021-12-20 16:02:00.180root 11241100x8000000000000000779291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a525527f351afa2021-12-20 16:02:00.180root 11241100x8000000000000000779292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448cabc7a3d97ded2021-12-20 16:02:00.180root 11241100x8000000000000000779293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ed16cb20e205132021-12-20 16:02:00.180root 11241100x8000000000000000779294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ed320bd9af3fe02021-12-20 16:02:00.181root 11241100x8000000000000000779295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4878a54959309e42021-12-20 16:02:00.181root 11241100x8000000000000000779296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c844ef951473ae6e2021-12-20 16:02:00.181root 11241100x8000000000000000779297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3f0aceb2f7fd0a2021-12-20 16:02:00.181root 11241100x8000000000000000779298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4781ccffba827f222021-12-20 16:02:00.181root 11241100x8000000000000000779299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd16902a9373a1642021-12-20 16:02:00.181root 11241100x8000000000000000779300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6009bce4ef5cd0b72021-12-20 16:02:00.181root 11241100x8000000000000000779301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d6414aef750cb12021-12-20 16:02:00.675root 11241100x8000000000000000779302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d416e6c05796502021-12-20 16:02:00.675root 11241100x8000000000000000779303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234b784c2cc4da112021-12-20 16:02:00.675root 11241100x8000000000000000779304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba0feca5c93602f2021-12-20 16:02:00.676root 11241100x8000000000000000779305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f98dabeff3cbcbe2021-12-20 16:02:00.676root 11241100x8000000000000000779306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17727db0f17b706a2021-12-20 16:02:00.676root 11241100x8000000000000000779307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86298134c4973de2021-12-20 16:02:00.676root 11241100x8000000000000000779308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be2e410de5fde0a2021-12-20 16:02:00.676root 11241100x8000000000000000779309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f827c9babe7cd582021-12-20 16:02:00.676root 11241100x8000000000000000779310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c611d8cd85d30e412021-12-20 16:02:00.676root 11241100x8000000000000000779311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5729cdc50685192021-12-20 16:02:00.676root 11241100x8000000000000000779312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f31c9cb1d944382021-12-20 16:02:00.676root 11241100x8000000000000000779313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcd3a5ba36335112021-12-20 16:02:00.676root 11241100x8000000000000000779314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc9199c7821f8d2021-12-20 16:02:00.676root 11241100x8000000000000000779315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8245cbde17dd0b72021-12-20 16:02:00.676root 11241100x8000000000000000779316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c014d30a53b41c862021-12-20 16:02:00.676root 11241100x8000000000000000779317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e9aa7b70b999e02021-12-20 16:02:00.676root 11241100x8000000000000000779318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3efe929ab413912021-12-20 16:02:00.676root 11241100x8000000000000000779319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4503ee11ca2ab02021-12-20 16:02:00.677root 11241100x8000000000000000779320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c9e9cd8be7da372021-12-20 16:02:00.677root 11241100x8000000000000000779321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1243fa9e6068ca2021-12-20 16:02:00.677root 11241100x8000000000000000779322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9b7b35fbc438a02021-12-20 16:02:00.677root 11241100x8000000000000000779323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9785f8e1f45d7f42021-12-20 16:02:00.677root 11241100x8000000000000000779324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fe0028bdf53e3f2021-12-20 16:02:00.677root 11241100x8000000000000000779325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcff0b58049b3672021-12-20 16:02:00.677root 11241100x8000000000000000779326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68b4d996043dc862021-12-20 16:02:00.677root 11241100x8000000000000000779327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f01a1550993c0762021-12-20 16:02:00.677root 11241100x8000000000000000779328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac746743f85983882021-12-20 16:02:00.677root 11241100x8000000000000000779329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba199486425cf9a2021-12-20 16:02:00.677root 11241100x8000000000000000779330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dabb2637fe68ea92021-12-20 16:02:00.677root 11241100x8000000000000000779331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72acd4644db34d522021-12-20 16:02:00.678root 11241100x8000000000000000779332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043465db4d31a0c32021-12-20 16:02:00.678root 11241100x8000000000000000779333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cda3f9580b588d2021-12-20 16:02:00.678root 11241100x8000000000000000779334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728054f44f916e562021-12-20 16:02:00.678root 11241100x8000000000000000779335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba74394ba4a325cc2021-12-20 16:02:00.678root 11241100x8000000000000000779336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155f8e13c416b2982021-12-20 16:02:00.678root 11241100x8000000000000000779337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba60affd00b106e52021-12-20 16:02:00.678root 11241100x8000000000000000779338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14cc7fa8e37963b2021-12-20 16:02:00.678root 11241100x8000000000000000779339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe92f80f3bf98672021-12-20 16:02:00.678root 11241100x8000000000000000779340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13021b4bb16bf8ec2021-12-20 16:02:00.678root 11241100x8000000000000000779341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:00.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a21a8ef0b60a732021-12-20 16:02:00.678root 354300x8000000000000000779342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.070{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51536-false10.0.1.12-8000- 11241100x8000000000000000779343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f046fe43ef79a9bd2021-12-20 16:02:01.071root 11241100x8000000000000000779344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bd87169ecd8dd12021-12-20 16:02:01.071root 11241100x8000000000000000779345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede6902dcb99ee9e2021-12-20 16:02:01.071root 11241100x8000000000000000779346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27146a5615a8ae7e2021-12-20 16:02:01.071root 11241100x8000000000000000779347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2f2543e89ff57c2021-12-20 16:02:01.071root 11241100x8000000000000000779348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7367e5beb9df8be32021-12-20 16:02:01.071root 11241100x8000000000000000779349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0157211875434a2021-12-20 16:02:01.071root 11241100x8000000000000000779350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08119b165c319382021-12-20 16:02:01.071root 11241100x8000000000000000779351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea53ef817180ba362021-12-20 16:02:01.071root 11241100x8000000000000000779352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73bada460f8636e2021-12-20 16:02:01.071root 11241100x8000000000000000779353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02249bf6710ee3662021-12-20 16:02:01.071root 11241100x8000000000000000779354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783395a96780f1c22021-12-20 16:02:01.071root 11241100x8000000000000000779355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932681efa3676bd02021-12-20 16:02:01.072root 11241100x8000000000000000779356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c2deeebbf8067a2021-12-20 16:02:01.072root 11241100x8000000000000000779357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512b6f3885bf1e2e2021-12-20 16:02:01.072root 11241100x8000000000000000779358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb730998a3b33aa92021-12-20 16:02:01.072root 11241100x8000000000000000779359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6584661b4d776d2021-12-20 16:02:01.072root 11241100x8000000000000000779360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b1a4602e3b5bbd2021-12-20 16:02:01.072root 11241100x8000000000000000779361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3c1cb3b97d46cf2021-12-20 16:02:01.072root 11241100x8000000000000000779362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d23e1c2cabe2332021-12-20 16:02:01.072root 11241100x8000000000000000779363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4608405c3a8f1622021-12-20 16:02:01.072root 11241100x8000000000000000779364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d192d9aa972145232021-12-20 16:02:01.072root 11241100x8000000000000000779365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c6b52257c7f7fb2021-12-20 16:02:01.072root 11241100x8000000000000000779366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b8e5a59632b2352021-12-20 16:02:01.072root 11241100x8000000000000000779367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a7790ff83da7b92021-12-20 16:02:01.073root 11241100x8000000000000000779368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980682821f42a8e02021-12-20 16:02:01.073root 11241100x8000000000000000779369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b27f714ca2165082021-12-20 16:02:01.073root 11241100x8000000000000000779370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf17323dae1f9f52021-12-20 16:02:01.074root 11241100x8000000000000000779371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828878c4e519c66d2021-12-20 16:02:01.074root 11241100x8000000000000000779372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57575ce392fff7002021-12-20 16:02:01.076root 11241100x8000000000000000779373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e164f5f59d034db92021-12-20 16:02:01.076root 11241100x8000000000000000779374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33eb2bd009fdee972021-12-20 16:02:01.076root 11241100x8000000000000000779375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.078{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10b7ecb3f2dca992021-12-20 16:02:01.078root 11241100x8000000000000000779376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e817254d56a2fc22021-12-20 16:02:01.079root 11241100x8000000000000000779377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.079{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a0f36cdba71d922021-12-20 16:02:01.079root 11241100x8000000000000000779378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.080{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479591ce0b2cef9a2021-12-20 16:02:01.080root 11241100x8000000000000000779379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ce0abb2ac820372021-12-20 16:02:01.081root 11241100x8000000000000000779380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.081{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715c52b21e6f42b12021-12-20 16:02:01.081root 11241100x8000000000000000779381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.082{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e191a4846f93322021-12-20 16:02:01.082root 11241100x8000000000000000779382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.082{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213f88f53fcb85e62021-12-20 16:02:01.082root 11241100x8000000000000000779383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.083{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26657771e6c85e452021-12-20 16:02:01.083root 11241100x8000000000000000779384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.083{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825da1dd012be6022021-12-20 16:02:01.083root 11241100x8000000000000000779385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.083{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a0fd78dfe380aa2021-12-20 16:02:01.083root 11241100x8000000000000000779386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.085{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9d5c1c02def7b92021-12-20 16:02:01.085root 11241100x8000000000000000779387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.086{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0ad0419d7adf422021-12-20 16:02:01.086root 11241100x8000000000000000779388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.086{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa6ed22289b24c32021-12-20 16:02:01.086root 11241100x8000000000000000779389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.086{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf084366e3ea37c2021-12-20 16:02:01.086root 11241100x8000000000000000779390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.086{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b1a63c7f1bfb862021-12-20 16:02:01.086root 11241100x8000000000000000779391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.088{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7595ced0f51594272021-12-20 16:02:01.088root 11241100x8000000000000000779392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.089{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b6c74aa3764c2a2021-12-20 16:02:01.089root 11241100x8000000000000000779393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.089{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d8b00465ce0fa92021-12-20 16:02:01.089root 11241100x8000000000000000779394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.089{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef5d9a19636e7952021-12-20 16:02:01.089root 11241100x8000000000000000779395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.091{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc79debc08e1dcf82021-12-20 16:02:01.091root 11241100x8000000000000000779396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.091{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802140ea062f4aa32021-12-20 16:02:01.091root 11241100x8000000000000000779397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.091{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71080c8588dfb6372021-12-20 16:02:01.091root 11241100x8000000000000000779398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.092{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbb8ee0c860f81d2021-12-20 16:02:01.092root 11241100x8000000000000000779399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.092{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2ccff5700998ad2021-12-20 16:02:01.092root 11241100x8000000000000000779400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.092{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fb38c6776559f82021-12-20 16:02:01.092root 11241100x8000000000000000779401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.095{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f823c7687c48852021-12-20 16:02:01.095root 11241100x8000000000000000779402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.095{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2659f8bce3143e042021-12-20 16:02:01.095root 11241100x8000000000000000779403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.095{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d06e19069c3ad5c2021-12-20 16:02:01.095root 11241100x8000000000000000779404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.096{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7beabe89bc4c4d32021-12-20 16:02:01.096root 11241100x8000000000000000779405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.096{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c59fd3cfef63e402021-12-20 16:02:01.096root 11241100x8000000000000000779406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.097{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd384cf4b0eadac12021-12-20 16:02:01.097root 11241100x8000000000000000779407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.097{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e0aaa126d67e3b2021-12-20 16:02:01.097root 11241100x8000000000000000779408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.098{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1bb2e2457813d02021-12-20 16:02:01.098root 11241100x8000000000000000779409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.099{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae922b122ee076a2021-12-20 16:02:01.099root 11241100x8000000000000000779410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.099{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69fad83a38f2ecb2021-12-20 16:02:01.099root 11241100x8000000000000000779411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.099{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14371239eeffc0d42021-12-20 16:02:01.099root 11241100x8000000000000000779412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.099{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce8f9995a8702e52021-12-20 16:02:01.099root 11241100x8000000000000000779413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9f292e8aa94bb22021-12-20 16:02:01.424root 11241100x8000000000000000779414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50d24cb34b734fc2021-12-20 16:02:01.424root 11241100x8000000000000000779415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23508b956b1b98022021-12-20 16:02:01.424root 11241100x8000000000000000779416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e022ae473c3ddb62021-12-20 16:02:01.424root 11241100x8000000000000000779417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f2b29b2217da242021-12-20 16:02:01.425root 11241100x8000000000000000779418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd5ff990ae40632021-12-20 16:02:01.425root 11241100x8000000000000000779419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f475fb7c36ac8b62021-12-20 16:02:01.425root 11241100x8000000000000000779420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff093ae755a9a992021-12-20 16:02:01.425root 11241100x8000000000000000779421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb2511f215bd13b2021-12-20 16:02:01.425root 11241100x8000000000000000779422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7962ad2e80648d5d2021-12-20 16:02:01.425root 11241100x8000000000000000779423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d138eefd773003ad2021-12-20 16:02:01.425root 11241100x8000000000000000779424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee909d5016d2b5e22021-12-20 16:02:01.425root 11241100x8000000000000000779425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07816eb5a2f3350f2021-12-20 16:02:01.426root 11241100x8000000000000000779426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee79896720fcd04e2021-12-20 16:02:01.426root 11241100x8000000000000000779427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9acc9c2d2a635b2021-12-20 16:02:01.426root 11241100x8000000000000000779428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e144e24ccd30ef332021-12-20 16:02:01.426root 11241100x8000000000000000779429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9eca31bd67c96d2021-12-20 16:02:01.426root 11241100x8000000000000000779430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bc98c0f9c9a9d12021-12-20 16:02:01.426root 11241100x8000000000000000779431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5027232d99d65a2021-12-20 16:02:01.426root 11241100x8000000000000000779432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bcccd9bbb4b1392021-12-20 16:02:01.427root 11241100x8000000000000000779433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647eaeef02fa21232021-12-20 16:02:01.427root 11241100x8000000000000000779434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ac6d5a2b69ee752021-12-20 16:02:01.427root 11241100x8000000000000000779435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efba9e6bbe174ac2021-12-20 16:02:01.427root 11241100x8000000000000000779436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa0579b0dc18f642021-12-20 16:02:01.427root 11241100x8000000000000000779437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3129df05358f3fe52021-12-20 16:02:01.427root 11241100x8000000000000000779438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f068ef73c045fe912021-12-20 16:02:01.427root 11241100x8000000000000000779439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89c4e1ac95c79562021-12-20 16:02:01.427root 11241100x8000000000000000779440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d3fd31d23de7da2021-12-20 16:02:01.428root 11241100x8000000000000000779441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e8b8468286113d2021-12-20 16:02:01.428root 11241100x8000000000000000779442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0fa80d71c50b572021-12-20 16:02:01.428root 11241100x8000000000000000779443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cbe0ceab64a8fe2021-12-20 16:02:01.428root 11241100x8000000000000000779444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16cc76c122c87282021-12-20 16:02:01.428root 11241100x8000000000000000779445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7822532a65ccbb2021-12-20 16:02:01.428root 11241100x8000000000000000779446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec7f8aacd79e5ee2021-12-20 16:02:01.428root 11241100x8000000000000000779447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92eade87a90ec5b2021-12-20 16:02:01.428root 11241100x8000000000000000779448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b0c981d934acea2021-12-20 16:02:01.429root 11241100x8000000000000000779449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cd728d0353e0852021-12-20 16:02:01.429root 11241100x8000000000000000779450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65be6286ec91767e2021-12-20 16:02:01.429root 11241100x8000000000000000779451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1517bdb410e3201a2021-12-20 16:02:01.429root 11241100x8000000000000000779452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec044caa982cbc62021-12-20 16:02:01.429root 11241100x8000000000000000779453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca685cd411323b22021-12-20 16:02:01.429root 11241100x8000000000000000779454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e104fdd870a925622021-12-20 16:02:01.429root 11241100x8000000000000000779455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f87bf3c2e767a9a2021-12-20 16:02:01.429root 11241100x8000000000000000779456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83280a3aca8c5aa52021-12-20 16:02:01.430root 11241100x8000000000000000779457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778b08811fca6bc22021-12-20 16:02:01.430root 11241100x8000000000000000779458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0088bcae91bac35a2021-12-20 16:02:01.430root 11241100x8000000000000000779459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd9c2b25a01eea02021-12-20 16:02:01.430root 11241100x8000000000000000779460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52003b91083220a12021-12-20 16:02:01.430root 11241100x8000000000000000779461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a03494dcb4e917f2021-12-20 16:02:01.430root 11241100x8000000000000000779462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c03dbd2ca5eaa32021-12-20 16:02:01.430root 11241100x8000000000000000779463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cec86bc1e7095b92021-12-20 16:02:01.431root 11241100x8000000000000000779464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6687966aa0bbff2021-12-20 16:02:01.431root 11241100x8000000000000000779465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f27f00e0ae590a2021-12-20 16:02:01.431root 11241100x8000000000000000779466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2f092ece50c3a92021-12-20 16:02:01.431root 11241100x8000000000000000779467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56309c8634f44f1b2021-12-20 16:02:01.431root 11241100x8000000000000000779468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d7bfa4e94818602021-12-20 16:02:01.432root 11241100x8000000000000000779469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c9b37ef5d9b7e62021-12-20 16:02:01.432root 11241100x8000000000000000779470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300f628791d1c4542021-12-20 16:02:01.432root 11241100x8000000000000000779471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c888327fffd4338a2021-12-20 16:02:01.432root 11241100x8000000000000000779472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110541d9135f1a052021-12-20 16:02:01.432root 11241100x8000000000000000779473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34841a4f82271982021-12-20 16:02:01.432root 11241100x8000000000000000779474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3960690e939eb722021-12-20 16:02:01.433root 11241100x8000000000000000779475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0b679ce9a43e612021-12-20 16:02:01.433root 11241100x8000000000000000779476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853a91c24f4801552021-12-20 16:02:01.433root 11241100x8000000000000000779477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7bb7bff44916e82021-12-20 16:02:01.433root 11241100x8000000000000000779478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff6ac55df24ac202021-12-20 16:02:01.433root 11241100x8000000000000000779479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a816488a916075272021-12-20 16:02:01.433root 11241100x8000000000000000779480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d99659fada469572021-12-20 16:02:01.433root 11241100x8000000000000000779481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43ef7052e2a044a2021-12-20 16:02:01.434root 11241100x8000000000000000779482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75d3033703fd7792021-12-20 16:02:01.434root 11241100x8000000000000000779483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefb5311c9eb53742021-12-20 16:02:01.434root 11241100x8000000000000000779484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddee74dd6005976e2021-12-20 16:02:01.434root 11241100x8000000000000000779485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c7762ec1f8fd882021-12-20 16:02:01.435root 11241100x8000000000000000779486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f189e136e4f77dc42021-12-20 16:02:01.435root 11241100x8000000000000000779487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4231bf4d91f46c2021-12-20 16:02:01.435root 11241100x8000000000000000779488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f69cd37da5b1fd2021-12-20 16:02:01.435root 11241100x8000000000000000779489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e90e40ce11e830f2021-12-20 16:02:01.435root 11241100x8000000000000000779490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c627b414505eb8d2021-12-20 16:02:01.436root 11241100x8000000000000000779491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28616ed3bec4771d2021-12-20 16:02:01.436root 11241100x8000000000000000779492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17764e76af575bb22021-12-20 16:02:01.436root 11241100x8000000000000000779493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bb2b7fc666f3c92021-12-20 16:02:01.436root 11241100x8000000000000000779494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a285cb687b02222021-12-20 16:02:01.438root 11241100x8000000000000000779495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf85a25af478c522021-12-20 16:02:01.439root 11241100x8000000000000000779496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02075c69eb4932a32021-12-20 16:02:01.439root 11241100x8000000000000000779497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db448079886d8ce2021-12-20 16:02:01.439root 11241100x8000000000000000779498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66604e918c753922021-12-20 16:02:01.439root 11241100x8000000000000000779499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28b1883168a59af2021-12-20 16:02:01.439root 11241100x8000000000000000779500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f335a42a704075f2021-12-20 16:02:01.439root 11241100x8000000000000000779501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b329ba7c749ac60a2021-12-20 16:02:01.439root 11241100x8000000000000000779502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e3c80d78ecfec42021-12-20 16:02:01.439root 11241100x8000000000000000779503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31befeb50185ca2b2021-12-20 16:02:01.440root 11241100x8000000000000000779504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19216f68dc53d1b22021-12-20 16:02:01.440root 11241100x8000000000000000779505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67ec58a947e0fb32021-12-20 16:02:01.924root 11241100x8000000000000000779506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c47b1d4b958fbc2021-12-20 16:02:01.924root 11241100x8000000000000000779507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5499d9ba4f99bf9e2021-12-20 16:02:01.924root 11241100x8000000000000000779508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beffdb0919dce1d42021-12-20 16:02:01.924root 11241100x8000000000000000779509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1050b7b92e480a0f2021-12-20 16:02:01.925root 11241100x8000000000000000779510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882953b0515942752021-12-20 16:02:01.925root 11241100x8000000000000000779511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b6481f64f5231b2021-12-20 16:02:01.925root 11241100x8000000000000000779512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157d0a28cc98d9852021-12-20 16:02:01.925root 11241100x8000000000000000779513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3656caba8e73d56c2021-12-20 16:02:01.925root 11241100x8000000000000000779514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953bb541a74186db2021-12-20 16:02:01.925root 11241100x8000000000000000779515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe379872098d7fb2021-12-20 16:02:01.925root 11241100x8000000000000000779516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be9fb9f916f14a32021-12-20 16:02:01.925root 11241100x8000000000000000779517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6979ff78319e60362021-12-20 16:02:01.925root 11241100x8000000000000000779518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f4596fe8a602592021-12-20 16:02:01.925root 11241100x8000000000000000779519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3bc433d93ef5212021-12-20 16:02:01.925root 11241100x8000000000000000779520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7489724087c46e2021-12-20 16:02:01.925root 11241100x8000000000000000779521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f219f9e9fbf7eb2021-12-20 16:02:01.926root 11241100x8000000000000000779522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5163b700f7232f632021-12-20 16:02:01.926root 11241100x8000000000000000779523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c56fc63507d31a52021-12-20 16:02:01.926root 11241100x8000000000000000779524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e6fd3c0d9df4dd2021-12-20 16:02:01.926root 11241100x8000000000000000779525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb39113f5065ebae2021-12-20 16:02:01.926root 11241100x8000000000000000779526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1716483a714b5c7a2021-12-20 16:02:01.926root 11241100x8000000000000000779527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f471e346336f442021-12-20 16:02:01.926root 11241100x8000000000000000779528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879abb71109651e12021-12-20 16:02:01.926root 11241100x8000000000000000779529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ef35860e54c9fb2021-12-20 16:02:01.926root 11241100x8000000000000000779530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4e1f69b01598472021-12-20 16:02:01.926root 11241100x8000000000000000779531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb8f58cd279c7952021-12-20 16:02:01.927root 11241100x8000000000000000779532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6a6c8fa0e4d2652021-12-20 16:02:01.927root 11241100x8000000000000000779533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0659b242e176a62021-12-20 16:02:01.927root 11241100x8000000000000000779534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ec8b72f1930df32021-12-20 16:02:01.927root 11241100x8000000000000000779535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70231190e1fe55d2021-12-20 16:02:01.927root 11241100x8000000000000000779536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590fb2d00bade2e22021-12-20 16:02:01.927root 11241100x8000000000000000779537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3b91df51563b872021-12-20 16:02:01.927root 11241100x8000000000000000779538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0ed0409acc0cf72021-12-20 16:02:01.927root 11241100x8000000000000000779539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5954c4ac3aa95e462021-12-20 16:02:01.927root 11241100x8000000000000000779540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab269759bd7d9402021-12-20 16:02:01.927root 11241100x8000000000000000779541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a7ea864ef8e4562021-12-20 16:02:01.928root 11241100x8000000000000000779542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8459eaca02f2d01b2021-12-20 16:02:01.928root 11241100x8000000000000000779543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea53bee3512471df2021-12-20 16:02:01.928root 11241100x8000000000000000779544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e6541a76b2faa02021-12-20 16:02:01.928root 11241100x8000000000000000779545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d705768bb02fc812021-12-20 16:02:01.928root 11241100x8000000000000000779546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94ebf8f675823182021-12-20 16:02:01.929root 11241100x8000000000000000779547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af6ea9baa9b0e922021-12-20 16:02:01.929root 11241100x8000000000000000779548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c01f8089651f2952021-12-20 16:02:01.929root 11241100x8000000000000000779549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2223c43d30fbf60d2021-12-20 16:02:01.929root 11241100x8000000000000000779550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c082bcbc5317c2021-12-20 16:02:01.929root 11241100x8000000000000000779551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa854f0878699aa2021-12-20 16:02:01.929root 11241100x8000000000000000779552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b0d499cb0c047d2021-12-20 16:02:01.929root 11241100x8000000000000000779553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeafd3e2d95a2b52021-12-20 16:02:01.929root 11241100x8000000000000000779554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:01.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fa5c78f8a81f3b2021-12-20 16:02:01.930root 11241100x8000000000000000779555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431f17ce0b38c2f12021-12-20 16:02:02.424root 11241100x8000000000000000779556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32f5624e3b982db2021-12-20 16:02:02.424root 11241100x8000000000000000779557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2391fff1b2a8e02021-12-20 16:02:02.424root 11241100x8000000000000000779558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a8eeb9fd4d2ef22021-12-20 16:02:02.425root 11241100x8000000000000000779559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db42dc21cfa46ac2021-12-20 16:02:02.425root 11241100x8000000000000000779560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2d5d43362572712021-12-20 16:02:02.425root 11241100x8000000000000000779561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbc63377882d1af2021-12-20 16:02:02.425root 11241100x8000000000000000779562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc19ee3b45da2d02021-12-20 16:02:02.425root 11241100x8000000000000000779563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5966eabcac441f892021-12-20 16:02:02.425root 11241100x8000000000000000779564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d97708f6630e702021-12-20 16:02:02.425root 11241100x8000000000000000779565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd618c003c4031322021-12-20 16:02:02.425root 11241100x8000000000000000779566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6636fbdc797593a52021-12-20 16:02:02.425root 11241100x8000000000000000779567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b9a8e36e202eb62021-12-20 16:02:02.426root 11241100x8000000000000000779568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d799607b7b850ab2021-12-20 16:02:02.426root 11241100x8000000000000000779569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7f6e54305d08742021-12-20 16:02:02.426root 11241100x8000000000000000779570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fdd7c6071805e82021-12-20 16:02:02.426root 11241100x8000000000000000779571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc0fba8a00598292021-12-20 16:02:02.426root 11241100x8000000000000000779572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbe71e5633088cc2021-12-20 16:02:02.427root 11241100x8000000000000000779573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c7114c369559592021-12-20 16:02:02.427root 11241100x8000000000000000779574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2799453c2bb203d42021-12-20 16:02:02.427root 11241100x8000000000000000779575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf75377d4bf5b6162021-12-20 16:02:02.427root 11241100x8000000000000000779576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af65b5f72b706442021-12-20 16:02:02.427root 11241100x8000000000000000779577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac735a460867c8b2021-12-20 16:02:02.428root 11241100x8000000000000000779578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5df0ce1db54ec552021-12-20 16:02:02.428root 11241100x8000000000000000779579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2036280942e42c562021-12-20 16:02:02.428root 11241100x8000000000000000779580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfb834c9497d1642021-12-20 16:02:02.428root 11241100x8000000000000000779581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891b3c7fc37c4b162021-12-20 16:02:02.428root 11241100x8000000000000000779582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1549bf0a2aa828f2021-12-20 16:02:02.429root 11241100x8000000000000000779583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ab76e457231d22021-12-20 16:02:02.429root 11241100x8000000000000000779584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be389850deaea9262021-12-20 16:02:02.429root 11241100x8000000000000000779585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584a1cc8008143af2021-12-20 16:02:02.429root 11241100x8000000000000000779586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade2d60c0c680c9d2021-12-20 16:02:02.429root 11241100x8000000000000000779587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd0016c0ebc13da2021-12-20 16:02:02.429root 11241100x8000000000000000779588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d0f817e0b63f182021-12-20 16:02:02.429root 11241100x8000000000000000779589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628a2f308b394fb12021-12-20 16:02:02.429root 11241100x8000000000000000779590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf667616a28ce172021-12-20 16:02:02.430root 11241100x8000000000000000779591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c416113b207d97d2021-12-20 16:02:02.430root 11241100x8000000000000000779592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bfb317923ffa4a2021-12-20 16:02:02.430root 11241100x8000000000000000779593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3262522cf44a192021-12-20 16:02:02.430root 11241100x8000000000000000779594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef263d5130a0a3e22021-12-20 16:02:02.430root 11241100x8000000000000000779595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b65e6dfe619eb012021-12-20 16:02:02.430root 11241100x8000000000000000779596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78c50122de203fd2021-12-20 16:02:02.431root 11241100x8000000000000000779597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f144b22d7df436782021-12-20 16:02:02.431root 11241100x8000000000000000779598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5727162ea90f3e2021-12-20 16:02:02.431root 11241100x8000000000000000779599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6338367a352058642021-12-20 16:02:02.431root 11241100x8000000000000000779600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76534c618239cffb2021-12-20 16:02:02.431root 11241100x8000000000000000779601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ccb436d1d66bf82021-12-20 16:02:02.431root 11241100x8000000000000000779602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f729112124d3f602021-12-20 16:02:02.924root 11241100x8000000000000000779603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd367550bf9ac912021-12-20 16:02:02.924root 11241100x8000000000000000779604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9ccbd8511d83a42021-12-20 16:02:02.924root 11241100x8000000000000000779605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39320a92ac03599e2021-12-20 16:02:02.924root 11241100x8000000000000000779606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c8e0946d5676e72021-12-20 16:02:02.925root 11241100x8000000000000000779607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c83ae50752c980d2021-12-20 16:02:02.925root 11241100x8000000000000000779608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f636cee74e628112021-12-20 16:02:02.925root 11241100x8000000000000000779609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8fc9ce58fcc3a62021-12-20 16:02:02.925root 11241100x8000000000000000779610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e8a6b8b3f1f8c52021-12-20 16:02:02.925root 11241100x8000000000000000779611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae08a4b41587f752021-12-20 16:02:02.925root 11241100x8000000000000000779612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4884f843dfc976e62021-12-20 16:02:02.925root 11241100x8000000000000000779613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae86cb504f40f192021-12-20 16:02:02.925root 11241100x8000000000000000779614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea00dfdfe1858632021-12-20 16:02:02.925root 11241100x8000000000000000779615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12ad50498e53aa82021-12-20 16:02:02.925root 11241100x8000000000000000779616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687002b9374dc3d92021-12-20 16:02:02.926root 11241100x8000000000000000779617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c12cd9f64d37052021-12-20 16:02:02.926root 11241100x8000000000000000779618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881652fb1ca562c62021-12-20 16:02:02.926root 11241100x8000000000000000779619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846c7558740f22362021-12-20 16:02:02.926root 11241100x8000000000000000779620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd93c8830d918ce82021-12-20 16:02:02.926root 11241100x8000000000000000779621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8c81b2fb2180222021-12-20 16:02:02.926root 11241100x8000000000000000779622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c54f7868175455c2021-12-20 16:02:02.926root 11241100x8000000000000000779623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86132ba2b9642be42021-12-20 16:02:02.927root 11241100x8000000000000000779624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6164f0be48f8082021-12-20 16:02:02.927root 11241100x8000000000000000779625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e48b140b0f0cce72021-12-20 16:02:02.927root 11241100x8000000000000000779626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d046eeea89308762021-12-20 16:02:02.927root 11241100x8000000000000000779627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f678bdb917388fc72021-12-20 16:02:02.927root 11241100x8000000000000000779628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0382812c01b563b32021-12-20 16:02:02.928root 11241100x8000000000000000779629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e68294be799f0022021-12-20 16:02:02.928root 11241100x8000000000000000779630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6723cb18258d9d2021-12-20 16:02:02.928root 11241100x8000000000000000779631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5eb2e6e732c9aa2021-12-20 16:02:02.928root 11241100x8000000000000000779632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc3bfa32f3315882021-12-20 16:02:02.929root 11241100x8000000000000000779633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558abcda7e979ab72021-12-20 16:02:02.929root 11241100x8000000000000000779634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4778453bb36822712021-12-20 16:02:02.929root 11241100x8000000000000000779635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4e8c4252a4893b2021-12-20 16:02:02.929root 11241100x8000000000000000779636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c330092c58693a212021-12-20 16:02:02.929root 11241100x8000000000000000779637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407921c30a2adbf82021-12-20 16:02:02.929root 11241100x8000000000000000779638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a5f6482ef255892021-12-20 16:02:02.929root 11241100x8000000000000000779639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96cd2df8343723e2021-12-20 16:02:02.929root 11241100x8000000000000000779640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db82854bed230f1e2021-12-20 16:02:02.929root 11241100x8000000000000000779641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00943680afa163802021-12-20 16:02:02.929root 11241100x8000000000000000779642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b71f7c6a3dcf25c2021-12-20 16:02:02.929root 11241100x8000000000000000779643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc2639e8644c98e2021-12-20 16:02:02.929root 11241100x8000000000000000779644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecb14d258f19ad02021-12-20 16:02:02.929root 11241100x8000000000000000779645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:02.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a30fdac5b94368a2021-12-20 16:02:02.929root 11241100x8000000000000000779646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dad35f6d14fc362021-12-20 16:02:03.424root 11241100x8000000000000000779647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e1eb6380cfc7752021-12-20 16:02:03.425root 11241100x8000000000000000779648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49742a166744f3032021-12-20 16:02:03.425root 11241100x8000000000000000779649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a84331ef53a48a32021-12-20 16:02:03.425root 11241100x8000000000000000779650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362c0672b2bb2aaf2021-12-20 16:02:03.426root 11241100x8000000000000000779651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a441e58204260d502021-12-20 16:02:03.426root 11241100x8000000000000000779652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17040bd2b53640be2021-12-20 16:02:03.426root 11241100x8000000000000000779653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62044d3b198e4c22021-12-20 16:02:03.427root 11241100x8000000000000000779654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77060eec5a06237d2021-12-20 16:02:03.427root 11241100x8000000000000000779655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cdc9cb385bfc5a2021-12-20 16:02:03.428root 11241100x8000000000000000779656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282412f8bf89ae9e2021-12-20 16:02:03.428root 11241100x8000000000000000779657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f69d24851bc151c2021-12-20 16:02:03.429root 11241100x8000000000000000779658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653f36e54031fda42021-12-20 16:02:03.429root 11241100x8000000000000000779659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af37f991f4b835572021-12-20 16:02:03.429root 11241100x8000000000000000779660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89cb641713da6422021-12-20 16:02:03.430root 11241100x8000000000000000779661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229a31d6264c7a672021-12-20 16:02:03.430root 11241100x8000000000000000779662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ab82defd702a472021-12-20 16:02:03.430root 11241100x8000000000000000779663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06e1e93253194c12021-12-20 16:02:03.431root 11241100x8000000000000000779664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedca37880d244c32021-12-20 16:02:03.431root 11241100x8000000000000000779665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee03a4bddc1259ba2021-12-20 16:02:03.431root 11241100x8000000000000000779666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea20420a5ae123802021-12-20 16:02:03.432root 11241100x8000000000000000779667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819b327b7f00f2942021-12-20 16:02:03.432root 11241100x8000000000000000779668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99da1194e89ff8e2021-12-20 16:02:03.432root 11241100x8000000000000000779669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82755c825eef2822021-12-20 16:02:03.433root 11241100x8000000000000000779670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268f3310025ea9262021-12-20 16:02:03.433root 11241100x8000000000000000779671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d1a0c6841f2dd42021-12-20 16:02:03.433root 11241100x8000000000000000779672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5f1c229e919b182021-12-20 16:02:03.433root 11241100x8000000000000000779673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd0ba0d49eb05732021-12-20 16:02:03.433root 11241100x8000000000000000779674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47722c9892bd11d32021-12-20 16:02:03.433root 11241100x8000000000000000779675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7897cdecc733e8832021-12-20 16:02:03.433root 11241100x8000000000000000779676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82a652eac7396df2021-12-20 16:02:03.433root 11241100x8000000000000000779677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431f6026d2a0851e2021-12-20 16:02:03.433root 11241100x8000000000000000779678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc61bd2f12439eb2021-12-20 16:02:03.433root 11241100x8000000000000000779679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3835efe9713ce52021-12-20 16:02:03.433root 11241100x8000000000000000779680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c1c24568d794082021-12-20 16:02:03.433root 11241100x8000000000000000779681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebb8ec73ab5acad2021-12-20 16:02:03.433root 11241100x8000000000000000779682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc6de28527adda82021-12-20 16:02:03.433root 11241100x8000000000000000779683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc1ae4e3c4e01a02021-12-20 16:02:03.433root 11241100x8000000000000000779684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77570138713d37ab2021-12-20 16:02:03.434root 11241100x8000000000000000779685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2479a7debdd47de72021-12-20 16:02:03.434root 11241100x8000000000000000779686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce0e6d2167894c82021-12-20 16:02:03.434root 11241100x8000000000000000779687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23324be95fdd39f2021-12-20 16:02:03.434root 11241100x8000000000000000779688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9565323f28b0632021-12-20 16:02:03.434root 11241100x8000000000000000779689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fb3bbc8642215c2021-12-20 16:02:03.434root 11241100x8000000000000000779690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca28f9ab883d52e52021-12-20 16:02:03.924root 11241100x8000000000000000779691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9b65fc9e7bb2802021-12-20 16:02:03.925root 11241100x8000000000000000779692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a82120c1c7e34552021-12-20 16:02:03.925root 11241100x8000000000000000779693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0d694b21e51ee52021-12-20 16:02:03.925root 11241100x8000000000000000779694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ab87c8d93f695c2021-12-20 16:02:03.925root 11241100x8000000000000000779695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fed72d4016e1462021-12-20 16:02:03.926root 11241100x8000000000000000779696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67082ec8a0bf18132021-12-20 16:02:03.926root 11241100x8000000000000000779697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508ef5185a71a592021-12-20 16:02:03.926root 11241100x8000000000000000779698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0253367bfc28138b2021-12-20 16:02:03.927root 11241100x8000000000000000779699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303d9477437352392021-12-20 16:02:03.927root 11241100x8000000000000000779700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9200df11d8d6430f2021-12-20 16:02:03.927root 11241100x8000000000000000779701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6571dc33c88f882021-12-20 16:02:03.927root 11241100x8000000000000000779702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c0ee88e60744c42021-12-20 16:02:03.928root 11241100x8000000000000000779703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d0a479e8353d822021-12-20 16:02:03.928root 11241100x8000000000000000779704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1422b120bf4e6df2021-12-20 16:02:03.928root 11241100x8000000000000000779705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5927b6a53a5a8592021-12-20 16:02:03.928root 11241100x8000000000000000779706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc15856473dba7a12021-12-20 16:02:03.928root 11241100x8000000000000000779707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e43d3ed165e71c2021-12-20 16:02:03.928root 11241100x8000000000000000779708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47195f5f0264af212021-12-20 16:02:03.929root 11241100x8000000000000000779709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a3343641b729482021-12-20 16:02:03.929root 11241100x8000000000000000779710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c45f747fd7950a2021-12-20 16:02:03.929root 11241100x8000000000000000779711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4aef689b3b97932021-12-20 16:02:03.929root 11241100x8000000000000000779712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0645171b06b9749b2021-12-20 16:02:03.929root 11241100x8000000000000000779713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df13bc755b7335f2021-12-20 16:02:03.929root 11241100x8000000000000000779714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b534d67f33a3df32021-12-20 16:02:03.929root 11241100x8000000000000000779715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f91534c29381d82021-12-20 16:02:03.930root 11241100x8000000000000000779716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c57458e48e1bb72021-12-20 16:02:03.930root 11241100x8000000000000000779717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4001c98024156162021-12-20 16:02:03.930root 11241100x8000000000000000779718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a902eb85354d0e2021-12-20 16:02:03.930root 11241100x8000000000000000779719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a3798855d154cd2021-12-20 16:02:03.930root 11241100x8000000000000000779720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fee64d0fa9dd9c42021-12-20 16:02:03.930root 11241100x8000000000000000779721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2d14164f5f038b2021-12-20 16:02:03.930root 11241100x8000000000000000779722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a25567f22d238872021-12-20 16:02:03.930root 11241100x8000000000000000779723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24afe3fda6f41f02021-12-20 16:02:03.931root 11241100x8000000000000000779724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8ed95effa4ed382021-12-20 16:02:03.931root 11241100x8000000000000000779725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f770a6d346e7ce12021-12-20 16:02:03.931root 11241100x8000000000000000779726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f72f42f75fe6782021-12-20 16:02:03.931root 11241100x8000000000000000779727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7214f8999e2b882021-12-20 16:02:03.931root 11241100x8000000000000000779728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493e0b508dac85672021-12-20 16:02:03.931root 11241100x8000000000000000779729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221fcb1dd295671b2021-12-20 16:02:03.931root 11241100x8000000000000000779730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c83be1d6821d132021-12-20 16:02:03.931root 11241100x8000000000000000779731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4aaa932d30873b2021-12-20 16:02:03.932root 11241100x8000000000000000779732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986b7d860781e4a42021-12-20 16:02:03.932root 11241100x8000000000000000779733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:03.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9fbac68d5e60cc2021-12-20 16:02:03.932root 11241100x8000000000000000779734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f4cba1c1188d442021-12-20 16:02:04.424root 11241100x8000000000000000779735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa00d84aecfc58a12021-12-20 16:02:04.424root 11241100x8000000000000000779736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401500ff0b896b9b2021-12-20 16:02:04.424root 11241100x8000000000000000779737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768d719b416f935e2021-12-20 16:02:04.424root 11241100x8000000000000000779738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eab80d9544103b2021-12-20 16:02:04.425root 11241100x8000000000000000779739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05390ba00e19034e2021-12-20 16:02:04.425root 11241100x8000000000000000779740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98aca59e02d012552021-12-20 16:02:04.425root 11241100x8000000000000000779741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7fff76a7244c8b2021-12-20 16:02:04.425root 11241100x8000000000000000779742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34e126fb8e4b1d62021-12-20 16:02:04.425root 11241100x8000000000000000779743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b367aea5eb21e6f72021-12-20 16:02:04.426root 11241100x8000000000000000779744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3101f02c2aca31e82021-12-20 16:02:04.426root 11241100x8000000000000000779745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10487c2a7bc5efb02021-12-20 16:02:04.426root 11241100x8000000000000000779746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2b2fbe4a9a2512021-12-20 16:02:04.427root 11241100x8000000000000000779747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d819b2c72d90ca6f2021-12-20 16:02:04.427root 11241100x8000000000000000779748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8db3f99d57cf092021-12-20 16:02:04.427root 11241100x8000000000000000779749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b53799ec78a5692021-12-20 16:02:04.427root 11241100x8000000000000000779750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75da7937fa09ac5e2021-12-20 16:02:04.428root 11241100x8000000000000000779751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd35d48a426b73e2021-12-20 16:02:04.429root 11241100x8000000000000000779752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656df6e1704708b52021-12-20 16:02:04.430root 11241100x8000000000000000779753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12c4f7ea909c4122021-12-20 16:02:04.430root 11241100x8000000000000000779754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6786da9712433b1b2021-12-20 16:02:04.430root 11241100x8000000000000000779755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a362b6d9265d23ff2021-12-20 16:02:04.430root 11241100x8000000000000000779756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6618c6e05ba7f7142021-12-20 16:02:04.430root 11241100x8000000000000000779757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6c32f6a71f70212021-12-20 16:02:04.431root 11241100x8000000000000000779758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3325f03eacb312eb2021-12-20 16:02:04.432root 11241100x8000000000000000779759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aceb343bd29d01bd2021-12-20 16:02:04.432root 11241100x8000000000000000779760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfff7bc841eaf442021-12-20 16:02:04.432root 11241100x8000000000000000779761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b7397635248c952021-12-20 16:02:04.432root 11241100x8000000000000000779762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf9f5ecac095a6f2021-12-20 16:02:04.432root 11241100x8000000000000000779763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad584def7acc10f2021-12-20 16:02:04.432root 11241100x8000000000000000779764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c2ef32f1c6b92c2021-12-20 16:02:04.432root 11241100x8000000000000000779765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de51290e91e16312021-12-20 16:02:04.432root 11241100x8000000000000000779766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f793553b32188f2021-12-20 16:02:04.432root 11241100x8000000000000000779767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564ec6403e026b3f2021-12-20 16:02:04.433root 11241100x8000000000000000779768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bad0e41feef2db2021-12-20 16:02:04.433root 11241100x8000000000000000779769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e26bdf961dd7692021-12-20 16:02:04.433root 11241100x8000000000000000779770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4625a8c09a287c2021-12-20 16:02:04.433root 11241100x8000000000000000779771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0725e1677980085b2021-12-20 16:02:04.433root 11241100x8000000000000000779772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:04.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c836fbd0fabe3f252021-12-20 16:02:04.437root 23542300x8000000000000000779817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:09.030{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000779818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:09.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fc65f2bfa035662021-12-20 16:02:09.423root 11241100x8000000000000000779819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:09.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd68f2d9693b4c312021-12-20 16:02:09.923root 11241100x8000000000000000779820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:10.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3e8639de2e59e22021-12-20 16:02:10.423root 11241100x8000000000000000779821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:10.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b4712cd9d3643b2021-12-20 16:02:10.923root 11241100x8000000000000000779822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:11.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fa38cd4b9e5e9e2021-12-20 16:02:11.423root 11241100x8000000000000000779823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:11.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b2676649b2e3992021-12-20 16:02:11.923root 354300x8000000000000000779824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:12.083{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51540-false10.0.1.12-8000- 11241100x8000000000000000779825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced9d98ef71469c82021-12-20 16:02:12.424root 11241100x8000000000000000779826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12410ed3333d0a82021-12-20 16:02:12.424root 11241100x8000000000000000779827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a4f41494a387fa2021-12-20 16:02:12.924root 11241100x8000000000000000779828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f715dd7102ad63fa2021-12-20 16:02:12.924root 11241100x8000000000000000779829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9058c8662c89ae8f2021-12-20 16:02:13.424root 11241100x8000000000000000779830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7984dbec6ae443882021-12-20 16:02:13.424root 11241100x8000000000000000779831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:13.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8861f1a77af4ccaa2021-12-20 16:02:13.923root 11241100x8000000000000000779832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb7f26a2a09a29a2021-12-20 16:02:13.924root 11241100x8000000000000000779833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952fdd1a52a2d68c2021-12-20 16:02:14.424root 11241100x8000000000000000779834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c36b68b5e6ffcb42021-12-20 16:02:14.424root 11241100x8000000000000000779835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bbd1107a6194492021-12-20 16:02:14.924root 11241100x8000000000000000779836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc40d07d3c27f062021-12-20 16:02:14.924root 11241100x8000000000000000779837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e71b22c05e6f7d2021-12-20 16:02:15.424root 11241100x8000000000000000779838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54472c8a504c96d82021-12-20 16:02:15.424root 11241100x8000000000000000779839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2cb70b0cafc61f2021-12-20 16:02:15.924root 11241100x8000000000000000779840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578085fc029453292021-12-20 16:02:15.924root 154100x8000000000000000779841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:15.968{ec2c97d1-a907-61c0-7033-74c6f9550000}10234/bin/rm-----rm -rf /etc/profile.d/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 534500x8000000000000000779842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:15.970{ec2c97d1-a907-61c0-7033-74c6f9550000}10234/bin/rmubuntu 11241100x8000000000000000779843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7055be9bc24285d42021-12-20 16:02:16.424root 11241100x8000000000000000779844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f5ce5518a5c82a2021-12-20 16:02:16.424root 11241100x8000000000000000779845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9474d0b7466d81c62021-12-20 16:02:16.424root 11241100x8000000000000000779846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bc311999a59e6d2021-12-20 16:02:16.424root 11241100x8000000000000000779847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5611c7ede358e8b92021-12-20 16:02:16.924root 11241100x8000000000000000779848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e0cf3160c689682021-12-20 16:02:16.924root 11241100x8000000000000000779849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d1ea07d307b8772021-12-20 16:02:16.924root 11241100x8000000000000000779850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69254659242ab5be2021-12-20 16:02:16.924root 354300x8000000000000000779851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.110{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51542-false10.0.1.12-8000- 11241100x8000000000000000779852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011ed074451262d32021-12-20 16:02:17.424root 11241100x8000000000000000779853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2458508e8cfc42dd2021-12-20 16:02:17.424root 11241100x8000000000000000779854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814b485b425455bf2021-12-20 16:02:17.424root 11241100x8000000000000000779855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf0342ad9b3bc0a2021-12-20 16:02:17.424root 11241100x8000000000000000779856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85272c3cabc631d42021-12-20 16:02:17.424root 11241100x8000000000000000779857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d5c5435d1841ee2021-12-20 16:02:17.924root 11241100x8000000000000000779858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfda355860fe982b2021-12-20 16:02:17.924root 11241100x8000000000000000779859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cb6fb6aebb4e0f2021-12-20 16:02:17.924root 11241100x8000000000000000779860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2db5b876edf52a72021-12-20 16:02:17.924root 11241100x8000000000000000779861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18d1d8d0cb7b19b2021-12-20 16:02:17.924root 11241100x8000000000000000779862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f2201238030f772021-12-20 16:02:18.424root 11241100x8000000000000000779863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7a9af21115bb372021-12-20 16:02:18.424root 11241100x8000000000000000779864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e2824ecfc7b3cf2021-12-20 16:02:18.424root 11241100x8000000000000000779865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de153d621b5403322021-12-20 16:02:18.424root 11241100x8000000000000000779866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b92766ada5f16f52021-12-20 16:02:18.424root 11241100x8000000000000000779867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04551104edf332122021-12-20 16:02:18.924root 11241100x8000000000000000779868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4875639f580dfdb22021-12-20 16:02:18.924root 11241100x8000000000000000779869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f2f5c01e4733742021-12-20 16:02:18.924root 11241100x8000000000000000779870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df5bbf3039ee30a2021-12-20 16:02:18.924root 11241100x8000000000000000779871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290dd03fc70c2b4c2021-12-20 16:02:18.924root 11241100x8000000000000000779872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5d33c811028ee72021-12-20 16:02:19.424root 11241100x8000000000000000779873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f4c42de95584402021-12-20 16:02:19.424root 11241100x8000000000000000779874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5e58a705be19522021-12-20 16:02:19.424root 11241100x8000000000000000779875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015189289e9fcaec2021-12-20 16:02:19.424root 11241100x8000000000000000779876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419a3509909119a22021-12-20 16:02:19.424root 11241100x8000000000000000779877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0d5b42fc2b954d2021-12-20 16:02:19.924root 11241100x8000000000000000779878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85f1564f8a261562021-12-20 16:02:19.924root 11241100x8000000000000000779879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dce10fb2f19a9b2021-12-20 16:02:19.924root 11241100x8000000000000000779880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d39820af74256d82021-12-20 16:02:19.924root 11241100x8000000000000000779881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4799c30c20d5ef2021-12-20 16:02:19.924root 354300x8000000000000000779882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.085{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46246-false10.0.1.12-8089- 154100x8000000000000000779883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.366{ec2c97d1-a90c-61c0-68e4-1627a3550000}10235/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000779884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.367{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed63884fa4dc4f62021-12-20 16:02:20.367root 11241100x8000000000000000779885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.367{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee19df7d424c84cd2021-12-20 16:02:20.367root 11241100x8000000000000000779886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.367{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d44b9260f7cc762021-12-20 16:02:20.367root 11241100x8000000000000000779887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.367{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e95e372fe395c02021-12-20 16:02:20.367root 11241100x8000000000000000779888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.367{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c928404e411a1b1a2021-12-20 16:02:20.367root 11241100x8000000000000000779889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.367{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bcb247e65ca4342021-12-20 16:02:20.367root 11241100x8000000000000000779890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.367{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f184fc22d87fc2c42021-12-20 16:02:20.367root 534500x8000000000000000779891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.378{ec2c97d1-a90c-61c0-68e4-1627a3550000}10235/bin/psroot 11241100x8000000000000000779892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b232943ac3c5aade2021-12-20 16:02:20.674root 11241100x8000000000000000779893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d58a2278c7751d02021-12-20 16:02:20.674root 11241100x8000000000000000779894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383cc19cdcd9c99e2021-12-20 16:02:20.674root 11241100x8000000000000000779895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac8488c12e1d6152021-12-20 16:02:20.674root 11241100x8000000000000000779896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4cba0b3b29d6552021-12-20 16:02:20.674root 11241100x8000000000000000779897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f346c9210083d32021-12-20 16:02:20.674root 11241100x8000000000000000779898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc38ed5afbc7b262021-12-20 16:02:20.674root 11241100x8000000000000000779899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:20.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e45d581e2657c82021-12-20 16:02:20.675root 11241100x8000000000000000779900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b86eac0062f7ce2021-12-20 16:02:21.174root 11241100x8000000000000000779901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6dd9cb04416be12021-12-20 16:02:21.174root 11241100x8000000000000000779902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be10c429169e74c2021-12-20 16:02:21.174root 11241100x8000000000000000779903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b77423050733532021-12-20 16:02:21.174root 11241100x8000000000000000779904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec9ac1287d38cbe2021-12-20 16:02:21.174root 11241100x8000000000000000779905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13af7aeb4abaf5072021-12-20 16:02:21.175root 11241100x8000000000000000779906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfc3cfdbb8875bc2021-12-20 16:02:21.175root 11241100x8000000000000000779907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4c18ea2956ddcd2021-12-20 16:02:21.175root 11241100x8000000000000000779908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdb0400c1a4524d2021-12-20 16:02:21.674root 11241100x8000000000000000779909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cc2198e7c2b0f42021-12-20 16:02:21.674root 11241100x8000000000000000779910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f0c680c88af89d2021-12-20 16:02:21.674root 11241100x8000000000000000779911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8f873b2aabf62c2021-12-20 16:02:21.674root 11241100x8000000000000000779912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61039a21a15f09c2021-12-20 16:02:21.674root 11241100x8000000000000000779913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be0fa5fdb383a6a2021-12-20 16:02:21.674root 11241100x8000000000000000779914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8d45976be077af2021-12-20 16:02:21.674root 11241100x8000000000000000779915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939fbcba308fd4c72021-12-20 16:02:21.674root 354300x8000000000000000779916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.147{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51546-false10.0.1.12-8000- 11241100x8000000000000000779917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe3c126fd8d6d552021-12-20 16:02:22.148root 11241100x8000000000000000779918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c57554914fa41c12021-12-20 16:02:22.148root 11241100x8000000000000000779919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b669a76d37ad4422021-12-20 16:02:22.148root 11241100x8000000000000000779920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67cae0763d983772021-12-20 16:02:22.148root 11241100x8000000000000000779921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81e231e22d9eb922021-12-20 16:02:22.148root 11241100x8000000000000000779922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf877ee01e4f3b892021-12-20 16:02:22.148root 11241100x8000000000000000779923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21f26b5eb84d9172021-12-20 16:02:22.148root 11241100x8000000000000000779924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a989cd8f7ae63ce92021-12-20 16:02:22.148root 11241100x8000000000000000779925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12b41b6da6a36152021-12-20 16:02:22.148root 11241100x8000000000000000779926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569455642db678b02021-12-20 16:02:22.424root 11241100x8000000000000000779927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5056d19fef9ecd052021-12-20 16:02:22.424root 11241100x8000000000000000779928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7f1cef17c312292021-12-20 16:02:22.424root 11241100x8000000000000000779929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf62f8cb1dbb2bc2021-12-20 16:02:22.424root 11241100x8000000000000000779930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878f8467d105ecff2021-12-20 16:02:22.424root 11241100x8000000000000000779931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cdb303312340ad2021-12-20 16:02:22.425root 11241100x8000000000000000779932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa4988fcff0aac42021-12-20 16:02:22.425root 11241100x8000000000000000779933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fe920730e2b3052021-12-20 16:02:22.425root 11241100x8000000000000000779934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e418afce525fdc312021-12-20 16:02:22.425root 11241100x8000000000000000779935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635f58652b8d774b2021-12-20 16:02:22.924root 11241100x8000000000000000779936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde0b17878256d02021-12-20 16:02:22.924root 11241100x8000000000000000779937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a525738298132a62021-12-20 16:02:22.924root 11241100x8000000000000000779938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade270d212b9e00a2021-12-20 16:02:22.924root 11241100x8000000000000000779939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee117a670a76b3a2021-12-20 16:02:22.924root 11241100x8000000000000000779940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e16b5406ee9421b2021-12-20 16:02:22.925root 11241100x8000000000000000779941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7e19bc3507a4692021-12-20 16:02:22.925root 11241100x8000000000000000779942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de3f0d9cdb4f29e2021-12-20 16:02:22.925root 11241100x8000000000000000779943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:22.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652781cef956bdd42021-12-20 16:02:22.925root 534500x8000000000000000779944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.097{ec2c97d1-a90f-61c0-0000-000000000000}10236-ubuntu 534500x8000000000000000779945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.101{00000000-0000-0000-0000-000000000000}10237<unknown process>ubuntu 534500x8000000000000000779946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.103{ec2c97d1-a90f-61c0-0000-000000000000}10238-ubuntu 11241100x8000000000000000779947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.103{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bash/tmp/sh-thd.XIwDJI2021-12-20 16:02:23.103ubuntu 23542300x8000000000000000779948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.103{ec2c97d1-9cd7-61c0-0864-408b87550000}9810ubuntu/bin/bash/tmp/sh-thd.XIwDJI--- 11241100x8000000000000000779949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dc06336ebe6e8a2021-12-20 16:02:23.424root 11241100x8000000000000000779950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f907ad88805a72602021-12-20 16:02:23.424root 11241100x8000000000000000779951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79736d946eb16122021-12-20 16:02:23.424root 11241100x8000000000000000779952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acc6358481a7d122021-12-20 16:02:23.425root 11241100x8000000000000000779953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5f2956cca503902021-12-20 16:02:23.425root 11241100x8000000000000000779954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ae9346e60f98f92021-12-20 16:02:23.425root 11241100x8000000000000000779955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f683153fe5e5b34b2021-12-20 16:02:23.425root 11241100x8000000000000000779956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2d1212f6f1616c2021-12-20 16:02:23.425root 11241100x8000000000000000779957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6e04f9609186172021-12-20 16:02:23.425root 11241100x8000000000000000779958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031c332394a1abc72021-12-20 16:02:23.425root 11241100x8000000000000000779959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819639bf737458062021-12-20 16:02:23.425root 11241100x8000000000000000779960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90a04d8c02b37202021-12-20 16:02:23.425root 11241100x8000000000000000779961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e43745945e6c1be2021-12-20 16:02:23.425root 11241100x8000000000000000779962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf2a0810fa844892021-12-20 16:02:23.425root 154100x8000000000000000779963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.713{ec2c97d1-a90f-61c0-088e-c9d5d1550000}10239/usr/bin/sudo-----sudo rm -rf /etc/profile.d/mal_boot.sh/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 11241100x8000000000000000779964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.714{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1497d88ca0b91f582021-12-20 16:02:23.714root 11241100x8000000000000000779965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.714{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cc4200b4edb0a32021-12-20 16:02:23.714root 11241100x8000000000000000779966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.715{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f800fd5f54ad582021-12-20 16:02:23.715root 11241100x8000000000000000779967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.715{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03eb376cf8d19ed72021-12-20 16:02:23.715root 11241100x8000000000000000779968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.715{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97105543e178fdd12021-12-20 16:02:23.715root 11241100x8000000000000000779969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.715{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d210c5316dabc22021-12-20 16:02:23.715root 11241100x8000000000000000779970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.715{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be0083637ae63452021-12-20 16:02:23.715root 11241100x8000000000000000779971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.715{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72c6522e2c03df62021-12-20 16:02:23.715root 11241100x8000000000000000779972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.715{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a260096f0b68cc2021-12-20 16:02:23.715root 11241100x8000000000000000779973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.716{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f08a7839dfe0602021-12-20 16:02:23.716root 11241100x8000000000000000779974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.716{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8adccfb0fc40db2021-12-20 16:02:23.716root 11241100x8000000000000000779975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.716{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d331e1845ea4f9a2021-12-20 16:02:23.716root 11241100x8000000000000000779976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.716{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76f60645b6592742021-12-20 16:02:23.716root 11241100x8000000000000000779977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.716{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe7d6ea99bb10c62021-12-20 16:02:23.716root 11241100x8000000000000000779978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.716{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b787f0a3105d872021-12-20 16:02:23.716root 354300x8000000000000000779979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.718{ec2c97d1-a90f-61c0-088e-c9d5d1550000}10239/usr/bin/sudoubuntuudptruefalse127.0.0.1-50973-false127.0.0.53-53- 354300x8000000000000000779980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.719{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-45300-false10.0.0.2-53- 354300x8000000000000000779981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.719{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-36106-false10.0.0.2-53- 354300x8000000000000000779982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.720{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-50973- 354300x8000000000000000779983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.720{ec2c97d1-a90f-61c0-088e-c9d5d1550000}10239/usr/bin/sudoubuntuudptruefalse127.0.0.1-45838-false127.0.0.53-53- 354300x8000000000000000779984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.720{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45838- 154100x8000000000000000779985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.725{ec2c97d1-a90f-61c0-70a3-dabafb550000}10240/bin/rm-----rm -rf /etc/profile.d/mal_boot.sh/home/ubunturoot{ec2c97d1-0000-0000-0000-000000000000}07no level-{ec2c97d1-a90f-61c0-088e-c9d5d1550000}10239/usr/bin/sudosudoubuntu 23542300x8000000000000000779986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.726{ec2c97d1-a90f-61c0-70a3-dabafb550000}10240root/bin/rm/etc/profile.d/mal_boot.sh--- 534500x8000000000000000779987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.726{ec2c97d1-a90f-61c0-70a3-dabafb550000}10240/bin/rmroot 534500x8000000000000000779988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:23.728{ec2c97d1-a90f-61c0-088e-c9d5d1550000}10239/usr/bin/sudoroot 11241100x8000000000000000779989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab871005289c7d22021-12-20 16:02:24.175root 11241100x8000000000000000779990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e759064cb9582122021-12-20 16:02:24.175root 11241100x8000000000000000779991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77640363bc9f1902021-12-20 16:02:24.175root 11241100x8000000000000000779992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441304f5d275bef92021-12-20 16:02:24.175root 11241100x8000000000000000779993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503b11d17ce98c312021-12-20 16:02:24.175root 11241100x8000000000000000779994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f961772f40d9832021-12-20 16:02:24.175root 11241100x8000000000000000779995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d4d45f45b5d0f82021-12-20 16:02:24.175root 11241100x8000000000000000779996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314a79b932efaca52021-12-20 16:02:24.175root 11241100x8000000000000000779997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8637eccf79a3b782021-12-20 16:02:24.175root 11241100x8000000000000000779998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0043a3f794fd3d2021-12-20 16:02:24.175root 11241100x8000000000000000779999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f1810467709d812021-12-20 16:02:24.175root 11241100x8000000000000000780000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d34d8fa901ab0e2021-12-20 16:02:24.175root 11241100x8000000000000000780001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7babd2ed3d2517842021-12-20 16:02:24.176root 11241100x8000000000000000780002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479749c051c3d6032021-12-20 16:02:24.176root 11241100x8000000000000000780003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82b0a6edc5845322021-12-20 16:02:24.176root 11241100x8000000000000000780004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05f5288d5060c512021-12-20 16:02:24.176root 11241100x8000000000000000780005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55378947c6705f9b2021-12-20 16:02:24.176root 11241100x8000000000000000780006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e53021b354521ee2021-12-20 16:02:24.176root 11241100x8000000000000000780007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344cd36d794de2442021-12-20 16:02:24.176root 11241100x8000000000000000780008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc0265c2d213c362021-12-20 16:02:24.176root 11241100x8000000000000000780009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254f9de948dce7b32021-12-20 16:02:24.176root 11241100x8000000000000000780010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b652a1513445c8c2021-12-20 16:02:24.176root 11241100x8000000000000000780011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e651bc9ade6c5402021-12-20 16:02:24.176root 11241100x8000000000000000780012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2eb8b78c39e2652021-12-20 16:02:24.177root 11241100x8000000000000000780013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb85219885697b5f2021-12-20 16:02:24.177root 11241100x8000000000000000780014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32f65f7a303e2312021-12-20 16:02:24.675root 11241100x8000000000000000780015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d25de8c8c750fc2021-12-20 16:02:24.675root 11241100x8000000000000000780016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5bda744f17b9ab2021-12-20 16:02:24.675root 11241100x8000000000000000780017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aed3d87ac0f8ebc2021-12-20 16:02:24.675root 11241100x8000000000000000780018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb18dc9a89f052552021-12-20 16:02:24.675root 11241100x8000000000000000780019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d389eae2137587952021-12-20 16:02:24.675root 11241100x8000000000000000780020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcaab5c62416ec52021-12-20 16:02:24.675root 11241100x8000000000000000780021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb74a37bd659d5d2021-12-20 16:02:24.675root 11241100x8000000000000000780022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fcc9c289556c602021-12-20 16:02:24.675root 11241100x8000000000000000780023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6f848d117601352021-12-20 16:02:24.675root 11241100x8000000000000000780024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619b21601eb75e602021-12-20 16:02:24.676root 11241100x8000000000000000780025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3026404182e0ad2021-12-20 16:02:24.676root 11241100x8000000000000000780026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399bd9d7636d504e2021-12-20 16:02:24.676root 11241100x8000000000000000780027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212161ad91df306a2021-12-20 16:02:24.676root 11241100x8000000000000000780028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7076d1b0d01bc55f2021-12-20 16:02:24.676root 11241100x8000000000000000780029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0da046bfaeb12392021-12-20 16:02:24.676root 11241100x8000000000000000780030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfbcb8348bf77502021-12-20 16:02:24.676root 11241100x8000000000000000780031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c27e1fa6549c1f2021-12-20 16:02:24.676root 11241100x8000000000000000780032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd88d0db2d5d0bb2021-12-20 16:02:24.677root 11241100x8000000000000000780033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d3e392edc41d912021-12-20 16:02:24.677root 11241100x8000000000000000780034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed781464982180ff2021-12-20 16:02:24.677root 11241100x8000000000000000780035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa69e21b7a4e3362021-12-20 16:02:24.677root 11241100x8000000000000000780036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c38ab6bfe14a3f2021-12-20 16:02:24.677root 11241100x8000000000000000780037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74874580a0d061aa2021-12-20 16:02:24.677root 11241100x8000000000000000780038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270d60e5ef4a7c642021-12-20 16:02:24.677root 11241100x8000000000000000780039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d19a9118637f16d2021-12-20 16:02:25.175root 11241100x8000000000000000780040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcb924da8bc1eb72021-12-20 16:02:25.175root 11241100x8000000000000000780041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec1815f5e783e452021-12-20 16:02:25.175root 11241100x8000000000000000780042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677013f433eea10a2021-12-20 16:02:25.175root 11241100x8000000000000000780043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7f946e64d342952021-12-20 16:02:25.175root 11241100x8000000000000000780044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dac7ad5a82fba852021-12-20 16:02:25.175root 11241100x8000000000000000780045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369691ab68c0ec052021-12-20 16:02:25.175root 11241100x8000000000000000780046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1367622888a36f632021-12-20 16:02:25.175root 11241100x8000000000000000780047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a85fdce7f647382021-12-20 16:02:25.176root 11241100x8000000000000000780048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a99d032b14b3a12021-12-20 16:02:25.176root 11241100x8000000000000000780049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eed9a49b8886e92021-12-20 16:02:25.176root 11241100x8000000000000000780050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3543e6380b70f8e2021-12-20 16:02:25.176root 11241100x8000000000000000780051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef5addfaf177c592021-12-20 16:02:25.176root 11241100x8000000000000000780052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85e34a7d7b61f8a2021-12-20 16:02:25.176root 11241100x8000000000000000780053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017719d944ac72162021-12-20 16:02:25.176root 11241100x8000000000000000780054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ad8259d4dfd2c22021-12-20 16:02:25.176root 11241100x8000000000000000780055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6184518bd0674ae2021-12-20 16:02:25.176root 11241100x8000000000000000780056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d61e747b7e5a2392021-12-20 16:02:25.176root 11241100x8000000000000000780057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0737a4644c6f6b3a2021-12-20 16:02:25.177root 11241100x8000000000000000780058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf49af00fccdc07e2021-12-20 16:02:25.177root 11241100x8000000000000000780059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b33bc6340458e02021-12-20 16:02:25.177root 11241100x8000000000000000780060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beddee4da18485682021-12-20 16:02:25.177root 11241100x8000000000000000780061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2993348bce3489042021-12-20 16:02:25.177root 11241100x8000000000000000780062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d198201bdda7277e2021-12-20 16:02:25.177root 11241100x8000000000000000780063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3a2ff2180fdd0e2021-12-20 16:02:25.177root 11241100x8000000000000000780064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797d004b7fb403472021-12-20 16:02:25.675root 11241100x8000000000000000780065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44c4c459631aa512021-12-20 16:02:25.675root 11241100x8000000000000000780066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f49a36f7b5e58bf2021-12-20 16:02:25.675root 11241100x8000000000000000780067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3202ea2486344f422021-12-20 16:02:25.675root 11241100x8000000000000000780068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4345c360891fd0d2021-12-20 16:02:25.675root 11241100x8000000000000000780069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25abf93a7431bb742021-12-20 16:02:25.675root 11241100x8000000000000000780070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e98b0b227204012021-12-20 16:02:25.675root 11241100x8000000000000000780071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b81623991cb8bd2021-12-20 16:02:25.675root 11241100x8000000000000000780072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d9529a213e7f9f2021-12-20 16:02:25.675root 11241100x8000000000000000780073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff044c31a6831d72021-12-20 16:02:25.675root 11241100x8000000000000000780074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6029e2a5c9b75f22021-12-20 16:02:25.675root 11241100x8000000000000000780075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacb53ca145db9762021-12-20 16:02:25.675root 11241100x8000000000000000780076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199abdd1e1d0c2942021-12-20 16:02:25.675root 11241100x8000000000000000780077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60676ff49a2804f32021-12-20 16:02:25.676root 11241100x8000000000000000780078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009e2c9906aefa352021-12-20 16:02:25.676root 11241100x8000000000000000780079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a059c3d44b9ed6d2021-12-20 16:02:25.676root 11241100x8000000000000000780080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b021000c902502922021-12-20 16:02:25.676root 11241100x8000000000000000780081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a8d43e3f3356522021-12-20 16:02:25.676root 11241100x8000000000000000780082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cf4ba80e3d87342021-12-20 16:02:25.676root 11241100x8000000000000000780083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8b73d663ed5da72021-12-20 16:02:25.676root 11241100x8000000000000000780084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ded18c0b73cd372021-12-20 16:02:25.676root 11241100x8000000000000000780085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe3bbe5a921cd772021-12-20 16:02:25.676root 11241100x8000000000000000780086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab5f22f6fbbe4132021-12-20 16:02:25.676root 11241100x8000000000000000780087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f359b7fc2518bd7d2021-12-20 16:02:25.676root 11241100x8000000000000000780088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b47091feca831c2021-12-20 16:02:25.676root 11241100x8000000000000000780089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82da817c359e5f8a2021-12-20 16:02:26.175root 11241100x8000000000000000780090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4769894dc2db09d72021-12-20 16:02:26.175root 11241100x8000000000000000780091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f2c5888a7914052021-12-20 16:02:26.175root 11241100x8000000000000000780092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064611f25ab2a4b52021-12-20 16:02:26.175root 11241100x8000000000000000780093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cee1192c73d6852021-12-20 16:02:26.175root 11241100x8000000000000000780094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7850d01575e87dc2021-12-20 16:02:26.175root 11241100x8000000000000000780095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864d7e451597e67e2021-12-20 16:02:26.175root 11241100x8000000000000000780096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d693b98a5cea5ac2021-12-20 16:02:26.175root 11241100x8000000000000000780097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92eb57e673888ff2021-12-20 16:02:26.175root 11241100x8000000000000000780098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a108adc9e039e102021-12-20 16:02:26.175root 11241100x8000000000000000780099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef05327eb494d3542021-12-20 16:02:26.175root 11241100x8000000000000000780100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb87c146566de232021-12-20 16:02:26.175root 11241100x8000000000000000780101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7618a8ddfd0b6ac02021-12-20 16:02:26.176root 11241100x8000000000000000780102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966f2abf314ef2682021-12-20 16:02:26.176root 11241100x8000000000000000780103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ced21a76f829db2021-12-20 16:02:26.176root 11241100x8000000000000000780104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7cc85375bb72c32021-12-20 16:02:26.176root 11241100x8000000000000000780105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fd62cde83f98c52021-12-20 16:02:26.177root 11241100x8000000000000000780106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cad5def51cda212021-12-20 16:02:26.177root 11241100x8000000000000000780107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368235fd63fa3ca12021-12-20 16:02:26.177root 11241100x8000000000000000780108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fac51d45f9bb17c2021-12-20 16:02:26.177root 11241100x8000000000000000780109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caa2e2aec7b2fbf2021-12-20 16:02:26.177root 11241100x8000000000000000780110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86f8eb65cb1d7fd2021-12-20 16:02:26.178root 11241100x8000000000000000780111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ff93aeb47b100e2021-12-20 16:02:26.178root 11241100x8000000000000000780112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071f74c16a06f4b52021-12-20 16:02:26.178root 11241100x8000000000000000780113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b9217450811b332021-12-20 16:02:26.178root 11241100x8000000000000000780114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a76b47a8e7a5b382021-12-20 16:02:26.675root 11241100x8000000000000000780115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757dfe05bbdeaa0a2021-12-20 16:02:26.675root 11241100x8000000000000000780116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29eb34186456b0ae2021-12-20 16:02:26.675root 11241100x8000000000000000780117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c2a9f0f1d6cdb22021-12-20 16:02:26.675root 11241100x8000000000000000780118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718b29f31487b19f2021-12-20 16:02:26.675root 11241100x8000000000000000780119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1408f7aa9d85a0bc2021-12-20 16:02:26.675root 11241100x8000000000000000780120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8662b93e032903d82021-12-20 16:02:26.675root 11241100x8000000000000000780121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8318df316afe00f2021-12-20 16:02:26.675root 11241100x8000000000000000780122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e22f4c68b35bee2021-12-20 16:02:26.675root 11241100x8000000000000000780123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69b5c215d20be652021-12-20 16:02:26.676root 11241100x8000000000000000780124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a6e6cbdf047da42021-12-20 16:02:26.676root 11241100x8000000000000000780125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6596291a309b58872021-12-20 16:02:26.676root 11241100x8000000000000000780126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0c4fe28d74988a2021-12-20 16:02:26.676root 11241100x8000000000000000780127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdb573ffa9473322021-12-20 16:02:26.676root 11241100x8000000000000000780128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a553cf2a8c9f10b52021-12-20 16:02:26.676root 11241100x8000000000000000780129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc820fd6a63e2cf2021-12-20 16:02:26.676root 11241100x8000000000000000780130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34335afe7396ab4e2021-12-20 16:02:26.676root 11241100x8000000000000000780131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db581fcc0a2180d2021-12-20 16:02:26.676root 11241100x8000000000000000780132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860d9d8aa4e964c02021-12-20 16:02:26.677root 11241100x8000000000000000780133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475cf30b9533e93d2021-12-20 16:02:26.677root 11241100x8000000000000000780134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5d7775f45190392021-12-20 16:02:26.677root 11241100x8000000000000000780135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88663428b1ceb202021-12-20 16:02:26.677root 11241100x8000000000000000780136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4ae445b65e80562021-12-20 16:02:26.677root 11241100x8000000000000000780137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938e86b76a38986f2021-12-20 16:02:26.677root 11241100x8000000000000000780138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68f4e1298973e522021-12-20 16:02:26.677root 354300x8000000000000000780139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.147{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51548-false10.0.1.12-8000- 11241100x8000000000000000780140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccfa744cb0a8b4d2021-12-20 16:02:27.148root 11241100x8000000000000000780141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee1c10b3d6093c52021-12-20 16:02:27.148root 11241100x8000000000000000780142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a0bc155d3ccdce2021-12-20 16:02:27.148root 11241100x8000000000000000780143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05476ceba74550782021-12-20 16:02:27.148root 11241100x8000000000000000780144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.148{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd2e110f05f46fd2021-12-20 16:02:27.148root 11241100x8000000000000000780145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.149{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c97e10eac977f782021-12-20 16:02:27.149root 11241100x8000000000000000780146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.149{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d7d63370b4c0d82021-12-20 16:02:27.149root 11241100x8000000000000000780147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.149{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e77c440ba6aafb2021-12-20 16:02:27.149root 11241100x8000000000000000780148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.149{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b1af35a3b7b6562021-12-20 16:02:27.149root 11241100x8000000000000000780149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.150{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7a2e0f235d16dc2021-12-20 16:02:27.150root 11241100x8000000000000000780150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.150{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14794c0f0b7d76602021-12-20 16:02:27.150root 11241100x8000000000000000780151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.150{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aec0ebc2e0ae1f2021-12-20 16:02:27.150root 11241100x8000000000000000780152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.150{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044f7d2150832fb02021-12-20 16:02:27.150root 11241100x8000000000000000780153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.150{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7171df2d37c9922021-12-20 16:02:27.150root 11241100x8000000000000000780154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.151{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f18f70de531ec862021-12-20 16:02:27.151root 11241100x8000000000000000780155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.151{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09552abe774a2afe2021-12-20 16:02:27.151root 11241100x8000000000000000780156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.151{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b68930612792aa2021-12-20 16:02:27.151root 11241100x8000000000000000780157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.151{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0e90a53c93f5942021-12-20 16:02:27.151root 11241100x8000000000000000780158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.152{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7731bd0458ba3d6a2021-12-20 16:02:27.152root 11241100x8000000000000000780159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.152{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad1f9f96bc65c1f2021-12-20 16:02:27.152root 11241100x8000000000000000780160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.152{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407527d48a685bb62021-12-20 16:02:27.152root 11241100x8000000000000000780161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.152{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0f649d25ac25752021-12-20 16:02:27.152root 11241100x8000000000000000780162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.153{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447796331f1235392021-12-20 16:02:27.153root 11241100x8000000000000000780163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.153{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f5b803f7d8df192021-12-20 16:02:27.153root 11241100x8000000000000000780164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.153{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0512260bbccb90482021-12-20 16:02:27.153root 11241100x8000000000000000780165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.154{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1264e2a49d2e0c2021-12-20 16:02:27.154root 11241100x8000000000000000780166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.154{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743df0497a8c3fa12021-12-20 16:02:27.154root 11241100x8000000000000000780167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.154{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e38a73dda40552f2021-12-20 16:02:27.154root 11241100x8000000000000000780168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.154{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e66e49528f7c4522021-12-20 16:02:27.154root 11241100x8000000000000000780169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.154{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9133bfa7a6a4c17a2021-12-20 16:02:27.154root 11241100x8000000000000000780170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.154{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845b19cc1657ade22021-12-20 16:02:27.154root 11241100x8000000000000000780171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22edf5f314204072021-12-20 16:02:27.424root 11241100x8000000000000000780172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2b0e86d4fce4982021-12-20 16:02:27.424root 11241100x8000000000000000780173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca924d2e89bdf85a2021-12-20 16:02:27.424root 11241100x8000000000000000780174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226d65027b4a7d692021-12-20 16:02:27.425root 11241100x8000000000000000780175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d24bbb19dce741b2021-12-20 16:02:27.425root 11241100x8000000000000000780176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f0d87e491eff542021-12-20 16:02:27.425root 11241100x8000000000000000780177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339b8b35490730a62021-12-20 16:02:27.425root 11241100x8000000000000000780178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18bbc550450d8d42021-12-20 16:02:27.425root 11241100x8000000000000000780179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad8bff85a69f9d22021-12-20 16:02:27.425root 11241100x8000000000000000780180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09399633edcc0dc2021-12-20 16:02:27.425root 11241100x8000000000000000780181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556764053705157e2021-12-20 16:02:27.425root 11241100x8000000000000000780182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de42f896fea3db112021-12-20 16:02:27.425root 11241100x8000000000000000780183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385bed8a025ff8b52021-12-20 16:02:27.425root 11241100x8000000000000000780184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a78418d8645ccca2021-12-20 16:02:27.425root 11241100x8000000000000000780185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ac3575d1e650702021-12-20 16:02:27.426root 11241100x8000000000000000780186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ae6b0b5c1eb0a62021-12-20 16:02:27.426root 11241100x8000000000000000780187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460ae800cd68a7862021-12-20 16:02:27.426root 11241100x8000000000000000780188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46918a97647a31332021-12-20 16:02:27.426root 11241100x8000000000000000780189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e801fb39c4a3ac452021-12-20 16:02:27.426root 11241100x8000000000000000780190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a5f81f8f3ea5ee2021-12-20 16:02:27.427root 11241100x8000000000000000780191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64a3759d60ef4532021-12-20 16:02:27.427root 11241100x8000000000000000780192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fe7f8d550b3ae42021-12-20 16:02:27.427root 11241100x8000000000000000780193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93fa1888b4d21db2021-12-20 16:02:27.427root 11241100x8000000000000000780194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0025f01e02f8ad2021-12-20 16:02:27.427root 11241100x8000000000000000780195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137ee1a5ca0bba2f2021-12-20 16:02:27.427root 11241100x8000000000000000780196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9099ae2b02a4f2872021-12-20 16:02:27.427root 11241100x8000000000000000780197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f089fe8cc27d3362021-12-20 16:02:27.924root 11241100x8000000000000000780198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183fffe273044d002021-12-20 16:02:27.924root 11241100x8000000000000000780199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896f4dad126691362021-12-20 16:02:27.925root 11241100x8000000000000000780200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da2b9732ab1d7f92021-12-20 16:02:27.925root 11241100x8000000000000000780201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a89015b4309b162021-12-20 16:02:27.925root 11241100x8000000000000000780202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0f5d31b64cffdf2021-12-20 16:02:27.925root 11241100x8000000000000000780203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7759ad9284bd165a2021-12-20 16:02:27.925root 11241100x8000000000000000780204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100d5569c870aeef2021-12-20 16:02:27.925root 11241100x8000000000000000780205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb2e20d0b883c752021-12-20 16:02:27.925root 11241100x8000000000000000780206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf587c30d343c3b2021-12-20 16:02:27.925root 11241100x8000000000000000780207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8feeb1dfe0703a2021-12-20 16:02:27.925root 11241100x8000000000000000780208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5d8763b357270a2021-12-20 16:02:27.925root 11241100x8000000000000000780209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29afc4fae9a4e862021-12-20 16:02:27.926root 11241100x8000000000000000780210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34f4bb57edea7a82021-12-20 16:02:27.926root 11241100x8000000000000000780211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbdd4fe7a1610a52021-12-20 16:02:27.926root 11241100x8000000000000000780212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff911944d46328112021-12-20 16:02:27.926root 11241100x8000000000000000780213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9ab191d1c8696e2021-12-20 16:02:27.926root 11241100x8000000000000000780214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa005caeaec12282021-12-20 16:02:27.926root 11241100x8000000000000000780215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cef7434d5ddf47f2021-12-20 16:02:27.929root 11241100x8000000000000000780216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e59473cbb5ca03a2021-12-20 16:02:27.929root 11241100x8000000000000000780217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832216b5677e53732021-12-20 16:02:27.929root 11241100x8000000000000000780218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9cf2d6aca4fa892021-12-20 16:02:27.929root 11241100x8000000000000000780219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8e351b8d4694ac2021-12-20 16:02:27.929root 11241100x8000000000000000780220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dc117df469c2722021-12-20 16:02:27.930root 11241100x8000000000000000780221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c63f670a78ad4262021-12-20 16:02:27.930root 11241100x8000000000000000780222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2343651d526e8b172021-12-20 16:02:27.931root 11241100x8000000000000000780223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e12062b2df879b22021-12-20 16:02:27.931root 11241100x8000000000000000780224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee05b9ec95b217832021-12-20 16:02:27.931root 11241100x8000000000000000780225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac779dd52a52e762021-12-20 16:02:27.932root 11241100x8000000000000000780226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c40157bd4121c12021-12-20 16:02:27.932root 11241100x8000000000000000780227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd86cee79b83bfa2021-12-20 16:02:27.932root 11241100x8000000000000000780228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfb982e779308982021-12-20 16:02:27.932root 11241100x8000000000000000780229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:27.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4fd7a578aaeb6f2021-12-20 16:02:27.932root 154100x8000000000000000780230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.268{ec2c97d1-a914-61c0-089e-1e1255560000}10241/usr/bin/sudo-----sudo cp mal_boot.sh /etc/profile.d/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 11241100x8000000000000000780231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.270{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bb7b917b27ae712021-12-20 16:02:28.270root 11241100x8000000000000000780232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.270{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbbf2cbd8fb5cb12021-12-20 16:02:28.270root 11241100x8000000000000000780233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.270{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b431991d69620ba2021-12-20 16:02:28.270root 11241100x8000000000000000780234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.270{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a72313f2d20f152021-12-20 16:02:28.270root 11241100x8000000000000000780235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.270{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb79ca934f80f112021-12-20 16:02:28.270root 11241100x8000000000000000780236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.270{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346951e489a810792021-12-20 16:02:28.270root 11241100x8000000000000000780237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466f30b6befe69022021-12-20 16:02:28.271root 11241100x8000000000000000780238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4706dc3defb7f32021-12-20 16:02:28.271root 11241100x8000000000000000780239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46996c037e6226b2021-12-20 16:02:28.271root 11241100x8000000000000000780240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61a55e0b4c6d5762021-12-20 16:02:28.271root 11241100x8000000000000000780241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a310bd0697794a2021-12-20 16:02:28.271root 11241100x8000000000000000780242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba47eae270a119f2021-12-20 16:02:28.271root 11241100x8000000000000000780243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1411db111231a0ca2021-12-20 16:02:28.271root 11241100x8000000000000000780244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985ac1cc43a276322021-12-20 16:02:28.271root 11241100x8000000000000000780245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1c414374c10f522021-12-20 16:02:28.271root 11241100x8000000000000000780246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d4a1bfecc7c1e12021-12-20 16:02:28.271root 11241100x8000000000000000780247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9fa50751f4ecbf2021-12-20 16:02:28.271root 11241100x8000000000000000780248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.271{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e76b9cc048279a92021-12-20 16:02:28.271root 11241100x8000000000000000780249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.272{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598044823c3c01392021-12-20 16:02:28.272root 11241100x8000000000000000780250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.272{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b958eeca0547be2021-12-20 16:02:28.272root 354300x8000000000000000780251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.272{ec2c97d1-a914-61c0-089e-1e1255560000}10241/usr/bin/sudoubuntuudptruefalse127.0.0.1-47916-false127.0.0.53-53- 11241100x8000000000000000780252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.272{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaa126429afd4212021-12-20 16:02:28.272root 11241100x8000000000000000780253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.272{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb9ed7bf11d416f2021-12-20 16:02:28.272root 11241100x8000000000000000780254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ad6b0803ef26522021-12-20 16:02:28.273root 11241100x8000000000000000780255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafd723d3a1527ff2021-12-20 16:02:28.273root 11241100x8000000000000000780256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6170e30849fe2322021-12-20 16:02:28.273root 11241100x8000000000000000780257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ce0a5638afa8072021-12-20 16:02:28.273root 11241100x8000000000000000780258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.273{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c72a39c6ab221572021-12-20 16:02:28.273root 354300x8000000000000000780259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.272{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-35204-false10.0.0.2-53- 354300x8000000000000000780260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.272{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-40335-false10.0.0.2-53- 354300x8000000000000000780261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.272{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-47916- 354300x8000000000000000780262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.273{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-36226- 354300x8000000000000000780263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.272{ec2c97d1-a914-61c0-089e-1e1255560000}10241/usr/bin/sudoubuntuudptruefalse127.0.0.1-36226-false127.0.0.53-53- 154100x8000000000000000780264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.277{ec2c97d1-a914-61c0-986a-9fb50a560000}10242/bin/cp-----cp mal_boot.sh /etc/profile.d/home/ubunturoot{ec2c97d1-0000-0000-0000-000000000000}07no level-{ec2c97d1-a914-61c0-089e-1e1255560000}10241/usr/bin/sudosudoubuntu 11241100x8000000000000000780265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.279{ec2c97d1-a914-61c0-986a-9fb50a560000}10242/bin/cp/etc/profile.d/mal_boot.sh2021-12-20 16:02:28.279root 534500x8000000000000000780266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.279{ec2c97d1-a914-61c0-986a-9fb50a560000}10242/bin/cproot 534500x8000000000000000780267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.280{ec2c97d1-a914-61c0-089e-1e1255560000}10241/usr/bin/sudoroot 11241100x8000000000000000780268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7d96082297ced32021-12-20 16:02:28.675root 11241100x8000000000000000780269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9495a28d9b9c562021-12-20 16:02:28.675root 11241100x8000000000000000780270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fb21c948009e3d2021-12-20 16:02:28.676root 11241100x8000000000000000780271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae4ff0537f0890c2021-12-20 16:02:28.676root 11241100x8000000000000000780272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d38d9bc9097b092021-12-20 16:02:28.676root 11241100x8000000000000000780273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a720d93a3b8e7c182021-12-20 16:02:28.677root 11241100x8000000000000000780274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361ad2b3d2c2920e2021-12-20 16:02:28.677root 11241100x8000000000000000780275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d3c9dd2c37f0422021-12-20 16:02:28.677root 11241100x8000000000000000780276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaed2a9726109862021-12-20 16:02:28.677root 11241100x8000000000000000780277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bea2560d1ccef92021-12-20 16:02:28.677root 11241100x8000000000000000780278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f4abb4967c3ba2021-12-20 16:02:28.677root 11241100x8000000000000000780279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f54d2186cb0d072021-12-20 16:02:28.677root 11241100x8000000000000000780280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dd8178cb6e340b2021-12-20 16:02:28.677root 11241100x8000000000000000780281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a6bc8f2e5548902021-12-20 16:02:28.677root 11241100x8000000000000000780282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a98bc840424ddf52021-12-20 16:02:28.677root 11241100x8000000000000000780283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284ebeaf6648048f2021-12-20 16:02:28.678root 11241100x8000000000000000780284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d002483d4977d42021-12-20 16:02:28.678root 11241100x8000000000000000780285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1bb27bfccfe0942021-12-20 16:02:28.678root 11241100x8000000000000000780286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14222c9e4a869d422021-12-20 16:02:28.678root 11241100x8000000000000000780287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc44fbec029a74942021-12-20 16:02:28.678root 11241100x8000000000000000780288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfd700dfc6fb0c42021-12-20 16:02:28.678root 11241100x8000000000000000780289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93416e36a07822e12021-12-20 16:02:28.680root 11241100x8000000000000000780290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdf6112651060c52021-12-20 16:02:28.680root 11241100x8000000000000000780291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b3f3c864b4c5312021-12-20 16:02:28.680root 11241100x8000000000000000780292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd829256106377b82021-12-20 16:02:28.680root 11241100x8000000000000000780293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0895bb44b3aa62c2021-12-20 16:02:28.680root 11241100x8000000000000000780294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4790cb379de87ecd2021-12-20 16:02:28.680root 11241100x8000000000000000780295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5234c751f837d2462021-12-20 16:02:28.681root 11241100x8000000000000000780296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0337cbca018668f2021-12-20 16:02:28.681root 11241100x8000000000000000780297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f474d7cfba2367382021-12-20 16:02:28.681root 11241100x8000000000000000780298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2852f254c94d13e2021-12-20 16:02:28.681root 11241100x8000000000000000780299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3461b9ee94a2d6632021-12-20 16:02:28.681root 11241100x8000000000000000780300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde08e644a25fc882021-12-20 16:02:28.682root 11241100x8000000000000000780301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fcf37db0add7fd2021-12-20 16:02:28.682root 11241100x8000000000000000780302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1829da20d6e7bc522021-12-20 16:02:28.682root 11241100x8000000000000000780303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3098c71749199b92021-12-20 16:02:28.682root 11241100x8000000000000000780304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:28.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0093497148da63a2021-12-20 16:02:28.682root 11241100x8000000000000000780305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def60718d06df28a2021-12-20 16:02:29.175root 11241100x8000000000000000780306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91442036bf60a672021-12-20 16:02:29.175root 11241100x8000000000000000780307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c70f4c5962198962021-12-20 16:02:29.175root 11241100x8000000000000000780308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f658e049c5a79582021-12-20 16:02:29.175root 11241100x8000000000000000780309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c5dc5601da8fae2021-12-20 16:02:29.175root 11241100x8000000000000000780310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a63c09675ccc3a2021-12-20 16:02:29.176root 11241100x8000000000000000780311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41b3735d2152c3f2021-12-20 16:02:29.176root 11241100x8000000000000000780312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c02907b9a3c4372021-12-20 16:02:29.176root 11241100x8000000000000000780313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517e7cfc2278ada92021-12-20 16:02:29.176root 11241100x8000000000000000780314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53608700d18d360d2021-12-20 16:02:29.176root 11241100x8000000000000000780315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfdcd8c1e9cfd682021-12-20 16:02:29.176root 11241100x8000000000000000780316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756fff4b12d89e0e2021-12-20 16:02:29.176root 11241100x8000000000000000780317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb8fd25c1ebcd032021-12-20 16:02:29.176root 11241100x8000000000000000780318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791d425ae66719622021-12-20 16:02:29.176root 11241100x8000000000000000780319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22471beb55d401852021-12-20 16:02:29.177root 11241100x8000000000000000780320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae1ad130023573c2021-12-20 16:02:29.177root 11241100x8000000000000000780321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db82f5576c947932021-12-20 16:02:29.177root 11241100x8000000000000000780322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260d71b920c772c22021-12-20 16:02:29.177root 11241100x8000000000000000780323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64074471381070352021-12-20 16:02:29.177root 11241100x8000000000000000780324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5350a4314b1bc772021-12-20 16:02:29.177root 11241100x8000000000000000780325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae28ab1269accda2021-12-20 16:02:29.177root 11241100x8000000000000000780326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f1329c82f2e5ca2021-12-20 16:02:29.177root 11241100x8000000000000000780327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d82c978611731122021-12-20 16:02:29.177root 11241100x8000000000000000780328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab20cad1a32ff48f2021-12-20 16:02:29.177root 11241100x8000000000000000780329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d4efb53fe7a442021-12-20 16:02:29.179root 11241100x8000000000000000780330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7b0e250a0b7a1e2021-12-20 16:02:29.179root 11241100x8000000000000000780331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f463d76189c19c2021-12-20 16:02:29.179root 11241100x8000000000000000780332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac45cb1559dccf482021-12-20 16:02:29.179root 11241100x8000000000000000780333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77830576b8c480c22021-12-20 16:02:29.179root 11241100x8000000000000000780334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3b560a240a17ef2021-12-20 16:02:29.179root 11241100x8000000000000000780335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84af5e8226ad777f2021-12-20 16:02:29.180root 11241100x8000000000000000780336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890d8f529321113b2021-12-20 16:02:29.180root 11241100x8000000000000000780337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5edf174bce60a7c2021-12-20 16:02:29.180root 11241100x8000000000000000780338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0cfd1b4f5a2de32021-12-20 16:02:29.180root 11241100x8000000000000000780339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e30cfd8eb250cc2021-12-20 16:02:29.180root 11241100x8000000000000000780340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8fbf06378eacf02021-12-20 16:02:29.181root 11241100x8000000000000000780341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961b453f9d5db4742021-12-20 16:02:29.181root 11241100x8000000000000000780342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536a0316cbe755c32021-12-20 16:02:29.675root 11241100x8000000000000000780343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6605c40ed395650e2021-12-20 16:02:29.675root 11241100x8000000000000000780344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdfd43c748e2c052021-12-20 16:02:29.675root 11241100x8000000000000000780345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521b9ba85b3b2ece2021-12-20 16:02:29.675root 11241100x8000000000000000780346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190eb697608dde292021-12-20 16:02:29.676root 11241100x8000000000000000780347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c4dbf931ab60482021-12-20 16:02:29.676root 11241100x8000000000000000780348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2db13e594295ba22021-12-20 16:02:29.676root 11241100x8000000000000000780349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bcb2f2494390952021-12-20 16:02:29.676root 11241100x8000000000000000780350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9defb58663812b5c2021-12-20 16:02:29.676root 11241100x8000000000000000780351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb50204501dfa6c12021-12-20 16:02:29.676root 11241100x8000000000000000780352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f68c766ce1e71a2021-12-20 16:02:29.676root 11241100x8000000000000000780353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ca0af1e39108772021-12-20 16:02:29.676root 11241100x8000000000000000780354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c709f054c36fe0692021-12-20 16:02:29.676root 11241100x8000000000000000780355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885936fa5f311a062021-12-20 16:02:29.677root 11241100x8000000000000000780356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae2546a19d545382021-12-20 16:02:29.677root 11241100x8000000000000000780357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d74a7d142dfcb42021-12-20 16:02:29.677root 11241100x8000000000000000780358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7fab980948c0b02021-12-20 16:02:29.677root 11241100x8000000000000000780359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be34cb576045e18e2021-12-20 16:02:29.677root 11241100x8000000000000000780360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a948bedda26955d62021-12-20 16:02:29.677root 11241100x8000000000000000780361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70400bd0315076d12021-12-20 16:02:29.677root 11241100x8000000000000000780362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f2fd0fea1ad9872021-12-20 16:02:29.677root 11241100x8000000000000000780363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9991b6ac0c920b002021-12-20 16:02:29.678root 11241100x8000000000000000780364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521fe128efb85ff72021-12-20 16:02:29.678root 11241100x8000000000000000780365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f52c04f9edecc32021-12-20 16:02:29.678root 11241100x8000000000000000780366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42db0db7894ff5e52021-12-20 16:02:29.678root 11241100x8000000000000000780367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6b3a2c058344502021-12-20 16:02:29.678root 11241100x8000000000000000780368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d036bcdaa77654962021-12-20 16:02:29.678root 11241100x8000000000000000780369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d67c3df17e02c2a2021-12-20 16:02:29.678root 11241100x8000000000000000780370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958f6a8a7529419b2021-12-20 16:02:29.678root 11241100x8000000000000000780371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a6629e5e627ee42021-12-20 16:02:29.678root 11241100x8000000000000000780372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f92e4a0e6be87992021-12-20 16:02:29.679root 11241100x8000000000000000780373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d41667ed1c5e69b2021-12-20 16:02:29.679root 11241100x8000000000000000780374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9d1953cfa056e52021-12-20 16:02:29.679root 11241100x8000000000000000780375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f3d6ebe6af31952021-12-20 16:02:29.679root 11241100x8000000000000000780376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec73ff06731c2c7f2021-12-20 16:02:29.679root 11241100x8000000000000000780377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d28d6a918c972a2021-12-20 16:02:29.679root 11241100x8000000000000000780378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:29.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a17d915cc949ce2021-12-20 16:02:29.679root 11241100x8000000000000000780379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8956ed5b7c567ef42021-12-20 16:02:30.175root 11241100x8000000000000000780380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0d364fe8e9581d2021-12-20 16:02:30.175root 11241100x8000000000000000780381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f365a9504ac80a2021-12-20 16:02:30.175root 11241100x8000000000000000780382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeef72ab695d8e452021-12-20 16:02:30.175root 11241100x8000000000000000780383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bed36b3eb17e412021-12-20 16:02:30.175root 11241100x8000000000000000780384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5598522478ccd1c32021-12-20 16:02:30.176root 11241100x8000000000000000780385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429decd61cd5f3c72021-12-20 16:02:30.176root 11241100x8000000000000000780386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bde6c3abd079802021-12-20 16:02:30.176root 11241100x8000000000000000780387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626a1aece22da18c2021-12-20 16:02:30.176root 11241100x8000000000000000780388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3580d06b81c27c42021-12-20 16:02:30.176root 11241100x8000000000000000780389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812a04c088837d292021-12-20 16:02:30.176root 11241100x8000000000000000780390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f028fca816c624e52021-12-20 16:02:30.176root 11241100x8000000000000000780391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07762dc681857862021-12-20 16:02:30.176root 11241100x8000000000000000780392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fd2fc9a8c1fdcb2021-12-20 16:02:30.176root 11241100x8000000000000000780393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb9bbe94c118d8d2021-12-20 16:02:30.177root 11241100x8000000000000000780394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ae918a9bbf4ddd2021-12-20 16:02:30.177root 11241100x8000000000000000780395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a54930d71449062021-12-20 16:02:30.177root 11241100x8000000000000000780396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276f8eec4bcefea32021-12-20 16:02:30.177root 11241100x8000000000000000780397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f2546c3048ead72021-12-20 16:02:30.177root 11241100x8000000000000000780398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bc7cb627c84c8b2021-12-20 16:02:30.177root 11241100x8000000000000000780399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdd19fbed5f9bd52021-12-20 16:02:30.177root 11241100x8000000000000000780400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c232e58a0805422021-12-20 16:02:30.177root 11241100x8000000000000000780401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd4a4dd0365a9622021-12-20 16:02:30.177root 11241100x8000000000000000780402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9060c12fa87f702021-12-20 16:02:30.178root 11241100x8000000000000000780403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb07c271263634822021-12-20 16:02:30.178root 11241100x8000000000000000780404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0485531a852128de2021-12-20 16:02:30.178root 11241100x8000000000000000780405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945c61ff0799732f2021-12-20 16:02:30.178root 11241100x8000000000000000780406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caca41d5f7ecafe42021-12-20 16:02:30.178root 11241100x8000000000000000780407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c30857c94cccdb2021-12-20 16:02:30.178root 11241100x8000000000000000780408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4346e4c6d44575aa2021-12-20 16:02:30.178root 11241100x8000000000000000780409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54fcf566d7c0efb2021-12-20 16:02:30.178root 11241100x8000000000000000780410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5829e4400e5195df2021-12-20 16:02:30.179root 11241100x8000000000000000780411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba406815d8775a792021-12-20 16:02:30.179root 11241100x8000000000000000780412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67467d38f9e0f0dc2021-12-20 16:02:30.179root 11241100x8000000000000000780413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d622bc4d1a8fab62021-12-20 16:02:30.179root 11241100x8000000000000000780414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2c477ea874c31d2021-12-20 16:02:30.179root 11241100x8000000000000000780415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3b4ac43a8a4b952021-12-20 16:02:30.179root 11241100x8000000000000000780416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61baf424c9327942021-12-20 16:02:30.675root 11241100x8000000000000000780417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97498c2751087732021-12-20 16:02:30.675root 11241100x8000000000000000780418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20faaba358b8fb52021-12-20 16:02:30.675root 11241100x8000000000000000780419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57725f00324df2532021-12-20 16:02:30.675root 11241100x8000000000000000780420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c138ed9efa972cb52021-12-20 16:02:30.675root 11241100x8000000000000000780421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d09aa0ee4321292021-12-20 16:02:30.676root 11241100x8000000000000000780422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563a2c4dd52af78d2021-12-20 16:02:30.676root 11241100x8000000000000000780423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed013a6236bccbf32021-12-20 16:02:30.676root 11241100x8000000000000000780424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e678e328a74e902021-12-20 16:02:30.676root 11241100x8000000000000000780425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e210a6c95becf32021-12-20 16:02:30.676root 11241100x8000000000000000780426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be33b7dcb72fde12021-12-20 16:02:30.676root 11241100x8000000000000000780427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bd700035d866c82021-12-20 16:02:30.676root 11241100x8000000000000000780428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec7026b5c36c6d12021-12-20 16:02:30.676root 11241100x8000000000000000780429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdbc112b8fb93152021-12-20 16:02:30.676root 11241100x8000000000000000780430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3374dac790a981ec2021-12-20 16:02:30.677root 11241100x8000000000000000780431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180b8b173de716c2021-12-20 16:02:30.677root 11241100x8000000000000000780432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecd4f0f952c50352021-12-20 16:02:30.677root 11241100x8000000000000000780433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af02c6befc28d912021-12-20 16:02:30.677root 11241100x8000000000000000780434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3344cc0639b5121c2021-12-20 16:02:30.677root 11241100x8000000000000000780435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e59382fe69a32ff2021-12-20 16:02:30.677root 11241100x8000000000000000780436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec66360f2cf6ec42021-12-20 16:02:30.677root 11241100x8000000000000000780437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219fe0c89b963f832021-12-20 16:02:30.677root 11241100x8000000000000000780438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4390ceddb975182021-12-20 16:02:30.677root 11241100x8000000000000000780439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a54e475993da1e72021-12-20 16:02:30.677root 11241100x8000000000000000780440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96328768781f55452021-12-20 16:02:30.678root 11241100x8000000000000000780441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46348977111ddde52021-12-20 16:02:30.678root 11241100x8000000000000000780442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483be081fac71d8c2021-12-20 16:02:30.678root 11241100x8000000000000000780443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4303f66a8758592021-12-20 16:02:30.678root 11241100x8000000000000000780444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acde339626e5ebf2021-12-20 16:02:30.678root 11241100x8000000000000000780445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4be79046b646402021-12-20 16:02:30.678root 11241100x8000000000000000780446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a32de7685d4472a2021-12-20 16:02:30.678root 11241100x8000000000000000780447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310bc68d5b0fc9142021-12-20 16:02:30.678root 11241100x8000000000000000780448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d0c1412bc00d3a2021-12-20 16:02:30.678root 11241100x8000000000000000780449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45ea8a7b80c3ba02021-12-20 16:02:30.678root 11241100x8000000000000000780450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c6b31a198749e42021-12-20 16:02:30.679root 11241100x8000000000000000780451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762f36f964cf4a692021-12-20 16:02:30.679root 11241100x8000000000000000780452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:30.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1209f587f70ca0ee2021-12-20 16:02:30.679root 11241100x8000000000000000780453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac29e75c5e4b6cb42021-12-20 16:02:31.175root 11241100x8000000000000000780454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56e781a6b22c5ec2021-12-20 16:02:31.175root 11241100x8000000000000000780455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418640f8feb6325e2021-12-20 16:02:31.175root 11241100x8000000000000000780456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e751dea76a759742021-12-20 16:02:31.176root 11241100x8000000000000000780457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab755331f7eb8002021-12-20 16:02:31.176root 11241100x8000000000000000780458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97865733e97c2452021-12-20 16:02:31.176root 11241100x8000000000000000780459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530cbcb1ed54e9d32021-12-20 16:02:31.176root 11241100x8000000000000000780460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377db79f8eafb4572021-12-20 16:02:31.176root 11241100x8000000000000000780461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9770ca8c60abb0ef2021-12-20 16:02:31.177root 11241100x8000000000000000780462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789e58c73cccb9272021-12-20 16:02:31.177root 11241100x8000000000000000780463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356925f495f7d9ab2021-12-20 16:02:31.177root 11241100x8000000000000000780464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a35eec0331837412021-12-20 16:02:31.177root 11241100x8000000000000000780465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47a7b91378545c32021-12-20 16:02:31.177root 11241100x8000000000000000780466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc68d4622fa8402b2021-12-20 16:02:31.177root 11241100x8000000000000000780467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2440b7a2536dd5342021-12-20 16:02:31.177root 11241100x8000000000000000780468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c2ee4980f38f382021-12-20 16:02:31.178root 11241100x8000000000000000780469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b14a5ff0056dda32021-12-20 16:02:31.178root 11241100x8000000000000000780470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67e66d2d8877ccb2021-12-20 16:02:31.178root 11241100x8000000000000000780471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d53c5f2058a01d2021-12-20 16:02:31.178root 11241100x8000000000000000780472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c6d076106aa0e62021-12-20 16:02:31.178root 11241100x8000000000000000780473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa556ab63f42c87c2021-12-20 16:02:31.178root 11241100x8000000000000000780474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f60944941614752021-12-20 16:02:31.178root 11241100x8000000000000000780475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91edd7df185fb12e2021-12-20 16:02:31.179root 11241100x8000000000000000780476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef5635dd24509fc2021-12-20 16:02:31.179root 11241100x8000000000000000780477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa1586ec187c8012021-12-20 16:02:31.179root 11241100x8000000000000000780478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcb3d1d5239efa02021-12-20 16:02:31.179root 11241100x8000000000000000780479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addaece9c180a3c32021-12-20 16:02:31.179root 11241100x8000000000000000780480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50de10506b6e9dca2021-12-20 16:02:31.179root 11241100x8000000000000000780481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293d8e4b1d9c10d32021-12-20 16:02:31.179root 11241100x8000000000000000780482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7572b85222f2872021-12-20 16:02:31.179root 11241100x8000000000000000780483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e615a3a53722f742021-12-20 16:02:31.180root 11241100x8000000000000000780484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e24e694c3d9e70d2021-12-20 16:02:31.180root 11241100x8000000000000000780485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9097d352758e59192021-12-20 16:02:31.180root 11241100x8000000000000000780486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d091fd2911bfd932021-12-20 16:02:31.180root 11241100x8000000000000000780487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057f6bef76d0211d2021-12-20 16:02:31.181root 11241100x8000000000000000780488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a853dbd531f072452021-12-20 16:02:31.181root 11241100x8000000000000000780489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eef4751d1812cc72021-12-20 16:02:31.181root 11241100x8000000000000000780490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ad9a32b618224d2021-12-20 16:02:31.675root 11241100x8000000000000000780491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376d45f043939c882021-12-20 16:02:31.675root 11241100x8000000000000000780492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081dee197a3a825a2021-12-20 16:02:31.675root 11241100x8000000000000000780493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4ca0ae366340fa2021-12-20 16:02:31.676root 11241100x8000000000000000780494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541530c6601209b92021-12-20 16:02:31.676root 11241100x8000000000000000780495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2712cd325845882021-12-20 16:02:31.676root 11241100x8000000000000000780496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e36552b64f4ef762021-12-20 16:02:31.676root 11241100x8000000000000000780497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1358413e02bd342021-12-20 16:02:31.676root 11241100x8000000000000000780498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1eca32dc44ed872021-12-20 16:02:31.676root 11241100x8000000000000000780499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdd1f5d8b4e0bc72021-12-20 16:02:31.676root 11241100x8000000000000000780500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff7d44b6a6ade692021-12-20 16:02:31.677root 11241100x8000000000000000780501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc61ae1ae4310462021-12-20 16:02:31.677root 11241100x8000000000000000780502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b346781b1b342192021-12-20 16:02:31.677root 11241100x8000000000000000780503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e926c9faa483a6d2021-12-20 16:02:31.677root 11241100x8000000000000000780504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be06ffce3ebdd70d2021-12-20 16:02:31.677root 11241100x8000000000000000780505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6fd8e8098315022021-12-20 16:02:31.677root 11241100x8000000000000000780506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f9dd91e1ff81082021-12-20 16:02:31.677root 11241100x8000000000000000780507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec682f74ed190d352021-12-20 16:02:31.677root 11241100x8000000000000000780508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c62ceb663913a472021-12-20 16:02:31.677root 11241100x8000000000000000780509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35adc000a8a5730a2021-12-20 16:02:31.677root 11241100x8000000000000000780510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d68912e7fb684c92021-12-20 16:02:31.678root 11241100x8000000000000000780511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962add81797711c82021-12-20 16:02:31.678root 11241100x8000000000000000780512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807ac1e2a484c1d32021-12-20 16:02:31.678root 11241100x8000000000000000780513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a45ec28c44b4d402021-12-20 16:02:31.678root 11241100x8000000000000000780514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42e6aa8c09c84952021-12-20 16:02:31.678root 11241100x8000000000000000780515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d42d9118d26186a2021-12-20 16:02:31.678root 11241100x8000000000000000780516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbba042ace1225f52021-12-20 16:02:31.678root 11241100x8000000000000000780517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b08c4fd3d1b03052021-12-20 16:02:31.678root 11241100x8000000000000000780518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22ef79563f7a8fd2021-12-20 16:02:31.678root 11241100x8000000000000000780519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cae8b747bfa97c12021-12-20 16:02:31.678root 11241100x8000000000000000780520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ed2b41159280822021-12-20 16:02:31.679root 11241100x8000000000000000780521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebf5ab50d94bcf42021-12-20 16:02:31.679root 11241100x8000000000000000780522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c933f02daffce4642021-12-20 16:02:31.679root 11241100x8000000000000000780523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c715cbcb940c5be82021-12-20 16:02:31.679root 11241100x8000000000000000780524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9c468914f1c4362021-12-20 16:02:31.679root 11241100x8000000000000000780525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b1b4d27560b5532021-12-20 16:02:31.679root 11241100x8000000000000000780526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:31.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2cdaa0a650243e2021-12-20 16:02:31.679root 11241100x8000000000000000780527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dc6d6fc37bb4322021-12-20 16:02:32.174root 11241100x8000000000000000780528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626dbedc749cc32d2021-12-20 16:02:32.174root 11241100x8000000000000000780529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477b0e92ce5a61482021-12-20 16:02:32.174root 11241100x8000000000000000780530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5c6d904c8adc7e2021-12-20 16:02:32.174root 11241100x8000000000000000780531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6858ad6145d677df2021-12-20 16:02:32.174root 11241100x8000000000000000780532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4814d6e876c52cd2021-12-20 16:02:32.174root 11241100x8000000000000000780533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa038d3253a01812021-12-20 16:02:32.174root 11241100x8000000000000000780534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8dc95244c4bf832021-12-20 16:02:32.174root 11241100x8000000000000000780535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f56db13dbece862021-12-20 16:02:32.175root 11241100x8000000000000000780536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb7245748e27e732021-12-20 16:02:32.175root 11241100x8000000000000000780537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9897a809be72598d2021-12-20 16:02:32.175root 11241100x8000000000000000780538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbb370829946bc82021-12-20 16:02:32.176root 11241100x8000000000000000780539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cadecef207486a22021-12-20 16:02:32.176root 11241100x8000000000000000780540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c78e7d96f13cf02021-12-20 16:02:32.176root 11241100x8000000000000000780541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548b0db36b2cad0a2021-12-20 16:02:32.176root 11241100x8000000000000000780542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1309ac3750f16b62021-12-20 16:02:32.177root 11241100x8000000000000000780543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738104787b64d40f2021-12-20 16:02:32.177root 11241100x8000000000000000780544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bc7660e2cf883d2021-12-20 16:02:32.177root 11241100x8000000000000000780545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e04c87514b9ac82021-12-20 16:02:32.177root 11241100x8000000000000000780546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4705abcde5438eb2021-12-20 16:02:32.178root 11241100x8000000000000000780547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac837b6bbe264d42021-12-20 16:02:32.178root 11241100x8000000000000000780548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dddd5173cec0b12021-12-20 16:02:32.178root 11241100x8000000000000000780549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842001fb68a401562021-12-20 16:02:32.178root 11241100x8000000000000000780550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cba4cf249f8a2c52021-12-20 16:02:32.178root 11241100x8000000000000000780551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27552e6524eb4f632021-12-20 16:02:32.178root 11241100x8000000000000000780552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4b72a72905b89e2021-12-20 16:02:32.178root 11241100x8000000000000000780553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641d98207044f1172021-12-20 16:02:32.178root 11241100x8000000000000000780554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f4f1f0d939b6b72021-12-20 16:02:32.178root 11241100x8000000000000000780555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052005afa7ff5c352021-12-20 16:02:32.179root 11241100x8000000000000000780556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ef2844f2c348962021-12-20 16:02:32.179root 11241100x8000000000000000780557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f96a00da7fb1112021-12-20 16:02:32.179root 11241100x8000000000000000780558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c3f2bf125b526c2021-12-20 16:02:32.179root 11241100x8000000000000000780559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc34534083c5862f2021-12-20 16:02:32.179root 11241100x8000000000000000780560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fa0043b3cd77772021-12-20 16:02:32.179root 11241100x8000000000000000780561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94481a3b6316e8b2021-12-20 16:02:32.179root 11241100x8000000000000000780562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fcd62d037506dd2021-12-20 16:02:32.179root 11241100x8000000000000000780563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f884eeb6f6b08c2021-12-20 16:02:32.179root 11241100x8000000000000000780564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74029667b4f28cc52021-12-20 16:02:32.179root 11241100x8000000000000000780565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9cc81d8021ed712021-12-20 16:02:32.179root 11241100x8000000000000000780566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2091fd30f944b4302021-12-20 16:02:32.179root 11241100x8000000000000000780567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f34aff5ae342712021-12-20 16:02:32.179root 11241100x8000000000000000780568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8748c62fc45369cd2021-12-20 16:02:32.180root 11241100x8000000000000000780569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866e559a7d254f902021-12-20 16:02:32.180root 11241100x8000000000000000780570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3956176115b61e492021-12-20 16:02:32.180root 11241100x8000000000000000780571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9deb0d17d91374b2021-12-20 16:02:32.180root 11241100x8000000000000000780572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b829691c213b5282021-12-20 16:02:32.180root 11241100x8000000000000000780573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcc6c6418e14b2b2021-12-20 16:02:32.180root 11241100x8000000000000000780574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2066fa811dc074112021-12-20 16:02:32.180root 11241100x8000000000000000780575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc767e7a12fbfd492021-12-20 16:02:32.180root 11241100x8000000000000000780576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd257f73eac2711b2021-12-20 16:02:32.180root 11241100x8000000000000000780577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44df8170ff57d2682021-12-20 16:02:32.180root 11241100x8000000000000000780578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036b8f71afe1bd352021-12-20 16:02:32.675root 11241100x8000000000000000780579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981b810cf178c6812021-12-20 16:02:32.675root 11241100x8000000000000000780580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b2908dc0a8733f2021-12-20 16:02:32.676root 11241100x8000000000000000780581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026bd6246e72e5442021-12-20 16:02:32.676root 11241100x8000000000000000780582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48b295a030105b72021-12-20 16:02:32.676root 11241100x8000000000000000780583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e239cb83e667772021-12-20 16:02:32.677root 11241100x8000000000000000780584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37afac2492b8521e2021-12-20 16:02:32.677root 11241100x8000000000000000780585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba9002d1044ca652021-12-20 16:02:32.677root 11241100x8000000000000000780586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5203fc822cad25a2021-12-20 16:02:32.677root 11241100x8000000000000000780587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2f4f98d681ddf52021-12-20 16:02:32.677root 11241100x8000000000000000780588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc7b5022d6466ff2021-12-20 16:02:32.677root 11241100x8000000000000000780589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef5e4b40dc2899e2021-12-20 16:02:32.677root 11241100x8000000000000000780590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7fae39157ce6202021-12-20 16:02:32.677root 11241100x8000000000000000780591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ad03c07e3974bf2021-12-20 16:02:32.677root 11241100x8000000000000000780592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78f2bad0d9748ac2021-12-20 16:02:32.677root 11241100x8000000000000000780593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a505c81ffa20a202021-12-20 16:02:32.677root 11241100x8000000000000000780594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393ca2c3df1330802021-12-20 16:02:32.678root 11241100x8000000000000000780595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6f75250fb2b36d2021-12-20 16:02:32.678root 11241100x8000000000000000780596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab7e954be428d6d2021-12-20 16:02:32.678root 11241100x8000000000000000780597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24984f00a8ffc922021-12-20 16:02:32.678root 11241100x8000000000000000780598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d2550bc554e3a02021-12-20 16:02:32.678root 11241100x8000000000000000780599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55749b641855f3372021-12-20 16:02:32.678root 11241100x8000000000000000780600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cbfb5b21f4fa162021-12-20 16:02:32.678root 11241100x8000000000000000780601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf127fe17257c1b62021-12-20 16:02:32.678root 11241100x8000000000000000780602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0677a42aa1f992f62021-12-20 16:02:32.678root 11241100x8000000000000000780603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b77e7e0a832f4712021-12-20 16:02:32.678root 11241100x8000000000000000780604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128351f7d3f4ad702021-12-20 16:02:32.679root 11241100x8000000000000000780605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45caf8fd278c9a7b2021-12-20 16:02:32.679root 11241100x8000000000000000780606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894f174fdee173202021-12-20 16:02:32.679root 11241100x8000000000000000780607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9936de50f2af7a12021-12-20 16:02:32.679root 11241100x8000000000000000780608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ded8e8f106d32dd2021-12-20 16:02:32.679root 11241100x8000000000000000780609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbce17eb5780cf82021-12-20 16:02:32.679root 11241100x8000000000000000780610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea2d268d43080ac2021-12-20 16:02:32.680root 11241100x8000000000000000780611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60a5fb5835226ed2021-12-20 16:02:32.680root 11241100x8000000000000000780612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263ad52316d02b0d2021-12-20 16:02:32.689root 11241100x8000000000000000780613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.689{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c97ad1aa9274de2021-12-20 16:02:32.689root 11241100x8000000000000000780614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:32.690{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1aa5d3abd6b69c42021-12-20 16:02:32.690root 354300x8000000000000000780615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.113{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51550-false10.0.1.12-8000- 11241100x8000000000000000780616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.113{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e7f809f08303d02021-12-20 16:02:33.113root 11241100x8000000000000000780617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.113{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f998136472490fbd2021-12-20 16:02:33.113root 11241100x8000000000000000780618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7213369348697fdc2021-12-20 16:02:33.114root 11241100x8000000000000000780619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5722941af091a7552021-12-20 16:02:33.114root 11241100x8000000000000000780620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16582e31719e0322021-12-20 16:02:33.114root 11241100x8000000000000000780621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b6b0bf4bcd2c702021-12-20 16:02:33.114root 11241100x8000000000000000780622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a4b2ca176983bd2021-12-20 16:02:33.114root 11241100x8000000000000000780623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577b1d20220937dc2021-12-20 16:02:33.114root 11241100x8000000000000000780624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cce546b9ae8bb42021-12-20 16:02:33.114root 11241100x8000000000000000780625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a76dc4ab431be12021-12-20 16:02:33.114root 11241100x8000000000000000780626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26009ebd423a3d892021-12-20 16:02:33.114root 11241100x8000000000000000780627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bc3eb5f87e6cde2021-12-20 16:02:33.114root 11241100x8000000000000000780628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d378377eeab7fa02021-12-20 16:02:33.114root 11241100x8000000000000000780629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1496dac576e1972021-12-20 16:02:33.114root 11241100x8000000000000000780630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4791b018a136b6f62021-12-20 16:02:33.114root 11241100x8000000000000000780631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.114{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa9d0d25e276e452021-12-20 16:02:33.114root 11241100x8000000000000000780632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7e2a65c9f997f42021-12-20 16:02:33.115root 11241100x8000000000000000780633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81772e4f5a3d39812021-12-20 16:02:33.115root 11241100x8000000000000000780634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bc700387ec79312021-12-20 16:02:33.115root 11241100x8000000000000000780635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937c77ea44c2cdd82021-12-20 16:02:33.115root 11241100x8000000000000000780636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8812d03cac491ccc2021-12-20 16:02:33.115root 11241100x8000000000000000780637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2014555a7c4c7af2021-12-20 16:02:33.115root 11241100x8000000000000000780638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379683ab8b9f46f22021-12-20 16:02:33.115root 11241100x8000000000000000780639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47520c8e6b9d3bd82021-12-20 16:02:33.115root 11241100x8000000000000000780640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e88e171a6baa7e2021-12-20 16:02:33.115root 11241100x8000000000000000780641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbeffe84464e8e862021-12-20 16:02:33.115root 11241100x8000000000000000780642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.115{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631e57d5ba521c142021-12-20 16:02:33.115root 11241100x8000000000000000780643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635dac2f2894d4d62021-12-20 16:02:33.116root 11241100x8000000000000000780644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c993f733d33e6662021-12-20 16:02:33.116root 11241100x8000000000000000780645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034b183928cece0e2021-12-20 16:02:33.116root 11241100x8000000000000000780646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c215d4897224ec2021-12-20 16:02:33.116root 11241100x8000000000000000780647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8788ad18edfdaba92021-12-20 16:02:33.116root 11241100x8000000000000000780648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a9d7a7073f73b82021-12-20 16:02:33.116root 11241100x8000000000000000780649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f931c646a5e8dd02021-12-20 16:02:33.116root 11241100x8000000000000000780650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b84cc3473af15cc2021-12-20 16:02:33.116root 11241100x8000000000000000780651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a80c39a22ebe7272021-12-20 16:02:33.116root 11241100x8000000000000000780652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00356eb43c59039e2021-12-20 16:02:33.116root 11241100x8000000000000000780653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521e3595f82d9f7e2021-12-20 16:02:33.116root 11241100x8000000000000000780654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.116{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23306c59997e865f2021-12-20 16:02:33.116root 11241100x8000000000000000780655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.117{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bc223573ec8d6a2021-12-20 16:02:33.117root 11241100x8000000000000000780656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.117{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a1a8567ab914412021-12-20 16:02:33.117root 11241100x8000000000000000780657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.117{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25832305598c9192021-12-20 16:02:33.117root 11241100x8000000000000000780658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.117{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60b4d19b1667e3f2021-12-20 16:02:33.117root 11241100x8000000000000000780659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.117{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d103092ac067a6f32021-12-20 16:02:33.117root 11241100x8000000000000000780660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508ef5eb0174070a2021-12-20 16:02:33.424root 11241100x8000000000000000780661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebf1d6957d6db8b2021-12-20 16:02:33.424root 11241100x8000000000000000780662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825af20f60d77f462021-12-20 16:02:33.424root 11241100x8000000000000000780663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60aa1b3f057de772021-12-20 16:02:33.424root 11241100x8000000000000000780664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ea6b7cccca3c032021-12-20 16:02:33.424root 11241100x8000000000000000780665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d5f51477d45d0f2021-12-20 16:02:33.424root 11241100x8000000000000000780666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ec654ce2e62dc52021-12-20 16:02:33.425root 11241100x8000000000000000780667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09619c30b43eb9b22021-12-20 16:02:33.425root 11241100x8000000000000000780668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af23daf7de6a49a82021-12-20 16:02:33.425root 11241100x8000000000000000780669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a4976f5a1c95822021-12-20 16:02:33.425root 11241100x8000000000000000780670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e1e7883d4ee45c2021-12-20 16:02:33.425root 11241100x8000000000000000780671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a245694072834fa62021-12-20 16:02:33.425root 11241100x8000000000000000780672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128f121113e853322021-12-20 16:02:33.425root 11241100x8000000000000000780673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2541cc0515c629682021-12-20 16:02:33.425root 11241100x8000000000000000780674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f9374769326b82021-12-20 16:02:33.426root 11241100x8000000000000000780675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bf2dfae650e6512021-12-20 16:02:33.426root 11241100x8000000000000000780676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63f70dfd2001c0d2021-12-20 16:02:33.426root 11241100x8000000000000000780677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44443aa5a4c99c992021-12-20 16:02:33.426root 11241100x8000000000000000780678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3250208f8e45cda62021-12-20 16:02:33.426root 11241100x8000000000000000780679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3971c914d1bf99c42021-12-20 16:02:33.426root 11241100x8000000000000000780680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f58979c12c0eb7f2021-12-20 16:02:33.426root 11241100x8000000000000000780681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0309c1c93d113b02021-12-20 16:02:33.426root 11241100x8000000000000000780682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5635456dd623e2162021-12-20 16:02:33.427root 11241100x8000000000000000780683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2928915945e58c2021-12-20 16:02:33.427root 11241100x8000000000000000780684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13185790ad2c0272021-12-20 16:02:33.427root 11241100x8000000000000000780685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863f193dfccda4222021-12-20 16:02:33.427root 11241100x8000000000000000780686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f81c3c6b7312f792021-12-20 16:02:33.427root 11241100x8000000000000000780687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46874e71dcee0f7b2021-12-20 16:02:33.427root 11241100x8000000000000000780688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd01005408604962021-12-20 16:02:33.427root 11241100x8000000000000000780689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505ce56c6b7644be2021-12-20 16:02:33.427root 11241100x8000000000000000780690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889c7b456d86e1a62021-12-20 16:02:33.427root 11241100x8000000000000000780691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993d28bbb88e8de92021-12-20 16:02:33.427root 11241100x8000000000000000780692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b6387e8cd693ca2021-12-20 16:02:33.428root 11241100x8000000000000000780693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7754f96875691852021-12-20 16:02:33.428root 11241100x8000000000000000780694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c4dd49735df2f92021-12-20 16:02:33.428root 11241100x8000000000000000780695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffe513828be29202021-12-20 16:02:33.428root 11241100x8000000000000000780696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6308bd1c2e882bd2021-12-20 16:02:33.428root 11241100x8000000000000000780697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c646d490ddfbb862021-12-20 16:02:33.429root 11241100x8000000000000000780698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aae84d679d13d552021-12-20 16:02:33.429root 11241100x8000000000000000780699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1a0091a9394b472021-12-20 16:02:33.429root 11241100x8000000000000000780700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aa27e0a72e04d62021-12-20 16:02:33.429root 11241100x8000000000000000780701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3ddb7f325f17c2021-12-20 16:02:33.430root 11241100x8000000000000000780702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcce97e42d77c962021-12-20 16:02:33.431root 11241100x8000000000000000780703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54c93999e8a33142021-12-20 16:02:33.924root 11241100x8000000000000000780704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba043e68f9d10d082021-12-20 16:02:33.924root 11241100x8000000000000000780705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467ebefd04e40bcd2021-12-20 16:02:33.924root 11241100x8000000000000000780706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa33c833fdf1b812021-12-20 16:02:33.924root 11241100x8000000000000000780707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0020e6833d95fda2021-12-20 16:02:33.925root 11241100x8000000000000000780708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dfba5b951c4c362021-12-20 16:02:33.925root 11241100x8000000000000000780709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd0e22d7292f7642021-12-20 16:02:33.925root 11241100x8000000000000000780710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cf38d623a3d62e2021-12-20 16:02:33.925root 11241100x8000000000000000780711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63985b4889c4dbe32021-12-20 16:02:33.925root 11241100x8000000000000000780712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd175bab7dd460b72021-12-20 16:02:33.925root 11241100x8000000000000000780713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4375e5ef98cc5612021-12-20 16:02:33.925root 11241100x8000000000000000780714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab35d7f46d8017292021-12-20 16:02:33.926root 11241100x8000000000000000780715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c07ff12ee5715032021-12-20 16:02:33.926root 11241100x8000000000000000780716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3a094680eff13d2021-12-20 16:02:33.926root 11241100x8000000000000000780717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1650d5e8d35e074f2021-12-20 16:02:33.926root 11241100x8000000000000000780718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab7e4ffa29af74c2021-12-20 16:02:33.926root 11241100x8000000000000000780719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603ec9e54675cc8d2021-12-20 16:02:33.926root 11241100x8000000000000000780720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5c370f63d2b3712021-12-20 16:02:33.926root 11241100x8000000000000000780721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a0ba79ff8d61fd2021-12-20 16:02:33.926root 11241100x8000000000000000780722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3308c074cce65a492021-12-20 16:02:33.926root 11241100x8000000000000000780723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadde7f56c837ea32021-12-20 16:02:33.926root 11241100x8000000000000000780724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3c6953db3ea5b52021-12-20 16:02:33.926root 11241100x8000000000000000780725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a992c5f2cf22e52021-12-20 16:02:33.926root 11241100x8000000000000000780726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12633c1a66bb3c722021-12-20 16:02:33.926root 11241100x8000000000000000780727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171f3cd63757a9652021-12-20 16:02:33.926root 11241100x8000000000000000780728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6835c1d4b6cad42021-12-20 16:02:33.927root 11241100x8000000000000000780729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361a67d8ea28405e2021-12-20 16:02:33.927root 11241100x8000000000000000780730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa650d677e193072021-12-20 16:02:33.927root 11241100x8000000000000000780731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcddebd0c31de4032021-12-20 16:02:33.927root 11241100x8000000000000000780732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178b5413a7396e542021-12-20 16:02:33.927root 11241100x8000000000000000780733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a785a1503b9fafe2021-12-20 16:02:33.927root 11241100x8000000000000000780734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2476854628ed07e12021-12-20 16:02:33.927root 11241100x8000000000000000780735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396233286c3002792021-12-20 16:02:33.927root 11241100x8000000000000000780736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b97e8ccf7e6bfeb2021-12-20 16:02:33.927root 11241100x8000000000000000780737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936061a5100146f52021-12-20 16:02:33.927root 11241100x8000000000000000780738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d518a50711b4942021-12-20 16:02:33.927root 11241100x8000000000000000780739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df602e87a96562852021-12-20 16:02:33.927root 11241100x8000000000000000780740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddac2cd458ade0f2021-12-20 16:02:33.927root 11241100x8000000000000000780741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f5a6f1b36182e92021-12-20 16:02:33.927root 11241100x8000000000000000780742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02f8906036fe342021-12-20 16:02:34.424root 11241100x8000000000000000780743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6337376a23e7e72021-12-20 16:02:34.424root 11241100x8000000000000000780744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bda5131caed6ac62021-12-20 16:02:34.424root 11241100x8000000000000000780745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2c19974871a4ee2021-12-20 16:02:34.424root 11241100x8000000000000000780746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a1d9ac0c3e5b7f2021-12-20 16:02:34.424root 11241100x8000000000000000780747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6de5343bda80172021-12-20 16:02:34.424root 11241100x8000000000000000780748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c9c8668ef9669a2021-12-20 16:02:34.424root 11241100x8000000000000000780749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b4e536c7fdea192021-12-20 16:02:34.424root 11241100x8000000000000000780750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e0ab88ddda359e2021-12-20 16:02:34.424root 11241100x8000000000000000780751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d4f3bc73c6cb432021-12-20 16:02:34.425root 11241100x8000000000000000780752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30f061e583e00b92021-12-20 16:02:34.425root 11241100x8000000000000000780753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555d1981bccdbc092021-12-20 16:02:34.425root 11241100x8000000000000000780754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c090e92c85945e72021-12-20 16:02:34.425root 11241100x8000000000000000780755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4f21328355ee2b2021-12-20 16:02:34.425root 11241100x8000000000000000780756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5daa6abcbe507e2021-12-20 16:02:34.425root 11241100x8000000000000000780757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca2622ec7799ecc2021-12-20 16:02:34.425root 11241100x8000000000000000780758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2be11dda463f0c2021-12-20 16:02:34.425root 11241100x8000000000000000780759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1f704465b0a3b02021-12-20 16:02:34.425root 11241100x8000000000000000780760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfd3c82627981962021-12-20 16:02:34.425root 11241100x8000000000000000780761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3557292e3ecd256e2021-12-20 16:02:34.425root 11241100x8000000000000000780762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3bb6bcc994975e2021-12-20 16:02:34.426root 11241100x8000000000000000780763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa932130093aeff52021-12-20 16:02:34.426root 11241100x8000000000000000780764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0ec83ffc01a04c2021-12-20 16:02:34.426root 11241100x8000000000000000780765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e94078bd5a18a82021-12-20 16:02:34.426root 11241100x8000000000000000780766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd0b91f35d961752021-12-20 16:02:34.426root 11241100x8000000000000000780767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3aa0debb29d0242021-12-20 16:02:34.426root 11241100x8000000000000000780768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981d552813c6ade72021-12-20 16:02:34.426root 11241100x8000000000000000780769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a67b892f183df22021-12-20 16:02:34.426root 11241100x8000000000000000780770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab198f49ce652a72021-12-20 16:02:34.426root 11241100x8000000000000000780771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2714098a1d126b4c2021-12-20 16:02:34.427root 11241100x8000000000000000780772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f113bd90eb9f3252021-12-20 16:02:34.427root 11241100x8000000000000000780773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452737c34163dcc72021-12-20 16:02:34.427root 11241100x8000000000000000780774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38c38f7541243b02021-12-20 16:02:34.427root 11241100x8000000000000000780775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e91506a4286ec92021-12-20 16:02:34.427root 11241100x8000000000000000780776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a187c547232ae32021-12-20 16:02:34.427root 11241100x8000000000000000780777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ba9908bb2a3afb2021-12-20 16:02:34.427root 11241100x8000000000000000780778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e37fc1fcac31f1b2021-12-20 16:02:34.427root 11241100x8000000000000000780779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35fde213e32cb582021-12-20 16:02:34.427root 11241100x8000000000000000780780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe1763dddfcea992021-12-20 16:02:34.428root 11241100x8000000000000000780781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00911cff38a7cc452021-12-20 16:02:34.428root 11241100x8000000000000000780782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e385c04b19d5107d2021-12-20 16:02:34.429root 11241100x8000000000000000780783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23807dd238f92b822021-12-20 16:02:34.429root 11241100x8000000000000000780784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebad8170f2af9652021-12-20 16:02:34.429root 11241100x8000000000000000780785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaca377a7e9459a2021-12-20 16:02:34.429root 11241100x8000000000000000780786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6e921e091dfd8c2021-12-20 16:02:34.429root 11241100x8000000000000000780787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d08d0259e5726a2021-12-20 16:02:34.429root 11241100x8000000000000000780788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db2234679d6287b2021-12-20 16:02:34.429root 11241100x8000000000000000780789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf355263125ec282021-12-20 16:02:34.924root 11241100x8000000000000000780790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b97a599947cbcb32021-12-20 16:02:34.924root 11241100x8000000000000000780791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b09ff9785fbcf552021-12-20 16:02:34.924root 11241100x8000000000000000780792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc634e6909755e0b2021-12-20 16:02:34.924root 11241100x8000000000000000780793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce6a15327b9b8122021-12-20 16:02:34.925root 11241100x8000000000000000780794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee25ee122f784982021-12-20 16:02:34.925root 11241100x8000000000000000780795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f407ddaaf0f8c2021-12-20 16:02:34.925root 11241100x8000000000000000780796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697d35593c97b7d82021-12-20 16:02:34.925root 11241100x8000000000000000780797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226da055de64ceb32021-12-20 16:02:34.925root 11241100x8000000000000000780798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab162e70ed2828f2021-12-20 16:02:34.925root 11241100x8000000000000000780799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5730125397ea2bb72021-12-20 16:02:34.925root 11241100x8000000000000000780800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4793a776fa889b82021-12-20 16:02:34.925root 11241100x8000000000000000780801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00d88e40081c99a2021-12-20 16:02:34.925root 11241100x8000000000000000780802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52b50a87ccdca432021-12-20 16:02:34.925root 11241100x8000000000000000780803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0334682be331cd2021-12-20 16:02:34.925root 11241100x8000000000000000780804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881cb2abcb854fb62021-12-20 16:02:34.925root 11241100x8000000000000000780805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4e72903f098e482021-12-20 16:02:34.925root 11241100x8000000000000000780806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159a3f5f238e263d2021-12-20 16:02:34.926root 11241100x8000000000000000780807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0f4d07d187cc862021-12-20 16:02:34.926root 11241100x8000000000000000780808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa19ecdc07402dd2021-12-20 16:02:34.926root 11241100x8000000000000000780809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc40e002f5a5f0ae2021-12-20 16:02:34.926root 11241100x8000000000000000780810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e62e7b863c67cf2021-12-20 16:02:34.926root 11241100x8000000000000000780811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047b9151f282334c2021-12-20 16:02:34.927root 11241100x8000000000000000780812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d8e92be0d4c0542021-12-20 16:02:34.927root 11241100x8000000000000000780813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3a0a9be459f6712021-12-20 16:02:34.927root 11241100x8000000000000000780814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b0b90ee8cb79732021-12-20 16:02:34.927root 11241100x8000000000000000780815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43b2aa62ea2b0432021-12-20 16:02:34.927root 11241100x8000000000000000780816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ab6529bd09c5be2021-12-20 16:02:34.927root 11241100x8000000000000000780817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a9e8c2a0cefe362021-12-20 16:02:34.927root 11241100x8000000000000000780818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287c4b2b8b463baf2021-12-20 16:02:34.927root 11241100x8000000000000000780819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7df0d54f87d4d12021-12-20 16:02:34.927root 11241100x8000000000000000780820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802d9480337793bd2021-12-20 16:02:34.927root 11241100x8000000000000000780821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17b8191c20443f02021-12-20 16:02:34.927root 11241100x8000000000000000780822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a695908107fd4ab2021-12-20 16:02:34.927root 11241100x8000000000000000780823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f815d03f06e1cce2021-12-20 16:02:34.927root 11241100x8000000000000000780824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a20679bab9a67b72021-12-20 16:02:34.927root 11241100x8000000000000000780825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba48ae97cd4a4e52021-12-20 16:02:34.928root 11241100x8000000000000000780826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920d5977e5ece8062021-12-20 16:02:34.928root 11241100x8000000000000000780827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad089992313eb7cb2021-12-20 16:02:34.928root 11241100x8000000000000000780828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9254a4cc2fae762021-12-20 16:02:35.424root 11241100x8000000000000000780829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cdc5978978ca0b2021-12-20 16:02:35.424root 11241100x8000000000000000780830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d752bae0035b512021-12-20 16:02:35.424root 11241100x8000000000000000780831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cebee6cc450bdca2021-12-20 16:02:35.424root 11241100x8000000000000000780832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be689a40bb0a6d152021-12-20 16:02:35.424root 11241100x8000000000000000780833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a219426248d84ad62021-12-20 16:02:35.424root 11241100x8000000000000000780834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf8a29084afbce62021-12-20 16:02:35.424root 11241100x8000000000000000780835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c40d63ce4ce55d2021-12-20 16:02:35.424root 11241100x8000000000000000780836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23083e7a71cc4ba62021-12-20 16:02:35.424root 11241100x8000000000000000780837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c592117a25a8142021-12-20 16:02:35.425root 11241100x8000000000000000780838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831743701f3715382021-12-20 16:02:35.425root 11241100x8000000000000000780839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d774da9e6c2a3f6d2021-12-20 16:02:35.426root 11241100x8000000000000000780840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515d4a7053b849b42021-12-20 16:02:35.426root 11241100x8000000000000000780841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73613acf6199b5bb2021-12-20 16:02:35.426root 11241100x8000000000000000780842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6d215afd4734e42021-12-20 16:02:35.426root 11241100x8000000000000000780843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb0806b9d8ae1522021-12-20 16:02:35.426root 11241100x8000000000000000780844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9720a3397331d1a52021-12-20 16:02:35.426root 11241100x8000000000000000780845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d946d77644ef16eb2021-12-20 16:02:35.426root 11241100x8000000000000000780846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb7a7850a1553492021-12-20 16:02:35.426root 11241100x8000000000000000780847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef33e759f36c006c2021-12-20 16:02:35.426root 11241100x8000000000000000780848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b6d7fd250bc2a52021-12-20 16:02:35.426root 11241100x8000000000000000780849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adf8b6dc140891e2021-12-20 16:02:35.427root 11241100x8000000000000000780850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e78678577b7e7eb2021-12-20 16:02:35.427root 11241100x8000000000000000780851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd0b3da740b11072021-12-20 16:02:35.427root 11241100x8000000000000000780852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a58aa9d816bb002021-12-20 16:02:35.427root 11241100x8000000000000000780853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b7c9cbc9dbdcc12021-12-20 16:02:35.427root 11241100x8000000000000000780854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ee6a42cab51ee62021-12-20 16:02:35.427root 11241100x8000000000000000780855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c26c5c4654026b2021-12-20 16:02:35.427root 11241100x8000000000000000780856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a69c0d7fc4931832021-12-20 16:02:35.427root 11241100x8000000000000000780857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b65ead297c96ad2021-12-20 16:02:35.427root 11241100x8000000000000000780858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac80ce610dd6b7182021-12-20 16:02:35.427root 11241100x8000000000000000780859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46da8be774fc71fb2021-12-20 16:02:35.427root 11241100x8000000000000000780860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46a24f2281eb3b12021-12-20 16:02:35.428root 11241100x8000000000000000780861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba98d1adb81684892021-12-20 16:02:35.428root 11241100x8000000000000000780862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8675d5e01c7d9f332021-12-20 16:02:35.428root 11241100x8000000000000000780863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404f274fe0cb1a842021-12-20 16:02:35.428root 11241100x8000000000000000780864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7f5482b3fcd5592021-12-20 16:02:35.428root 11241100x8000000000000000780865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78b10cf48f01df22021-12-20 16:02:35.428root 11241100x8000000000000000780866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b982bf6a58c0fe52021-12-20 16:02:35.428root 11241100x8000000000000000780867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ae9ec1c61929232021-12-20 16:02:35.429root 11241100x8000000000000000780868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab577d31149a11062021-12-20 16:02:35.429root 11241100x8000000000000000780869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95e6c670b6aa7762021-12-20 16:02:35.429root 11241100x8000000000000000780870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0798af0a9e80d92021-12-20 16:02:35.429root 11241100x8000000000000000780871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029ad711d8c6d4432021-12-20 16:02:35.429root 11241100x8000000000000000780872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9810bf09272eacb22021-12-20 16:02:35.429root 11241100x8000000000000000780873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3983e90ec5ef39e62021-12-20 16:02:35.429root 11241100x8000000000000000780874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf43a763133539542021-12-20 16:02:35.429root 11241100x8000000000000000780875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b887940f09d543472021-12-20 16:02:35.429root 11241100x8000000000000000780876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97978360d4b3d522021-12-20 16:02:35.430root 11241100x8000000000000000780877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0831bcfb42a1ab452021-12-20 16:02:35.432root 11241100x8000000000000000780878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1110909b14b5caf82021-12-20 16:02:35.432root 11241100x8000000000000000780879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bead2b7d9a354a2021-12-20 16:02:35.432root 11241100x8000000000000000780880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39959f91dd5a18002021-12-20 16:02:35.924root 11241100x8000000000000000780881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfb90dfb6b65a522021-12-20 16:02:35.924root 11241100x8000000000000000780882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad131446b06b3632021-12-20 16:02:35.924root 11241100x8000000000000000780883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3cc07c52160d902021-12-20 16:02:35.924root 11241100x8000000000000000780884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e457f45afd7e73c12021-12-20 16:02:35.924root 11241100x8000000000000000780885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3d26579dfe30a32021-12-20 16:02:35.925root 11241100x8000000000000000780886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ce112536cd78472021-12-20 16:02:35.925root 11241100x8000000000000000780887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e99013fec0897fa2021-12-20 16:02:35.925root 11241100x8000000000000000780888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60216a801cb98e012021-12-20 16:02:35.925root 11241100x8000000000000000780889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791430aea831591b2021-12-20 16:02:35.925root 11241100x8000000000000000780890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfc66e6c3efad6e2021-12-20 16:02:35.925root 11241100x8000000000000000780891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b63f932441d1732021-12-20 16:02:35.925root 11241100x8000000000000000780892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005dbef2e7f8c7d82021-12-20 16:02:35.925root 11241100x8000000000000000780893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c3409c84d2f0a52021-12-20 16:02:35.925root 11241100x8000000000000000780894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f232727c0814392021-12-20 16:02:35.925root 11241100x8000000000000000780895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5af13f4c26674fd2021-12-20 16:02:35.925root 11241100x8000000000000000780896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a4129f736ab46c2021-12-20 16:02:35.925root 11241100x8000000000000000780897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46aaf438ad9728b82021-12-20 16:02:35.925root 11241100x8000000000000000780898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214ca3c8f476a8c62021-12-20 16:02:35.925root 11241100x8000000000000000780899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f05f71733b5438f2021-12-20 16:02:35.925root 11241100x8000000000000000780900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50761bb382bc14f2021-12-20 16:02:35.925root 11241100x8000000000000000780901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d4a2cd209907682021-12-20 16:02:35.926root 11241100x8000000000000000780902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814231541d4f15c32021-12-20 16:02:35.926root 11241100x8000000000000000780903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e81cc721943eca32021-12-20 16:02:35.926root 11241100x8000000000000000780904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fda639adf001bc92021-12-20 16:02:35.926root 11241100x8000000000000000780905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719d658b2e095ac82021-12-20 16:02:35.926root 11241100x8000000000000000780906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fd8d752eb7a9962021-12-20 16:02:35.926root 11241100x8000000000000000780907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4d8248ff6237d62021-12-20 16:02:35.926root 11241100x8000000000000000780908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154ad4658b41fb3e2021-12-20 16:02:35.926root 11241100x8000000000000000780909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994811130ef714c32021-12-20 16:02:35.926root 11241100x8000000000000000780910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034c25594f00ba0b2021-12-20 16:02:35.926root 11241100x8000000000000000780911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a82cbb1a14c9ee2021-12-20 16:02:35.926root 11241100x8000000000000000780912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e014dd423f7dd5902021-12-20 16:02:35.926root 11241100x8000000000000000780913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f30579b13113242021-12-20 16:02:35.926root 11241100x8000000000000000780914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf24adf8cd2369b2021-12-20 16:02:35.927root 11241100x8000000000000000780915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5decd7b66b4ca8122021-12-20 16:02:35.927root 11241100x8000000000000000780916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a499554f316f29462021-12-20 16:02:35.927root 11241100x8000000000000000780917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fb603ff6976b0d2021-12-20 16:02:35.927root 11241100x8000000000000000780918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67aaf311960849ab2021-12-20 16:02:35.927root 11241100x8000000000000000780919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b067053909a561e82021-12-20 16:02:35.929root 11241100x8000000000000000780920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312b218590cd6b7f2021-12-20 16:02:35.929root 11241100x8000000000000000780921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18848286580d85cc2021-12-20 16:02:35.929root 11241100x8000000000000000780922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfc5957aaf7404e2021-12-20 16:02:35.929root 11241100x8000000000000000780923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ce73b40cd3980f2021-12-20 16:02:35.929root 11241100x8000000000000000780924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4756aa9f3643462021-12-20 16:02:35.929root 11241100x8000000000000000780925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccf0de52d7de36a2021-12-20 16:02:35.929root 11241100x8000000000000000780926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69c751bb0ad9a4c2021-12-20 16:02:35.930root 11241100x8000000000000000780927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a59d2435ccd0f5c2021-12-20 16:02:35.930root 11241100x8000000000000000780928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7f0ef03e6d38152021-12-20 16:02:35.930root 11241100x8000000000000000780929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987d106f9b12eab72021-12-20 16:02:35.930root 11241100x8000000000000000780930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa31785c6c8c5a1a2021-12-20 16:02:35.930root 11241100x8000000000000000780931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbb6540587caba92021-12-20 16:02:35.930root 11241100x8000000000000000780932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd76ff01f6c61c712021-12-20 16:02:35.930root 11241100x8000000000000000780933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e76f40b99710942021-12-20 16:02:35.930root 11241100x8000000000000000780934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dd66e04eb191872021-12-20 16:02:35.930root 11241100x8000000000000000780935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d85a3e7651599fc2021-12-20 16:02:35.930root 11241100x8000000000000000780936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d486f18b418ef5e02021-12-20 16:02:35.930root 11241100x8000000000000000780937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d5636bd57b6d742021-12-20 16:02:35.931root 11241100x8000000000000000780938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac90e410dfcd2272021-12-20 16:02:35.931root 11241100x8000000000000000780939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2be1838a9ac83fe2021-12-20 16:02:35.931root 11241100x8000000000000000780940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6edbe2fee3f70432021-12-20 16:02:35.931root 11241100x8000000000000000780941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f7889c762d687f2021-12-20 16:02:35.931root 11241100x8000000000000000780942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be972c3e1ddc0b822021-12-20 16:02:35.931root 11241100x8000000000000000780943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d9aac1ba3b78662021-12-20 16:02:35.931root 11241100x8000000000000000780944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b408e3b748e30c82021-12-20 16:02:35.931root 11241100x8000000000000000780945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecef5ad7c96738f32021-12-20 16:02:35.931root 11241100x8000000000000000780946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3702bd40c1ecc54d2021-12-20 16:02:35.931root 11241100x8000000000000000780947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b830733baaf07a22021-12-20 16:02:35.932root 11241100x8000000000000000780948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fff4888eaa4d252021-12-20 16:02:35.932root 11241100x8000000000000000780949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24c86569c0f5b1b2021-12-20 16:02:35.932root 11241100x8000000000000000780950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ab02d539354bc22021-12-20 16:02:35.932root 11241100x8000000000000000780951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66014c00a0620b52021-12-20 16:02:35.932root 11241100x8000000000000000780952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:35.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7702721fe634232021-12-20 16:02:35.932root 11241100x8000000000000000780953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.069{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:02:36.069root 11241100x8000000000000000780954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb970033075d20d2021-12-20 16:02:36.424root 11241100x8000000000000000780955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb87894bff0e8ad12021-12-20 16:02:36.424root 11241100x8000000000000000780956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff68e8c5626c36ca2021-12-20 16:02:36.425root 11241100x8000000000000000780957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb3fe5ebb36dbe2021-12-20 16:02:36.425root 11241100x8000000000000000780958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2bf343a0930fd62021-12-20 16:02:36.425root 11241100x8000000000000000780959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d0fa49db3201df2021-12-20 16:02:36.426root 11241100x8000000000000000780960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d1aa399983e4272021-12-20 16:02:36.426root 11241100x8000000000000000780961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98e274554e21c1b2021-12-20 16:02:36.426root 11241100x8000000000000000780962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b0cfc45be7fa982021-12-20 16:02:36.426root 11241100x8000000000000000780963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d114296c849f3f762021-12-20 16:02:36.427root 11241100x8000000000000000780964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bc2f77c4ca31362021-12-20 16:02:36.427root 11241100x8000000000000000780965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d622bf4609080562021-12-20 16:02:36.427root 11241100x8000000000000000780966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f0a45560948b472021-12-20 16:02:36.427root 11241100x8000000000000000780967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3028ec5563b261c72021-12-20 16:02:36.427root 11241100x8000000000000000780968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8de2e588af10d422021-12-20 16:02:36.428root 11241100x8000000000000000780969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf52b8d699f815b22021-12-20 16:02:36.428root 11241100x8000000000000000780970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03c863a234998562021-12-20 16:02:36.428root 11241100x8000000000000000780971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbaba62a66068e22021-12-20 16:02:36.431root 11241100x8000000000000000780972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52af055ee2264f532021-12-20 16:02:36.431root 11241100x8000000000000000780973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f822ba9a17e866c2021-12-20 16:02:36.433root 11241100x8000000000000000780974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd0bd2ba8e30d662021-12-20 16:02:36.433root 11241100x8000000000000000780975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f89228b85fe6f362021-12-20 16:02:36.433root 11241100x8000000000000000780976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02af13d176ec3d0c2021-12-20 16:02:36.433root 11241100x8000000000000000780977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b88d7b0ab692a612021-12-20 16:02:36.433root 11241100x8000000000000000780978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65205e508fb858982021-12-20 16:02:36.434root 11241100x8000000000000000780979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414f29ee7464242f2021-12-20 16:02:36.434root 11241100x8000000000000000780980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9e980cfaacc5e12021-12-20 16:02:36.434root 11241100x8000000000000000780981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7585d7920be817b2021-12-20 16:02:36.434root 11241100x8000000000000000780982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76c85e6944123f32021-12-20 16:02:36.434root 11241100x8000000000000000780983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caca2e8efc15544f2021-12-20 16:02:36.434root 11241100x8000000000000000780984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01ea10066a33d7c2021-12-20 16:02:36.435root 11241100x8000000000000000780985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413a10bd38694fa92021-12-20 16:02:36.435root 11241100x8000000000000000780986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d80d6b1fc3e8182021-12-20 16:02:36.435root 11241100x8000000000000000780987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6048da354ce9cbea2021-12-20 16:02:36.435root 11241100x8000000000000000780988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1424b63d84cc132021-12-20 16:02:36.436root 11241100x8000000000000000780989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a1a2557ed7a6002021-12-20 16:02:36.436root 11241100x8000000000000000780990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc6c2e0f47acb9f2021-12-20 16:02:36.437root 11241100x8000000000000000780991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3036319d4ba8747d2021-12-20 16:02:36.437root 11241100x8000000000000000780992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f66d0350ef6d6c2021-12-20 16:02:36.437root 11241100x8000000000000000780993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6360b85334a2bf182021-12-20 16:02:36.437root 11241100x8000000000000000780994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5604d416ab54a1692021-12-20 16:02:36.437root 11241100x8000000000000000780995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fb404b36111a182021-12-20 16:02:36.924root 11241100x8000000000000000780996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abeb04c8bdedc9e72021-12-20 16:02:36.925root 11241100x8000000000000000780997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6979dbfb5b40d7f2021-12-20 16:02:36.925root 11241100x8000000000000000780998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7876039f9c0c6602021-12-20 16:02:36.925root 11241100x8000000000000000780999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c402015023bec5942021-12-20 16:02:36.925root 11241100x8000000000000000781000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9af98772db8e42021-12-20 16:02:36.925root 11241100x8000000000000000781001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fba884621d367162021-12-20 16:02:36.926root 11241100x8000000000000000781002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0179ab016046854c2021-12-20 16:02:36.926root 11241100x8000000000000000781003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0f9d1b8c43657e2021-12-20 16:02:36.926root 11241100x8000000000000000781004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15321ccd491441772021-12-20 16:02:36.926root 11241100x8000000000000000781005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1cbfb7b634a8762021-12-20 16:02:36.926root 11241100x8000000000000000781006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627cfb8d730208df2021-12-20 16:02:36.926root 11241100x8000000000000000781007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ef141d89e6d70d2021-12-20 16:02:36.926root 11241100x8000000000000000781008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1998aad4efbfb5c52021-12-20 16:02:36.927root 11241100x8000000000000000781009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cd16d0ee5180b12021-12-20 16:02:36.927root 11241100x8000000000000000781010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44782c5e6b4b0d162021-12-20 16:02:36.927root 11241100x8000000000000000781011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bee68abf398c5f2021-12-20 16:02:36.927root 11241100x8000000000000000781012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9b0b674d629cba2021-12-20 16:02:36.927root 11241100x8000000000000000781013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717e60ba372399462021-12-20 16:02:36.927root 11241100x8000000000000000781014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe35a5a3d5e3fe32021-12-20 16:02:36.927root 11241100x8000000000000000781015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3637c88cf18b864f2021-12-20 16:02:36.927root 11241100x8000000000000000781016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1112bf680623712021-12-20 16:02:36.927root 11241100x8000000000000000781017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8c12a1e413e7182021-12-20 16:02:36.928root 11241100x8000000000000000781018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42bd141f9806e3b2021-12-20 16:02:36.928root 11241100x8000000000000000781019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bb312e0c1dd7df2021-12-20 16:02:36.928root 11241100x8000000000000000781020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328e4650fa1c82f22021-12-20 16:02:36.928root 11241100x8000000000000000781021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daba0318131115dd2021-12-20 16:02:36.928root 11241100x8000000000000000781022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6892f6ec02aa4b2021-12-20 16:02:36.928root 11241100x8000000000000000781023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c65fff7bab47be82021-12-20 16:02:36.929root 11241100x8000000000000000781024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a53326af616d38c2021-12-20 16:02:36.929root 11241100x8000000000000000781025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48176461f9c169dd2021-12-20 16:02:36.929root 11241100x8000000000000000781026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e67f88dfa53d1092021-12-20 16:02:36.929root 11241100x8000000000000000781027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a616d4993831b172021-12-20 16:02:36.929root 11241100x8000000000000000781028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875a6546715d44d22021-12-20 16:02:36.929root 11241100x8000000000000000781029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d99831adaf5e0482021-12-20 16:02:36.929root 11241100x8000000000000000781030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e128585e10d3f5d22021-12-20 16:02:36.929root 11241100x8000000000000000781031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c82167466c24032021-12-20 16:02:36.929root 11241100x8000000000000000781032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c61bd15e863ac382021-12-20 16:02:36.929root 11241100x8000000000000000781033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26eae8edff48c212021-12-20 16:02:36.929root 11241100x8000000000000000781034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96513d6d9f0ab0a2021-12-20 16:02:36.929root 11241100x8000000000000000781035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d627f4a861da1c2021-12-20 16:02:36.929root 11241100x8000000000000000781036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:36.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c851ab7065f4d552021-12-20 16:02:36.930root 11241100x8000000000000000781037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e833c8e55137bcd2021-12-20 16:02:37.424root 11241100x8000000000000000781038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ada62e9b83c2812021-12-20 16:02:37.424root 11241100x8000000000000000781039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3bc4c591c427d92021-12-20 16:02:37.425root 11241100x8000000000000000781040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1727eb516f87c12021-12-20 16:02:37.425root 11241100x8000000000000000781041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a774c55030eda862021-12-20 16:02:37.425root 11241100x8000000000000000781042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54c6d1764d1cd612021-12-20 16:02:37.425root 11241100x8000000000000000781043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573847d3b88e83c62021-12-20 16:02:37.425root 11241100x8000000000000000781044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5299d73631df600d2021-12-20 16:02:37.426root 11241100x8000000000000000781045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b760d0e7d31e382021-12-20 16:02:37.426root 11241100x8000000000000000781046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd3e48d2238351f2021-12-20 16:02:37.426root 11241100x8000000000000000781047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cfb7e9313d29702021-12-20 16:02:37.426root 11241100x8000000000000000781048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575f609e65bd647f2021-12-20 16:02:37.426root 11241100x8000000000000000781049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cc38ddf1b12aa92021-12-20 16:02:37.426root 11241100x8000000000000000781050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7546351aa4bb4b42021-12-20 16:02:37.427root 11241100x8000000000000000781051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e20f56aced9ad022021-12-20 16:02:37.427root 11241100x8000000000000000781052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289f54c9ccedf7762021-12-20 16:02:37.427root 11241100x8000000000000000781053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143d0f0514b70b882021-12-20 16:02:37.427root 11241100x8000000000000000781054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a83008f959c21452021-12-20 16:02:37.427root 11241100x8000000000000000781055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb36235afb92f502021-12-20 16:02:37.427root 11241100x8000000000000000781056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a9c72c1fe192782021-12-20 16:02:37.427root 11241100x8000000000000000781057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03d73de3170348f2021-12-20 16:02:37.427root 11241100x8000000000000000781058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da54b500c48957a12021-12-20 16:02:37.427root 11241100x8000000000000000781059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8be3dc3e8b29352021-12-20 16:02:37.427root 11241100x8000000000000000781060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66f18bc9e523ea32021-12-20 16:02:37.427root 11241100x8000000000000000781061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f311facaf89c95f02021-12-20 16:02:37.427root 11241100x8000000000000000781062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb53da4ba2f344922021-12-20 16:02:37.427root 11241100x8000000000000000781063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956bc1474f368f9e2021-12-20 16:02:37.427root 11241100x8000000000000000781064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fc2dcbfb898ddc2021-12-20 16:02:37.427root 11241100x8000000000000000781065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b717b4cc56b12172021-12-20 16:02:37.428root 11241100x8000000000000000781066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67265b5736277c312021-12-20 16:02:37.428root 11241100x8000000000000000781067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4531055bb934562021-12-20 16:02:37.428root 11241100x8000000000000000781068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a71b0b5b3f16d22021-12-20 16:02:37.428root 11241100x8000000000000000781069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd2efa74c36f3652021-12-20 16:02:37.428root 11241100x8000000000000000781070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385a6b04d077726a2021-12-20 16:02:37.428root 11241100x8000000000000000781071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93721cb149a898d72021-12-20 16:02:37.428root 11241100x8000000000000000781072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86275aa833559392021-12-20 16:02:37.428root 11241100x8000000000000000781073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d3db73365b5e882021-12-20 16:02:37.428root 11241100x8000000000000000781074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534fe984c0864cae2021-12-20 16:02:37.428root 11241100x8000000000000000781075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245cc728ad226d7f2021-12-20 16:02:37.428root 11241100x8000000000000000781076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e611430c3643611f2021-12-20 16:02:37.428root 11241100x8000000000000000781077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190267131cfd63222021-12-20 16:02:37.924root 11241100x8000000000000000781078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad1f69f9bd809f62021-12-20 16:02:37.924root 11241100x8000000000000000781079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b2bf5af4991cfb2021-12-20 16:02:37.924root 11241100x8000000000000000781080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544408365d6ed4742021-12-20 16:02:37.924root 11241100x8000000000000000781081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093da7a641eae3f92021-12-20 16:02:37.925root 11241100x8000000000000000781082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2723153ddcfed5c42021-12-20 16:02:37.925root 11241100x8000000000000000781083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0054c5f20d44aa7e2021-12-20 16:02:37.925root 11241100x8000000000000000781084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173beb749edd88d32021-12-20 16:02:37.925root 11241100x8000000000000000781085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ad8e056bba35062021-12-20 16:02:37.925root 11241100x8000000000000000781086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b253f05de292f4c72021-12-20 16:02:37.925root 11241100x8000000000000000781087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67d41ace6e53c812021-12-20 16:02:37.925root 11241100x8000000000000000781088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38efe61098e5e8a82021-12-20 16:02:37.925root 11241100x8000000000000000781089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b9cd25ed05f43c2021-12-20 16:02:37.925root 11241100x8000000000000000781090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0affeee17227d2a2021-12-20 16:02:37.925root 11241100x8000000000000000781091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00dc5855cc4ccd22021-12-20 16:02:37.925root 11241100x8000000000000000781092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5723bbe938a4e4b42021-12-20 16:02:37.925root 11241100x8000000000000000781093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c1441c1c4d18962021-12-20 16:02:37.925root 11241100x8000000000000000781094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc3ac17a7d7c14f2021-12-20 16:02:37.926root 11241100x8000000000000000781095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70affdad427ce47f2021-12-20 16:02:37.926root 11241100x8000000000000000781096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9817978ec1e088bd2021-12-20 16:02:37.926root 11241100x8000000000000000781097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1cbe2f3092dfef2021-12-20 16:02:37.926root 11241100x8000000000000000781098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bfb17a1a1747682021-12-20 16:02:37.926root 11241100x8000000000000000781099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea90cf9b9b19f622021-12-20 16:02:37.926root 11241100x8000000000000000781100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5066de0096acf272021-12-20 16:02:37.926root 11241100x8000000000000000781101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad3acb9d287fbcb2021-12-20 16:02:37.926root 11241100x8000000000000000781102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fb39331fbe56442021-12-20 16:02:37.926root 11241100x8000000000000000781103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a526bac223ef098a2021-12-20 16:02:37.926root 11241100x8000000000000000781104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa053bc09943cda22021-12-20 16:02:37.926root 11241100x8000000000000000781105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6ff3c328644d192021-12-20 16:02:37.926root 11241100x8000000000000000781106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920ffbac85d57e652021-12-20 16:02:37.926root 11241100x8000000000000000781107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e8f17e9cec1e22021-12-20 16:02:37.926root 11241100x8000000000000000781108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbdac0ee59510cf2021-12-20 16:02:37.927root 11241100x8000000000000000781109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708a697da954f7162021-12-20 16:02:37.927root 11241100x8000000000000000781110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7b06b328e2c9712021-12-20 16:02:37.927root 11241100x8000000000000000781111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09d3849c80255202021-12-20 16:02:37.927root 11241100x8000000000000000781112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b329cfa94d8a6682021-12-20 16:02:37.927root 11241100x8000000000000000781113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dca5dcdb94ad302021-12-20 16:02:37.927root 11241100x8000000000000000781114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9061091d746a3fb22021-12-20 16:02:37.927root 11241100x8000000000000000781115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d5f1b07c197ddf2021-12-20 16:02:37.927root 11241100x8000000000000000781116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e984c347870fe0bc2021-12-20 16:02:38.424root 11241100x8000000000000000781117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bba0f7da0f79942021-12-20 16:02:38.424root 11241100x8000000000000000781118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e2ea804c658ed72021-12-20 16:02:38.425root 11241100x8000000000000000781119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee6397c10ee981d2021-12-20 16:02:38.425root 11241100x8000000000000000781120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efba62b9c9d981762021-12-20 16:02:38.425root 11241100x8000000000000000781121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9e1a94c82208d02021-12-20 16:02:38.425root 11241100x8000000000000000781122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42afcfe1761f98292021-12-20 16:02:38.426root 11241100x8000000000000000781123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a3e318979839312021-12-20 16:02:38.426root 11241100x8000000000000000781124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3617eedeb93288612021-12-20 16:02:38.426root 11241100x8000000000000000781125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77da9c2e8185afe12021-12-20 16:02:38.426root 11241100x8000000000000000781126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17e33e3d27416012021-12-20 16:02:38.427root 11241100x8000000000000000781127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f8c2ad06ef18042021-12-20 16:02:38.427root 11241100x8000000000000000781128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf606bd8e3817032021-12-20 16:02:38.428root 11241100x8000000000000000781129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77917d905f22689e2021-12-20 16:02:38.428root 11241100x8000000000000000781130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da4ab1229639bfc2021-12-20 16:02:38.429root 11241100x8000000000000000781131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9283e4783a95a53a2021-12-20 16:02:38.429root 11241100x8000000000000000781132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468aef9e25667a4b2021-12-20 16:02:38.429root 11241100x8000000000000000781133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282d374341ddae2d2021-12-20 16:02:38.429root 11241100x8000000000000000781134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb1a0cd6027e9b92021-12-20 16:02:38.430root 11241100x8000000000000000781135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbb21993d196a8f2021-12-20 16:02:38.430root 11241100x8000000000000000781136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1476277b7e3bd9f2021-12-20 16:02:38.430root 11241100x8000000000000000781137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2944016d732b5602021-12-20 16:02:38.430root 11241100x8000000000000000781138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683e81e16c23da8a2021-12-20 16:02:38.430root 11241100x8000000000000000781139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b822171a66fd79342021-12-20 16:02:38.431root 11241100x8000000000000000781140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b079dd367374f2632021-12-20 16:02:38.431root 11241100x8000000000000000781141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e7ccdbd18bb8f02021-12-20 16:02:38.431root 11241100x8000000000000000781142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f233a673f18c32f2021-12-20 16:02:38.431root 11241100x8000000000000000781143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c26e1802784de22021-12-20 16:02:38.431root 11241100x8000000000000000781144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9f6fa9e10f1d252021-12-20 16:02:38.431root 11241100x8000000000000000781145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c67cc25ac7852d2021-12-20 16:02:38.432root 11241100x8000000000000000781146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4ecd7bd17203a72021-12-20 16:02:38.432root 11241100x8000000000000000781147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4eb2919474149a2021-12-20 16:02:38.432root 11241100x8000000000000000781148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa59772609f2985c2021-12-20 16:02:38.432root 11241100x8000000000000000781149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0351f8c74d874b2021-12-20 16:02:38.432root 11241100x8000000000000000781150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df959b48a9e4fb1a2021-12-20 16:02:38.433root 11241100x8000000000000000781151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a403a02116a950d52021-12-20 16:02:38.433root 11241100x8000000000000000781152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0422a609feb0bfd12021-12-20 16:02:38.433root 11241100x8000000000000000781153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea8c7e995c649962021-12-20 16:02:38.434root 11241100x8000000000000000781154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964ff0ef144523972021-12-20 16:02:38.434root 11241100x8000000000000000781155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8876589ce5ea7b702021-12-20 16:02:38.434root 11241100x8000000000000000781156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc5f1787b5cb46a2021-12-20 16:02:38.434root 11241100x8000000000000000781157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1606a9e05d501c7c2021-12-20 16:02:38.434root 11241100x8000000000000000781158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d57d3c5a4c159ba2021-12-20 16:02:38.434root 11241100x8000000000000000781159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be356c14eec1d3fe2021-12-20 16:02:38.434root 11241100x8000000000000000781160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f417ae621c7ffd642021-12-20 16:02:38.435root 11241100x8000000000000000781161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7682ddb9c55aa952021-12-20 16:02:38.924root 11241100x8000000000000000781162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11de95cfd4e82ff92021-12-20 16:02:38.924root 11241100x8000000000000000781163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179d5c6a99392fed2021-12-20 16:02:38.924root 11241100x8000000000000000781164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fff1421f3264f52021-12-20 16:02:38.924root 11241100x8000000000000000781165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386d5659e98923d82021-12-20 16:02:38.925root 11241100x8000000000000000781166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8215633cd8fdb272021-12-20 16:02:38.925root 11241100x8000000000000000781167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a360f7b104c802021-12-20 16:02:38.925root 11241100x8000000000000000781168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4eec527b4499c92021-12-20 16:02:38.925root 11241100x8000000000000000781169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cc9923776d62892021-12-20 16:02:38.925root 11241100x8000000000000000781170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28982a9bc6eba5da2021-12-20 16:02:38.925root 11241100x8000000000000000781171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f886958ae1ac8b432021-12-20 16:02:38.925root 11241100x8000000000000000781172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c4e2b920b8a2e42021-12-20 16:02:38.925root 11241100x8000000000000000781173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fc1093f60012552021-12-20 16:02:38.925root 11241100x8000000000000000781174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e36fc833ed70572021-12-20 16:02:38.925root 11241100x8000000000000000781175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685bbd93880671532021-12-20 16:02:38.925root 11241100x8000000000000000781176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233830988a1b2a002021-12-20 16:02:38.925root 11241100x8000000000000000781177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76d162f39f720102021-12-20 16:02:38.925root 11241100x8000000000000000781178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ff64b6c43f885f2021-12-20 16:02:38.925root 11241100x8000000000000000781179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9251276b2e1483942021-12-20 16:02:38.925root 11241100x8000000000000000781180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552c821996d3b99f2021-12-20 16:02:38.925root 11241100x8000000000000000781181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6592bcf7fcaa4952021-12-20 16:02:38.926root 11241100x8000000000000000781182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ddc16fb3c0f99a2021-12-20 16:02:38.926root 11241100x8000000000000000781183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba87e4ca75d6f0d2021-12-20 16:02:38.926root 11241100x8000000000000000781184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5890ec4ece26a70d2021-12-20 16:02:38.926root 11241100x8000000000000000781185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91c5181776326e02021-12-20 16:02:38.926root 11241100x8000000000000000781186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49583dd9ec1f20d2021-12-20 16:02:38.926root 11241100x8000000000000000781187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b490316940f0b6012021-12-20 16:02:38.926root 11241100x8000000000000000781188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c048e5bd5ba7f0f42021-12-20 16:02:38.926root 11241100x8000000000000000781189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2733bd710e0adf2021-12-20 16:02:38.926root 11241100x8000000000000000781190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a61c8be088da4d2021-12-20 16:02:38.926root 11241100x8000000000000000781191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6b7d6ad5bc6ca92021-12-20 16:02:38.926root 11241100x8000000000000000781192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43591f645280daf22021-12-20 16:02:38.926root 11241100x8000000000000000781193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dc9a0ce32940c72021-12-20 16:02:38.926root 11241100x8000000000000000781194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7e1d43f3562d382021-12-20 16:02:38.926root 11241100x8000000000000000781195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfca6498bb39bf382021-12-20 16:02:38.926root 11241100x8000000000000000781196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5584bc3dec03db12021-12-20 16:02:38.926root 11241100x8000000000000000781197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb214e9faa310c52021-12-20 16:02:38.927root 11241100x8000000000000000781198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bd90a86c7513be2021-12-20 16:02:38.927root 11241100x8000000000000000781199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e8064269fd7a282021-12-20 16:02:38.927root 11241100x8000000000000000781200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d688fecca868acf2021-12-20 16:02:38.927root 11241100x8000000000000000781201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b980df4c6024e3452021-12-20 16:02:38.927root 11241100x8000000000000000781202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e4b3f524f216722021-12-20 16:02:38.927root 23542300x8000000000000000781203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.071{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000781204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.104{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51552-false10.0.1.12-8000- 11241100x8000000000000000781205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70f94431bca32782021-12-20 16:02:39.424root 11241100x8000000000000000781206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2ebd31e87dbfb02021-12-20 16:02:39.424root 11241100x8000000000000000781207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2feedf738dd0a772021-12-20 16:02:39.424root 11241100x8000000000000000781208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f94f6e21e53dcf2021-12-20 16:02:39.424root 11241100x8000000000000000781209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1692654011f49d8e2021-12-20 16:02:39.425root 11241100x8000000000000000781210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bda530e1e017202021-12-20 16:02:39.425root 11241100x8000000000000000781211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44be8be2fc4420e42021-12-20 16:02:39.425root 11241100x8000000000000000781212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921ef913e7851f9e2021-12-20 16:02:39.425root 11241100x8000000000000000781213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02199460db3ba8d42021-12-20 16:02:39.425root 11241100x8000000000000000781214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f482e2cd069d70d12021-12-20 16:02:39.425root 11241100x8000000000000000781215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de73cbe3015eb6562021-12-20 16:02:39.425root 11241100x8000000000000000781216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509788406beb3df32021-12-20 16:02:39.425root 11241100x8000000000000000781217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c2aa16b50ddf1a2021-12-20 16:02:39.425root 11241100x8000000000000000781218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a335c8f9c04b5782021-12-20 16:02:39.425root 11241100x8000000000000000781219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4393e189e10d4f2f2021-12-20 16:02:39.425root 11241100x8000000000000000781220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65a05559155cf282021-12-20 16:02:39.425root 11241100x8000000000000000781221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348113d2e0f190602021-12-20 16:02:39.425root 11241100x8000000000000000781222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a7b53edd74d50b2021-12-20 16:02:39.425root 11241100x8000000000000000781223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff168d38d3926aa2021-12-20 16:02:39.425root 11241100x8000000000000000781224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb3235a4c628cfc2021-12-20 16:02:39.426root 11241100x8000000000000000781225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9c5c65688c6be92021-12-20 16:02:39.426root 11241100x8000000000000000781226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea496df436f75cab2021-12-20 16:02:39.426root 11241100x8000000000000000781227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caee55f86700d9ee2021-12-20 16:02:39.426root 11241100x8000000000000000781228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c181eca0777e1c322021-12-20 16:02:39.426root 11241100x8000000000000000781229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124e2ad7a78b19ec2021-12-20 16:02:39.426root 11241100x8000000000000000781230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebcb10831a784872021-12-20 16:02:39.426root 11241100x8000000000000000781231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169e9276c5a737c82021-12-20 16:02:39.426root 11241100x8000000000000000781232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98c3de76e339d0c2021-12-20 16:02:39.426root 11241100x8000000000000000781233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5eb9beaf3316ce02021-12-20 16:02:39.426root 11241100x8000000000000000781234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3467947d9ae1de2d2021-12-20 16:02:39.426root 11241100x8000000000000000781235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a8efb8e46b5b202021-12-20 16:02:39.426root 11241100x8000000000000000781236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a301d6dccbb217162021-12-20 16:02:39.426root 11241100x8000000000000000781237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3ef8f6d50e24da2021-12-20 16:02:39.426root 11241100x8000000000000000781238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10670d07cabd92482021-12-20 16:02:39.426root 11241100x8000000000000000781239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12961beea9e3ada2021-12-20 16:02:39.426root 11241100x8000000000000000781240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6ab21cdab0ac332021-12-20 16:02:39.427root 11241100x8000000000000000781241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4a57a15193b9652021-12-20 16:02:39.427root 11241100x8000000000000000781242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf52dbce166355d2021-12-20 16:02:39.427root 11241100x8000000000000000781243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66cc50cba616fb42021-12-20 16:02:39.427root 11241100x8000000000000000781244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896224f7ff531ec92021-12-20 16:02:39.427root 11241100x8000000000000000781245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0577418d2c26fd2021-12-20 16:02:39.427root 11241100x8000000000000000781246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c4a0c6fbe98a6d2021-12-20 16:02:39.427root 11241100x8000000000000000781247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59414366f4b6866f2021-12-20 16:02:39.427root 11241100x8000000000000000781248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f088385980c15df82021-12-20 16:02:39.427root 11241100x8000000000000000781249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e349b70a096fdea2021-12-20 16:02:39.427root 11241100x8000000000000000781250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7868ae08bcd72532021-12-20 16:02:39.427root 11241100x8000000000000000781251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50aa959f4a83c7282021-12-20 16:02:39.427root 11241100x8000000000000000781252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b41151d8936d342021-12-20 16:02:39.427root 11241100x8000000000000000781253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a2380ba629083f2021-12-20 16:02:39.428root 11241100x8000000000000000781254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c76f9417b545662021-12-20 16:02:39.428root 11241100x8000000000000000781255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4bda9490e052952021-12-20 16:02:39.428root 11241100x8000000000000000781256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4848f10b2a687e2021-12-20 16:02:39.428root 11241100x8000000000000000781257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c127a16b12aabfa52021-12-20 16:02:39.428root 11241100x8000000000000000781258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970d44c36bba411d2021-12-20 16:02:39.428root 11241100x8000000000000000781259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9627a3a372299b2021-12-20 16:02:39.428root 11241100x8000000000000000781260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920a263ebcdabe3f2021-12-20 16:02:39.428root 11241100x8000000000000000781261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e793abd0e5516232021-12-20 16:02:39.428root 11241100x8000000000000000781262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dcb8417ef5f1dc2021-12-20 16:02:39.428root 11241100x8000000000000000781263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9177740b9ec625022021-12-20 16:02:39.924root 11241100x8000000000000000781264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec9f06f740b1c8f2021-12-20 16:02:39.924root 11241100x8000000000000000781265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ded3d74f99e71532021-12-20 16:02:39.924root 11241100x8000000000000000781266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2761786b6c0f6e2021-12-20 16:02:39.924root 11241100x8000000000000000781267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0980cc1a636db4d2021-12-20 16:02:39.924root 11241100x8000000000000000781268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edb6809454a386c2021-12-20 16:02:39.924root 11241100x8000000000000000781269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1f3a6e9feec3b92021-12-20 16:02:39.925root 11241100x8000000000000000781270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81520155e8d7454f2021-12-20 16:02:39.925root 11241100x8000000000000000781271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e794b36b41b80062021-12-20 16:02:39.925root 11241100x8000000000000000781272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef3d2cd7ef59d32021-12-20 16:02:39.925root 11241100x8000000000000000781273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f485695395892a2021-12-20 16:02:39.925root 11241100x8000000000000000781274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529e635181d05f852021-12-20 16:02:39.925root 11241100x8000000000000000781275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6bbc4dd14f52772021-12-20 16:02:39.925root 11241100x8000000000000000781276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45844e97588fd9c2021-12-20 16:02:39.925root 11241100x8000000000000000781277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85c3d3509ed1f9d2021-12-20 16:02:39.925root 11241100x8000000000000000781278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24e514053ef15e02021-12-20 16:02:39.925root 11241100x8000000000000000781279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4cc27fb34bfa5f2021-12-20 16:02:39.926root 11241100x8000000000000000781280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cac3c55abc10552021-12-20 16:02:39.926root 11241100x8000000000000000781281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5353b042620dda2021-12-20 16:02:39.926root 11241100x8000000000000000781282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1989e676028bc4f82021-12-20 16:02:39.926root 11241100x8000000000000000781283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836a116d2020e4292021-12-20 16:02:39.926root 11241100x8000000000000000781284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea4412ad0854f322021-12-20 16:02:39.926root 11241100x8000000000000000781285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a822c01a97a01252021-12-20 16:02:39.926root 11241100x8000000000000000781286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52880f60af6a8c382021-12-20 16:02:39.926root 11241100x8000000000000000781287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fee20c1d0363be42021-12-20 16:02:39.926root 11241100x8000000000000000781288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29571772af5bfe62021-12-20 16:02:39.926root 11241100x8000000000000000781289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fc4c0692aafe112021-12-20 16:02:39.926root 11241100x8000000000000000781290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5b5ae7f18cef662021-12-20 16:02:39.927root 11241100x8000000000000000781291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7c28a0e1ab8a392021-12-20 16:02:39.927root 11241100x8000000000000000781292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c994ecc4236a3b2021-12-20 16:02:39.927root 11241100x8000000000000000781293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f1585419a4de3f2021-12-20 16:02:39.927root 11241100x8000000000000000781294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e24b8deaa38cd992021-12-20 16:02:39.927root 11241100x8000000000000000781295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2d60afdd4cdb5d2021-12-20 16:02:39.927root 11241100x8000000000000000781296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5b375da7c2660c2021-12-20 16:02:39.927root 11241100x8000000000000000781297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453986b8a3808c4c2021-12-20 16:02:39.927root 11241100x8000000000000000781298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6227c7fc0a6667ef2021-12-20 16:02:39.927root 11241100x8000000000000000781299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa7b338b9afcf942021-12-20 16:02:39.928root 11241100x8000000000000000781300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf941fc042f7afe2021-12-20 16:02:39.928root 11241100x8000000000000000781301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943cb664e1548c372021-12-20 16:02:39.928root 11241100x8000000000000000781302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bef9be5a7cf05a82021-12-20 16:02:39.928root 11241100x8000000000000000781303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b446a4e2012ea42021-12-20 16:02:39.928root 11241100x8000000000000000781304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32edbdac4e5ca022021-12-20 16:02:39.928root 11241100x8000000000000000781305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c60145bd92f66e2021-12-20 16:02:39.929root 11241100x8000000000000000781306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0ce843eaf422902021-12-20 16:02:39.929root 11241100x8000000000000000781307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97ccf9d37a79baa2021-12-20 16:02:39.929root 11241100x8000000000000000781308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeb663a744644d32021-12-20 16:02:39.929root 11241100x8000000000000000781309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0155054485cca172021-12-20 16:02:39.929root 11241100x8000000000000000781310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d862238b73c38bf2021-12-20 16:02:39.929root 11241100x8000000000000000781311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554bf40d7f6d7cfd2021-12-20 16:02:39.929root 11241100x8000000000000000781312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7829d787d5ee639f2021-12-20 16:02:39.929root 11241100x8000000000000000781313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85a2ec5a0e5e4d62021-12-20 16:02:39.929root 11241100x8000000000000000781314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd812f1776b0d45a2021-12-20 16:02:39.930root 11241100x8000000000000000781315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675ec773b6f928292021-12-20 16:02:39.930root 11241100x8000000000000000781316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6733471463f4b40e2021-12-20 16:02:39.930root 11241100x8000000000000000781317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab61169ed22bdc72021-12-20 16:02:39.930root 11241100x8000000000000000781318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9024f10a1f3a12d82021-12-20 16:02:39.930root 11241100x8000000000000000781319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e5b0b1a443817d2021-12-20 16:02:39.930root 11241100x8000000000000000781320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a26cbf9a0efd782021-12-20 16:02:39.930root 11241100x8000000000000000781321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2666a92e68c15c412021-12-20 16:02:39.930root 11241100x8000000000000000781322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036fd61949393a9f2021-12-20 16:02:39.931root 11241100x8000000000000000781323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f32e92cb55fc26c2021-12-20 16:02:39.931root 11241100x8000000000000000781324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:39.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b778693348559a2021-12-20 16:02:39.931root 11241100x8000000000000000781325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab71684887a43bb2021-12-20 16:02:40.424root 11241100x8000000000000000781326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a80f3da5b543152021-12-20 16:02:40.424root 11241100x8000000000000000781327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1211e320b6a400e02021-12-20 16:02:40.424root 11241100x8000000000000000781328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1531e151101542932021-12-20 16:02:40.424root 11241100x8000000000000000781329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de662b1abed2f04f2021-12-20 16:02:40.425root 11241100x8000000000000000781330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb509a60f36e9bbc2021-12-20 16:02:40.425root 11241100x8000000000000000781331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1e792edc6068682021-12-20 16:02:40.425root 11241100x8000000000000000781332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4f8e561ed99d8e2021-12-20 16:02:40.425root 11241100x8000000000000000781333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44a583f2772742d2021-12-20 16:02:40.425root 11241100x8000000000000000781334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d5755bfce1e5622021-12-20 16:02:40.425root 11241100x8000000000000000781335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cceecbaf3baf152021-12-20 16:02:40.425root 11241100x8000000000000000781336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591cb268756ffb2a2021-12-20 16:02:40.425root 11241100x8000000000000000781337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc85a014db68260b2021-12-20 16:02:40.425root 11241100x8000000000000000781338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5838263d734680c02021-12-20 16:02:40.425root 11241100x8000000000000000781339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc77b3bd49e8af92021-12-20 16:02:40.425root 11241100x8000000000000000781340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ab7a62e4bdf4e32021-12-20 16:02:40.425root 11241100x8000000000000000781341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd4de6202a1af3f2021-12-20 16:02:40.425root 11241100x8000000000000000781342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd4aabe4dd7fd3d2021-12-20 16:02:40.425root 11241100x8000000000000000781343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d6d6e4ae88c7912021-12-20 16:02:40.425root 11241100x8000000000000000781344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254d1af3800419d12021-12-20 16:02:40.425root 11241100x8000000000000000781345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d189c446f9cde22021-12-20 16:02:40.426root 11241100x8000000000000000781346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f23d0d0ee2b68432021-12-20 16:02:40.426root 11241100x8000000000000000781347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7450dec006ea722021-12-20 16:02:40.426root 11241100x8000000000000000781348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78548228740d62602021-12-20 16:02:40.426root 11241100x8000000000000000781349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438e23b76fa23dbc2021-12-20 16:02:40.426root 11241100x8000000000000000781350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87c96745e91b8eb2021-12-20 16:02:40.426root 11241100x8000000000000000781351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7598b0cbfc336d342021-12-20 16:02:40.426root 11241100x8000000000000000781352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79114b5494b6e80f2021-12-20 16:02:40.426root 11241100x8000000000000000781353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6faf46d9ff835102021-12-20 16:02:40.426root 11241100x8000000000000000781354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2826871e94229b4e2021-12-20 16:02:40.426root 11241100x8000000000000000781355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df03e665dadd968b2021-12-20 16:02:40.426root 11241100x8000000000000000781356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc91cebac43f8fbb2021-12-20 16:02:40.426root 11241100x8000000000000000781357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84ada628e99742b2021-12-20 16:02:40.426root 11241100x8000000000000000781358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b642a3e3e79671e2021-12-20 16:02:40.426root 11241100x8000000000000000781359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b92038818fc7b52021-12-20 16:02:40.426root 11241100x8000000000000000781360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561f05997c4f9dbb2021-12-20 16:02:40.426root 11241100x8000000000000000781361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d9b5de783805102021-12-20 16:02:40.426root 11241100x8000000000000000781362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f9d3a3d017b6f32021-12-20 16:02:40.427root 11241100x8000000000000000781363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed396cdb548fb4502021-12-20 16:02:40.427root 11241100x8000000000000000781364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c108fd174fa52c2021-12-20 16:02:40.427root 11241100x8000000000000000781365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347e1683acba1aca2021-12-20 16:02:40.427root 11241100x8000000000000000781366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91985dc124d4a8022021-12-20 16:02:40.427root 11241100x8000000000000000781367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cb28095d83ffd52021-12-20 16:02:40.427root 11241100x8000000000000000781368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ff96793c4938a42021-12-20 16:02:40.427root 11241100x8000000000000000781369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94aa0e3271e834632021-12-20 16:02:40.427root 11241100x8000000000000000781370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4175995cf0cb3c2021-12-20 16:02:40.427root 11241100x8000000000000000781371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446b7935557faf832021-12-20 16:02:40.427root 11241100x8000000000000000781372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d88d3ad8364e15a2021-12-20 16:02:40.427root 11241100x8000000000000000781373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c2a2456d4a1b272021-12-20 16:02:40.427root 11241100x8000000000000000781374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f527403832bb5c52021-12-20 16:02:40.427root 11241100x8000000000000000781375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c2215d972e77de2021-12-20 16:02:40.427root 11241100x8000000000000000781376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7c6f28140d98272021-12-20 16:02:40.427root 11241100x8000000000000000781377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38656894064d514c2021-12-20 16:02:40.427root 11241100x8000000000000000781378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af46b9651c6620a72021-12-20 16:02:40.428root 11241100x8000000000000000781379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8099c7f1bc156fc2021-12-20 16:02:40.428root 11241100x8000000000000000781380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7406fadb1191692021-12-20 16:02:40.428root 11241100x8000000000000000781381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17c4d8c923d9b502021-12-20 16:02:40.428root 11241100x8000000000000000781382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c20fe54fae723f82021-12-20 16:02:40.428root 11241100x8000000000000000781383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af15a885935bdd62021-12-20 16:02:40.428root 11241100x8000000000000000781384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8241adfb78f55a062021-12-20 16:02:40.428root 11241100x8000000000000000781385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884637f585e77de62021-12-20 16:02:40.428root 11241100x8000000000000000781386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26289930a0c718b2021-12-20 16:02:40.428root 11241100x8000000000000000781387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be9ff059e3a09912021-12-20 16:02:40.428root 11241100x8000000000000000781388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14519fff231ef172021-12-20 16:02:40.428root 11241100x8000000000000000781389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4835176527e806622021-12-20 16:02:40.428root 11241100x8000000000000000781390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcadc377597513f42021-12-20 16:02:40.428root 11241100x8000000000000000781391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7c1501107934a72021-12-20 16:02:40.428root 11241100x8000000000000000781392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2727ef9d13c6a492021-12-20 16:02:40.428root 11241100x8000000000000000781393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43dd320c58bd8262021-12-20 16:02:40.428root 11241100x8000000000000000781394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0605cef2692ae952021-12-20 16:02:40.429root 11241100x8000000000000000781395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb05bd576a097a4d2021-12-20 16:02:40.429root 11241100x8000000000000000781396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fac12eddcb6c002021-12-20 16:02:40.429root 11241100x8000000000000000781397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e088d7152beefc2021-12-20 16:02:40.429root 11241100x8000000000000000781398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd33a09e7e407d252021-12-20 16:02:40.924root 11241100x8000000000000000781399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2b8a38754480c22021-12-20 16:02:40.924root 11241100x8000000000000000781400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f002dbbf90c4e9e02021-12-20 16:02:40.924root 11241100x8000000000000000781401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440ede108c8ae2e32021-12-20 16:02:40.924root 11241100x8000000000000000781402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16958c00d00ded6a2021-12-20 16:02:40.924root 11241100x8000000000000000781403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a0c5e116b530682021-12-20 16:02:40.924root 11241100x8000000000000000781404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07782e68d9cbc19a2021-12-20 16:02:40.924root 11241100x8000000000000000781405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210230ad283f8a012021-12-20 16:02:40.925root 11241100x8000000000000000781406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7dc2fc966ee3072021-12-20 16:02:40.925root 11241100x8000000000000000781407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fba20de3117cf32021-12-20 16:02:40.925root 11241100x8000000000000000781408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640585d115d9d2372021-12-20 16:02:40.925root 11241100x8000000000000000781409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21325ed7786575ca2021-12-20 16:02:40.925root 11241100x8000000000000000781410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a4f4ded675bdd02021-12-20 16:02:40.925root 11241100x8000000000000000781411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a57485d0eedf302021-12-20 16:02:40.925root 11241100x8000000000000000781412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a5dc1cce9fbf702021-12-20 16:02:40.925root 11241100x8000000000000000781413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e80759ccaf9eb182021-12-20 16:02:40.925root 11241100x8000000000000000781414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f48b97ee45d8d282021-12-20 16:02:40.925root 11241100x8000000000000000781415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a9126bce67df652021-12-20 16:02:40.926root 11241100x8000000000000000781416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d88f6bc8c32c672021-12-20 16:02:40.926root 11241100x8000000000000000781417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913a3ecc185706a42021-12-20 16:02:40.926root 11241100x8000000000000000781418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7aea18a227390222021-12-20 16:02:40.926root 11241100x8000000000000000781419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ec76ed9548408d2021-12-20 16:02:40.926root 11241100x8000000000000000781420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392ce39705ec525b2021-12-20 16:02:40.926root 11241100x8000000000000000781421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2160b59520755ecc2021-12-20 16:02:40.926root 11241100x8000000000000000781422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d0bbc0fd5232a72021-12-20 16:02:40.926root 11241100x8000000000000000781423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cbc1626fdab0d62021-12-20 16:02:40.926root 11241100x8000000000000000781424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03f3c56bbe4561c2021-12-20 16:02:40.926root 11241100x8000000000000000781425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db615bbd0a809f392021-12-20 16:02:40.927root 11241100x8000000000000000781426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d920522439870192021-12-20 16:02:40.927root 11241100x8000000000000000781427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d5b0b8f7c843be2021-12-20 16:02:40.927root 11241100x8000000000000000781428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3415c501f6f7ce32021-12-20 16:02:40.927root 11241100x8000000000000000781429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535ae471418847432021-12-20 16:02:40.929root 11241100x8000000000000000781430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eb5b85afa39ce52021-12-20 16:02:40.929root 11241100x8000000000000000781431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bbb84fc19e8fd52021-12-20 16:02:40.929root 11241100x8000000000000000781432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f426f88b1738e0ad2021-12-20 16:02:40.929root 11241100x8000000000000000781433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6225dc860ff50ad2021-12-20 16:02:40.929root 11241100x8000000000000000781434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fe9567ac3524e82021-12-20 16:02:40.930root 11241100x8000000000000000781435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea92883b8271c122021-12-20 16:02:40.930root 11241100x8000000000000000781436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe12e7e0a3d28fbc2021-12-20 16:02:40.930root 11241100x8000000000000000781437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ce4861fad2f7ef2021-12-20 16:02:40.930root 11241100x8000000000000000781438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23577218c9cbad542021-12-20 16:02:40.930root 11241100x8000000000000000781439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abcfc90f5948e0c2021-12-20 16:02:40.930root 11241100x8000000000000000781440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0042053d95fe4d2021-12-20 16:02:40.930root 11241100x8000000000000000781441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2683c9928d92e82021-12-20 16:02:40.930root 11241100x8000000000000000781442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476c0cd50bff236e2021-12-20 16:02:40.930root 11241100x8000000000000000781443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfa22aedaa7b8662021-12-20 16:02:40.930root 11241100x8000000000000000781444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2372375c257123732021-12-20 16:02:40.931root 11241100x8000000000000000781445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13820d82b74191b2021-12-20 16:02:40.931root 11241100x8000000000000000781446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcde0b667ea29e202021-12-20 16:02:40.931root 11241100x8000000000000000781447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde645ac9d84dec52021-12-20 16:02:40.931root 11241100x8000000000000000781448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cda70c5765fe8f2021-12-20 16:02:40.931root 11241100x8000000000000000781449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756a1a9f4033c8c42021-12-20 16:02:40.931root 11241100x8000000000000000781450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4f4e93e5cc86702021-12-20 16:02:40.931root 11241100x8000000000000000781451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7a5903ba627c9c2021-12-20 16:02:40.931root 11241100x8000000000000000781452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6db3969ce1bf5c2021-12-20 16:02:40.931root 11241100x8000000000000000781453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448bb2dada82b2642021-12-20 16:02:40.931root 11241100x8000000000000000781454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439a52b4d72788d12021-12-20 16:02:40.932root 11241100x8000000000000000781455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7277d95d5ca8a92021-12-20 16:02:40.932root 11241100x8000000000000000781456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9704a0553168a842021-12-20 16:02:40.935root 11241100x8000000000000000781457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71c5e9ef27dda1b2021-12-20 16:02:40.935root 11241100x8000000000000000781458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8ed5637edec3152021-12-20 16:02:40.935root 11241100x8000000000000000781459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418436b8e78371df2021-12-20 16:02:40.935root 11241100x8000000000000000781460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813bb878542b54782021-12-20 16:02:40.935root 11241100x8000000000000000781461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c03b09e2d4988332021-12-20 16:02:40.936root 11241100x8000000000000000781462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a954310772135dc2021-12-20 16:02:40.936root 11241100x8000000000000000781463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b280071d2a2b51292021-12-20 16:02:40.936root 11241100x8000000000000000781464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb46da439722c82e2021-12-20 16:02:40.936root 11241100x8000000000000000781465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915004f431e062522021-12-20 16:02:40.936root 11241100x8000000000000000781466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb5587b80e6c3302021-12-20 16:02:40.936root 11241100x8000000000000000781467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6362327643d1df52021-12-20 16:02:40.936root 11241100x8000000000000000781468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a29b803872a30a2021-12-20 16:02:40.936root 11241100x8000000000000000781469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e6fa44e6ef82772021-12-20 16:02:40.936root 11241100x8000000000000000781470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:40.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78bfb38da16ac632021-12-20 16:02:40.936root 11241100x8000000000000000781471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd12eb923bb06e62021-12-20 16:02:41.424root 11241100x8000000000000000781472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bed2f8709e93f752021-12-20 16:02:41.424root 11241100x8000000000000000781473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de94977f745a3b2b2021-12-20 16:02:41.425root 11241100x8000000000000000781474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4d035981b35b42021-12-20 16:02:41.425root 11241100x8000000000000000781475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72399a5937ed0542021-12-20 16:02:41.425root 11241100x8000000000000000781476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6b665fd362b1ca2021-12-20 16:02:41.425root 11241100x8000000000000000781477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b0d37b9b99ec3c2021-12-20 16:02:41.425root 11241100x8000000000000000781478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f8b444d02855a42021-12-20 16:02:41.425root 11241100x8000000000000000781479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54c4789b52f960a2021-12-20 16:02:41.426root 11241100x8000000000000000781480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8388f86e01b47b2021-12-20 16:02:41.426root 11241100x8000000000000000781481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a47fafcd144aac2021-12-20 16:02:41.426root 11241100x8000000000000000781482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e475223052431b2021-12-20 16:02:41.426root 11241100x8000000000000000781483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8517b9e4fe6b27d82021-12-20 16:02:41.426root 11241100x8000000000000000781484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df02724bada587562021-12-20 16:02:41.426root 11241100x8000000000000000781485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ab41701efaaf362021-12-20 16:02:41.426root 11241100x8000000000000000781486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce5ae82fe1a57562021-12-20 16:02:41.426root 11241100x8000000000000000781487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482f28ef3efc53882021-12-20 16:02:41.427root 11241100x8000000000000000781488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c722abadf761bd2021-12-20 16:02:41.427root 11241100x8000000000000000781489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d75a071c0e91b8f2021-12-20 16:02:41.427root 11241100x8000000000000000781490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e161926f403979be2021-12-20 16:02:41.427root 11241100x8000000000000000781491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27a2682802dab912021-12-20 16:02:41.427root 11241100x8000000000000000781492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b6d93336291e902021-12-20 16:02:41.427root 11241100x8000000000000000781493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54792e00f70a457d2021-12-20 16:02:41.427root 11241100x8000000000000000781494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57dd1dde6b6b1c32021-12-20 16:02:41.427root 11241100x8000000000000000781495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346931e470cdb45d2021-12-20 16:02:41.427root 11241100x8000000000000000781496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807e4d100c56eda02021-12-20 16:02:41.427root 11241100x8000000000000000781497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc17b8f098fad45f2021-12-20 16:02:41.427root 11241100x8000000000000000781498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34954c132f6b8af62021-12-20 16:02:41.427root 11241100x8000000000000000781499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31053db48652aaa2021-12-20 16:02:41.427root 11241100x8000000000000000781500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45fb51613fcd1b02021-12-20 16:02:41.428root 11241100x8000000000000000781501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826b593d9c848cb82021-12-20 16:02:41.428root 11241100x8000000000000000781502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3aa0f5bbadf5692021-12-20 16:02:41.428root 11241100x8000000000000000781503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cb158ed8292dae2021-12-20 16:02:41.428root 11241100x8000000000000000781504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3f67b663a058602021-12-20 16:02:41.428root 11241100x8000000000000000781505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51983572687e15072021-12-20 16:02:41.428root 11241100x8000000000000000781506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f1603b7878f12b2021-12-20 16:02:41.428root 11241100x8000000000000000781507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93ab24fe795aaa02021-12-20 16:02:41.428root 11241100x8000000000000000781508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5d326c03d6eef82021-12-20 16:02:41.428root 11241100x8000000000000000781509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0c723659b87f172021-12-20 16:02:41.428root 11241100x8000000000000000781510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689f5e7885fbae532021-12-20 16:02:41.428root 11241100x8000000000000000781511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd865e2d6bdd11212021-12-20 16:02:41.428root 11241100x8000000000000000781512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd05878c3ddb4522021-12-20 16:02:41.428root 11241100x8000000000000000781513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef09f026fe01e062021-12-20 16:02:41.429root 11241100x8000000000000000781514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f128c7fb6d28eb522021-12-20 16:02:41.429root 11241100x8000000000000000781515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d36f6a9329a3f432021-12-20 16:02:41.429root 11241100x8000000000000000781516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3131a767828162072021-12-20 16:02:41.429root 11241100x8000000000000000781517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1cbbc22d86d1692021-12-20 16:02:41.429root 11241100x8000000000000000781518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae0d1dbcf532be92021-12-20 16:02:41.429root 11241100x8000000000000000781519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d414d8ddd7e1e1b12021-12-20 16:02:41.429root 11241100x8000000000000000781520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1363ca40c93809282021-12-20 16:02:41.429root 11241100x8000000000000000781521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bf5322479e170e2021-12-20 16:02:41.429root 11241100x8000000000000000781522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41a1fffa54674ec2021-12-20 16:02:41.429root 11241100x8000000000000000781523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2679248b757b86a2021-12-20 16:02:41.429root 11241100x8000000000000000781524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8992045beee5b1952021-12-20 16:02:41.431root 11241100x8000000000000000781525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3976ac1d6dcd5112021-12-20 16:02:41.431root 11241100x8000000000000000781526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e750a1eecfd9824b2021-12-20 16:02:41.432root 11241100x8000000000000000781527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5003047c60884f582021-12-20 16:02:41.432root 11241100x8000000000000000781528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928603db5a43e1432021-12-20 16:02:41.432root 11241100x8000000000000000781529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8d2c9a74bf9cd22021-12-20 16:02:41.924root 11241100x8000000000000000781530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64c5cd2046620602021-12-20 16:02:41.924root 11241100x8000000000000000781531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e3af49539131162021-12-20 16:02:41.924root 11241100x8000000000000000781532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0bf3f2a0b1e5e52021-12-20 16:02:41.924root 11241100x8000000000000000781533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d85b1980df8f1f22021-12-20 16:02:41.924root 11241100x8000000000000000781534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc72d1e5073aa992021-12-20 16:02:41.924root 11241100x8000000000000000781535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63c35aaafbfba102021-12-20 16:02:41.924root 11241100x8000000000000000781536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16271fb00e524bb62021-12-20 16:02:41.925root 11241100x8000000000000000781537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65718aa4fdea36df2021-12-20 16:02:41.925root 11241100x8000000000000000781538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcc80e6538584702021-12-20 16:02:41.925root 11241100x8000000000000000781539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2b4d1f1ea2ede32021-12-20 16:02:41.925root 11241100x8000000000000000781540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c372dccc782906682021-12-20 16:02:41.925root 11241100x8000000000000000781541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a593abb7a761125b2021-12-20 16:02:41.925root 11241100x8000000000000000781542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26468bd61edc452e2021-12-20 16:02:41.925root 11241100x8000000000000000781543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6677879a05976ec82021-12-20 16:02:41.925root 11241100x8000000000000000781544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00702a4777fb9dcd2021-12-20 16:02:41.925root 11241100x8000000000000000781545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d49052d5715c99d2021-12-20 16:02:41.925root 11241100x8000000000000000781546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334140361ef049b02021-12-20 16:02:41.926root 11241100x8000000000000000781547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d017ccff0c1f16642021-12-20 16:02:41.926root 11241100x8000000000000000781548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af8329597c77f0f2021-12-20 16:02:41.926root 11241100x8000000000000000781549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb274438d56e332021-12-20 16:02:41.926root 11241100x8000000000000000781550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c1bdd0ec9ae7b32021-12-20 16:02:41.926root 11241100x8000000000000000781551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228f39dfe678395d2021-12-20 16:02:41.926root 11241100x8000000000000000781552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fde3bc6df62d192021-12-20 16:02:41.926root 11241100x8000000000000000781553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb7e9ae072e59412021-12-20 16:02:41.926root 11241100x8000000000000000781554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33d410e6fe82d212021-12-20 16:02:41.926root 11241100x8000000000000000781555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f054bcedeafe57f82021-12-20 16:02:41.927root 11241100x8000000000000000781556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92169f492d8dbe52021-12-20 16:02:41.927root 11241100x8000000000000000781557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b8db0e118d4df82021-12-20 16:02:41.927root 11241100x8000000000000000781558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf461441782197922021-12-20 16:02:41.927root 11241100x8000000000000000781559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a3f9f5ce81b9f82021-12-20 16:02:41.927root 11241100x8000000000000000781560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a089d5e6e8ea8502021-12-20 16:02:41.927root 11241100x8000000000000000781561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5407c39ba5705672021-12-20 16:02:41.927root 11241100x8000000000000000781562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3a9a58197b8ec02021-12-20 16:02:41.927root 11241100x8000000000000000781563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7d1e270f84e26c2021-12-20 16:02:41.927root 11241100x8000000000000000781564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522a8b524fd3f5ac2021-12-20 16:02:41.928root 11241100x8000000000000000781565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5177e74df953bbd2021-12-20 16:02:41.928root 11241100x8000000000000000781566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bad9c3d3d170442021-12-20 16:02:41.928root 11241100x8000000000000000781567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09984d7ba7ac9c92021-12-20 16:02:41.928root 11241100x8000000000000000781568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea09be410c2605162021-12-20 16:02:41.928root 11241100x8000000000000000781569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07e894c9dc98d6c2021-12-20 16:02:41.928root 11241100x8000000000000000781570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d27519b1a782fdc2021-12-20 16:02:41.929root 11241100x8000000000000000781571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a9a4cabd6a1e612021-12-20 16:02:41.929root 11241100x8000000000000000781572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930683f6665e0ab72021-12-20 16:02:41.929root 11241100x8000000000000000781573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4140853fa679a47c2021-12-20 16:02:41.929root 11241100x8000000000000000781574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e98d037ea606402021-12-20 16:02:41.929root 11241100x8000000000000000781575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1253fe6039543e2d2021-12-20 16:02:41.929root 11241100x8000000000000000781576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fed2a36b05c702d2021-12-20 16:02:41.929root 11241100x8000000000000000781577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c81fa02e4c65b72021-12-20 16:02:41.929root 11241100x8000000000000000781578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73a706729f38e0e2021-12-20 16:02:41.929root 11241100x8000000000000000781579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3c528bc831d07d2021-12-20 16:02:41.929root 11241100x8000000000000000781580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be73d59eadc094492021-12-20 16:02:41.930root 11241100x8000000000000000781581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb1f9a5dd7cb5ff2021-12-20 16:02:41.930root 11241100x8000000000000000781582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6844e8223ad198d42021-12-20 16:02:41.930root 11241100x8000000000000000781583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97e3e246a7e9f692021-12-20 16:02:41.930root 11241100x8000000000000000781584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9436e7936c080e052021-12-20 16:02:41.930root 11241100x8000000000000000781585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658110687e603f122021-12-20 16:02:41.930root 11241100x8000000000000000781586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c49915f2d7bd36c2021-12-20 16:02:41.930root 11241100x8000000000000000781587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4a9af1991ecc5e2021-12-20 16:02:41.930root 11241100x8000000000000000781588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8cc8f3c76bd57f2021-12-20 16:02:41.930root 11241100x8000000000000000781589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924c3259698ec4a12021-12-20 16:02:41.930root 11241100x8000000000000000781590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221ab7cf89b3e31d2021-12-20 16:02:41.931root 11241100x8000000000000000781591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bf02b50d9acc442021-12-20 16:02:41.931root 11241100x8000000000000000781592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4751960a0211172021-12-20 16:02:41.931root 11241100x8000000000000000781593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593e63852578eafa2021-12-20 16:02:41.931root 11241100x8000000000000000781594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff5f0e61654d1f12021-12-20 16:02:41.931root 11241100x8000000000000000781595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:41.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8e63435aaa903a2021-12-20 16:02:41.931root 11241100x8000000000000000781596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce5ebd6a3e3ea2f2021-12-20 16:02:42.424root 11241100x8000000000000000781597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18d83af015decfb2021-12-20 16:02:42.424root 11241100x8000000000000000781598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75f706be165bbda2021-12-20 16:02:42.424root 11241100x8000000000000000781599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4827021551b44892021-12-20 16:02:42.424root 11241100x8000000000000000781600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b53338169d88d9a2021-12-20 16:02:42.424root 11241100x8000000000000000781601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1710c21b88252a872021-12-20 16:02:42.424root 11241100x8000000000000000781602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac80193e161de0602021-12-20 16:02:42.425root 11241100x8000000000000000781603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28813070e78f62c82021-12-20 16:02:42.425root 11241100x8000000000000000781604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ca130f3b2d2b8d2021-12-20 16:02:42.425root 11241100x8000000000000000781605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4ee2da912a9c052021-12-20 16:02:42.425root 11241100x8000000000000000781606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d5fd445029dc1e2021-12-20 16:02:42.425root 11241100x8000000000000000781607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488beb9b005d61162021-12-20 16:02:42.425root 11241100x8000000000000000781608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd53b8c8631c24bd2021-12-20 16:02:42.425root 11241100x8000000000000000781609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168138504f6c34fd2021-12-20 16:02:42.425root 11241100x8000000000000000781610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf532838abae9aa2021-12-20 16:02:42.426root 11241100x8000000000000000781611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9dbe8b5db5c3112021-12-20 16:02:42.426root 11241100x8000000000000000781612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d6ca5b588c2a632021-12-20 16:02:42.426root 11241100x8000000000000000781613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e91b1b5286fd752021-12-20 16:02:42.426root 11241100x8000000000000000781614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0165223d5132da212021-12-20 16:02:42.426root 11241100x8000000000000000781615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6afe34b1e83ba712021-12-20 16:02:42.426root 11241100x8000000000000000781616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a169c8a80df1f7d2021-12-20 16:02:42.426root 11241100x8000000000000000781617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229b3b4f197b0c002021-12-20 16:02:42.426root 11241100x8000000000000000781618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c92c23fbbc73cb92021-12-20 16:02:42.427root 11241100x8000000000000000781619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab204a968b2b5ea2021-12-20 16:02:42.427root 11241100x8000000000000000781620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9797a5e66efc6d3c2021-12-20 16:02:42.427root 11241100x8000000000000000781621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f44480a69e95552021-12-20 16:02:42.427root 11241100x8000000000000000781622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e731eef2b9e2bb2021-12-20 16:02:42.427root 11241100x8000000000000000781623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cca02919ec3045b2021-12-20 16:02:42.427root 11241100x8000000000000000781624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9a91668a1dc59a2021-12-20 16:02:42.427root 11241100x8000000000000000781625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8ad51733f337c02021-12-20 16:02:42.427root 11241100x8000000000000000781626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9695424e6fa057082021-12-20 16:02:42.427root 11241100x8000000000000000781627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87557777d1a2ddaf2021-12-20 16:02:42.427root 11241100x8000000000000000781628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e6fbfeedf80cc62021-12-20 16:02:42.427root 11241100x8000000000000000781629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f37540320e564c02021-12-20 16:02:42.428root 11241100x8000000000000000781630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2927347ebcf79a02021-12-20 16:02:42.428root 11241100x8000000000000000781631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2435bb12097e2462021-12-20 16:02:42.428root 11241100x8000000000000000781632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456f4fb21b4afe722021-12-20 16:02:42.428root 11241100x8000000000000000781633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689eeccac7176cc62021-12-20 16:02:42.428root 11241100x8000000000000000781634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff0575bd55ad052021-12-20 16:02:42.428root 11241100x8000000000000000781635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effb0095a295df522021-12-20 16:02:42.428root 11241100x8000000000000000781636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14846117bce84882021-12-20 16:02:42.428root 11241100x8000000000000000781637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9a50b50d44bf8d2021-12-20 16:02:42.428root 11241100x8000000000000000781638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd2e862a915e96e2021-12-20 16:02:42.428root 11241100x8000000000000000781639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea26dd4a80c90442021-12-20 16:02:42.428root 11241100x8000000000000000781640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10320444969019612021-12-20 16:02:42.429root 11241100x8000000000000000781641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d469ff089311833a2021-12-20 16:02:42.429root 11241100x8000000000000000781642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d984f64e9e05acac2021-12-20 16:02:42.429root 11241100x8000000000000000781643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5237c06db77109bb2021-12-20 16:02:42.429root 11241100x8000000000000000781644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b4d4e82f5d514c2021-12-20 16:02:42.429root 11241100x8000000000000000781645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee65ae534d91575f2021-12-20 16:02:42.429root 11241100x8000000000000000781646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff54658895d1f7be2021-12-20 16:02:42.429root 11241100x8000000000000000781647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82216fcd82aa81a2021-12-20 16:02:42.430root 11241100x8000000000000000781648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3f6222aba2858d2021-12-20 16:02:42.430root 11241100x8000000000000000781649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54cab56379607382021-12-20 16:02:42.430root 11241100x8000000000000000781650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcb1de796d1f05a2021-12-20 16:02:42.430root 11241100x8000000000000000781651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47933cbe2575be192021-12-20 16:02:42.430root 11241100x8000000000000000781652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a190e531a33ac22021-12-20 16:02:42.431root 11241100x8000000000000000781653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20543cdf0bb6d6a2021-12-20 16:02:42.431root 11241100x8000000000000000781654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f872bf4f35d5eb2021-12-20 16:02:42.431root 11241100x8000000000000000781655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357e0b24596d00902021-12-20 16:02:42.431root 11241100x8000000000000000781656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32d5355ecd77ee62021-12-20 16:02:42.431root 11241100x8000000000000000781657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4402d8e9c00e39172021-12-20 16:02:42.431root 11241100x8000000000000000781658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9eb9b2224adcc92021-12-20 16:02:42.432root 11241100x8000000000000000781659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939b34dc61a9d7f22021-12-20 16:02:42.432root 11241100x8000000000000000781660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61294007271f87632021-12-20 16:02:42.432root 11241100x8000000000000000781661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7826b587fc722c62021-12-20 16:02:42.432root 11241100x8000000000000000781662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17eb0ff4df0f777c2021-12-20 16:02:42.432root 11241100x8000000000000000781663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520da9b1ed5e21942021-12-20 16:02:42.432root 11241100x8000000000000000781664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef96f76142a2a99d2021-12-20 16:02:42.433root 11241100x8000000000000000781665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb88a6a79f69fa6e2021-12-20 16:02:42.433root 11241100x8000000000000000781666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c241f30364a41d702021-12-20 16:02:42.433root 11241100x8000000000000000781667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c37641586d6f2b2021-12-20 16:02:42.433root 11241100x8000000000000000781668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d226a0d7666dc02021-12-20 16:02:42.433root 11241100x8000000000000000781669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f366a093659ed9892021-12-20 16:02:42.433root 11241100x8000000000000000781670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9206e77d8dd779e82021-12-20 16:02:42.433root 11241100x8000000000000000781671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71b798e37c423c62021-12-20 16:02:42.434root 11241100x8000000000000000781672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2516b65ba8c94c2021-12-20 16:02:42.434root 11241100x8000000000000000781673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ed400ae7665e602021-12-20 16:02:42.435root 11241100x8000000000000000781674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d68d5b5f10a62fc2021-12-20 16:02:42.435root 11241100x8000000000000000781675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f081dbbec716c682021-12-20 16:02:42.435root 11241100x8000000000000000781676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b177701dbed58f092021-12-20 16:02:42.435root 11241100x8000000000000000781677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ad8dcf29ad93722021-12-20 16:02:42.435root 11241100x8000000000000000781678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4025905b5fbbe7202021-12-20 16:02:42.435root 11241100x8000000000000000781679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4295960acc3d592021-12-20 16:02:42.436root 11241100x8000000000000000781680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4190aa82eb36ce2021-12-20 16:02:42.436root 11241100x8000000000000000781681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4f31797d6b120c2021-12-20 16:02:42.436root 11241100x8000000000000000781682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8451fe869a7df92021-12-20 16:02:42.436root 11241100x8000000000000000781683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e92509caa7a28642021-12-20 16:02:42.436root 11241100x8000000000000000781684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ec845ca2b410292021-12-20 16:02:42.436root 11241100x8000000000000000781685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a51be56184f372f2021-12-20 16:02:42.436root 11241100x8000000000000000781686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0141a90600bdae42021-12-20 16:02:42.436root 11241100x8000000000000000781687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2c9663ed89a4d52021-12-20 16:02:42.436root 11241100x8000000000000000781688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6370eb214f2ab512021-12-20 16:02:42.436root 11241100x8000000000000000781689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3d4818ce097e962021-12-20 16:02:42.436root 11241100x8000000000000000781690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3331640908dbeba2021-12-20 16:02:42.436root 11241100x8000000000000000781691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a170324df6e930422021-12-20 16:02:42.437root 11241100x8000000000000000781692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5238e9e4fa92ed2021-12-20 16:02:42.437root 11241100x8000000000000000781693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12be30701ca052812021-12-20 16:02:42.437root 11241100x8000000000000000781694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de809a4a2797fe72021-12-20 16:02:42.437root 11241100x8000000000000000781695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0322d7f97cd126c2021-12-20 16:02:42.437root 11241100x8000000000000000781696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a2048ea46795252021-12-20 16:02:42.437root 11241100x8000000000000000781697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6210d8ac1a6d19f52021-12-20 16:02:42.437root 11241100x8000000000000000781698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593f8e55b74ca0ce2021-12-20 16:02:42.437root 11241100x8000000000000000781699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ca68b692933e0c2021-12-20 16:02:42.437root 11241100x8000000000000000781700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcd51e1bcf7a2c82021-12-20 16:02:42.437root 11241100x8000000000000000781701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72cf9a747da2c9c2021-12-20 16:02:42.437root 11241100x8000000000000000781702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feac24f4a24b1b232021-12-20 16:02:42.437root 11241100x8000000000000000781703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c691630f8e24e3b32021-12-20 16:02:42.438root 11241100x8000000000000000781704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e3e8ee8cef6ff2021-12-20 16:02:42.438root 11241100x8000000000000000781705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a603e27cefca9c372021-12-20 16:02:42.438root 11241100x8000000000000000781706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857e9b833dd806ca2021-12-20 16:02:42.438root 11241100x8000000000000000781707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8962546ae7aa86f12021-12-20 16:02:42.438root 11241100x8000000000000000781708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e109fe2520d1aea92021-12-20 16:02:42.924root 11241100x8000000000000000781709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454caa3a76deb21b2021-12-20 16:02:42.924root 11241100x8000000000000000781710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e8b9160fba1fed2021-12-20 16:02:42.924root 11241100x8000000000000000781711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596292bbb04b679d2021-12-20 16:02:42.924root 11241100x8000000000000000781712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca46cc07e7034122021-12-20 16:02:42.924root 11241100x8000000000000000781713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cbb3910d5457aa2021-12-20 16:02:42.925root 11241100x8000000000000000781714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f79d3c176a62e52021-12-20 16:02:42.925root 11241100x8000000000000000781715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68f52334e6fe1a12021-12-20 16:02:42.925root 11241100x8000000000000000781716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0166cacbab5a74d12021-12-20 16:02:42.925root 11241100x8000000000000000781717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a74bc1145495b692021-12-20 16:02:42.925root 11241100x8000000000000000781718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce792508eae9caf92021-12-20 16:02:42.925root 11241100x8000000000000000781719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde9e3a5b6143652021-12-20 16:02:42.925root 11241100x8000000000000000781720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffd74a6552d74ac2021-12-20 16:02:42.926root 11241100x8000000000000000781721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7a0f736835c7f72021-12-20 16:02:42.926root 11241100x8000000000000000781722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4d16d1ce4175f02021-12-20 16:02:42.926root 11241100x8000000000000000781723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5203b26e7a88462021-12-20 16:02:42.926root 11241100x8000000000000000781724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe2445eb4e787922021-12-20 16:02:42.926root 11241100x8000000000000000781725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15c72a32cac1bac2021-12-20 16:02:42.926root 11241100x8000000000000000781726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c6e199a50403152021-12-20 16:02:42.927root 11241100x8000000000000000781727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122674d538a06cd62021-12-20 16:02:42.927root 11241100x8000000000000000781728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f039c190ff303b72021-12-20 16:02:42.927root 11241100x8000000000000000781729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1245cd00e80ffab72021-12-20 16:02:42.928root 11241100x8000000000000000781730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d82fbff63ae5ee2021-12-20 16:02:42.928root 11241100x8000000000000000781731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe800b45a175fcd2021-12-20 16:02:42.929root 11241100x8000000000000000781732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f93f07be4c99b632021-12-20 16:02:42.929root 11241100x8000000000000000781733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c882894bf343a92021-12-20 16:02:42.929root 11241100x8000000000000000781734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97cf93a9bf616b32021-12-20 16:02:42.929root 11241100x8000000000000000781735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc484088f2f056f72021-12-20 16:02:42.930root 11241100x8000000000000000781736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6052a64628d53e2021-12-20 16:02:42.930root 11241100x8000000000000000781737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7849189e3b5ac3cb2021-12-20 16:02:42.930root 11241100x8000000000000000781738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d321f4ca88fc332021-12-20 16:02:42.930root 11241100x8000000000000000781739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610e11217db85a2a2021-12-20 16:02:42.930root 11241100x8000000000000000781740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33993fbd52454442021-12-20 16:02:42.930root 11241100x8000000000000000781741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0266f0a6c519aa62021-12-20 16:02:42.930root 11241100x8000000000000000781742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a259a8ac9e13032021-12-20 16:02:42.930root 11241100x8000000000000000781743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec4abf0568d23192021-12-20 16:02:42.930root 11241100x8000000000000000781744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43feab3a8963b34b2021-12-20 16:02:42.931root 11241100x8000000000000000781745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2464e75d1d0f7f82021-12-20 16:02:42.931root 11241100x8000000000000000781746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ba08c7acc9cdb82021-12-20 16:02:42.931root 11241100x8000000000000000781747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814aacfb49283b3a2021-12-20 16:02:42.931root 11241100x8000000000000000781748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af6c0469813b9062021-12-20 16:02:42.931root 11241100x8000000000000000781749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb80ab7fcd9cffc2021-12-20 16:02:42.931root 11241100x8000000000000000781750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644ecf496cc52e272021-12-20 16:02:42.932root 11241100x8000000000000000781751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c74f705fb170462021-12-20 16:02:42.932root 11241100x8000000000000000781752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daaf92c68b5edc4b2021-12-20 16:02:42.932root 11241100x8000000000000000781753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d63f330a130c002021-12-20 16:02:42.932root 11241100x8000000000000000781754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5199f9e6e9580742021-12-20 16:02:42.932root 11241100x8000000000000000781755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac0dacc4ae2789a2021-12-20 16:02:42.932root 11241100x8000000000000000781756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0977db53e6477a042021-12-20 16:02:42.932root 11241100x8000000000000000781757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bae3732273ad932021-12-20 16:02:42.932root 11241100x8000000000000000781758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9006f41f5e0b6cce2021-12-20 16:02:42.933root 11241100x8000000000000000781759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3933e4f08cd8d9282021-12-20 16:02:42.933root 11241100x8000000000000000781760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d605e303c76e0802021-12-20 16:02:42.934root 11241100x8000000000000000781761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3d2e6eaa994e5b2021-12-20 16:02:42.934root 11241100x8000000000000000781762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf3b3e54418cc442021-12-20 16:02:42.934root 11241100x8000000000000000781763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657633b33b503bee2021-12-20 16:02:42.934root 11241100x8000000000000000781764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ae4747fdd8438b2021-12-20 16:02:42.934root 11241100x8000000000000000781765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c8bf3942e4af322021-12-20 16:02:42.935root 11241100x8000000000000000781766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f68bde4ebe509a2021-12-20 16:02:42.935root 11241100x8000000000000000781767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f8662cee91f5e72021-12-20 16:02:42.935root 11241100x8000000000000000781768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:42.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da581c824d0622d42021-12-20 16:02:42.935root 11241100x8000000000000000781769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622c2a7f8188d0e02021-12-20 16:02:43.424root 11241100x8000000000000000781770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09f4dfc0371e5092021-12-20 16:02:43.424root 11241100x8000000000000000781771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967755786efb04092021-12-20 16:02:43.425root 11241100x8000000000000000781772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d6aba951326deb2021-12-20 16:02:43.425root 11241100x8000000000000000781773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fefceffc99d8472021-12-20 16:02:43.425root 11241100x8000000000000000781774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb56e4fc5ef4f2d2021-12-20 16:02:43.425root 11241100x8000000000000000781775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa01656e6dce63112021-12-20 16:02:43.426root 11241100x8000000000000000781776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f967228e3be1d8a32021-12-20 16:02:43.426root 11241100x8000000000000000781777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b61415a8a03a11d2021-12-20 16:02:43.426root 11241100x8000000000000000781778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca41cdbc62f42862021-12-20 16:02:43.426root 11241100x8000000000000000781779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972b8a042daa46602021-12-20 16:02:43.426root 11241100x8000000000000000781780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce463dbf66e382662021-12-20 16:02:43.427root 11241100x8000000000000000781781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8256a2675cbf852021-12-20 16:02:43.427root 11241100x8000000000000000781782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01083ea54d35f4c2021-12-20 16:02:43.427root 11241100x8000000000000000781783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1ef33ca3859a502021-12-20 16:02:43.427root 11241100x8000000000000000781784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e1e249aada01e62021-12-20 16:02:43.427root 11241100x8000000000000000781785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267a964d2c0f189f2021-12-20 16:02:43.427root 11241100x8000000000000000781786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33aefa6e23e72362021-12-20 16:02:43.428root 11241100x8000000000000000781787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7a9ac6c935fcc92021-12-20 16:02:43.428root 11241100x8000000000000000781788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5966bcc2e61de0fb2021-12-20 16:02:43.428root 11241100x8000000000000000781789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72a91d912ed8f712021-12-20 16:02:43.428root 11241100x8000000000000000781790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05a4fca9f26ef112021-12-20 16:02:43.429root 11241100x8000000000000000781791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc465fba6d93ba72021-12-20 16:02:43.430root 11241100x8000000000000000781792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98327a5763cd10ff2021-12-20 16:02:43.431root 11241100x8000000000000000781793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a7c0762d265c362021-12-20 16:02:43.431root 11241100x8000000000000000781794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b9312fda8249f22021-12-20 16:02:43.431root 11241100x8000000000000000781795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea7933f8086632d2021-12-20 16:02:43.431root 11241100x8000000000000000781796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd37500e99d0d9772021-12-20 16:02:43.431root 11241100x8000000000000000781797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191ef3983a582b242021-12-20 16:02:43.431root 11241100x8000000000000000781798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd687679ce060bf2021-12-20 16:02:43.431root 11241100x8000000000000000781799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7ae50cbb2f62a12021-12-20 16:02:43.431root 11241100x8000000000000000781800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e022ba1d3511d12021-12-20 16:02:43.431root 11241100x8000000000000000781801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aafc8a9fb85ed192021-12-20 16:02:43.431root 11241100x8000000000000000781802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c4c8683f6527822021-12-20 16:02:43.431root 11241100x8000000000000000781803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657125214f4309102021-12-20 16:02:43.431root 11241100x8000000000000000781804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bb7bee7cad09ad2021-12-20 16:02:43.432root 11241100x8000000000000000781805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4710884b0341b382021-12-20 16:02:43.432root 11241100x8000000000000000781806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9db1b8e371fc78d2021-12-20 16:02:43.432root 11241100x8000000000000000781807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447ee1a12f5a20882021-12-20 16:02:43.432root 11241100x8000000000000000781808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b2724e3848c9eb2021-12-20 16:02:43.432root 11241100x8000000000000000781809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f51ab3defb854a2021-12-20 16:02:43.432root 11241100x8000000000000000781810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec78bc1aa61f8c92021-12-20 16:02:43.432root 11241100x8000000000000000781811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233eda99df917b942021-12-20 16:02:43.432root 11241100x8000000000000000781812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1ac0d2606f749a2021-12-20 16:02:43.432root 11241100x8000000000000000781813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a46ce89d8fef572021-12-20 16:02:43.433root 11241100x8000000000000000781814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df08b6c0db732742021-12-20 16:02:43.433root 11241100x8000000000000000781815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81467f041bff89b2021-12-20 16:02:43.433root 11241100x8000000000000000781816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c302c97c66b6a6c42021-12-20 16:02:43.433root 11241100x8000000000000000781817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9101f4510d63e92021-12-20 16:02:43.433root 11241100x8000000000000000781818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b195980b3c7d196b2021-12-20 16:02:43.433root 11241100x8000000000000000781819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f72d568ec13e14b2021-12-20 16:02:43.433root 11241100x8000000000000000781820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d3b944dc32ba4a2021-12-20 16:02:43.433root 11241100x8000000000000000781821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c118c4afc1c5632021-12-20 16:02:43.434root 11241100x8000000000000000781822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66c5399e65405d72021-12-20 16:02:43.434root 11241100x8000000000000000781823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1893acf6e0361892021-12-20 16:02:43.434root 11241100x8000000000000000781824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13815b6a5627a6f02021-12-20 16:02:43.434root 11241100x8000000000000000781825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1026f76a2627e7672021-12-20 16:02:43.924root 11241100x8000000000000000781826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bee0f7a283e72db2021-12-20 16:02:43.924root 11241100x8000000000000000781827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aace8ccc14268e32021-12-20 16:02:43.924root 11241100x8000000000000000781828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb0bd4cc18599612021-12-20 16:02:43.924root 11241100x8000000000000000781829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07feb2fef84ec832021-12-20 16:02:43.924root 11241100x8000000000000000781830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae24e61d8e19edc2021-12-20 16:02:43.924root 11241100x8000000000000000781831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821c8f0ccafa7d462021-12-20 16:02:43.924root 11241100x8000000000000000781832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96302e6e8aafa4002021-12-20 16:02:43.925root 11241100x8000000000000000781833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65d237428a8a1172021-12-20 16:02:43.925root 11241100x8000000000000000781834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7647fdfe5f3d1ce62021-12-20 16:02:43.925root 11241100x8000000000000000781835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14abac931743bc2e2021-12-20 16:02:43.925root 11241100x8000000000000000781836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc395e9c208d52932021-12-20 16:02:43.925root 11241100x8000000000000000781837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3621a2f35594b0eb2021-12-20 16:02:43.925root 11241100x8000000000000000781838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61de68ba863c16f2021-12-20 16:02:43.925root 11241100x8000000000000000781839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e14ae68d3048592021-12-20 16:02:43.925root 11241100x8000000000000000781840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ad119ba25539392021-12-20 16:02:43.925root 11241100x8000000000000000781841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c47aac73378d422021-12-20 16:02:43.925root 11241100x8000000000000000781842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7520bcc5e967a72021-12-20 16:02:43.925root 11241100x8000000000000000781843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384e0edf96bb31d12021-12-20 16:02:43.925root 11241100x8000000000000000781844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196e9c6cf2612b3d2021-12-20 16:02:43.926root 11241100x8000000000000000781845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e035960693b49d2021-12-20 16:02:43.926root 11241100x8000000000000000781846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83a1f80060019342021-12-20 16:02:43.926root 11241100x8000000000000000781847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c579430474691b52021-12-20 16:02:43.926root 11241100x8000000000000000781848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07455df56db734b2021-12-20 16:02:43.926root 11241100x8000000000000000781849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644979a5df32d44e2021-12-20 16:02:43.926root 11241100x8000000000000000781850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ae0963e1b73a5c2021-12-20 16:02:43.926root 11241100x8000000000000000781851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba61690d1927ee3a2021-12-20 16:02:43.926root 11241100x8000000000000000781852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3304622b4e0597ab2021-12-20 16:02:43.926root 11241100x8000000000000000781853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ca53189e5e34bb2021-12-20 16:02:43.927root 11241100x8000000000000000781854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b64a60f9088a4182021-12-20 16:02:43.927root 11241100x8000000000000000781855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28720a5bc2437972021-12-20 16:02:43.927root 11241100x8000000000000000781856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ecad307aafd3532021-12-20 16:02:43.927root 11241100x8000000000000000781857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e384024c3e4d4d2021-12-20 16:02:43.927root 11241100x8000000000000000781858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8ef72757931c1b2021-12-20 16:02:43.927root 11241100x8000000000000000781859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b06acde31e9be12021-12-20 16:02:43.927root 11241100x8000000000000000781860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc381ff18c46d7b2021-12-20 16:02:43.927root 11241100x8000000000000000781861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63634a808f27d7262021-12-20 16:02:43.927root 11241100x8000000000000000781862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc0e75e643357d52021-12-20 16:02:43.927root 11241100x8000000000000000781863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d55d9f5e4292e52021-12-20 16:02:43.927root 11241100x8000000000000000781864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d2b40f80bf1ac32021-12-20 16:02:43.928root 11241100x8000000000000000781865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0312fc74c5c1342021-12-20 16:02:43.928root 11241100x8000000000000000781866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eed4a122573493d2021-12-20 16:02:43.928root 11241100x8000000000000000781867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a85b2f3bf5341a2021-12-20 16:02:43.928root 11241100x8000000000000000781868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09feb8af602b0eb52021-12-20 16:02:43.928root 11241100x8000000000000000781869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e893ebffcfefd8572021-12-20 16:02:43.928root 11241100x8000000000000000781870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ac231b0ba0f90f2021-12-20 16:02:43.929root 11241100x8000000000000000781871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f816aeec2907892021-12-20 16:02:43.929root 11241100x8000000000000000781872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efd88815a2c7ed12021-12-20 16:02:43.929root 11241100x8000000000000000781873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1479a4ec260c2e92021-12-20 16:02:43.929root 11241100x8000000000000000781874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af36c6f3a50a4d072021-12-20 16:02:43.929root 11241100x8000000000000000781875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c0e611266789c02021-12-20 16:02:43.929root 11241100x8000000000000000781876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d6cdd60ee421342021-12-20 16:02:43.929root 11241100x8000000000000000781877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82aef0114f9ed9592021-12-20 16:02:43.929root 11241100x8000000000000000781878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e50897f6ebfaf02021-12-20 16:02:43.929root 11241100x8000000000000000781879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db42598e3436102f2021-12-20 16:02:43.929root 11241100x8000000000000000781880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38548cd6eeaff2ad2021-12-20 16:02:43.930root 11241100x8000000000000000781881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893498330e30a5472021-12-20 16:02:43.930root 11241100x8000000000000000781882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ef29b7fb7ee8ed2021-12-20 16:02:43.930root 11241100x8000000000000000781883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5134bcf1e8addd142021-12-20 16:02:43.930root 11241100x8000000000000000781884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319661cf527a2f7b2021-12-20 16:02:43.930root 11241100x8000000000000000781885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3447bd2237ccb632021-12-20 16:02:43.930root 11241100x8000000000000000781886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad23ca221d1eb66b2021-12-20 16:02:43.930root 11241100x8000000000000000781887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10485a3750ae7c7f2021-12-20 16:02:44.424root 11241100x8000000000000000781888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6fad822b5ae3b62021-12-20 16:02:44.424root 11241100x8000000000000000781889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7efdbadcaa561b32021-12-20 16:02:44.424root 11241100x8000000000000000781890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64200ae9bc3dec892021-12-20 16:02:44.424root 11241100x8000000000000000781891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c86b3c91349cc0c2021-12-20 16:02:44.424root 11241100x8000000000000000781892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7be631afd057cf2021-12-20 16:02:44.425root 11241100x8000000000000000781893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03fe50d19b331012021-12-20 16:02:44.425root 11241100x8000000000000000781894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00f5b600ea304c02021-12-20 16:02:44.425root 11241100x8000000000000000781895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ffb0eabdecd80c2021-12-20 16:02:44.425root 11241100x8000000000000000781896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fcabc29a2d23e02021-12-20 16:02:44.425root 11241100x8000000000000000781897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62c053a4d4aef112021-12-20 16:02:44.425root 11241100x8000000000000000781898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8b20f3dabf5c9b2021-12-20 16:02:44.425root 11241100x8000000000000000781899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16526a71c2087e542021-12-20 16:02:44.426root 11241100x8000000000000000781900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c15eb7aa0b146982021-12-20 16:02:44.426root 11241100x8000000000000000781901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327a4b4ae510fca32021-12-20 16:02:44.426root 11241100x8000000000000000781902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c21d76c1cb6e2f2021-12-20 16:02:44.426root 11241100x8000000000000000781903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4e7c7a57cd380a2021-12-20 16:02:44.426root 11241100x8000000000000000781904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388875bb08aa8bbd2021-12-20 16:02:44.426root 11241100x8000000000000000781905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d5be68d72177552021-12-20 16:02:44.426root 11241100x8000000000000000781906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebadee9e60c1fa312021-12-20 16:02:44.427root 11241100x8000000000000000781907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a592a7f8878a4d32021-12-20 16:02:44.427root 11241100x8000000000000000781908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d41a26a099f2ca2021-12-20 16:02:44.427root 11241100x8000000000000000781909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e4e333caeec012021-12-20 16:02:44.427root 11241100x8000000000000000781910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f5dd93e78878982021-12-20 16:02:44.427root 11241100x8000000000000000781911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e809674bc1fa5452021-12-20 16:02:44.427root 11241100x8000000000000000781912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316ea54f63aa59112021-12-20 16:02:44.427root 11241100x8000000000000000781913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8035b74735b4e02021-12-20 16:02:44.428root 11241100x8000000000000000781914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cd896a6f4d829b2021-12-20 16:02:44.428root 11241100x8000000000000000781915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9448d98589f71522021-12-20 16:02:44.428root 11241100x8000000000000000781916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e431ca8055e4e72021-12-20 16:02:44.428root 11241100x8000000000000000781917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ed108bac0ca4752021-12-20 16:02:44.428root 11241100x8000000000000000781918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e044c9d8cbc18a182021-12-20 16:02:44.428root 11241100x8000000000000000781919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099ed71e57c5839f2021-12-20 16:02:44.428root 11241100x8000000000000000781920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fbde896d51c3582021-12-20 16:02:44.428root 11241100x8000000000000000781921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d6e158e2ce8fc32021-12-20 16:02:44.428root 11241100x8000000000000000781922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c971f4b953f6452021-12-20 16:02:44.428root 11241100x8000000000000000781923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023f1b3885406e082021-12-20 16:02:44.429root 11241100x8000000000000000781924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbc07049794bbe32021-12-20 16:02:44.429root 11241100x8000000000000000781925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5765e6cc139f22c2021-12-20 16:02:44.429root 11241100x8000000000000000781926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a2bf19c4444a672021-12-20 16:02:44.429root 11241100x8000000000000000781927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5109046f30f7968b2021-12-20 16:02:44.429root 11241100x8000000000000000781928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9065fb99a383ff6a2021-12-20 16:02:44.430root 11241100x8000000000000000781929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718a35a1d96cfd272021-12-20 16:02:44.430root 11241100x8000000000000000781930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeca2aae1a6fb362021-12-20 16:02:44.430root 11241100x8000000000000000781931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c98f7766c6d44142021-12-20 16:02:44.430root 11241100x8000000000000000781932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d95dac35c3a1aba2021-12-20 16:02:44.430root 11241100x8000000000000000781933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6faa2d236fea4542021-12-20 16:02:44.431root 11241100x8000000000000000781934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95b5fb86a7086fb2021-12-20 16:02:44.431root 11241100x8000000000000000781935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d8056408b1b7322021-12-20 16:02:44.432root 11241100x8000000000000000781936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9733fbfa2664a3c2021-12-20 16:02:44.432root 11241100x8000000000000000781937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf76a48df9b2dd572021-12-20 16:02:44.432root 11241100x8000000000000000781938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f9dffec6ac6f302021-12-20 16:02:44.433root 11241100x8000000000000000781939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56895615445d1d652021-12-20 16:02:44.433root 11241100x8000000000000000781940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213ba9d93fd2a22a2021-12-20 16:02:44.433root 11241100x8000000000000000781941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe45650d22b0b4c2021-12-20 16:02:44.433root 11241100x8000000000000000781942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa11d76fbf859ad2021-12-20 16:02:44.434root 11241100x8000000000000000781943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77070fc9e5b15f932021-12-20 16:02:44.434root 11241100x8000000000000000781944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078d9d6abee6c2982021-12-20 16:02:44.434root 11241100x8000000000000000781945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e114d0f55c3b832021-12-20 16:02:44.434root 11241100x8000000000000000781946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e613a166739a5f2021-12-20 16:02:44.434root 11241100x8000000000000000781947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48ed95c994827fd2021-12-20 16:02:44.434root 11241100x8000000000000000781948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f02a642f4cef612021-12-20 16:02:44.434root 11241100x8000000000000000781949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747e16f7be26275a2021-12-20 16:02:44.434root 11241100x8000000000000000781950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b43245470248742021-12-20 16:02:44.435root 11241100x8000000000000000781951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0cdfb5b9e828852021-12-20 16:02:44.435root 11241100x8000000000000000781952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90924da78ca5860b2021-12-20 16:02:44.435root 11241100x8000000000000000781953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8530d7561030b2032021-12-20 16:02:44.435root 11241100x8000000000000000781954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82d83aee333d62e2021-12-20 16:02:44.435root 11241100x8000000000000000781955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458156fd606f3f5d2021-12-20 16:02:44.435root 11241100x8000000000000000781956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7e6d24aa6fef8a2021-12-20 16:02:44.435root 11241100x8000000000000000781957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b6146d435619992021-12-20 16:02:44.435root 11241100x8000000000000000781958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a2fcf7daf67b0e2021-12-20 16:02:44.435root 11241100x8000000000000000781959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca9b3860ba8fbcb2021-12-20 16:02:44.435root 11241100x8000000000000000781960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6716d43b1d8eecdb2021-12-20 16:02:44.435root 11241100x8000000000000000781961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa7f997b5714e712021-12-20 16:02:44.435root 11241100x8000000000000000781962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec05ec685eb6ffff2021-12-20 16:02:44.435root 11241100x8000000000000000781963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca20d7bfa347fc1d2021-12-20 16:02:44.435root 11241100x8000000000000000781964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbc9fb66207fe102021-12-20 16:02:44.436root 11241100x8000000000000000781965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9045596a4d22c012021-12-20 16:02:44.436root 11241100x8000000000000000781966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b64d78bd922e2302021-12-20 16:02:44.436root 11241100x8000000000000000781967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511cb55743090b962021-12-20 16:02:44.436root 11241100x8000000000000000781968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0532096c4dc8f12021-12-20 16:02:44.436root 11241100x8000000000000000781969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc68f9b8119ecdc2021-12-20 16:02:44.436root 11241100x8000000000000000781970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce06a59b20519dbd2021-12-20 16:02:44.436root 11241100x8000000000000000781971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00a43311df5095a2021-12-20 16:02:44.436root 11241100x8000000000000000781972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e471bc10a69f31422021-12-20 16:02:44.436root 11241100x8000000000000000781973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a157bee83690c42021-12-20 16:02:44.436root 11241100x8000000000000000781974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5057dc4341fd032021-12-20 16:02:44.437root 11241100x8000000000000000781975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff8bbb35d07bf982021-12-20 16:02:44.437root 11241100x8000000000000000781976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2450bd719fb1b22021-12-20 16:02:44.437root 11241100x8000000000000000781977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85102347547c99e52021-12-20 16:02:44.437root 11241100x8000000000000000781978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955da4edff1be0ee2021-12-20 16:02:44.924root 11241100x8000000000000000781979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84a2ab8a5b7d01d2021-12-20 16:02:44.924root 11241100x8000000000000000781980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab9d219ff83e8f52021-12-20 16:02:44.924root 11241100x8000000000000000781981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d22f1006c340c72021-12-20 16:02:44.925root 11241100x8000000000000000781982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9e82dece6598512021-12-20 16:02:44.925root 11241100x8000000000000000781983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3c95645d2c654e2021-12-20 16:02:44.925root 11241100x8000000000000000781984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af18fbe5adfe26fe2021-12-20 16:02:44.925root 11241100x8000000000000000781985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704ba8026ff042f12021-12-20 16:02:44.925root 11241100x8000000000000000781986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4763ab39bb34412021-12-20 16:02:44.925root 11241100x8000000000000000781987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d468b305a5deda922021-12-20 16:02:44.925root 11241100x8000000000000000781988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a3845000ab000c2021-12-20 16:02:44.926root 11241100x8000000000000000781989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d8f539ac0e983a2021-12-20 16:02:44.926root 11241100x8000000000000000781990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a896e4351039eedd2021-12-20 16:02:44.926root 11241100x8000000000000000781991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124594a979a1561b2021-12-20 16:02:44.926root 11241100x8000000000000000781992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c9005d38c14e132021-12-20 16:02:44.926root 11241100x8000000000000000781993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755fdecfc784fb632021-12-20 16:02:44.926root 11241100x8000000000000000781994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53038153dbfc58022021-12-20 16:02:44.926root 11241100x8000000000000000781995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7c16f6156d01e22021-12-20 16:02:44.927root 11241100x8000000000000000781996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f2ac6d7c18c7102021-12-20 16:02:44.927root 11241100x8000000000000000781997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d452715777509ddd2021-12-20 16:02:44.927root 11241100x8000000000000000781998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da13497a70e73bcc2021-12-20 16:02:44.927root 11241100x8000000000000000781999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b554befeffa13a792021-12-20 16:02:44.927root 11241100x8000000000000000782000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5110d20d634ded32021-12-20 16:02:44.927root 11241100x8000000000000000782001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b02d72b498ec59d2021-12-20 16:02:44.927root 11241100x8000000000000000782002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c338c5b07a985d2021-12-20 16:02:44.928root 11241100x8000000000000000782003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b43d11a7319da452021-12-20 16:02:44.928root 11241100x8000000000000000782004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6712e58f95d2d9672021-12-20 16:02:44.928root 11241100x8000000000000000782005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da9b6d9a30699962021-12-20 16:02:44.928root 11241100x8000000000000000782006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec4e2a22cd682352021-12-20 16:02:44.928root 11241100x8000000000000000782007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59edcb009d481782021-12-20 16:02:44.928root 11241100x8000000000000000782008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29135ba29b37d6dc2021-12-20 16:02:44.928root 11241100x8000000000000000782009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a88dd16bb5c5c62021-12-20 16:02:44.928root 11241100x8000000000000000782010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d8ff69f673f4a72021-12-20 16:02:44.929root 11241100x8000000000000000782011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370dbc57d0b8a0852021-12-20 16:02:44.929root 11241100x8000000000000000782012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af067fcf22e282d2021-12-20 16:02:44.929root 11241100x8000000000000000782013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70581811ee889cd62021-12-20 16:02:44.929root 11241100x8000000000000000782014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b620ebce65fc1642021-12-20 16:02:44.929root 11241100x8000000000000000782015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c552f8a73a299312021-12-20 16:02:44.929root 11241100x8000000000000000782016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d20f47278ca58662021-12-20 16:02:44.932root 11241100x8000000000000000782017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64af634d5f3a42eb2021-12-20 16:02:44.932root 11241100x8000000000000000782018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb445be17390151e2021-12-20 16:02:44.934root 11241100x8000000000000000782019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d8a08541be51e62021-12-20 16:02:44.934root 11241100x8000000000000000782020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b4fa4f99bc4e172021-12-20 16:02:44.934root 11241100x8000000000000000782021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6363d9389063fc022021-12-20 16:02:44.936root 11241100x8000000000000000782022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a1fbaf76b6d0732021-12-20 16:02:44.936root 11241100x8000000000000000782023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdafaa7a8fc1e222021-12-20 16:02:44.936root 11241100x8000000000000000782024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d587e74b7ed9b82021-12-20 16:02:44.936root 11241100x8000000000000000782025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c020b16390b5292021-12-20 16:02:44.937root 11241100x8000000000000000782026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dac25c4102fe94e2021-12-20 16:02:44.937root 11241100x8000000000000000782027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2020094c3d6a5b2021-12-20 16:02:44.937root 11241100x8000000000000000782028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d82484c2a9ae4a2021-12-20 16:02:44.937root 11241100x8000000000000000782029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2339ab84de7bd32021-12-20 16:02:44.937root 11241100x8000000000000000782030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f46f1b9fb5f57622021-12-20 16:02:44.937root 11241100x8000000000000000782031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62311ae72cd2850e2021-12-20 16:02:44.937root 11241100x8000000000000000782032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7c5e1a5e288a282021-12-20 16:02:44.937root 11241100x8000000000000000782033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae7a4fdb970edcf2021-12-20 16:02:44.937root 11241100x8000000000000000782034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86a2ae5368af0d92021-12-20 16:02:44.938root 11241100x8000000000000000782035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4d35a4a12f64592021-12-20 16:02:44.938root 11241100x8000000000000000782036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c48c8de326007a62021-12-20 16:02:44.938root 11241100x8000000000000000782037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e247799a7fd0612021-12-20 16:02:44.939root 11241100x8000000000000000782038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7b41efe64304de2021-12-20 16:02:44.939root 11241100x8000000000000000782039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aadb8829f5df4642021-12-20 16:02:44.939root 11241100x8000000000000000782040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e055637ac5a979a2021-12-20 16:02:44.939root 11241100x8000000000000000782041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf8cae096271cdf2021-12-20 16:02:44.945root 11241100x8000000000000000782042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009b29ed383bd4252021-12-20 16:02:44.945root 11241100x8000000000000000782043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afb5fbf4ed78a3e2021-12-20 16:02:44.946root 11241100x8000000000000000782044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4514e2f54da85e02021-12-20 16:02:44.946root 11241100x8000000000000000782045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f290f939c547532021-12-20 16:02:44.946root 11241100x8000000000000000782046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd652755441534bd2021-12-20 16:02:44.946root 11241100x8000000000000000782047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12515fc18f45249a2021-12-20 16:02:44.946root 11241100x8000000000000000782048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983c15672c86bd4f2021-12-20 16:02:44.946root 11241100x8000000000000000782049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f778abd6198fae2021-12-20 16:02:44.946root 11241100x8000000000000000782050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8325c3ba8b1fcd2a2021-12-20 16:02:44.946root 11241100x8000000000000000782051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4337423a08bdd022021-12-20 16:02:44.947root 11241100x8000000000000000782052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655563b19bf2cece2021-12-20 16:02:44.947root 11241100x8000000000000000782053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520070e38c1e18a12021-12-20 16:02:44.947root 11241100x8000000000000000782054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a3030e2e2fa5212021-12-20 16:02:44.947root 11241100x8000000000000000782055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a048f1ae5d69ff2021-12-20 16:02:44.947root 11241100x8000000000000000782056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e697d71c5eb1722021-12-20 16:02:44.947root 11241100x8000000000000000782057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9267b86c1a0b9c2021-12-20 16:02:44.947root 11241100x8000000000000000782058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da382d584ebc4362021-12-20 16:02:44.950root 11241100x8000000000000000782059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e0b9a2df137d852021-12-20 16:02:44.953root 11241100x8000000000000000782060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cfdd8285a10c772021-12-20 16:02:44.953root 11241100x8000000000000000782061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8c2671a0c185de2021-12-20 16:02:44.953root 11241100x8000000000000000782062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.953{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff677bd61c57b0e2021-12-20 16:02:44.953root 11241100x8000000000000000782063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18e6087923430842021-12-20 16:02:44.954root 11241100x8000000000000000782064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84fbe3a0f5de95b2021-12-20 16:02:44.954root 11241100x8000000000000000782065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516a1b11507a9aa82021-12-20 16:02:44.954root 11241100x8000000000000000782066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce84b509fa11bb422021-12-20 16:02:44.954root 11241100x8000000000000000782067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d650a6c802673ed42021-12-20 16:02:44.954root 11241100x8000000000000000782068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d64626a4302a0f2021-12-20 16:02:44.954root 11241100x8000000000000000782069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c229e9dc592964ca2021-12-20 16:02:44.954root 11241100x8000000000000000782070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981dd64fb7dd4ce72021-12-20 16:02:44.954root 11241100x8000000000000000782071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.954{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009ab149bda788a62021-12-20 16:02:44.954root 11241100x8000000000000000782072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bec6b81afae05722021-12-20 16:02:44.955root 11241100x8000000000000000782073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4713239b518f2822021-12-20 16:02:44.955root 11241100x8000000000000000782074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:44.955{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fc2d8b747f1b022021-12-20 16:02:44.955root 354300x8000000000000000782075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.080{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51554-false10.0.1.12-8000- 11241100x8000000000000000782076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d84cf0af340346e2021-12-20 16:02:45.424root 11241100x8000000000000000782077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034710ca9ef1e86a2021-12-20 16:02:45.424root 11241100x8000000000000000782078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9c77e3bf55c2672021-12-20 16:02:45.424root 11241100x8000000000000000782079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f173452ded73f52021-12-20 16:02:45.424root 11241100x8000000000000000782080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0d339a5f0cb38f2021-12-20 16:02:45.424root 11241100x8000000000000000782081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfedbf1be5dccb12021-12-20 16:02:45.424root 11241100x8000000000000000782082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c732c9a01e6320442021-12-20 16:02:45.425root 11241100x8000000000000000782083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7809d0e1a9e33382021-12-20 16:02:45.425root 11241100x8000000000000000782084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc39180ca236b7482021-12-20 16:02:45.425root 11241100x8000000000000000782085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781ee973c53183222021-12-20 16:02:45.425root 11241100x8000000000000000782086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0624f2a36a6d6e902021-12-20 16:02:45.425root 11241100x8000000000000000782087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f7569cb588194b2021-12-20 16:02:45.425root 11241100x8000000000000000782088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa538a0a7cef3cd82021-12-20 16:02:45.425root 11241100x8000000000000000782089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e8dc9b5242b7642021-12-20 16:02:45.426root 11241100x8000000000000000782090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e6e423561413002021-12-20 16:02:45.426root 11241100x8000000000000000782091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bedf6e9ce5b09262021-12-20 16:02:45.426root 11241100x8000000000000000782092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90eb9c67f69f5c142021-12-20 16:02:45.426root 11241100x8000000000000000782093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41878ab3c77cb6c92021-12-20 16:02:45.426root 11241100x8000000000000000782094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ffad4b9950863b2021-12-20 16:02:45.426root 11241100x8000000000000000782095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024aa59555b2d49d2021-12-20 16:02:45.426root 11241100x8000000000000000782096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e7f05777e871052021-12-20 16:02:45.426root 11241100x8000000000000000782097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c7dd3f4e786aab2021-12-20 16:02:45.427root 11241100x8000000000000000782098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b995ae1585304d652021-12-20 16:02:45.427root 11241100x8000000000000000782099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e83823490fe71fa2021-12-20 16:02:45.427root 11241100x8000000000000000782100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87d3fbe467977872021-12-20 16:02:45.427root 11241100x8000000000000000782101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c8b6dcc6d5ad6f2021-12-20 16:02:45.427root 11241100x8000000000000000782102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b699dd8014705e22021-12-20 16:02:45.427root 11241100x8000000000000000782103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72815f34fbbc9d962021-12-20 16:02:45.427root 11241100x8000000000000000782104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f43a4e6b57d1022021-12-20 16:02:45.428root 11241100x8000000000000000782105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863fdf92d78041992021-12-20 16:02:45.428root 11241100x8000000000000000782106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14440d07d41bd3942021-12-20 16:02:45.428root 11241100x8000000000000000782107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b20ed7591256412021-12-20 16:02:45.428root 11241100x8000000000000000782108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5240d3d2f22b53442021-12-20 16:02:45.428root 11241100x8000000000000000782109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09db90e50366c8a72021-12-20 16:02:45.428root 11241100x8000000000000000782110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667927f208fce0802021-12-20 16:02:45.428root 11241100x8000000000000000782111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d891713232e3a2472021-12-20 16:02:45.428root 11241100x8000000000000000782112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d1295d20a1a1c82021-12-20 16:02:45.428root 11241100x8000000000000000782113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcf60986c6af0512021-12-20 16:02:45.428root 11241100x8000000000000000782114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23f6ee86c7825722021-12-20 16:02:45.429root 11241100x8000000000000000782115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2fbb343b145c762021-12-20 16:02:45.429root 11241100x8000000000000000782116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1963abe92d84412021-12-20 16:02:45.429root 11241100x8000000000000000782117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c3d08698010e8a2021-12-20 16:02:45.429root 11241100x8000000000000000782118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f4e34ea72ed81b2021-12-20 16:02:45.429root 11241100x8000000000000000782119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c1f0b6ac1561e52021-12-20 16:02:45.429root 11241100x8000000000000000782120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee1acc2ff0b8cd42021-12-20 16:02:45.429root 11241100x8000000000000000782121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394ad09b33cbc96d2021-12-20 16:02:45.429root 11241100x8000000000000000782122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14599677939acd182021-12-20 16:02:45.429root 11241100x8000000000000000782123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1e7173213a0aa22021-12-20 16:02:45.430root 11241100x8000000000000000782124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d2f63cb0b547522021-12-20 16:02:45.430root 11241100x8000000000000000782125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a23d6adf4b28992021-12-20 16:02:45.430root 11241100x8000000000000000782126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8962ef547543a1cc2021-12-20 16:02:45.430root 11241100x8000000000000000782127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e2f984c933faa72021-12-20 16:02:45.430root 11241100x8000000000000000782128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a7c7d07470c7922021-12-20 16:02:45.430root 11241100x8000000000000000782129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0088aa97405ae822021-12-20 16:02:45.430root 11241100x8000000000000000782130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b560a037b6a0f72021-12-20 16:02:45.430root 11241100x8000000000000000782131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac8932c68bb31652021-12-20 16:02:45.430root 11241100x8000000000000000782132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d19d7895337eea62021-12-20 16:02:45.430root 11241100x8000000000000000782133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac07d65d1c112a6c2021-12-20 16:02:45.431root 11241100x8000000000000000782134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dc58bbf04cefa72021-12-20 16:02:45.431root 11241100x8000000000000000782135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e052ebee91a0572021-12-20 16:02:45.431root 11241100x8000000000000000782136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73866f92907109e2021-12-20 16:02:45.431root 11241100x8000000000000000782137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3351f314ac3173e2021-12-20 16:02:45.431root 11241100x8000000000000000782138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec336393b00601db2021-12-20 16:02:45.431root 11241100x8000000000000000782139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9909f261e38f43e2021-12-20 16:02:45.431root 11241100x8000000000000000782140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f036cd0f5e4202a52021-12-20 16:02:45.431root 11241100x8000000000000000782141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dd508b304cf2982021-12-20 16:02:45.431root 11241100x8000000000000000782142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d47991f047551a2021-12-20 16:02:45.431root 11241100x8000000000000000782143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffdf14236381a232021-12-20 16:02:45.431root 11241100x8000000000000000782144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a389cc5c346d78152021-12-20 16:02:45.433root 11241100x8000000000000000782145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b7c6abb6353ab12021-12-20 16:02:45.433root 11241100x8000000000000000782146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a396b7130b809aa52021-12-20 16:02:45.433root 11241100x8000000000000000782147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733af8430514920a2021-12-20 16:02:45.433root 11241100x8000000000000000782148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01848529b26fc2842021-12-20 16:02:45.433root 11241100x8000000000000000782149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07db467a451f7932021-12-20 16:02:45.433root 11241100x8000000000000000782150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a831dfd8092359842021-12-20 16:02:45.433root 11241100x8000000000000000782151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a5f0a4de6ed9412021-12-20 16:02:45.433root 11241100x8000000000000000782152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5484cf798934002021-12-20 16:02:45.433root 11241100x8000000000000000782153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434cfbd99c59fbaf2021-12-20 16:02:45.434root 11241100x8000000000000000782154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17bebb136bcfa4b2021-12-20 16:02:45.434root 11241100x8000000000000000782155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5a747ced9e73f82021-12-20 16:02:45.434root 11241100x8000000000000000782156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487a5cde98a4937a2021-12-20 16:02:45.434root 11241100x8000000000000000782157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8da51057910e7a92021-12-20 16:02:45.434root 11241100x8000000000000000782158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fe7fd8453789062021-12-20 16:02:45.434root 11241100x8000000000000000782159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f12dcc7ec16c422021-12-20 16:02:45.434root 11241100x8000000000000000782160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556281062a0ef8402021-12-20 16:02:45.434root 11241100x8000000000000000782161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf46b5c8e13072ef2021-12-20 16:02:45.435root 11241100x8000000000000000782162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b771ffcb246b7fee2021-12-20 16:02:45.435root 11241100x8000000000000000782163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6722f569246ec02a2021-12-20 16:02:45.435root 11241100x8000000000000000782164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852b3bcb5ac2466c2021-12-20 16:02:45.435root 11241100x8000000000000000782165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9561757de58098192021-12-20 16:02:45.435root 11241100x8000000000000000782166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2d5e6d6c82deb22021-12-20 16:02:45.435root 11241100x8000000000000000782167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fae019b39885e192021-12-20 16:02:45.435root 11241100x8000000000000000782168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6751265d68778bc2021-12-20 16:02:45.435root 11241100x8000000000000000782169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb33eccb427ff62021-12-20 16:02:45.436root 11241100x8000000000000000782170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e165ce68d8e216122021-12-20 16:02:45.436root 11241100x8000000000000000782171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3124eb718d27f0732021-12-20 16:02:45.436root 11241100x8000000000000000782172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cbb9dbc23841c22021-12-20 16:02:45.436root 11241100x8000000000000000782173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6e32b5b965fc6b2021-12-20 16:02:45.436root 11241100x8000000000000000782174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477bc26e77b446ad2021-12-20 16:02:45.924root 11241100x8000000000000000782175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae315dcf680b19c62021-12-20 16:02:45.924root 11241100x8000000000000000782176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec6855eb6b69b702021-12-20 16:02:45.925root 11241100x8000000000000000782177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9b7c7f94b7c92f2021-12-20 16:02:45.925root 11241100x8000000000000000782178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4674dc9b144485e32021-12-20 16:02:45.925root 11241100x8000000000000000782179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414dfc0da1966dea2021-12-20 16:02:45.925root 11241100x8000000000000000782180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d16615e5bdd65c82021-12-20 16:02:45.925root 11241100x8000000000000000782181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0a994e8dde5f9f2021-12-20 16:02:45.926root 11241100x8000000000000000782182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e2e10f47527f152021-12-20 16:02:45.926root 11241100x8000000000000000782183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddd4020fb78670e2021-12-20 16:02:45.926root 11241100x8000000000000000782184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd641501e883dc952021-12-20 16:02:45.926root 11241100x8000000000000000782185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b776db32619c7102021-12-20 16:02:45.926root 11241100x8000000000000000782186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec433a43ece9fcc2021-12-20 16:02:45.926root 11241100x8000000000000000782187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be21a78d92b356a12021-12-20 16:02:45.926root 11241100x8000000000000000782188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12f40e5b84fc6402021-12-20 16:02:45.926root 11241100x8000000000000000782189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51616c971fc434852021-12-20 16:02:45.926root 11241100x8000000000000000782190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd14da52700024a62021-12-20 16:02:45.926root 11241100x8000000000000000782191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd2686d0750789c2021-12-20 16:02:45.927root 11241100x8000000000000000782192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9bf93c25e817252021-12-20 16:02:45.927root 11241100x8000000000000000782193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158c0a6c6087cdaa2021-12-20 16:02:45.927root 11241100x8000000000000000782194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c6026a75ca99bb2021-12-20 16:02:45.927root 11241100x8000000000000000782195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764ac428153b4e342021-12-20 16:02:45.927root 11241100x8000000000000000782196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf1d91328d86a552021-12-20 16:02:45.927root 11241100x8000000000000000782197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558537723b3099362021-12-20 16:02:45.928root 11241100x8000000000000000782198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48e93b3bbe79f7d2021-12-20 16:02:45.928root 11241100x8000000000000000782199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ae64315bbf85ee2021-12-20 16:02:45.928root 11241100x8000000000000000782200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81f8a75341d39142021-12-20 16:02:45.928root 11241100x8000000000000000782201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a41d397331b63c2021-12-20 16:02:45.928root 11241100x8000000000000000782202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2be7303ed1403402021-12-20 16:02:45.929root 11241100x8000000000000000782203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dea2658a2a0a92f2021-12-20 16:02:45.929root 11241100x8000000000000000782204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b034cb3ae97f382021-12-20 16:02:45.929root 11241100x8000000000000000782205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb37214ce6216b192021-12-20 16:02:45.929root 11241100x8000000000000000782206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1238520949725fc82021-12-20 16:02:45.930root 11241100x8000000000000000782207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb3fdeb946ded9e2021-12-20 16:02:45.930root 11241100x8000000000000000782208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55a6f28c00e8de72021-12-20 16:02:45.930root 11241100x8000000000000000782209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86d7b639b8fc83f2021-12-20 16:02:45.931root 11241100x8000000000000000782210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94174a6116c4a9ea2021-12-20 16:02:45.931root 11241100x8000000000000000782211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd81f50abdf56592021-12-20 16:02:45.931root 11241100x8000000000000000782212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9b884733e2f0b52021-12-20 16:02:45.932root 11241100x8000000000000000782213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ff937eebcbe3be2021-12-20 16:02:45.932root 11241100x8000000000000000782214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9d05c9e3cbf8722021-12-20 16:02:45.932root 11241100x8000000000000000782215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad29fede2e3e93d2021-12-20 16:02:45.932root 11241100x8000000000000000782216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f62d5fb851a03052021-12-20 16:02:45.933root 11241100x8000000000000000782217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f3bd3ede2dd6b52021-12-20 16:02:45.933root 11241100x8000000000000000782218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa39ceb8fbf6e9362021-12-20 16:02:45.933root 11241100x8000000000000000782219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daf293f2892c3692021-12-20 16:02:45.933root 11241100x8000000000000000782220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967107fd5f7fc8332021-12-20 16:02:45.933root 11241100x8000000000000000782221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45e1d20bb512a852021-12-20 16:02:45.934root 11241100x8000000000000000782222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba826ce528b64ed2021-12-20 16:02:45.934root 11241100x8000000000000000782223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591ce041443bf9832021-12-20 16:02:45.934root 11241100x8000000000000000782224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76495931b98c21bf2021-12-20 16:02:45.935root 11241100x8000000000000000782225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4d1133de5871f52021-12-20 16:02:45.935root 11241100x8000000000000000782226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68546bebaf4ee152021-12-20 16:02:45.935root 11241100x8000000000000000782227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f74f57ae6895402021-12-20 16:02:45.935root 11241100x8000000000000000782228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b8ecb9d49ea9992021-12-20 16:02:45.936root 11241100x8000000000000000782229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13b3970a21a178b2021-12-20 16:02:45.936root 11241100x8000000000000000782230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819b9a19bd728d302021-12-20 16:02:45.936root 11241100x8000000000000000782231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43da45de22e00492021-12-20 16:02:45.936root 11241100x8000000000000000782232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ddb3eb762fe4622021-12-20 16:02:45.937root 11241100x8000000000000000782233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102c878aa68a8e972021-12-20 16:02:45.937root 11241100x8000000000000000782234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1195acdc7cfe9f2021-12-20 16:02:45.937root 11241100x8000000000000000782235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3481ab79ca3ab83c2021-12-20 16:02:45.937root 11241100x8000000000000000782236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab3a07fb9c25f722021-12-20 16:02:45.937root 11241100x8000000000000000782237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5395fd438bb72da2021-12-20 16:02:45.937root 11241100x8000000000000000782238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207c0575aaea808a2021-12-20 16:02:45.938root 11241100x8000000000000000782239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64ee5ff85f5a2d32021-12-20 16:02:45.938root 11241100x8000000000000000782240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b7a948a7d0b2e22021-12-20 16:02:45.938root 11241100x8000000000000000782241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed3d1b9510d18d92021-12-20 16:02:45.939root 11241100x8000000000000000782242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12c04d377cda1f42021-12-20 16:02:45.939root 11241100x8000000000000000782243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2695ae75779a6e2b2021-12-20 16:02:45.939root 11241100x8000000000000000782244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcac6b22f560311e2021-12-20 16:02:45.939root 11241100x8000000000000000782245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c498cde5ce7e9d042021-12-20 16:02:45.939root 11241100x8000000000000000782246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d183ef10aafe61f2021-12-20 16:02:45.939root 11241100x8000000000000000782247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8029b221c03d8212021-12-20 16:02:45.939root 11241100x8000000000000000782248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7f72e4b2f737212021-12-20 16:02:45.939root 11241100x8000000000000000782249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f730bcb74785f88a2021-12-20 16:02:45.939root 11241100x8000000000000000782250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4c931eef09f9ab2021-12-20 16:02:45.940root 11241100x8000000000000000782251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73262a42032735502021-12-20 16:02:45.940root 11241100x8000000000000000782252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0351022d59811b252021-12-20 16:02:45.940root 11241100x8000000000000000782253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00a3b75b78c43e82021-12-20 16:02:45.940root 11241100x8000000000000000782254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee452b9c9c594152021-12-20 16:02:45.940root 11241100x8000000000000000782255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9a6de783fd2a382021-12-20 16:02:45.940root 11241100x8000000000000000782256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bd009891e929092021-12-20 16:02:45.940root 11241100x8000000000000000782257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89afc9487c78d6772021-12-20 16:02:45.941root 11241100x8000000000000000782258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8056dd8c1858092021-12-20 16:02:45.941root 11241100x8000000000000000782259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16726fcb996e3012021-12-20 16:02:45.941root 11241100x8000000000000000782260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dee1348a43620b82021-12-20 16:02:45.941root 11241100x8000000000000000782261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad5b98deb9009fa2021-12-20 16:02:45.941root 11241100x8000000000000000782262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:45.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ee6ccd08d3f5752021-12-20 16:02:45.941root 11241100x8000000000000000782263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662fbb8a447613262021-12-20 16:02:46.424root 11241100x8000000000000000782264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6109e3ac6bebc2862021-12-20 16:02:46.424root 11241100x8000000000000000782265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2722f1cc89b149bf2021-12-20 16:02:46.424root 11241100x8000000000000000782266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a15ce8c4b4e9992021-12-20 16:02:46.424root 11241100x8000000000000000782267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e95842335c9edde2021-12-20 16:02:46.425root 11241100x8000000000000000782268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bc93e8917720762021-12-20 16:02:46.425root 11241100x8000000000000000782269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e3e66f66cee6452021-12-20 16:02:46.425root 11241100x8000000000000000782270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb95e6ec28cbed32021-12-20 16:02:46.425root 11241100x8000000000000000782271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b56d55099940ba62021-12-20 16:02:46.425root 11241100x8000000000000000782272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5735cef007b24af2021-12-20 16:02:46.426root 11241100x8000000000000000782273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4f7518be6c703f2021-12-20 16:02:46.426root 11241100x8000000000000000782274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e07a9ab59caf0392021-12-20 16:02:46.426root 11241100x8000000000000000782275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1408fc9cdb13b782021-12-20 16:02:46.426root 11241100x8000000000000000782276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5b59522dfd054d2021-12-20 16:02:46.426root 11241100x8000000000000000782277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b224066bd849682021-12-20 16:02:46.427root 11241100x8000000000000000782278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8fec59cf874b392021-12-20 16:02:46.427root 11241100x8000000000000000782279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae409ec2f42795502021-12-20 16:02:46.427root 11241100x8000000000000000782280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8bdcb97e25b26d2021-12-20 16:02:46.427root 11241100x8000000000000000782281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee695ebb112e93c52021-12-20 16:02:46.428root 11241100x8000000000000000782282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd863d8b9a3f64d92021-12-20 16:02:46.428root 11241100x8000000000000000782283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a785735c33fbf22021-12-20 16:02:46.429root 11241100x8000000000000000782284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e19c08a35b733182021-12-20 16:02:46.429root 11241100x8000000000000000782285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7172e5d7495de92021-12-20 16:02:46.429root 11241100x8000000000000000782286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07adad25db6f18a12021-12-20 16:02:46.429root 11241100x8000000000000000782287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440cdb73e9f7abfc2021-12-20 16:02:46.430root 11241100x8000000000000000782288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fb4ada97c391fa2021-12-20 16:02:46.430root 11241100x8000000000000000782289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a319e5032048f32021-12-20 16:02:46.430root 11241100x8000000000000000782290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65321cd38e12e072021-12-20 16:02:46.430root 11241100x8000000000000000782291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38f66ee737a44092021-12-20 16:02:46.430root 11241100x8000000000000000782292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d9f95d1818d5902021-12-20 16:02:46.430root 11241100x8000000000000000782293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267dc74bc79faaf62021-12-20 16:02:46.431root 11241100x8000000000000000782294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004a931730566a072021-12-20 16:02:46.431root 11241100x8000000000000000782295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1941ee2aaa03b3ee2021-12-20 16:02:46.431root 11241100x8000000000000000782296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9986468d07391d862021-12-20 16:02:46.431root 11241100x8000000000000000782297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f10943857132c562021-12-20 16:02:46.431root 11241100x8000000000000000782298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf88a5bf3b7f3042021-12-20 16:02:46.431root 11241100x8000000000000000782299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79086554223ee7002021-12-20 16:02:46.431root 11241100x8000000000000000782300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d9b1f2fa223aba2021-12-20 16:02:46.432root 11241100x8000000000000000782301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de0486c714eae852021-12-20 16:02:46.432root 11241100x8000000000000000782302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d2470262e5ec762021-12-20 16:02:46.432root 11241100x8000000000000000782303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55d7a33832019a42021-12-20 16:02:46.432root 11241100x8000000000000000782304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e5084d4e32d2c12021-12-20 16:02:46.432root 11241100x8000000000000000782305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fc3b3023e54eec2021-12-20 16:02:46.432root 11241100x8000000000000000782306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b33669a26466ed62021-12-20 16:02:46.432root 11241100x8000000000000000782307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5e3e3d8bc9da852021-12-20 16:02:46.433root 11241100x8000000000000000782308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362815a647c1b8342021-12-20 16:02:46.433root 11241100x8000000000000000782309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92e431f13df0f652021-12-20 16:02:46.433root 11241100x8000000000000000782310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cd5fefea5aa4502021-12-20 16:02:46.433root 11241100x8000000000000000782311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947bab7c442a59b12021-12-20 16:02:46.433root 11241100x8000000000000000782312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d893cba89ce2e12021-12-20 16:02:46.433root 11241100x8000000000000000782313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae80ac5f29766232021-12-20 16:02:46.433root 11241100x8000000000000000782314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8873efe33ac1f1142021-12-20 16:02:46.433root 11241100x8000000000000000782315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d5858f1b4cacc62021-12-20 16:02:46.433root 11241100x8000000000000000782316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75490819e9516c582021-12-20 16:02:46.433root 11241100x8000000000000000782317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e03368b016be3282021-12-20 16:02:46.433root 11241100x8000000000000000782318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f0be98a6b50c82021-12-20 16:02:46.434root 11241100x8000000000000000782319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9742a2a355745102021-12-20 16:02:46.434root 11241100x8000000000000000782320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d842b4aac08e11b42021-12-20 16:02:46.434root 11241100x8000000000000000782321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce94f15b5161a572021-12-20 16:02:46.434root 11241100x8000000000000000782322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5dffd3dfa94f042021-12-20 16:02:46.434root 11241100x8000000000000000782323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8eaf12055081992021-12-20 16:02:46.434root 11241100x8000000000000000782324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac7852d4bf036852021-12-20 16:02:46.434root 11241100x8000000000000000782325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a993a93ded7cd9f62021-12-20 16:02:46.434root 11241100x8000000000000000782326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c329277758b95a2021-12-20 16:02:46.434root 11241100x8000000000000000782327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a391559114961a042021-12-20 16:02:46.434root 11241100x8000000000000000782328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09221ff368992bd72021-12-20 16:02:46.434root 11241100x8000000000000000782329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ef05edc430cc092021-12-20 16:02:46.434root 11241100x8000000000000000782330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a558243fa739d46e2021-12-20 16:02:46.434root 11241100x8000000000000000782331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90115e1eccfe88552021-12-20 16:02:46.924root 11241100x8000000000000000782332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173ec802439134462021-12-20 16:02:46.924root 11241100x8000000000000000782333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfe8e87c86516b12021-12-20 16:02:46.924root 11241100x8000000000000000782334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e695d5bc8d47c0582021-12-20 16:02:46.924root 11241100x8000000000000000782335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2308206dc83740532021-12-20 16:02:46.925root 11241100x8000000000000000782336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fa9adf8b16e39a2021-12-20 16:02:46.925root 11241100x8000000000000000782337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294c790afb53b7072021-12-20 16:02:46.925root 11241100x8000000000000000782338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32c37c6bc5ca3902021-12-20 16:02:46.925root 11241100x8000000000000000782339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335812a8572224e12021-12-20 16:02:46.925root 11241100x8000000000000000782340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12b1fb41e3419c42021-12-20 16:02:46.925root 11241100x8000000000000000782341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02948da7235ce6142021-12-20 16:02:46.925root 11241100x8000000000000000782342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e348920e7fa785d2021-12-20 16:02:46.925root 11241100x8000000000000000782343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0069a7e333408bf02021-12-20 16:02:46.925root 11241100x8000000000000000782344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b30ecedba648d2c2021-12-20 16:02:46.925root 11241100x8000000000000000782345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c99ea12a4a8c6062021-12-20 16:02:46.925root 11241100x8000000000000000782346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec7b7a7c2cd641b2021-12-20 16:02:46.925root 11241100x8000000000000000782347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2718ef3b17bc8162021-12-20 16:02:46.925root 11241100x8000000000000000782348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08359405406b6fc2021-12-20 16:02:46.925root 11241100x8000000000000000782349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba64c17c2642d6572021-12-20 16:02:46.925root 11241100x8000000000000000782350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c4fdbd63288b9c2021-12-20 16:02:46.926root 11241100x8000000000000000782351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e4c864d7d45f742021-12-20 16:02:46.926root 11241100x8000000000000000782352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0410cddbe40ea1472021-12-20 16:02:46.926root 11241100x8000000000000000782353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17302b08b5512f912021-12-20 16:02:46.926root 11241100x8000000000000000782354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5e21fc358247382021-12-20 16:02:46.926root 11241100x8000000000000000782355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c171fef9311588022021-12-20 16:02:46.927root 11241100x8000000000000000782356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1950176f37a88d602021-12-20 16:02:46.927root 11241100x8000000000000000782357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a187a00eb05a42f2021-12-20 16:02:46.927root 11241100x8000000000000000782358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e1014a21de5cdb2021-12-20 16:02:46.927root 11241100x8000000000000000782359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42c75e46f9de45b2021-12-20 16:02:46.927root 11241100x8000000000000000782360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ee603cfda098bd2021-12-20 16:02:46.927root 11241100x8000000000000000782361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95649cdac0e07da2021-12-20 16:02:46.927root 11241100x8000000000000000782362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00573d2c69b54e542021-12-20 16:02:46.928root 11241100x8000000000000000782363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105ac443da1903422021-12-20 16:02:46.928root 11241100x8000000000000000782364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73a6770048b10022021-12-20 16:02:46.928root 11241100x8000000000000000782365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38373a0034dccd32021-12-20 16:02:46.928root 11241100x8000000000000000782366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393d6d51b28b96612021-12-20 16:02:46.928root 11241100x8000000000000000782367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a989c3486c666a52021-12-20 16:02:46.928root 11241100x8000000000000000782368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273927f3417521db2021-12-20 16:02:46.928root 11241100x8000000000000000782369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2920068bd9efcd2021-12-20 16:02:46.928root 11241100x8000000000000000782370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdcbbdab87232ec2021-12-20 16:02:46.928root 11241100x8000000000000000782371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12aca37ade9a134f2021-12-20 16:02:46.928root 11241100x8000000000000000782372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378221e72fcd32a02021-12-20 16:02:46.929root 11241100x8000000000000000782373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff54fa1ca1fdc6f62021-12-20 16:02:46.929root 11241100x8000000000000000782374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2484f5ef32399652021-12-20 16:02:46.929root 11241100x8000000000000000782375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e89e0e7878b77b2021-12-20 16:02:46.929root 11241100x8000000000000000782376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd884d9651c12342021-12-20 16:02:46.929root 11241100x8000000000000000782377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8b7093d30ce6492021-12-20 16:02:46.929root 11241100x8000000000000000782378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3059d226281567452021-12-20 16:02:46.929root 11241100x8000000000000000782379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e414b13ce16d1ce2021-12-20 16:02:46.930root 11241100x8000000000000000782380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7e025f4dfac0ba2021-12-20 16:02:46.930root 11241100x8000000000000000782381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3987651616d2a0272021-12-20 16:02:46.930root 11241100x8000000000000000782382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93fc40631d3d8632021-12-20 16:02:46.930root 11241100x8000000000000000782383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1279a9d8376ec1122021-12-20 16:02:46.931root 11241100x8000000000000000782384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585dff1125fe27c72021-12-20 16:02:46.931root 11241100x8000000000000000782385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0158f0cff634ca42021-12-20 16:02:46.931root 11241100x8000000000000000782386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef7d9113ea551db2021-12-20 16:02:46.931root 11241100x8000000000000000782387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585ddef1a537d5772021-12-20 16:02:46.931root 11241100x8000000000000000782388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78d7375f1fb17352021-12-20 16:02:46.931root 11241100x8000000000000000782389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b42d8c68518d222021-12-20 16:02:46.933root 11241100x8000000000000000782390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fdd90b024a5b692021-12-20 16:02:46.933root 11241100x8000000000000000782391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bf682b9e9ca2822021-12-20 16:02:46.933root 11241100x8000000000000000782392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a39071968f76b42021-12-20 16:02:46.933root 11241100x8000000000000000782393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c9d4a877cd98f62021-12-20 16:02:46.933root 11241100x8000000000000000782394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8322920c2aede1be2021-12-20 16:02:46.933root 11241100x8000000000000000782395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be50003ef559c4582021-12-20 16:02:46.933root 11241100x8000000000000000782396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6d4172097e2a802021-12-20 16:02:46.933root 11241100x8000000000000000782397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5edfb66d9cc1ea32021-12-20 16:02:46.933root 11241100x8000000000000000782398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5948b6f4aff5b42021-12-20 16:02:46.933root 11241100x8000000000000000782399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2752155775d41942021-12-20 16:02:46.933root 11241100x8000000000000000782400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727c0b9028f062482021-12-20 16:02:46.934root 11241100x8000000000000000782401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cd1f1065df86832021-12-20 16:02:46.934root 11241100x8000000000000000782402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f053e2a8cdb9f1772021-12-20 16:02:46.934root 11241100x8000000000000000782403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fefac3c10c76712021-12-20 16:02:46.934root 11241100x8000000000000000782404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3266d0cbc6abb0912021-12-20 16:02:46.934root 11241100x8000000000000000782405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bd9eba437521452021-12-20 16:02:46.934root 11241100x8000000000000000782406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b633dd55b92188a2021-12-20 16:02:46.935root 11241100x8000000000000000782407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35755774f63157a2021-12-20 16:02:46.935root 11241100x8000000000000000782408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9912e1e7708efa722021-12-20 16:02:46.935root 11241100x8000000000000000782409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f45a0d8ceace87f2021-12-20 16:02:46.935root 11241100x8000000000000000782410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da50f413671e985f2021-12-20 16:02:46.935root 11241100x8000000000000000782411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f75c884e575b122021-12-20 16:02:46.935root 11241100x8000000000000000782412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5cd20b35161e792021-12-20 16:02:46.935root 11241100x8000000000000000782413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d3f879c0c169752021-12-20 16:02:46.935root 11241100x8000000000000000782414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38832db7cb9b5bbd2021-12-20 16:02:46.935root 11241100x8000000000000000782415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:46.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcca9ef5b95f7bc2021-12-20 16:02:46.937root 11241100x8000000000000000782416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f285bb29fc6ed2b2021-12-20 16:02:47.425root 11241100x8000000000000000782417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a42d5db9ee08472021-12-20 16:02:47.425root 11241100x8000000000000000782418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d129d86e74a12f2021-12-20 16:02:47.426root 11241100x8000000000000000782419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c94b7e659f0acb72021-12-20 16:02:47.426root 11241100x8000000000000000782420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4934d8df79e2a12021-12-20 16:02:47.426root 11241100x8000000000000000782421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83df6d288d8e93632021-12-20 16:02:47.426root 11241100x8000000000000000782422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33026424342da132021-12-20 16:02:47.426root 11241100x8000000000000000782423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cdbb7b1d58e1f52021-12-20 16:02:47.426root 11241100x8000000000000000782424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da33f01d05d5ac52021-12-20 16:02:47.427root 11241100x8000000000000000782425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed33805bbf329492021-12-20 16:02:47.427root 11241100x8000000000000000782426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ed881a39989ab12021-12-20 16:02:47.427root 11241100x8000000000000000782427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa39b4c787c55272021-12-20 16:02:47.427root 11241100x8000000000000000782428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f11bbb16acbffa2021-12-20 16:02:47.427root 11241100x8000000000000000782429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837ad2292b6f18a52021-12-20 16:02:47.427root 11241100x8000000000000000782430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5cb65c04bf5ffe2021-12-20 16:02:47.427root 11241100x8000000000000000782431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c32fbaee1ea31aa2021-12-20 16:02:47.428root 11241100x8000000000000000782432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb4ed552106d6532021-12-20 16:02:47.428root 11241100x8000000000000000782433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e1f36b5672e3722021-12-20 16:02:47.428root 11241100x8000000000000000782434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d4c8e3db3b143f2021-12-20 16:02:47.428root 11241100x8000000000000000782435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3389849bd7c36f2021-12-20 16:02:47.428root 11241100x8000000000000000782436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6054655b216e77942021-12-20 16:02:47.428root 11241100x8000000000000000782437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fa626eb9843b492021-12-20 16:02:47.428root 11241100x8000000000000000782438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acc7a4d81bf9f882021-12-20 16:02:47.428root 11241100x8000000000000000782439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f80dc9c71099962021-12-20 16:02:47.429root 11241100x8000000000000000782440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c86064e3bbcb072021-12-20 16:02:47.429root 11241100x8000000000000000782441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dccc786362a501d2021-12-20 16:02:47.429root 11241100x8000000000000000782442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45e09f7a69a74e32021-12-20 16:02:47.429root 11241100x8000000000000000782443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa8b3b81257d96f2021-12-20 16:02:47.429root 11241100x8000000000000000782444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03e006f62e2c27f2021-12-20 16:02:47.429root 11241100x8000000000000000782445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecca8b32c60cd9282021-12-20 16:02:47.429root 11241100x8000000000000000782446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e6961c13ed477f2021-12-20 16:02:47.429root 11241100x8000000000000000782447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb7f149473015c52021-12-20 16:02:47.429root 11241100x8000000000000000782448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d356355c98963a102021-12-20 16:02:47.429root 11241100x8000000000000000782449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53192015e8b1c342021-12-20 16:02:47.429root 11241100x8000000000000000782450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8f702c2db5d3ae2021-12-20 16:02:47.429root 11241100x8000000000000000782451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a2e786078fa9c32021-12-20 16:02:47.430root 11241100x8000000000000000782452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3767fdbcd9453312021-12-20 16:02:47.430root 11241100x8000000000000000782453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbc77ff33c893af2021-12-20 16:02:47.430root 11241100x8000000000000000782454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11d23122dac8f312021-12-20 16:02:47.430root 11241100x8000000000000000782455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc7fda711affa1c2021-12-20 16:02:47.430root 11241100x8000000000000000782456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731449a5b27da2802021-12-20 16:02:47.430root 11241100x8000000000000000782457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b79da4e11efa462021-12-20 16:02:47.430root 11241100x8000000000000000782458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc10b155fe010a72021-12-20 16:02:47.924root 11241100x8000000000000000782459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2a8ca1ecc7f2e12021-12-20 16:02:47.924root 11241100x8000000000000000782460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c80488f5de71672021-12-20 16:02:47.925root 11241100x8000000000000000782461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6920f7e7f99fa76d2021-12-20 16:02:47.925root 11241100x8000000000000000782462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9c030b0288686c2021-12-20 16:02:47.925root 11241100x8000000000000000782463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb79671b9e759f92021-12-20 16:02:47.925root 11241100x8000000000000000782464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b06f4d447e7e0a42021-12-20 16:02:47.925root 11241100x8000000000000000782465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b334fc32693cf3172021-12-20 16:02:47.926root 11241100x8000000000000000782466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f99ba7e010310552021-12-20 16:02:47.926root 11241100x8000000000000000782467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef9b0e7a2f5197f2021-12-20 16:02:47.926root 11241100x8000000000000000782468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a1f479f0fa31672021-12-20 16:02:47.926root 11241100x8000000000000000782469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964b17a89d61cbf52021-12-20 16:02:47.927root 11241100x8000000000000000782470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b54fbe1a446880e2021-12-20 16:02:47.927root 11241100x8000000000000000782471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a12ca8c42484c72021-12-20 16:02:47.927root 11241100x8000000000000000782472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156a454bbc4552902021-12-20 16:02:47.927root 11241100x8000000000000000782473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579188c6ea6cdb872021-12-20 16:02:47.927root 11241100x8000000000000000782474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67410b299d671ca62021-12-20 16:02:47.928root 11241100x8000000000000000782475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6236a1a39cdd172021-12-20 16:02:47.928root 11241100x8000000000000000782476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56e52bd1af2f8922021-12-20 16:02:47.928root 11241100x8000000000000000782477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599ce427ec824f652021-12-20 16:02:47.929root 11241100x8000000000000000782478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e472382770f7b482021-12-20 16:02:47.929root 11241100x8000000000000000782479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb504a47612890f82021-12-20 16:02:47.929root 11241100x8000000000000000782480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cc07fee334a1ce2021-12-20 16:02:47.929root 11241100x8000000000000000782481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80abb660ab4835822021-12-20 16:02:47.930root 11241100x8000000000000000782482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2bc663f273f9c32021-12-20 16:02:47.930root 11241100x8000000000000000782483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf7ff7b33f4d8c52021-12-20 16:02:47.930root 11241100x8000000000000000782484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c0be1ce0d5d0e72021-12-20 16:02:47.930root 11241100x8000000000000000782485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66b8d4553db9e092021-12-20 16:02:47.930root 11241100x8000000000000000782486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811aa7b939486c6a2021-12-20 16:02:47.931root 11241100x8000000000000000782487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051c8a7fec0f05cd2021-12-20 16:02:47.931root 11241100x8000000000000000782488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d7eb7976da39212021-12-20 16:02:47.931root 11241100x8000000000000000782489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c0417c11062cbc2021-12-20 16:02:47.931root 11241100x8000000000000000782490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b404119b262c76ea2021-12-20 16:02:47.931root 11241100x8000000000000000782491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09178cc7f19c3b842021-12-20 16:02:47.932root 11241100x8000000000000000782492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cdcda9290a84b72021-12-20 16:02:47.932root 11241100x8000000000000000782493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b28f82ba1a1d962021-12-20 16:02:47.932root 11241100x8000000000000000782494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091d671ed4906cc82021-12-20 16:02:47.933root 11241100x8000000000000000782495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92f18383d4cc59b2021-12-20 16:02:47.933root 11241100x8000000000000000782496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4012f2c546ca909f2021-12-20 16:02:47.933root 11241100x8000000000000000782497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f9fba111f14c962021-12-20 16:02:47.933root 11241100x8000000000000000782498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557f7ccd06edcf372021-12-20 16:02:47.934root 11241100x8000000000000000782499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071f29558d91eaf2021-12-20 16:02:47.934root 11241100x8000000000000000782500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172fa27801d434e22021-12-20 16:02:47.934root 11241100x8000000000000000782501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4e8d693d68c94c2021-12-20 16:02:47.934root 11241100x8000000000000000782502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1e1094d53ad3232021-12-20 16:02:47.934root 11241100x8000000000000000782503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c626d4b73fa4ee9a2021-12-20 16:02:47.935root 11241100x8000000000000000782504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea23cbd53538cf322021-12-20 16:02:47.935root 11241100x8000000000000000782505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:47.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7939626855c8422021-12-20 16:02:47.935root 11241100x8000000000000000782506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a0d4c928f2bc122021-12-20 16:02:48.424root 11241100x8000000000000000782507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e438ef55caa9190e2021-12-20 16:02:48.425root 11241100x8000000000000000782508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3592ef4e305c17982021-12-20 16:02:48.425root 11241100x8000000000000000782509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c35094b38766822021-12-20 16:02:48.425root 11241100x8000000000000000782510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f188f6e93287e822021-12-20 16:02:48.425root 11241100x8000000000000000782511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6297effaaf0522bc2021-12-20 16:02:48.425root 11241100x8000000000000000782512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b248b7d6a90f12021-12-20 16:02:48.426root 11241100x8000000000000000782513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d336df41abd9032021-12-20 16:02:48.426root 11241100x8000000000000000782514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274b797c0f0350832021-12-20 16:02:48.426root 11241100x8000000000000000782515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8cff611ac7cdc32021-12-20 16:02:48.426root 11241100x8000000000000000782516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d6cbea4e6ab7b42021-12-20 16:02:48.427root 11241100x8000000000000000782517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d323b96ba7f7502021-12-20 16:02:48.427root 11241100x8000000000000000782518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf78ea294aec1e42021-12-20 16:02:48.427root 11241100x8000000000000000782519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f079a2e091e78dd62021-12-20 16:02:48.427root 11241100x8000000000000000782520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5527bba282029b42021-12-20 16:02:48.427root 11241100x8000000000000000782521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f7b7a47a7a87ba2021-12-20 16:02:48.428root 11241100x8000000000000000782522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5bd753c23895832021-12-20 16:02:48.428root 11241100x8000000000000000782523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63c9dc0f86592302021-12-20 16:02:48.428root 11241100x8000000000000000782524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e878e7d9de02da2021-12-20 16:02:48.428root 11241100x8000000000000000782525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b66a504116aa712021-12-20 16:02:48.428root 11241100x8000000000000000782526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6406510f7ce095e2021-12-20 16:02:48.428root 11241100x8000000000000000782527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257c75079b56795c2021-12-20 16:02:48.428root 11241100x8000000000000000782528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa009c2372cd3c22021-12-20 16:02:48.428root 11241100x8000000000000000782529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce7128d04d9c2b72021-12-20 16:02:48.428root 11241100x8000000000000000782530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df24c4a388592be42021-12-20 16:02:48.428root 11241100x8000000000000000782531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3c056050e79bd22021-12-20 16:02:48.428root 11241100x8000000000000000782532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd39621671d68efb2021-12-20 16:02:48.428root 11241100x8000000000000000782533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71d6f4560e923e52021-12-20 16:02:48.429root 11241100x8000000000000000782534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dfbfee6c830c452021-12-20 16:02:48.429root 11241100x8000000000000000782535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cef959c3a6c3cf2021-12-20 16:02:48.429root 11241100x8000000000000000782536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c661fbcbd2f5592021-12-20 16:02:48.429root 11241100x8000000000000000782537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d196056beb9d63d62021-12-20 16:02:48.429root 11241100x8000000000000000782538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac7d7e6a7b165692021-12-20 16:02:48.429root 11241100x8000000000000000782539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37346a6edeac9e922021-12-20 16:02:48.429root 11241100x8000000000000000782540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3196c581963e48f82021-12-20 16:02:48.429root 11241100x8000000000000000782541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f52f5e285036b92021-12-20 16:02:48.429root 11241100x8000000000000000782542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c20c92dce8c3ea2021-12-20 16:02:48.429root 11241100x8000000000000000782543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db693798a105e032021-12-20 16:02:48.431root 11241100x8000000000000000782544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e339aa04ce98e4492021-12-20 16:02:48.432root 11241100x8000000000000000782545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e37518dc5fe06c2021-12-20 16:02:48.432root 11241100x8000000000000000782546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307508eadcd3009f2021-12-20 16:02:48.432root 11241100x8000000000000000782547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56ae5daf0c15fb72021-12-20 16:02:48.432root 11241100x8000000000000000782548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42d52a7abe5f3312021-12-20 16:02:48.432root 11241100x8000000000000000782549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99352aae30332d92021-12-20 16:02:48.432root 11241100x8000000000000000782550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a175e0e55514922021-12-20 16:02:48.432root 11241100x8000000000000000782551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffe6c1bb54657662021-12-20 16:02:48.432root 11241100x8000000000000000782552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a082c5312cb11f012021-12-20 16:02:48.432root 11241100x8000000000000000782553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e887f0fd15a4ee722021-12-20 16:02:48.924root 11241100x8000000000000000782554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde86ec12192352e2021-12-20 16:02:48.924root 11241100x8000000000000000782555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d0fcb3d1e639392021-12-20 16:02:48.925root 11241100x8000000000000000782556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5e88435a21fd8b2021-12-20 16:02:48.925root 11241100x8000000000000000782557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ff7a7ca7a81e8b2021-12-20 16:02:48.925root 11241100x8000000000000000782558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532b920dc91ae8342021-12-20 16:02:48.925root 11241100x8000000000000000782559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9875c9f85f3636862021-12-20 16:02:48.925root 11241100x8000000000000000782560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faba085618535742021-12-20 16:02:48.926root 11241100x8000000000000000782561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c1271442d38b312021-12-20 16:02:48.926root 11241100x8000000000000000782562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f7ffa993913eb22021-12-20 16:02:48.926root 11241100x8000000000000000782563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d99b3a32b1c3ae2021-12-20 16:02:48.926root 11241100x8000000000000000782564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfb930335691fea2021-12-20 16:02:48.926root 11241100x8000000000000000782565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3214602f13bfd9b62021-12-20 16:02:48.927root 11241100x8000000000000000782566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b23759d470e2962021-12-20 16:02:48.927root 11241100x8000000000000000782567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea3f9579d5bb7822021-12-20 16:02:48.927root 11241100x8000000000000000782568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb6c4290b67f5172021-12-20 16:02:48.927root 11241100x8000000000000000782569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ded23506420ca352021-12-20 16:02:48.927root 11241100x8000000000000000782570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea784fd23decdc52021-12-20 16:02:48.928root 11241100x8000000000000000782571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d611ecedca4b0c2021-12-20 16:02:48.928root 11241100x8000000000000000782572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e45f419635c8e62021-12-20 16:02:48.928root 11241100x8000000000000000782573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c8e702aff7a9be2021-12-20 16:02:48.928root 11241100x8000000000000000782574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878e97ec06e073af2021-12-20 16:02:48.929root 11241100x8000000000000000782575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7181a84c75cd1472021-12-20 16:02:48.929root 11241100x8000000000000000782576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2991ca9bf6c0cd622021-12-20 16:02:48.929root 11241100x8000000000000000782577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755bc688c2c6ae7c2021-12-20 16:02:48.929root 11241100x8000000000000000782578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3265bed7261a33802021-12-20 16:02:48.929root 11241100x8000000000000000782579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38433c88c332c37d2021-12-20 16:02:48.929root 11241100x8000000000000000782580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a034807ff3ba50af2021-12-20 16:02:48.929root 11241100x8000000000000000782581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3687c37cf5dec9a72021-12-20 16:02:48.930root 11241100x8000000000000000782582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665708b7c4c5267b2021-12-20 16:02:48.930root 11241100x8000000000000000782583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddbb09e45b0d2642021-12-20 16:02:48.930root 11241100x8000000000000000782584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af17bea5ec67df72021-12-20 16:02:48.930root 11241100x8000000000000000782585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0913b5247ad9fb602021-12-20 16:02:48.930root 11241100x8000000000000000782586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca35ebc08e572d62021-12-20 16:02:48.930root 11241100x8000000000000000782587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b83f1c27315e0982021-12-20 16:02:48.930root 11241100x8000000000000000782588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586e23b4209f8f582021-12-20 16:02:48.930root 11241100x8000000000000000782589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd86755272f6809b2021-12-20 16:02:48.930root 11241100x8000000000000000782590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73e2f1d8c2854332021-12-20 16:02:48.931root 11241100x8000000000000000782591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c5fdcde5fbb23b2021-12-20 16:02:48.931root 11241100x8000000000000000782592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53e641bed24530e2021-12-20 16:02:48.931root 11241100x8000000000000000782593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd9e774859aaa642021-12-20 16:02:48.931root 11241100x8000000000000000782594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7f95e9e74337e32021-12-20 16:02:48.931root 11241100x8000000000000000782595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc42c78a9b4db5b2021-12-20 16:02:48.931root 11241100x8000000000000000782596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30a54176080e35b2021-12-20 16:02:48.931root 11241100x8000000000000000782597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16da200ec78402fa2021-12-20 16:02:48.931root 11241100x8000000000000000782598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dadd2fa8e62c6192021-12-20 16:02:48.931root 11241100x8000000000000000782599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a36869685f913982021-12-20 16:02:48.932root 11241100x8000000000000000782600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e533fb8b27fa62021-12-20 16:02:48.932root 11241100x8000000000000000782601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:48.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4520fa2fdb76ad572021-12-20 16:02:48.932root 11241100x8000000000000000782602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c3527cdaa673052021-12-20 16:02:49.424root 11241100x8000000000000000782603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338a253ae09203d62021-12-20 16:02:49.424root 11241100x8000000000000000782604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfb2d8ce751950e2021-12-20 16:02:49.424root 11241100x8000000000000000782605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d608e31fce40a60d2021-12-20 16:02:49.425root 11241100x8000000000000000782606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098fac5bf0bdeafa2021-12-20 16:02:49.425root 11241100x8000000000000000782607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0324415bf5c5ef4e2021-12-20 16:02:49.425root 11241100x8000000000000000782608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08204721fb35d4522021-12-20 16:02:49.425root 11241100x8000000000000000782609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffcd2dfc3e3223f2021-12-20 16:02:49.426root 11241100x8000000000000000782610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee06e0d0ad0055a2021-12-20 16:02:49.426root 11241100x8000000000000000782611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a7ad31de5158af2021-12-20 16:02:49.426root 11241100x8000000000000000782612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afa0c8c87404b1e2021-12-20 16:02:49.426root 11241100x8000000000000000782613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcb315c754bc2992021-12-20 16:02:49.427root 11241100x8000000000000000782614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945ceeeb8dc540752021-12-20 16:02:49.427root 11241100x8000000000000000782615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e9dd6210696c582021-12-20 16:02:49.427root 11241100x8000000000000000782616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73530d8b4c7fdd2f2021-12-20 16:02:49.427root 11241100x8000000000000000782617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9f8a8764f9e95a2021-12-20 16:02:49.428root 11241100x8000000000000000782618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c75840402dbcf922021-12-20 16:02:49.428root 11241100x8000000000000000782619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2358734887b867502021-12-20 16:02:49.428root 11241100x8000000000000000782620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44b410bdec6b1e12021-12-20 16:02:49.428root 11241100x8000000000000000782621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafa1ec1e6305e0a2021-12-20 16:02:49.428root 11241100x8000000000000000782622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beffa542aa7f97612021-12-20 16:02:49.429root 11241100x8000000000000000782623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31fa7e9cafb3cf52021-12-20 16:02:49.429root 11241100x8000000000000000782624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf3216751c5f1af2021-12-20 16:02:49.429root 11241100x8000000000000000782625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe625a5346d1d44b2021-12-20 16:02:49.429root 11241100x8000000000000000782626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986c910cf13f11372021-12-20 16:02:49.429root 11241100x8000000000000000782627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ec0d9e0fa4239b2021-12-20 16:02:49.429root 11241100x8000000000000000782628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa79707a7a3c88752021-12-20 16:02:49.430root 11241100x8000000000000000782629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166ccb0b30f0d9ac2021-12-20 16:02:49.430root 11241100x8000000000000000782630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecf3e39a9eb1d1a2021-12-20 16:02:49.430root 11241100x8000000000000000782631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ef28cc318341102021-12-20 16:02:49.430root 11241100x8000000000000000782632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1087980a7655912021-12-20 16:02:49.431root 11241100x8000000000000000782633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3932dec28911ec042021-12-20 16:02:49.431root 11241100x8000000000000000782634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3983fec1914d27e22021-12-20 16:02:49.431root 11241100x8000000000000000782635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95580af5d2a36c7f2021-12-20 16:02:49.431root 11241100x8000000000000000782636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fcbb3fc261ad3f2021-12-20 16:02:49.431root 11241100x8000000000000000782637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4182b3e768fba22021-12-20 16:02:49.431root 11241100x8000000000000000782638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d05286eb39807e2021-12-20 16:02:49.432root 11241100x8000000000000000782639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b144a2264cd1662021-12-20 16:02:49.432root 11241100x8000000000000000782640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353d24f960cb65b02021-12-20 16:02:49.432root 11241100x8000000000000000782641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d946a9249105322021-12-20 16:02:49.432root 11241100x8000000000000000782642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5140a9e4bf33c93f2021-12-20 16:02:49.432root 11241100x8000000000000000782643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f203cafaf61bb98b2021-12-20 16:02:49.432root 11241100x8000000000000000782644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5200ec44131fff92021-12-20 16:02:49.433root 11241100x8000000000000000782645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66e020b5463637e2021-12-20 16:02:49.433root 11241100x8000000000000000782646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c494cb2b385fe1fe2021-12-20 16:02:49.433root 11241100x8000000000000000782647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46b7bc0e660f6f42021-12-20 16:02:49.433root 11241100x8000000000000000782648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75f6a21596843f62021-12-20 16:02:49.433root 11241100x8000000000000000782649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d684d11a1b0667b2021-12-20 16:02:49.433root 11241100x8000000000000000782650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c4695d2c99a50e2021-12-20 16:02:49.434root 11241100x8000000000000000782651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd2bfec4cda966d2021-12-20 16:02:49.924root 11241100x8000000000000000782652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ccbd21cd4e5aa22021-12-20 16:02:49.924root 11241100x8000000000000000782653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8654fcf7122724f32021-12-20 16:02:49.924root 11241100x8000000000000000782654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be18d78674aa695f2021-12-20 16:02:49.925root 11241100x8000000000000000782655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ae9d7d4c81d8f12021-12-20 16:02:49.925root 11241100x8000000000000000782656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448ec70feaf1a0832021-12-20 16:02:49.925root 11241100x8000000000000000782657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdda8f3b20e8d022021-12-20 16:02:49.925root 11241100x8000000000000000782658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da7567ed0673a012021-12-20 16:02:49.925root 11241100x8000000000000000782659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b6f44fb14f535c2021-12-20 16:02:49.925root 11241100x8000000000000000782660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3123b5d8ff2698462021-12-20 16:02:49.925root 11241100x8000000000000000782661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbb1c18a36f14c62021-12-20 16:02:49.926root 11241100x8000000000000000782662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8216a5d99646858a2021-12-20 16:02:49.926root 11241100x8000000000000000782663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f02b34c3ed6b6382021-12-20 16:02:49.926root 11241100x8000000000000000782664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81b80580f7d5d952021-12-20 16:02:49.926root 11241100x8000000000000000782665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0328c916c5d45acd2021-12-20 16:02:49.926root 11241100x8000000000000000782666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613a86c2f426df412021-12-20 16:02:49.926root 11241100x8000000000000000782667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e0ba0e9f9d64512021-12-20 16:02:49.927root 11241100x8000000000000000782668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea112d4528ef8842021-12-20 16:02:49.927root 11241100x8000000000000000782669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311d9649557194fa2021-12-20 16:02:49.927root 11241100x8000000000000000782670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4155efb9de1e16c2021-12-20 16:02:49.927root 11241100x8000000000000000782671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ecb9176aa032a62021-12-20 16:02:49.927root 11241100x8000000000000000782672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9adcd1059105632021-12-20 16:02:49.927root 11241100x8000000000000000782673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6804c18d6a70a52021-12-20 16:02:49.927root 11241100x8000000000000000782674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4d637939f28f492021-12-20 16:02:49.927root 11241100x8000000000000000782675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146e93d603b5bfea2021-12-20 16:02:49.927root 11241100x8000000000000000782676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc2b999c395b75a2021-12-20 16:02:49.928root 11241100x8000000000000000782677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0c5230bb31643a2021-12-20 16:02:49.928root 11241100x8000000000000000782678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622322af2b65feca2021-12-20 16:02:49.928root 11241100x8000000000000000782679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debcdd13b81d69712021-12-20 16:02:49.928root 11241100x8000000000000000782680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f427b07b750a3d22021-12-20 16:02:49.928root 11241100x8000000000000000782681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe6bf3a0a9c3e9d2021-12-20 16:02:49.928root 11241100x8000000000000000782682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e43e7daf54c0ea2021-12-20 16:02:49.928root 11241100x8000000000000000782683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c88924a0fe4488f2021-12-20 16:02:49.928root 11241100x8000000000000000782684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10bf312c20d99c82021-12-20 16:02:49.929root 11241100x8000000000000000782685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff4e4b7ed55eeb72021-12-20 16:02:49.929root 11241100x8000000000000000782686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c4b397a2094f812021-12-20 16:02:49.929root 11241100x8000000000000000782687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f18dc660fe4ed132021-12-20 16:02:49.929root 11241100x8000000000000000782688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59195d59ce859e882021-12-20 16:02:49.930root 11241100x8000000000000000782689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d88f040c9bfab8b2021-12-20 16:02:49.930root 11241100x8000000000000000782690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4e808cc14368802021-12-20 16:02:49.930root 11241100x8000000000000000782691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5058ba030b316bdf2021-12-20 16:02:49.930root 11241100x8000000000000000782692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c50e202cf37c1b72021-12-20 16:02:49.931root 11241100x8000000000000000782693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd6f96cd6e2e2ea2021-12-20 16:02:49.931root 11241100x8000000000000000782694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f767d4d9246845552021-12-20 16:02:49.931root 11241100x8000000000000000782695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b7a24b452a82b32021-12-20 16:02:49.931root 11241100x8000000000000000782696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc362f2061d770b62021-12-20 16:02:49.931root 11241100x8000000000000000782697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f3e2823c782dc32021-12-20 16:02:49.931root 11241100x8000000000000000782698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7619cb54c2a4b162021-12-20 16:02:49.931root 11241100x8000000000000000782699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366c30af14862ad62021-12-20 16:02:49.931root 11241100x8000000000000000782700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c8b2163c20a5b82021-12-20 16:02:49.931root 11241100x8000000000000000782701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cdae8d13cac64d2021-12-20 16:02:49.932root 11241100x8000000000000000782702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb179fcbff79b442021-12-20 16:02:49.932root 11241100x8000000000000000782703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2551f7c8c3f7d6962021-12-20 16:02:49.932root 11241100x8000000000000000782704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:49.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4f166509a6d66e2021-12-20 16:02:49.932root 11241100x8000000000000000782705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d14f05984c04472021-12-20 16:02:50.424root 11241100x8000000000000000782706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a2eae38808a6362021-12-20 16:02:50.424root 11241100x8000000000000000782707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5535b907b65e20d42021-12-20 16:02:50.424root 11241100x8000000000000000782708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1192fb452f2930d2021-12-20 16:02:50.424root 11241100x8000000000000000782709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5cc5904c7109d62021-12-20 16:02:50.425root 11241100x8000000000000000782710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138792e6644211802021-12-20 16:02:50.425root 11241100x8000000000000000782711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cf7d900d2048272021-12-20 16:02:50.425root 11241100x8000000000000000782712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c982f297c36ac8222021-12-20 16:02:50.425root 11241100x8000000000000000782713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665abc6a3f4b90d62021-12-20 16:02:50.426root 11241100x8000000000000000782714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e45d0f14120b30c2021-12-20 16:02:50.426root 11241100x8000000000000000782715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d690531926e241f32021-12-20 16:02:50.426root 11241100x8000000000000000782716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c1bf8ef1e0fd062021-12-20 16:02:50.426root 11241100x8000000000000000782717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbecd6d8714c7eb2021-12-20 16:02:50.426root 11241100x8000000000000000782718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9320720118fdab462021-12-20 16:02:50.426root 11241100x8000000000000000782719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffc8007f6917a3a2021-12-20 16:02:50.427root 11241100x8000000000000000782720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c4750d0e3d846e2021-12-20 16:02:50.427root 11241100x8000000000000000782721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6983c4e4b2d6c8d2021-12-20 16:02:50.427root 11241100x8000000000000000782722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22363903af4aef112021-12-20 16:02:50.427root 11241100x8000000000000000782723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43992ca4dcf940052021-12-20 16:02:50.427root 11241100x8000000000000000782724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285ee1ced10d3f052021-12-20 16:02:50.428root 11241100x8000000000000000782725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a61b89dedca8b22021-12-20 16:02:50.428root 11241100x8000000000000000782726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797a5dc72af0b2372021-12-20 16:02:50.428root 11241100x8000000000000000782727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4057d61bf63a3862021-12-20 16:02:50.428root 11241100x8000000000000000782728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b61aad84a73f002021-12-20 16:02:50.428root 11241100x8000000000000000782729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3593319fc695ab9a2021-12-20 16:02:50.429root 11241100x8000000000000000782730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd2fc81c8cd52332021-12-20 16:02:50.429root 11241100x8000000000000000782731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b842b1e09c48f6562021-12-20 16:02:50.429root 11241100x8000000000000000782732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edb2821607373252021-12-20 16:02:50.429root 11241100x8000000000000000782733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc1a4414562435a2021-12-20 16:02:50.429root 11241100x8000000000000000782734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b27580524ad5b62021-12-20 16:02:50.429root 11241100x8000000000000000782735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac273bccb865d5d2021-12-20 16:02:50.429root 11241100x8000000000000000782736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349558305fd9757b2021-12-20 16:02:50.430root 11241100x8000000000000000782737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226047314959b7722021-12-20 16:02:50.430root 11241100x8000000000000000782738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d423a81e9c6af3542021-12-20 16:02:50.431root 11241100x8000000000000000782739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f925c9284e1dc6f2021-12-20 16:02:50.431root 11241100x8000000000000000782740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f736d4906190992021-12-20 16:02:50.431root 11241100x8000000000000000782741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25bbd342eb2a36a2021-12-20 16:02:50.431root 11241100x8000000000000000782742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea320244c6b5ad32021-12-20 16:02:50.431root 11241100x8000000000000000782743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1219209b5a966b92021-12-20 16:02:50.431root 11241100x8000000000000000782744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af03f74fffceada02021-12-20 16:02:50.431root 11241100x8000000000000000782745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8cc14adaa593242021-12-20 16:02:50.431root 11241100x8000000000000000782746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8a2cdfb409f6722021-12-20 16:02:50.432root 11241100x8000000000000000782747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8f9834be76c9ec2021-12-20 16:02:50.432root 11241100x8000000000000000782748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bec264cf02bca292021-12-20 16:02:50.432root 11241100x8000000000000000782749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fac5e29a965b5c2021-12-20 16:02:50.432root 11241100x8000000000000000782750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4472b9cd510759d82021-12-20 16:02:50.432root 11241100x8000000000000000782751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da4fef191409a7d2021-12-20 16:02:50.432root 11241100x8000000000000000782752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0993cc67090b5b62021-12-20 16:02:50.432root 11241100x8000000000000000782753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92cb0febb7978242021-12-20 16:02:50.433root 11241100x8000000000000000782754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed4a5513b5e5fb72021-12-20 16:02:50.433root 11241100x8000000000000000782755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacf0b2dea76d0b72021-12-20 16:02:50.433root 11241100x8000000000000000782756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba402e248974a1f2021-12-20 16:02:50.433root 11241100x8000000000000000782757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149de3cf882472642021-12-20 16:02:50.433root 11241100x8000000000000000782758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f635c00d5f6ef72021-12-20 16:02:50.433root 11241100x8000000000000000782759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5418bb870306475a2021-12-20 16:02:50.433root 11241100x8000000000000000782760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0f769dc5e623572021-12-20 16:02:50.433root 11241100x8000000000000000782761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42ee69bf47747b12021-12-20 16:02:50.434root 11241100x8000000000000000782762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7340bf3931fb9da32021-12-20 16:02:50.434root 11241100x8000000000000000782763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708988c6379847052021-12-20 16:02:50.434root 11241100x8000000000000000782764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce05e78ea3484622021-12-20 16:02:50.434root 11241100x8000000000000000782765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6722fc2c9fc4017e2021-12-20 16:02:50.434root 11241100x8000000000000000782766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8876efd033ebc52021-12-20 16:02:50.924root 11241100x8000000000000000782767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7010228446cd382021-12-20 16:02:50.924root 11241100x8000000000000000782768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26600e7af57724672021-12-20 16:02:50.924root 11241100x8000000000000000782769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8974da0a9aa5a32d2021-12-20 16:02:50.924root 11241100x8000000000000000782770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4772da9ae92411b2021-12-20 16:02:50.925root 11241100x8000000000000000782771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2745bd58c50ef22021-12-20 16:02:50.925root 11241100x8000000000000000782772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd9e6e58729dc8c2021-12-20 16:02:50.925root 11241100x8000000000000000782773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7f5662121746f72021-12-20 16:02:50.925root 11241100x8000000000000000782774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00b88f682c020012021-12-20 16:02:50.925root 11241100x8000000000000000782775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93449b0250acbf1f2021-12-20 16:02:50.925root 11241100x8000000000000000782776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c80359171c55882021-12-20 16:02:50.925root 11241100x8000000000000000782777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1537214c5f4fa852021-12-20 16:02:50.925root 11241100x8000000000000000782778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8dfe63853420092021-12-20 16:02:50.925root 11241100x8000000000000000782779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c17585ff4139162021-12-20 16:02:50.925root 11241100x8000000000000000782780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd611288cfa8790f2021-12-20 16:02:50.925root 11241100x8000000000000000782781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ae6c972e2007412021-12-20 16:02:50.925root 11241100x8000000000000000782782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd36de9508084f9c2021-12-20 16:02:50.926root 11241100x8000000000000000782783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7212e1402567b232021-12-20 16:02:50.926root 11241100x8000000000000000782784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb5bf0c3ad41e9b2021-12-20 16:02:50.926root 11241100x8000000000000000782785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8c53d8d810395e2021-12-20 16:02:50.926root 11241100x8000000000000000782786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366ac248e49ef07f2021-12-20 16:02:50.926root 11241100x8000000000000000782787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82dd3525a97b38b2021-12-20 16:02:50.926root 11241100x8000000000000000782788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f77498306149ce2021-12-20 16:02:50.926root 11241100x8000000000000000782789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10da3a8f580f1ce2021-12-20 16:02:50.926root 11241100x8000000000000000782790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e50446a19c672a2021-12-20 16:02:50.926root 11241100x8000000000000000782791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2222b32fbe9a2df82021-12-20 16:02:50.926root 11241100x8000000000000000782792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b612bfca847ae02021-12-20 16:02:50.926root 11241100x8000000000000000782793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa63ba67397d8692021-12-20 16:02:50.926root 11241100x8000000000000000782794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d470514f862922e2021-12-20 16:02:50.927root 11241100x8000000000000000782795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7914161137cff2292021-12-20 16:02:50.927root 11241100x8000000000000000782796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4c784399f9bbb92021-12-20 16:02:50.927root 11241100x8000000000000000782797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dbf90c5840b96d2021-12-20 16:02:50.927root 11241100x8000000000000000782798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d11fda60d3a8042021-12-20 16:02:50.927root 11241100x8000000000000000782799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffebfb40aa9ec38d2021-12-20 16:02:50.927root 11241100x8000000000000000782800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427c4325bda0b8262021-12-20 16:02:50.927root 11241100x8000000000000000782801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffe096c34c8ce6d2021-12-20 16:02:50.927root 11241100x8000000000000000782802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef7cddf888c1e122021-12-20 16:02:50.927root 11241100x8000000000000000782803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e781d6d114070a812021-12-20 16:02:50.927root 11241100x8000000000000000782804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf107920641b7f442021-12-20 16:02:50.927root 11241100x8000000000000000782805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbe79a3d09015e52021-12-20 16:02:50.928root 11241100x8000000000000000782806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b36997e295628c02021-12-20 16:02:50.928root 11241100x8000000000000000782807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975a8807233309a82021-12-20 16:02:50.928root 11241100x8000000000000000782808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39097ef6df12c2ff2021-12-20 16:02:50.928root 11241100x8000000000000000782809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d0fd5ac787d0bd2021-12-20 16:02:50.928root 11241100x8000000000000000782810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f70d9b2d20bec892021-12-20 16:02:50.928root 11241100x8000000000000000782811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3809498f07b28a122021-12-20 16:02:50.928root 11241100x8000000000000000782812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4542fb53ba9f8012021-12-20 16:02:50.928root 11241100x8000000000000000782813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5966e3fe770128ad2021-12-20 16:02:50.928root 11241100x8000000000000000782814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fd6d3def1d19ac2021-12-20 16:02:50.928root 11241100x8000000000000000782815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d67f599227104582021-12-20 16:02:50.928root 11241100x8000000000000000782816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e521f21cfad6652021-12-20 16:02:50.929root 11241100x8000000000000000782817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0ef8b9c5e26fc12021-12-20 16:02:50.929root 11241100x8000000000000000782818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e2a1a127ba42e82021-12-20 16:02:50.929root 11241100x8000000000000000782819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1039db6c042a3a722021-12-20 16:02:50.929root 11241100x8000000000000000782820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65d283ea15854102021-12-20 16:02:50.929root 11241100x8000000000000000782821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e198ba2eb18dcd2021-12-20 16:02:50.929root 11241100x8000000000000000782822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c396940580732e2021-12-20 16:02:50.929root 11241100x8000000000000000782823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9710f8d03d59722021-12-20 16:02:50.929root 11241100x8000000000000000782824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb422f98ae486b302021-12-20 16:02:50.929root 11241100x8000000000000000782825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef19ddfe24e293f82021-12-20 16:02:50.929root 11241100x8000000000000000782826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841652f994b20bec2021-12-20 16:02:50.929root 11241100x8000000000000000782827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ac54400d35c54e2021-12-20 16:02:50.930root 11241100x8000000000000000782828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6158c68d7e2e397c2021-12-20 16:02:50.930root 11241100x8000000000000000782829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64c605afcded3672021-12-20 16:02:50.930root 11241100x8000000000000000782830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99af20cae62f08b2021-12-20 16:02:50.930root 11241100x8000000000000000782831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92cae813c3da5c52021-12-20 16:02:50.930root 11241100x8000000000000000782832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9c64c0425ead822021-12-20 16:02:50.931root 11241100x8000000000000000782833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2211ceacc3b3021b2021-12-20 16:02:50.931root 11241100x8000000000000000782834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8000a01e98ab6f62021-12-20 16:02:50.931root 11241100x8000000000000000782835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ae88bf89187fbb2021-12-20 16:02:50.931root 11241100x8000000000000000782836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36192154c36ccc52021-12-20 16:02:50.931root 11241100x8000000000000000782837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1e6b2837a97d9e2021-12-20 16:02:50.931root 11241100x8000000000000000782838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c4082339e95b552021-12-20 16:02:50.932root 11241100x8000000000000000782839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f23bd9e44bf5ea2021-12-20 16:02:50.932root 11241100x8000000000000000782840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7110c2b0e0a93c02021-12-20 16:02:50.932root 11241100x8000000000000000782841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a81d60d832686c42021-12-20 16:02:50.932root 11241100x8000000000000000782842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4357df36feddaf9f2021-12-20 16:02:50.932root 11241100x8000000000000000782843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c551140d41aaad822021-12-20 16:02:50.932root 11241100x8000000000000000782844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb7213f227d6c982021-12-20 16:02:50.933root 11241100x8000000000000000782845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a9f6c377f94e7a2021-12-20 16:02:50.933root 11241100x8000000000000000782846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171842aa2a6348272021-12-20 16:02:50.933root 11241100x8000000000000000782847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0f70ccdaadcf4e2021-12-20 16:02:50.933root 11241100x8000000000000000782848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751ab671e01305de2021-12-20 16:02:50.933root 11241100x8000000000000000782849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107895c113629e9f2021-12-20 16:02:50.933root 11241100x8000000000000000782850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:50.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38148ee6dee442a2021-12-20 16:02:50.933root 354300x8000000000000000782851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.051{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51556-false10.0.1.12-8000- 11241100x8000000000000000782852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e314ce26076f4b2021-12-20 16:02:51.424root 11241100x8000000000000000782853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34838a5779ca8972021-12-20 16:02:51.424root 11241100x8000000000000000782854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f8d29d1075ef932021-12-20 16:02:51.424root 11241100x8000000000000000782855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147c3d42b3c10e372021-12-20 16:02:51.424root 11241100x8000000000000000782856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fd021d6a2467982021-12-20 16:02:51.425root 11241100x8000000000000000782857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9e262d84af61692021-12-20 16:02:51.425root 11241100x8000000000000000782858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ae627f93e2647d2021-12-20 16:02:51.425root 11241100x8000000000000000782859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2d6e78cb1e90452021-12-20 16:02:51.425root 11241100x8000000000000000782860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e126056e12c7dc2021-12-20 16:02:51.425root 11241100x8000000000000000782861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc26d4bdade9aef2021-12-20 16:02:51.425root 11241100x8000000000000000782862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882f47857d2bf0752021-12-20 16:02:51.426root 11241100x8000000000000000782863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f33dd72fbf5e3952021-12-20 16:02:51.426root 11241100x8000000000000000782864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5f4e92118b36f32021-12-20 16:02:51.426root 11241100x8000000000000000782865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e3a0b4d62cb8402021-12-20 16:02:51.426root 11241100x8000000000000000782866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1038e8fa9f7eb2112021-12-20 16:02:51.426root 11241100x8000000000000000782867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f670e1126f108a252021-12-20 16:02:51.427root 11241100x8000000000000000782868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc0ab927553c3292021-12-20 16:02:51.427root 11241100x8000000000000000782869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ead147368646d72021-12-20 16:02:51.427root 11241100x8000000000000000782870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fc000e4584b88e2021-12-20 16:02:51.427root 11241100x8000000000000000782871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162b1640f740a9702021-12-20 16:02:51.427root 11241100x8000000000000000782872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c991c178f262f02021-12-20 16:02:51.427root 11241100x8000000000000000782873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867c4c53b041297e2021-12-20 16:02:51.428root 11241100x8000000000000000782874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d624696baeb45e2d2021-12-20 16:02:51.428root 11241100x8000000000000000782875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da228ceb046429f2021-12-20 16:02:51.428root 11241100x8000000000000000782876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e886bb0f37507692021-12-20 16:02:51.428root 11241100x8000000000000000782877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d1d51b52de87552021-12-20 16:02:51.428root 11241100x8000000000000000782878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2390af2cdae6fc92021-12-20 16:02:51.428root 11241100x8000000000000000782879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5957e5339166337a2021-12-20 16:02:51.429root 11241100x8000000000000000782880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8625a886243d2b2021-12-20 16:02:51.429root 11241100x8000000000000000782881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bfeb9a09dc99912021-12-20 16:02:51.429root 11241100x8000000000000000782882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fd5dcbd4b6687c2021-12-20 16:02:51.429root 11241100x8000000000000000782883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3f31c429481bbd2021-12-20 16:02:51.429root 11241100x8000000000000000782884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ee90d0b86ae2da2021-12-20 16:02:51.429root 11241100x8000000000000000782885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6080c8d2b1eb8d2021-12-20 16:02:51.430root 11241100x8000000000000000782886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef97925ec92a8602021-12-20 16:02:51.430root 11241100x8000000000000000782887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856009482132cab92021-12-20 16:02:51.430root 11241100x8000000000000000782888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3613350cfe958222021-12-20 16:02:51.430root 11241100x8000000000000000782889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ed80229a22e5f02021-12-20 16:02:51.430root 11241100x8000000000000000782890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a7f43273bd0d532021-12-20 16:02:51.430root 11241100x8000000000000000782891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e354e32ed97c46e2021-12-20 16:02:51.431root 11241100x8000000000000000782892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433a7aa1c45982f32021-12-20 16:02:51.431root 11241100x8000000000000000782893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c6edbb339dfba62021-12-20 16:02:51.431root 11241100x8000000000000000782894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc391de79ea075292021-12-20 16:02:51.431root 11241100x8000000000000000782895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e10d04df488c0e2021-12-20 16:02:51.431root 11241100x8000000000000000782896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba753ff31008c31b2021-12-20 16:02:51.431root 11241100x8000000000000000782897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c88d7c3dce709aa2021-12-20 16:02:51.431root 11241100x8000000000000000782898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8fe28ef46189812021-12-20 16:02:51.431root 11241100x8000000000000000782899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed8d5b97b34f91c2021-12-20 16:02:51.431root 11241100x8000000000000000782900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b59c7dacad6c4c2021-12-20 16:02:51.432root 11241100x8000000000000000782901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce621db262e7ebd2021-12-20 16:02:51.432root 11241100x8000000000000000782902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331d0cc2333a482e2021-12-20 16:02:51.432root 11241100x8000000000000000782903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8551b2d637469eee2021-12-20 16:02:51.432root 11241100x8000000000000000782904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea0eb615c714e672021-12-20 16:02:51.432root 11241100x8000000000000000782905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de58496efdfa3512021-12-20 16:02:51.432root 11241100x8000000000000000782906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f8c3b2640356752021-12-20 16:02:51.433root 11241100x8000000000000000782907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7eea096675cd9b22021-12-20 16:02:51.924root 11241100x8000000000000000782908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8169bb052d39dbd92021-12-20 16:02:51.924root 11241100x8000000000000000782909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8b59639360a8882021-12-20 16:02:51.924root 11241100x8000000000000000782910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1012969cc143b182021-12-20 16:02:51.924root 11241100x8000000000000000782911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf431e91ff7ff602021-12-20 16:02:51.925root 11241100x8000000000000000782912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98fb59361014bed2021-12-20 16:02:51.925root 11241100x8000000000000000782913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d03f478d6a26c662021-12-20 16:02:51.925root 11241100x8000000000000000782914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575e59ef3eb82ff02021-12-20 16:02:51.925root 11241100x8000000000000000782915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c80cdd989f88462021-12-20 16:02:51.925root 11241100x8000000000000000782916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a726f582137d1b932021-12-20 16:02:51.925root 11241100x8000000000000000782917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be50af4b06407ff2021-12-20 16:02:51.925root 11241100x8000000000000000782918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b0c74e295769432021-12-20 16:02:51.925root 11241100x8000000000000000782919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42544c5b09986d932021-12-20 16:02:51.925root 11241100x8000000000000000782920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e08cf59809688402021-12-20 16:02:51.925root 11241100x8000000000000000782921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfb66a91c3b85d52021-12-20 16:02:51.925root 11241100x8000000000000000782922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88226175d85eb1b62021-12-20 16:02:51.925root 11241100x8000000000000000782923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03117c7a7058aa02021-12-20 16:02:51.925root 11241100x8000000000000000782924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e43a4d7010080d2021-12-20 16:02:51.925root 11241100x8000000000000000782925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83580c7a7ee5b2e82021-12-20 16:02:51.925root 11241100x8000000000000000782926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119209cfb967fc7f2021-12-20 16:02:51.926root 11241100x8000000000000000782927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b560aece5239082021-12-20 16:02:51.926root 11241100x8000000000000000782928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29401e1f6be542ee2021-12-20 16:02:51.926root 11241100x8000000000000000782929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06254f304a086a892021-12-20 16:02:51.926root 11241100x8000000000000000782930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608ccc642b23f8892021-12-20 16:02:51.926root 11241100x8000000000000000782931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fca595f0576fa62021-12-20 16:02:51.926root 11241100x8000000000000000782932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1044bff186300e322021-12-20 16:02:51.926root 11241100x8000000000000000782933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa48459a12f21e42021-12-20 16:02:51.926root 11241100x8000000000000000782934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecaab04144087c92021-12-20 16:02:51.926root 11241100x8000000000000000782935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880f75448a2c8f172021-12-20 16:02:51.926root 11241100x8000000000000000782936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b858cb603f2fec2021-12-20 16:02:51.926root 11241100x8000000000000000782937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70ebc04bcbb52c62021-12-20 16:02:51.926root 11241100x8000000000000000782938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1609d6aa32f7951f2021-12-20 16:02:51.927root 11241100x8000000000000000782939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3204a17b9a2cab2021-12-20 16:02:51.927root 11241100x8000000000000000782940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db68e23c531fe04f2021-12-20 16:02:51.927root 11241100x8000000000000000782941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cb540dbb4698582021-12-20 16:02:51.927root 11241100x8000000000000000782942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1671093f9e997a2021-12-20 16:02:51.927root 11241100x8000000000000000782943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d1f94b305781802021-12-20 16:02:51.927root 11241100x8000000000000000782944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2856e7b74688fa2021-12-20 16:02:51.928root 11241100x8000000000000000782945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f148ec94a79499f92021-12-20 16:02:51.928root 11241100x8000000000000000782946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c69564f63e4f332021-12-20 16:02:51.928root 11241100x8000000000000000782947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647b1c43d9dc6cee2021-12-20 16:02:51.928root 11241100x8000000000000000782948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d62b52f3f873db32021-12-20 16:02:51.928root 11241100x8000000000000000782949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c44055fac1fd282021-12-20 16:02:51.928root 11241100x8000000000000000782950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66480437f4e690932021-12-20 16:02:51.928root 11241100x8000000000000000782951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe88e5e0e4a56e32021-12-20 16:02:51.928root 11241100x8000000000000000782952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013cd3cfe84124762021-12-20 16:02:51.928root 11241100x8000000000000000782953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d82e4ef2f64e9c32021-12-20 16:02:51.928root 11241100x8000000000000000782954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf1da1f0bc4e09a2021-12-20 16:02:51.928root 11241100x8000000000000000782955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14915e1513aea782021-12-20 16:02:51.929root 11241100x8000000000000000782956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84dcadbcc7974e52021-12-20 16:02:51.929root 11241100x8000000000000000782957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7542ef9e8e30c2cf2021-12-20 16:02:51.929root 11241100x8000000000000000782958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603a5a4ecc0814202021-12-20 16:02:51.929root 11241100x8000000000000000782959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd01d82c36053a22021-12-20 16:02:51.929root 11241100x8000000000000000782960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d436f835e6ef002021-12-20 16:02:51.929root 11241100x8000000000000000782961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d64acf1c1c5f8f2021-12-20 16:02:51.929root 11241100x8000000000000000782962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391571cff602fd012021-12-20 16:02:51.929root 11241100x8000000000000000782963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd21d9c19e55efe2021-12-20 16:02:51.929root 11241100x8000000000000000782964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf353d777993e22021-12-20 16:02:51.929root 11241100x8000000000000000782965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3c2fe833b467692021-12-20 16:02:51.930root 11241100x8000000000000000782966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1283adc5d312472021-12-20 16:02:51.930root 11241100x8000000000000000782967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e695261f5e7f47e2021-12-20 16:02:51.930root 11241100x8000000000000000782968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:51.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0ef380173411462021-12-20 16:02:51.930root 11241100x8000000000000000782969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce97aacee411ed12021-12-20 16:02:52.424root 11241100x8000000000000000782970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb19402996ef811b2021-12-20 16:02:52.424root 11241100x8000000000000000782971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a946ddf64795df2021-12-20 16:02:52.425root 11241100x8000000000000000782972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15ffb2afcf6cfcc2021-12-20 16:02:52.425root 11241100x8000000000000000782973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37259ce827e5fa6e2021-12-20 16:02:52.425root 11241100x8000000000000000782974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61eeb30fe3c330c92021-12-20 16:02:52.426root 11241100x8000000000000000782975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976866ace8b169fd2021-12-20 16:02:52.426root 11241100x8000000000000000782976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a24f337feb3e572021-12-20 16:02:52.426root 11241100x8000000000000000782977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a119a5bd775d782021-12-20 16:02:52.426root 11241100x8000000000000000782978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec535ef9bb15ee02021-12-20 16:02:52.426root 11241100x8000000000000000782979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244fd511ed5c2d202021-12-20 16:02:52.426root 11241100x8000000000000000782980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5debb1778635078e2021-12-20 16:02:52.427root 11241100x8000000000000000782981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd571e93fc72b6e2021-12-20 16:02:52.427root 11241100x8000000000000000782982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f076cd2afab0940a2021-12-20 16:02:52.427root 11241100x8000000000000000782983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b10454ab4dae0b02021-12-20 16:02:52.427root 11241100x8000000000000000782984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3864fdb239e1972021-12-20 16:02:52.427root 11241100x8000000000000000782985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed1303e9345e3d02021-12-20 16:02:52.427root 11241100x8000000000000000782986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99316c7cca44a5fb2021-12-20 16:02:52.427root 11241100x8000000000000000782987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df37d2087baa555a2021-12-20 16:02:52.427root 11241100x8000000000000000782988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844a648def38ddb12021-12-20 16:02:52.427root 11241100x8000000000000000782989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c2b8d4396554c42021-12-20 16:02:52.427root 11241100x8000000000000000782990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46895aac190d23012021-12-20 16:02:52.427root 11241100x8000000000000000782991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f4f8f854c9fe892021-12-20 16:02:52.428root 11241100x8000000000000000782992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d630edee51a2d5822021-12-20 16:02:52.428root 11241100x8000000000000000782993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6290cf45b8f37ff12021-12-20 16:02:52.428root 11241100x8000000000000000782994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78f3cadbf9247492021-12-20 16:02:52.428root 11241100x8000000000000000782995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134868e27c9adfa02021-12-20 16:02:52.428root 11241100x8000000000000000782996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fcc796a3f53da12021-12-20 16:02:52.428root 11241100x8000000000000000782997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac3624d713f78822021-12-20 16:02:52.428root 11241100x8000000000000000782998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f22885970d6a46f2021-12-20 16:02:52.428root 11241100x8000000000000000782999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3ae5402ede09cd2021-12-20 16:02:52.428root 11241100x8000000000000000783000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5fcc1db851732b2021-12-20 16:02:52.428root 11241100x8000000000000000783001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f3c5fa151ebc702021-12-20 16:02:52.429root 11241100x8000000000000000783002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfed3e44aec893732021-12-20 16:02:52.429root 11241100x8000000000000000783003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f051c6e1da403ffe2021-12-20 16:02:52.429root 11241100x8000000000000000783004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1bd8e8185de8c42021-12-20 16:02:52.429root 11241100x8000000000000000783005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67736e50187456192021-12-20 16:02:52.429root 11241100x8000000000000000783006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d085e491b6f162021-12-20 16:02:52.429root 11241100x8000000000000000783007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719fc0126c39415f2021-12-20 16:02:52.429root 11241100x8000000000000000783008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6352020d01a45dd62021-12-20 16:02:52.429root 11241100x8000000000000000783009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6fabc2569372482021-12-20 16:02:52.429root 11241100x8000000000000000783010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41385734604f8a92021-12-20 16:02:52.429root 11241100x8000000000000000783011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe1b00f383540db2021-12-20 16:02:52.429root 11241100x8000000000000000783012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695c5876ae3347a82021-12-20 16:02:52.430root 11241100x8000000000000000783013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9544db0a2664a622021-12-20 16:02:52.430root 11241100x8000000000000000783014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdd4230ff4a5c432021-12-20 16:02:52.430root 11241100x8000000000000000783015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774cd6920f92e5222021-12-20 16:02:52.430root 11241100x8000000000000000783016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a254019db9ec7ee2021-12-20 16:02:52.430root 11241100x8000000000000000783017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da04d876424970bf2021-12-20 16:02:52.430root 11241100x8000000000000000783018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6aaeffcf987e6a2021-12-20 16:02:52.430root 11241100x8000000000000000783019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31aa78a02b7349112021-12-20 16:02:52.924root 11241100x8000000000000000783020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f744ed758a48bf92021-12-20 16:02:52.924root 11241100x8000000000000000783021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dccc58a2c701872021-12-20 16:02:52.924root 11241100x8000000000000000783022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c9743de41fdd002021-12-20 16:02:52.925root 11241100x8000000000000000783023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601403084ae28aea2021-12-20 16:02:52.925root 11241100x8000000000000000783024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584208f9bab5b0a22021-12-20 16:02:52.925root 11241100x8000000000000000783025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ab59487bccad272021-12-20 16:02:52.925root 11241100x8000000000000000783026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a8625532164ca02021-12-20 16:02:52.925root 11241100x8000000000000000783027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cd04d518728b472021-12-20 16:02:52.925root 11241100x8000000000000000783028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad7b799075fd3a22021-12-20 16:02:52.925root 11241100x8000000000000000783029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff38fe51c8b172c82021-12-20 16:02:52.925root 11241100x8000000000000000783030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016db392ff4367b12021-12-20 16:02:52.925root 11241100x8000000000000000783031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef86b231f23331cb2021-12-20 16:02:52.925root 11241100x8000000000000000783032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d29bf3d7e7f077a2021-12-20 16:02:52.925root 11241100x8000000000000000783033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb6a4ac9083ef282021-12-20 16:02:52.925root 11241100x8000000000000000783034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728b0b70551fbd002021-12-20 16:02:52.925root 11241100x8000000000000000783035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8398b3d1811ec42021-12-20 16:02:52.926root 11241100x8000000000000000783036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750556bea362a8132021-12-20 16:02:52.926root 11241100x8000000000000000783037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f610fa219469b602021-12-20 16:02:52.926root 11241100x8000000000000000783038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b694e7560b09772021-12-20 16:02:52.926root 11241100x8000000000000000783039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe29f824cd6f58a62021-12-20 16:02:52.926root 11241100x8000000000000000783040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264f5ce527ef48c52021-12-20 16:02:52.926root 11241100x8000000000000000783041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50805ae928a70fc2021-12-20 16:02:52.926root 11241100x8000000000000000783042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803990f7f32c10092021-12-20 16:02:52.926root 11241100x8000000000000000783043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261babc6ba20f6f32021-12-20 16:02:52.926root 11241100x8000000000000000783044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383cc306f06e42782021-12-20 16:02:52.926root 11241100x8000000000000000783045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b050c0b4f0c526f12021-12-20 16:02:52.926root 11241100x8000000000000000783046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e50cb55b9166632021-12-20 16:02:52.926root 11241100x8000000000000000783047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159da90a3762fbba2021-12-20 16:02:52.926root 11241100x8000000000000000783048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4270914d557952482021-12-20 16:02:52.926root 11241100x8000000000000000783049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12b61a2c955c1682021-12-20 16:02:52.926root 11241100x8000000000000000783050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4707d35f2229b2312021-12-20 16:02:52.927root 11241100x8000000000000000783051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fc1088cb2a67ac2021-12-20 16:02:52.927root 11241100x8000000000000000783052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29802bc72f9389082021-12-20 16:02:52.927root 11241100x8000000000000000783053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c634d00a62a7338d2021-12-20 16:02:52.927root 11241100x8000000000000000783054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e96b0433b71df32021-12-20 16:02:52.927root 11241100x8000000000000000783055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f12559093dbe24a2021-12-20 16:02:52.927root 11241100x8000000000000000783056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeb518cab43d7682021-12-20 16:02:52.927root 11241100x8000000000000000783057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2a9a72a5c39f172021-12-20 16:02:52.927root 11241100x8000000000000000783058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb83a0f63a5035a2021-12-20 16:02:52.927root 11241100x8000000000000000783059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3212be379ef6b4d2021-12-20 16:02:52.927root 11241100x8000000000000000783060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2f7ecd83c19d9e2021-12-20 16:02:52.927root 11241100x8000000000000000783061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ede13e661d968312021-12-20 16:02:52.927root 11241100x8000000000000000783062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1db169902ed99e82021-12-20 16:02:52.927root 11241100x8000000000000000783063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ec5f5203c15aba2021-12-20 16:02:52.928root 11241100x8000000000000000783064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee73ee88b61ef7812021-12-20 16:02:52.928root 11241100x8000000000000000783065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6f3d58f26d04792021-12-20 16:02:52.928root 11241100x8000000000000000783066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786241ee6dc645ef2021-12-20 16:02:52.928root 11241100x8000000000000000783067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7e9ccc7ab35c882021-12-20 16:02:52.928root 11241100x8000000000000000783068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8849c6e968ca7362021-12-20 16:02:52.928root 11241100x8000000000000000783069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e909e503fed6aaee2021-12-20 16:02:52.928root 11241100x8000000000000000783070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268040dee44d17602021-12-20 16:02:52.928root 11241100x8000000000000000783071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f6757c7dfae7ae2021-12-20 16:02:52.928root 11241100x8000000000000000783072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8072b92f3ffa86a52021-12-20 16:02:52.928root 11241100x8000000000000000783073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffcd1e970032f892021-12-20 16:02:52.928root 11241100x8000000000000000783074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a788dac0cbdedcf42021-12-20 16:02:52.929root 11241100x8000000000000000783075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1546756d55e367c72021-12-20 16:02:52.929root 11241100x8000000000000000783076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c467940f8f6d6dcb2021-12-20 16:02:52.929root 11241100x8000000000000000783077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bf3b74e277ae992021-12-20 16:02:52.929root 11241100x8000000000000000783078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437c28ec5bd10e5b2021-12-20 16:02:52.929root 11241100x8000000000000000783079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379d23aac6d1fce82021-12-20 16:02:52.929root 11241100x8000000000000000783080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d3991f30f2bb6d2021-12-20 16:02:52.929root 11241100x8000000000000000783081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745eef72049013622021-12-20 16:02:52.929root 11241100x8000000000000000783082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3af7515f4e0843a2021-12-20 16:02:52.929root 11241100x8000000000000000783083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef28c4a1cc14b9b2021-12-20 16:02:52.929root 11241100x8000000000000000783084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa067f6ab2c748f2021-12-20 16:02:52.929root 11241100x8000000000000000783085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ffec4d8be8983b2021-12-20 16:02:52.930root 11241100x8000000000000000783086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f577def0e847692021-12-20 16:02:52.930root 11241100x8000000000000000783087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa1b02f0968ab2c2021-12-20 16:02:52.930root 11241100x8000000000000000783088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ced6a5a0aee354f2021-12-20 16:02:52.930root 11241100x8000000000000000783089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b494a67e48681d2021-12-20 16:02:52.930root 11241100x8000000000000000783090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e196bffa49201a432021-12-20 16:02:52.930root 11241100x8000000000000000783091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c00aba48feddc52021-12-20 16:02:52.930root 11241100x8000000000000000783092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a29dd313fea07322021-12-20 16:02:52.931root 11241100x8000000000000000783093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1542b652d86bde2021-12-20 16:02:52.931root 11241100x8000000000000000783094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adc4a3c4128c9812021-12-20 16:02:52.931root 11241100x8000000000000000783095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3a2552dceb5c472021-12-20 16:02:52.931root 11241100x8000000000000000783096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4763e08155ba65c2021-12-20 16:02:52.931root 11241100x8000000000000000783097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a562dc8502ce7a2021-12-20 16:02:52.931root 11241100x8000000000000000783098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067f12c143cb85502021-12-20 16:02:52.931root 11241100x8000000000000000783099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4b4a2108d5eacd2021-12-20 16:02:52.931root 11241100x8000000000000000783100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b8744b67fec2072021-12-20 16:02:52.931root 11241100x8000000000000000783101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ccb8a0d84636b82021-12-20 16:02:52.931root 11241100x8000000000000000783102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd7a949535246d12021-12-20 16:02:52.931root 11241100x8000000000000000783103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7017a627681cdaec2021-12-20 16:02:52.931root 11241100x8000000000000000783104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6931f12d30404322021-12-20 16:02:52.931root 11241100x8000000000000000783105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fc8630205df26b2021-12-20 16:02:52.931root 11241100x8000000000000000783106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46606424370e8ec32021-12-20 16:02:52.932root 11241100x8000000000000000783107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0ff4608107d6132021-12-20 16:02:52.932root 11241100x8000000000000000783108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3b6482ce7ab5292021-12-20 16:02:52.932root 11241100x8000000000000000783109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d776f3a72086992021-12-20 16:02:52.932root 11241100x8000000000000000783110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f059d87204745a12021-12-20 16:02:52.932root 11241100x8000000000000000783111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf68509e217e2bb2021-12-20 16:02:52.932root 11241100x8000000000000000783112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a67ecb6abe2b802021-12-20 16:02:52.932root 11241100x8000000000000000783113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1344da3dfa859b992021-12-20 16:02:52.932root 11241100x8000000000000000783114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ec5a9fcdd11fbc2021-12-20 16:02:52.932root 11241100x8000000000000000783115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df79f3ac94184292021-12-20 16:02:52.932root 11241100x8000000000000000783116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5e97530937c7b12021-12-20 16:02:52.932root 11241100x8000000000000000783117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cda49c68a29e462021-12-20 16:02:52.932root 11241100x8000000000000000783118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6285cd9ec174ff292021-12-20 16:02:52.932root 11241100x8000000000000000783119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dc8d605eefdeee2021-12-20 16:02:52.933root 11241100x8000000000000000783120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9ef9f892112b902021-12-20 16:02:52.933root 11241100x8000000000000000783121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89be45bfdd0fe7312021-12-20 16:02:52.933root 11241100x8000000000000000783122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b90093f4bfc75322021-12-20 16:02:52.933root 11241100x8000000000000000783123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd554aad0761e952021-12-20 16:02:52.933root 11241100x8000000000000000783124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0db63497872c582021-12-20 16:02:52.933root 11241100x8000000000000000783125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ca1de02d7733032021-12-20 16:02:52.933root 11241100x8000000000000000783126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe3de68428a23f72021-12-20 16:02:52.933root 11241100x8000000000000000783127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193e5b02ee0979c42021-12-20 16:02:52.933root 11241100x8000000000000000783128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b7372e365c0a8e2021-12-20 16:02:52.933root 11241100x8000000000000000783129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a957d4f06a8a0c2021-12-20 16:02:52.933root 11241100x8000000000000000783130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98801b18cb7b822d2021-12-20 16:02:52.933root 11241100x8000000000000000783131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:52.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd348d15350dfd972021-12-20 16:02:52.933root 11241100x8000000000000000783132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd6cf45a12f45712021-12-20 16:02:53.424root 11241100x8000000000000000783133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4513673935169eb2021-12-20 16:02:53.424root 11241100x8000000000000000783134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055270ad6c15f6222021-12-20 16:02:53.424root 11241100x8000000000000000783135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a03eec2eb2e872021-12-20 16:02:53.424root 11241100x8000000000000000783136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faee7e2bd373e73f2021-12-20 16:02:53.424root 11241100x8000000000000000783137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4720200ec06bea2021-12-20 16:02:53.424root 11241100x8000000000000000783138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea894baad70dafc2021-12-20 16:02:53.424root 11241100x8000000000000000783139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697c41d026d4ee802021-12-20 16:02:53.424root 11241100x8000000000000000783140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aa1bd9245dde312021-12-20 16:02:53.424root 11241100x8000000000000000783141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb77d84ff92655262021-12-20 16:02:53.424root 11241100x8000000000000000783142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56da69720decbd792021-12-20 16:02:53.425root 11241100x8000000000000000783143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5e4291f8b046fa2021-12-20 16:02:53.425root 11241100x8000000000000000783144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455327b7b7b71a9a2021-12-20 16:02:53.425root 11241100x8000000000000000783145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6153eb908c177d42021-12-20 16:02:53.425root 11241100x8000000000000000783146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16415154079c82e2021-12-20 16:02:53.425root 11241100x8000000000000000783147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4c10b9a27227662021-12-20 16:02:53.425root 11241100x8000000000000000783148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821e32cffd6e8aa02021-12-20 16:02:53.425root 11241100x8000000000000000783149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187a881ec2c435872021-12-20 16:02:53.425root 11241100x8000000000000000783150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b29e758bf26afa2021-12-20 16:02:53.425root 11241100x8000000000000000783151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09eb25a778365452021-12-20 16:02:53.425root 11241100x8000000000000000783152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168bf62ce88d2a1d2021-12-20 16:02:53.425root 11241100x8000000000000000783153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab88a4f972eb61a2021-12-20 16:02:53.425root 11241100x8000000000000000783154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e9d157b04823942021-12-20 16:02:53.425root 11241100x8000000000000000783155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8de84cdfb46d422021-12-20 16:02:53.425root 11241100x8000000000000000783156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4451a3abdeffe77d2021-12-20 16:02:53.425root 11241100x8000000000000000783157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd923ab0404a7c62021-12-20 16:02:53.425root 11241100x8000000000000000783158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb21be75ea4c1452021-12-20 16:02:53.426root 11241100x8000000000000000783159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448bb881bc1455102021-12-20 16:02:53.426root 11241100x8000000000000000783160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9544ee7904ffb5b52021-12-20 16:02:53.426root 11241100x8000000000000000783161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20acea7eb13790342021-12-20 16:02:53.426root 11241100x8000000000000000783162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670138d2f845b6ea2021-12-20 16:02:53.426root 11241100x8000000000000000783163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9c05caa6c751132021-12-20 16:02:53.426root 11241100x8000000000000000783164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c327caece68adf22021-12-20 16:02:53.426root 11241100x8000000000000000783165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8d320131617f712021-12-20 16:02:53.426root 11241100x8000000000000000783166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be5d1affff9120f2021-12-20 16:02:53.426root 11241100x8000000000000000783167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fe2479ed6f13822021-12-20 16:02:53.427root 11241100x8000000000000000783168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaa4e5ffcb45b5c2021-12-20 16:02:53.427root 11241100x8000000000000000783169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a61a782e57f724d2021-12-20 16:02:53.427root 11241100x8000000000000000783170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298c9e14fd9f941f2021-12-20 16:02:53.427root 11241100x8000000000000000783171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8705b60eee5f3d2021-12-20 16:02:53.427root 11241100x8000000000000000783172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd54cfb0754a61b2021-12-20 16:02:53.428root 11241100x8000000000000000783173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc41a721bc586c22021-12-20 16:02:53.429root 11241100x8000000000000000783174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47e3f683b11975d2021-12-20 16:02:53.429root 11241100x8000000000000000783175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a67da41ddc56232021-12-20 16:02:53.429root 11241100x8000000000000000783176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2d21431671ae012021-12-20 16:02:53.429root 11241100x8000000000000000783177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3dab25ccd3e0402021-12-20 16:02:53.430root 11241100x8000000000000000783178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc85ef392d6362e2021-12-20 16:02:53.431root 11241100x8000000000000000783179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f29501c95125da32021-12-20 16:02:53.431root 11241100x8000000000000000783180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e3099f33d577a12021-12-20 16:02:53.431root 11241100x8000000000000000783181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0775cf105af96c62021-12-20 16:02:53.431root 11241100x8000000000000000783182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cc476fdf18573b2021-12-20 16:02:53.431root 11241100x8000000000000000783183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b67e393cb9337b2021-12-20 16:02:53.432root 11241100x8000000000000000783184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc56048da90551ed2021-12-20 16:02:53.432root 11241100x8000000000000000783185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad942d4ae35b5dc72021-12-20 16:02:53.432root 11241100x8000000000000000783186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c526061b417d13f32021-12-20 16:02:53.432root 11241100x8000000000000000783187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cf4f3d46fd557d2021-12-20 16:02:53.433root 11241100x8000000000000000783188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e935b3c50b228ec82021-12-20 16:02:53.433root 11241100x8000000000000000783189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead7008673fe3b62021-12-20 16:02:53.433root 11241100x8000000000000000783190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b07579dd08b94d32021-12-20 16:02:53.433root 11241100x8000000000000000783191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3325d9d4204f3c442021-12-20 16:02:53.433root 11241100x8000000000000000783192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b5784b6f963d882021-12-20 16:02:53.434root 11241100x8000000000000000783193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632d01a35ba62bc22021-12-20 16:02:53.434root 11241100x8000000000000000783194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd97d0e082cfd292021-12-20 16:02:53.434root 11241100x8000000000000000783195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0db371f3fe3b882021-12-20 16:02:53.434root 11241100x8000000000000000783196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef004d68dc142782021-12-20 16:02:53.434root 11241100x8000000000000000783197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e1509d53c19dd32021-12-20 16:02:53.435root 11241100x8000000000000000783198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e23a8108af6a1c22021-12-20 16:02:53.435root 11241100x8000000000000000783199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c91cf95ba46de772021-12-20 16:02:53.435root 11241100x8000000000000000783200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22dfa123406a7fd2021-12-20 16:02:53.435root 11241100x8000000000000000783201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cf3cadddd5aa6d2021-12-20 16:02:53.435root 11241100x8000000000000000783202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:02:53.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae61a1b47f4738912021-12-20 16:02:53.435root 354300x8000000000000000783251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:13.165{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51564-false10.0.1.12-8000- 11241100x8000000000000000783252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b7e4e976e3c4182021-12-20 16:03:13.424root 11241100x8000000000000000783253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:13.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a8c3167074dfca2021-12-20 16:03:13.923root 11241100x8000000000000000783254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:14.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec6924a9c7e9ef72021-12-20 16:03:14.423root 11241100x8000000000000000783255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:14.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5ad8841006d38b2021-12-20 16:03:14.923root 11241100x8000000000000000783256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:15.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fde342f23db92c2021-12-20 16:03:15.423root 11241100x8000000000000000783257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:15.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae9bdb8eadd68132021-12-20 16:03:15.923root 11241100x8000000000000000783258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:16.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719c2029ef739b142021-12-20 16:03:16.423root 11241100x8000000000000000783259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:16.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f490bfed69472c2021-12-20 16:03:16.923root 11241100x8000000000000000783260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:17.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16f120ed871ec1c2021-12-20 16:03:17.423root 11241100x8000000000000000783261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:17.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1556e428d114f3792021-12-20 16:03:17.923root 354300x8000000000000000783262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:18.175{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51566-false10.0.1.12-8000- 11241100x8000000000000000783263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:18.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1afdf0cb8a79b1d2021-12-20 16:03:18.175root 11241100x8000000000000000783264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189c9b93dfbb80452021-12-20 16:03:18.674root 11241100x8000000000000000783265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8d0787152752c42021-12-20 16:03:18.674root 11241100x8000000000000000783266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9c23cc7b85dbd62021-12-20 16:03:19.174root 11241100x8000000000000000783267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:19.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cce40c0bb6202762021-12-20 16:03:19.174root 11241100x8000000000000000783268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e7a2de6d231dd52021-12-20 16:03:19.674root 11241100x8000000000000000783269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4aa3a9a26dd6472021-12-20 16:03:19.674root 354300x8000000000000000783270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:20.090{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46270-false10.0.1.12-8089- 11241100x8000000000000000783271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:20.090{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8ef4bdda0fb4182021-12-20 16:03:20.090root 11241100x8000000000000000783272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:20.090{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212840f7e9718f852021-12-20 16:03:20.090root 11241100x8000000000000000783273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911ae88e69fa250f2021-12-20 16:03:20.424root 11241100x8000000000000000783274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca9f1557690bd0a2021-12-20 16:03:20.424root 11241100x8000000000000000783275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094a42cef18aeada2021-12-20 16:03:20.424root 11241100x8000000000000000783276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640f88d8a468bd992021-12-20 16:03:20.924root 11241100x8000000000000000783277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4396e67325c0dd2021-12-20 16:03:20.924root 11241100x8000000000000000783278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1f7ec4925228f22021-12-20 16:03:20.924root 154100x8000000000000000783279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.379{ec2c97d1-a949-61c0-68a4-449198550000}10243/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000783280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.380{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f330449577f6ee2021-12-20 16:03:21.380root 11241100x8000000000000000783281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.380{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127bdfb0b015b0852021-12-20 16:03:21.380root 11241100x8000000000000000783282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.381{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a835bd1dafce732021-12-20 16:03:21.381root 11241100x8000000000000000783283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.381{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a77637aba159512021-12-20 16:03:21.381root 534500x8000000000000000783284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.392{ec2c97d1-a949-61c0-68a4-449198550000}10243/bin/psroot 11241100x8000000000000000783285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f83bef701c5eca32021-12-20 16:03:21.674root 11241100x8000000000000000783286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d026bdfb83da5fe2021-12-20 16:03:21.674root 11241100x8000000000000000783287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88249ca5991bbd8b2021-12-20 16:03:21.674root 11241100x8000000000000000783288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac7e005f7bdd8482021-12-20 16:03:21.674root 11241100x8000000000000000783289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:21.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce9b1b5aaba9a722021-12-20 16:03:21.674root 11241100x8000000000000000783290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:22.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ca52ab2a4ae5742021-12-20 16:03:22.174root 11241100x8000000000000000783291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:22.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbce3676051452c2021-12-20 16:03:22.174root 11241100x8000000000000000783292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:22.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b350b8453728d6792021-12-20 16:03:22.174root 11241100x8000000000000000783293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:22.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe599f9e5548dfa2021-12-20 16:03:22.174root 11241100x8000000000000000783294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:22.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4b50ef38cf3deb2021-12-20 16:03:22.174root 11241100x8000000000000000783295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8e6d347121737d2021-12-20 16:03:22.674root 11241100x8000000000000000783296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e127ba82c0eee4e22021-12-20 16:03:22.674root 11241100x8000000000000000783297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccbd4536a5660c52021-12-20 16:03:22.674root 11241100x8000000000000000783298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b262a3a039e87e482021-12-20 16:03:22.674root 11241100x8000000000000000783299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4114c1c01fb7a42021-12-20 16:03:22.674root 11241100x8000000000000000783300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:23.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563e7fbe5519e2e22021-12-20 16:03:23.174root 11241100x8000000000000000783301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:23.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b346794f4efc8fe2021-12-20 16:03:23.174root 11241100x8000000000000000783302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:23.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1045d8e759a3e02021-12-20 16:03:23.174root 11241100x8000000000000000783303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:23.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b22a7c9faa8b9e2021-12-20 16:03:23.174root 11241100x8000000000000000783304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:23.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cde5ce3d536f4c2021-12-20 16:03:23.174root 11241100x8000000000000000783305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:23.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02294fb6878d3d722021-12-20 16:03:23.674root 11241100x8000000000000000783306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:23.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50a820f6c1c205f2021-12-20 16:03:23.674root 11241100x8000000000000000783307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:23.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ccdd16fc7e96242021-12-20 16:03:23.674root 11241100x8000000000000000783308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:23.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9552757d1105452021-12-20 16:03:23.674root 11241100x8000000000000000783309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:23.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707e5511ee25f1952021-12-20 16:03:23.674root 354300x8000000000000000783310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.168{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51570-false10.0.1.12-8000- 11241100x8000000000000000783311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.169{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6227690d0599ea32021-12-20 16:03:24.169root 11241100x8000000000000000783312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.169{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71827ab9bccafacd2021-12-20 16:03:24.169root 11241100x8000000000000000783313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.169{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80878f209f6b13a72021-12-20 16:03:24.169root 11241100x8000000000000000783314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.169{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db579457f3227412021-12-20 16:03:24.169root 11241100x8000000000000000783315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.169{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be0e60ab3b9be512021-12-20 16:03:24.169root 11241100x8000000000000000783316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.170{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c4d6ae1b547a002021-12-20 16:03:24.170root 11241100x8000000000000000783317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e7c14c7255a4bf2021-12-20 16:03:24.424root 11241100x8000000000000000783318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118078b040b3bcdf2021-12-20 16:03:24.424root 11241100x8000000000000000783319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384e7ef6175dc41e2021-12-20 16:03:24.424root 11241100x8000000000000000783320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6153b58418572e32021-12-20 16:03:24.424root 11241100x8000000000000000783321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3317c4978e08b99c2021-12-20 16:03:24.424root 11241100x8000000000000000783322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18294509746da4b42021-12-20 16:03:24.424root 11241100x8000000000000000783323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5233ee8819ae562021-12-20 16:03:24.924root 11241100x8000000000000000783324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08d0a8cd1a2f80e2021-12-20 16:03:24.924root 11241100x8000000000000000783325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9bcc2ee793d8ae2021-12-20 16:03:24.924root 11241100x8000000000000000783326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b815dd70babfc3612021-12-20 16:03:24.924root 11241100x8000000000000000783327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10b2a54ce9876ec2021-12-20 16:03:24.924root 11241100x8000000000000000783328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d422f5994bfb362021-12-20 16:03:24.924root 11241100x8000000000000000783329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe68f3267e4f0d0c2021-12-20 16:03:25.424root 11241100x8000000000000000783330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003d40a622daaeb12021-12-20 16:03:25.424root 11241100x8000000000000000783331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bda73cf9989fae2021-12-20 16:03:25.424root 11241100x8000000000000000783332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9c48354903581f2021-12-20 16:03:25.424root 11241100x8000000000000000783333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23365eb88be84ae2021-12-20 16:03:25.424root 11241100x8000000000000000783334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4fb680c1d0f5f92021-12-20 16:03:25.425root 11241100x8000000000000000783335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b3aba423bbc3932021-12-20 16:03:25.924root 11241100x8000000000000000783336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0660dec3dcbf2d8b2021-12-20 16:03:25.924root 11241100x8000000000000000783337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d120e06596e05e142021-12-20 16:03:25.924root 11241100x8000000000000000783338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2542e89fc646762b2021-12-20 16:03:25.924root 11241100x8000000000000000783339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b623762f15ac86d12021-12-20 16:03:25.924root 11241100x8000000000000000783340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2429c642d4e16a62021-12-20 16:03:25.924root 11241100x8000000000000000783341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2570d232885e1d82021-12-20 16:03:26.424root 11241100x8000000000000000783342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d961c57a40e50c9e2021-12-20 16:03:26.424root 11241100x8000000000000000783343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c614a6f6e490561b2021-12-20 16:03:26.424root 11241100x8000000000000000783344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99d8410ed9319f72021-12-20 16:03:26.424root 11241100x8000000000000000783345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1ba4a2832ce6042021-12-20 16:03:26.424root 11241100x8000000000000000783346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d63266992fa2642021-12-20 16:03:26.424root 11241100x8000000000000000783347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747a6e37294d4bdc2021-12-20 16:03:26.924root 11241100x8000000000000000783348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad09a663e37995632021-12-20 16:03:26.924root 11241100x8000000000000000783349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a2351b0e5c34352021-12-20 16:03:26.924root 11241100x8000000000000000783350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c099069215aea5912021-12-20 16:03:26.924root 11241100x8000000000000000783351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cb9e67d1a085cd2021-12-20 16:03:26.924root 11241100x8000000000000000783352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e594698d7d53ab2021-12-20 16:03:26.924root 11241100x8000000000000000783353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76649986eea97b112021-12-20 16:03:27.424root 11241100x8000000000000000783354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3ea4523f0c6cba2021-12-20 16:03:27.424root 11241100x8000000000000000783355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fa0514de43f5292021-12-20 16:03:27.424root 11241100x8000000000000000783356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9bcd0ad3b7fa4d2021-12-20 16:03:27.424root 11241100x8000000000000000783357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f4bf5d60efd9bb2021-12-20 16:03:27.424root 11241100x8000000000000000783358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8349fcef73391acd2021-12-20 16:03:27.424root 11241100x8000000000000000783359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f07e574e0f8a0992021-12-20 16:03:27.924root 11241100x8000000000000000783360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c4a54c484482f02021-12-20 16:03:27.924root 11241100x8000000000000000783361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cba4a53dafb0ca82021-12-20 16:03:27.924root 11241100x8000000000000000783362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3cd61023aa56502021-12-20 16:03:27.924root 11241100x8000000000000000783363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbe27d20eae0db82021-12-20 16:03:27.924root 11241100x8000000000000000783364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fc047ef7c8d9942021-12-20 16:03:27.924root 11241100x8000000000000000783365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4310b2b0ae7de62021-12-20 16:03:28.424root 11241100x8000000000000000783366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafdcb2b89fc149b2021-12-20 16:03:28.424root 11241100x8000000000000000783367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d781c7e2aede3d662021-12-20 16:03:28.424root 11241100x8000000000000000783368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654012f75e9c9f6e2021-12-20 16:03:28.424root 11241100x8000000000000000783369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34726eb2e61053242021-12-20 16:03:28.424root 11241100x8000000000000000783370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96264d51c7a366cc2021-12-20 16:03:28.424root 11241100x8000000000000000783371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d246110176083b82021-12-20 16:03:28.924root 11241100x8000000000000000783372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845c62e49a3acf6c2021-12-20 16:03:28.924root 11241100x8000000000000000783373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59634550025b95af2021-12-20 16:03:28.924root 11241100x8000000000000000783374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a21df3b5181c072021-12-20 16:03:28.924root 11241100x8000000000000000783375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca20c77c77da2f22021-12-20 16:03:28.924root 11241100x8000000000000000783376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b84cc383db83be2021-12-20 16:03:28.924root 354300x8000000000000000783377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.208{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51572-false10.0.1.12-8000- 11241100x8000000000000000783378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.209{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b20c20679081ef42021-12-20 16:03:29.209root 11241100x8000000000000000783379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.209{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c819d5d6d0a8e32021-12-20 16:03:29.209root 11241100x8000000000000000783380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.209{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1463c12e916e6e2021-12-20 16:03:29.209root 11241100x8000000000000000783381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.209{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec385e1c71f62452021-12-20 16:03:29.209root 11241100x8000000000000000783382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.209{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd015e4eb29b48cd2021-12-20 16:03:29.209root 11241100x8000000000000000783383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.210{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33edea02b1d0827e2021-12-20 16:03:29.210root 11241100x8000000000000000783384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.210{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40597e3b0ffae47a2021-12-20 16:03:29.210root 11241100x8000000000000000783385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5986c82b2523d81e2021-12-20 16:03:29.674root 11241100x8000000000000000783386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267bcf479aaca91f2021-12-20 16:03:29.674root 11241100x8000000000000000783387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bac9c3ccbe8d7b2021-12-20 16:03:29.674root 11241100x8000000000000000783388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b486d68b35ae472f2021-12-20 16:03:29.674root 11241100x8000000000000000783389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d578a9691b8a836d2021-12-20 16:03:29.675root 11241100x8000000000000000783390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95c7b727313a75d2021-12-20 16:03:29.675root 11241100x8000000000000000783391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:29.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75e3da9fc0aa2cb2021-12-20 16:03:29.676root 11241100x8000000000000000783392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661752b29355d4202021-12-20 16:03:30.174root 11241100x8000000000000000783393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e118d582749ddb2021-12-20 16:03:30.174root 11241100x8000000000000000783394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a225ace77650a52021-12-20 16:03:30.174root 11241100x8000000000000000783395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57590b2f9e7c8a5a2021-12-20 16:03:30.174root 11241100x8000000000000000783396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab79d114132be5e22021-12-20 16:03:30.174root 11241100x8000000000000000783397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a31d82dbf1ca3e2021-12-20 16:03:30.174root 11241100x8000000000000000783398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0126f1457e477f2021-12-20 16:03:30.175root 11241100x8000000000000000783399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d495734f9b891382021-12-20 16:03:30.674root 11241100x8000000000000000783400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438ff42700aedd982021-12-20 16:03:30.674root 11241100x8000000000000000783401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2c8a238dcf187b2021-12-20 16:03:30.674root 11241100x8000000000000000783402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e65670dbc32900c2021-12-20 16:03:30.674root 11241100x8000000000000000783403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3944fbaf0d12042021-12-20 16:03:30.674root 11241100x8000000000000000783404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9154b347fd00c6872021-12-20 16:03:30.674root 11241100x8000000000000000783405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:30.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95967c2a75a7dd362021-12-20 16:03:30.675root 11241100x8000000000000000783406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ca8a2464dab9dc2021-12-20 16:03:31.174root 11241100x8000000000000000783407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedf763b64cd364f2021-12-20 16:03:31.174root 11241100x8000000000000000783408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1314cfe658c235ec2021-12-20 16:03:31.174root 11241100x8000000000000000783409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36bca98cbc3546f2021-12-20 16:03:31.174root 11241100x8000000000000000783410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f74538faa3dfb692021-12-20 16:03:31.174root 11241100x8000000000000000783411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264ced306543dbed2021-12-20 16:03:31.174root 11241100x8000000000000000783412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb2555ed7d9ef562021-12-20 16:03:31.175root 11241100x8000000000000000783413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510cee39ee117a852021-12-20 16:03:31.674root 11241100x8000000000000000783414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68e0ee9908bce412021-12-20 16:03:31.674root 11241100x8000000000000000783415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68128d8b17cd23412021-12-20 16:03:31.674root 11241100x8000000000000000783416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d2b1af3deb591f2021-12-20 16:03:31.674root 11241100x8000000000000000783417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98915e71a72b53e2021-12-20 16:03:31.674root 11241100x8000000000000000783418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbe023adf563a762021-12-20 16:03:31.674root 11241100x8000000000000000783419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:31.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afad2dcaedcf59d2021-12-20 16:03:31.674root 11241100x8000000000000000783420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f9f40f2a21584b2021-12-20 16:03:32.174root 11241100x8000000000000000783421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af2feb5ace045bc2021-12-20 16:03:32.174root 11241100x8000000000000000783422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67612cbcdc8c4c8d2021-12-20 16:03:32.174root 11241100x8000000000000000783423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d7bf25a624d90e2021-12-20 16:03:32.174root 11241100x8000000000000000783424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd591197641ae232021-12-20 16:03:32.175root 11241100x8000000000000000783425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1294d210d48b6e9a2021-12-20 16:03:32.175root 11241100x8000000000000000783426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd4fda7a17ed6dc2021-12-20 16:03:32.175root 11241100x8000000000000000783427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac569f4c9bf83acc2021-12-20 16:03:32.675root 11241100x8000000000000000783428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae15376ad07c16072021-12-20 16:03:32.675root 11241100x8000000000000000783429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5639f45224d643492021-12-20 16:03:32.675root 11241100x8000000000000000783430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4952b788c3d0d22021-12-20 16:03:32.675root 11241100x8000000000000000783431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2325cbbbda78ab2021-12-20 16:03:32.675root 11241100x8000000000000000783432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eb883283b3878e2021-12-20 16:03:32.675root 11241100x8000000000000000783433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:32.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46330f9373282bb12021-12-20 16:03:32.676root 11241100x8000000000000000783434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dd111980808e9c2021-12-20 16:03:33.174root 11241100x8000000000000000783435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352c34cb17d79fcb2021-12-20 16:03:33.174root 11241100x8000000000000000783436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b745ab7dc52ff5e62021-12-20 16:03:33.174root 11241100x8000000000000000783437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a64772e1cd734832021-12-20 16:03:33.174root 11241100x8000000000000000783438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9df164dc88b7782021-12-20 16:03:33.174root 11241100x8000000000000000783439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781797a1bd4db8f52021-12-20 16:03:33.175root 11241100x8000000000000000783440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a57404b2af82f12021-12-20 16:03:33.175root 11241100x8000000000000000783441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f964fa7f8f516ed02021-12-20 16:03:33.674root 11241100x8000000000000000783442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa83097c1405a5c2021-12-20 16:03:33.674root 11241100x8000000000000000783443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd0db0aa0e1e8732021-12-20 16:03:33.674root 11241100x8000000000000000783444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18933a9a738c24cf2021-12-20 16:03:33.674root 11241100x8000000000000000783445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5766485695df66a02021-12-20 16:03:33.674root 11241100x8000000000000000783446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a98b6a846b214362021-12-20 16:03:33.675root 11241100x8000000000000000783447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c840d7b60eafcb62021-12-20 16:03:33.675root 11241100x8000000000000000783448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bdb40bbaa271a82021-12-20 16:03:34.174root 11241100x8000000000000000783449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a58f7c46be9c4462021-12-20 16:03:34.174root 11241100x8000000000000000783450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebb29d966454e712021-12-20 16:03:34.174root 11241100x8000000000000000783451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579e0df35d07ae52021-12-20 16:03:34.174root 11241100x8000000000000000783452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e292ac1a3faa4ab2021-12-20 16:03:34.174root 11241100x8000000000000000783453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722e3164d48f0cd62021-12-20 16:03:34.175root 11241100x8000000000000000783454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfc2cab49ff8dc92021-12-20 16:03:34.175root 11241100x8000000000000000783455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a7ba0a2e85e23a2021-12-20 16:03:34.674root 11241100x8000000000000000783456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289d66b56c39a8902021-12-20 16:03:34.674root 11241100x8000000000000000783457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c1c1610d7b5f6d2021-12-20 16:03:34.674root 11241100x8000000000000000783458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631223b0b106b5a32021-12-20 16:03:34.674root 11241100x8000000000000000783459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c418675d74f08c32021-12-20 16:03:34.674root 11241100x8000000000000000783460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f31f9de1fc545292021-12-20 16:03:34.675root 11241100x8000000000000000783461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:34.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf17def67846b112021-12-20 16:03:34.675root 354300x8000000000000000783462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.173{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51574-false10.0.1.12-8000- 11241100x8000000000000000783463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.173{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16d8ebfc884ee082021-12-20 16:03:35.173root 11241100x8000000000000000783464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f29c554bfb36622021-12-20 16:03:35.174root 11241100x8000000000000000783465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25921a74de3ae88f2021-12-20 16:03:35.174root 11241100x8000000000000000783466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a4b4779245ffdc2021-12-20 16:03:35.174root 11241100x8000000000000000783467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98677e0f88780d62021-12-20 16:03:35.174root 11241100x8000000000000000783468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b32d8679d9e28ec2021-12-20 16:03:35.174root 11241100x8000000000000000783469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00473c5110dad5662021-12-20 16:03:35.174root 11241100x8000000000000000783470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e5eca23fc1516c2021-12-20 16:03:35.174root 11241100x8000000000000000783471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986096f72db2e51a2021-12-20 16:03:35.424root 11241100x8000000000000000783472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134ea27038ebc27f2021-12-20 16:03:35.424root 11241100x8000000000000000783473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e93152b267fd572021-12-20 16:03:35.424root 11241100x8000000000000000783474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6bbcbe048fd0772021-12-20 16:03:35.424root 11241100x8000000000000000783475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7289662bcdceef32021-12-20 16:03:35.424root 11241100x8000000000000000783476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2196248949572c2021-12-20 16:03:35.424root 11241100x8000000000000000783477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcba3e890f4d8ea72021-12-20 16:03:35.424root 11241100x8000000000000000783478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39208f9501d67b602021-12-20 16:03:35.425root 11241100x8000000000000000783479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c385a698fc2b95932021-12-20 16:03:35.924root 11241100x8000000000000000783480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3b9f2bc921f4bf2021-12-20 16:03:35.924root 11241100x8000000000000000783481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842979f09e2914032021-12-20 16:03:35.924root 11241100x8000000000000000783482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4ce80056a05f672021-12-20 16:03:35.924root 11241100x8000000000000000783483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b4362d070c01092021-12-20 16:03:35.924root 11241100x8000000000000000783484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215815f2c0178dfe2021-12-20 16:03:35.924root 11241100x8000000000000000783485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7e6b1580fd7d342021-12-20 16:03:35.924root 11241100x8000000000000000783486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4cc615098c4b12021-12-20 16:03:35.925root 11241100x8000000000000000783487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.067{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:03:36.067root 11241100x8000000000000000783488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03d50309b68999c2021-12-20 16:03:36.424root 11241100x8000000000000000783489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc7160ddca649d12021-12-20 16:03:36.424root 11241100x8000000000000000783490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6a4a6e8a96c4372021-12-20 16:03:36.424root 11241100x8000000000000000783491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f961af56e74b8d3e2021-12-20 16:03:36.424root 11241100x8000000000000000783492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bd8dac44cf325e2021-12-20 16:03:36.424root 11241100x8000000000000000783493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eafad962d9451a2021-12-20 16:03:36.425root 11241100x8000000000000000783494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ab652e328358b62021-12-20 16:03:36.425root 11241100x8000000000000000783495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c50a0c295d62e442021-12-20 16:03:36.426root 11241100x8000000000000000783496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf9cb8931238912021-12-20 16:03:36.426root 11241100x8000000000000000783497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62012b178817db372021-12-20 16:03:36.924root 11241100x8000000000000000783498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e20e42df961fc62021-12-20 16:03:36.924root 11241100x8000000000000000783499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d5f7f7b671c3e42021-12-20 16:03:36.924root 11241100x8000000000000000783500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516184e29c6a53352021-12-20 16:03:36.925root 11241100x8000000000000000783501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58858bf743500be32021-12-20 16:03:36.925root 11241100x8000000000000000783502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d8b5a417887b0c2021-12-20 16:03:36.925root 11241100x8000000000000000783503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1144be53b01697ff2021-12-20 16:03:36.926root 11241100x8000000000000000783504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1021816087cbc0a2021-12-20 16:03:36.926root 11241100x8000000000000000783505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f01a4cac57c4032021-12-20 16:03:36.926root 11241100x8000000000000000783506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c299bab811205e2021-12-20 16:03:37.424root 11241100x8000000000000000783507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ca220a0baee9d92021-12-20 16:03:37.424root 11241100x8000000000000000783508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866450428fff5f9b2021-12-20 16:03:37.424root 11241100x8000000000000000783509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21c6a42b1ec6e802021-12-20 16:03:37.424root 11241100x8000000000000000783510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83754213e646d3462021-12-20 16:03:37.424root 11241100x8000000000000000783511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08aa33b06df99bc22021-12-20 16:03:37.424root 11241100x8000000000000000783512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24e2407951534832021-12-20 16:03:37.424root 11241100x8000000000000000783513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78872b33c9e285f2021-12-20 16:03:37.425root 11241100x8000000000000000783514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526e437d4e8c4a1b2021-12-20 16:03:37.425root 11241100x8000000000000000783515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd8d5e29f5ff13a2021-12-20 16:03:37.924root 11241100x8000000000000000783516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02c8dc240ae94442021-12-20 16:03:37.924root 11241100x8000000000000000783517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecaa3e035606a812021-12-20 16:03:37.924root 11241100x8000000000000000783518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fed15769bfb00a2021-12-20 16:03:37.924root 11241100x8000000000000000783519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5646533f68fe31ac2021-12-20 16:03:37.924root 11241100x8000000000000000783520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b01024d57e50732021-12-20 16:03:37.924root 11241100x8000000000000000783521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beff18e9aa369b632021-12-20 16:03:37.925root 11241100x8000000000000000783522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a2b8f8b0a8688d2021-12-20 16:03:37.925root 11241100x8000000000000000783523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374a6eeaaa8399302021-12-20 16:03:37.925root 11241100x8000000000000000783524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93145c6f88292c652021-12-20 16:03:38.424root 11241100x8000000000000000783525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85e0af3778d5a1d2021-12-20 16:03:38.424root 11241100x8000000000000000783526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f1fb5281106b02021-12-20 16:03:38.424root 11241100x8000000000000000783527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c9858635dd83fc2021-12-20 16:03:38.424root 11241100x8000000000000000783528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa99c9657c022e1d2021-12-20 16:03:38.425root 11241100x8000000000000000783529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f004caaecd42442021-12-20 16:03:38.425root 11241100x8000000000000000783530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761fde1fdf96f0c02021-12-20 16:03:38.425root 11241100x8000000000000000783531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdd539582a3db482021-12-20 16:03:38.425root 11241100x8000000000000000783532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ecc8c1723326ec2021-12-20 16:03:38.425root 11241100x8000000000000000783533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10d8ae2c85634702021-12-20 16:03:38.924root 11241100x8000000000000000783534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e89c80b2a1e2e6f2021-12-20 16:03:38.924root 11241100x8000000000000000783535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5599ba4b0139f52021-12-20 16:03:38.924root 11241100x8000000000000000783536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9a90045cfd1da02021-12-20 16:03:38.924root 11241100x8000000000000000783537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6295a019d491f3122021-12-20 16:03:38.925root 11241100x8000000000000000783538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe919695a6af9732021-12-20 16:03:38.925root 11241100x8000000000000000783539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fbd43afe3265282021-12-20 16:03:38.925root 11241100x8000000000000000783540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687377e1b79d56542021-12-20 16:03:38.925root 11241100x8000000000000000783541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594e662df92b459e2021-12-20 16:03:38.925root 23542300x8000000000000000783542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000783543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5986756ac99e47f12021-12-20 16:03:39.424root 11241100x8000000000000000783544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a38c624a56b7ca2021-12-20 16:03:39.424root 11241100x8000000000000000783545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562b9db4e491b6332021-12-20 16:03:39.424root 11241100x8000000000000000783546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835544a77ab037112021-12-20 16:03:39.424root 11241100x8000000000000000783547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9163fd6e6897fbdc2021-12-20 16:03:39.424root 11241100x8000000000000000783548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952c2d637a8419a72021-12-20 16:03:39.424root 11241100x8000000000000000783549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b2deea1979a1392021-12-20 16:03:39.425root 11241100x8000000000000000783550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954d8bb7b33a6b202021-12-20 16:03:39.425root 11241100x8000000000000000783551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ee97be8e2637332021-12-20 16:03:39.425root 11241100x8000000000000000783552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8636556b94775762021-12-20 16:03:39.425root 11241100x8000000000000000783553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d77ba66b629e1e22021-12-20 16:03:39.924root 11241100x8000000000000000783554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb5464ed3850c292021-12-20 16:03:39.924root 11241100x8000000000000000783555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bd528c2d8872802021-12-20 16:03:39.924root 11241100x8000000000000000783556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454c53cabd8c0f542021-12-20 16:03:39.924root 11241100x8000000000000000783557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a3b1d0acc63ecc2021-12-20 16:03:39.924root 11241100x8000000000000000783558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cd6c558ef965b52021-12-20 16:03:39.924root 11241100x8000000000000000783559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991419f294d5c5f82021-12-20 16:03:39.925root 11241100x8000000000000000783560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce39130da070f5f92021-12-20 16:03:39.925root 11241100x8000000000000000783561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf99ad514c550b82021-12-20 16:03:39.925root 11241100x8000000000000000783562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e7e890d88a7b972021-12-20 16:03:39.925root 11241100x8000000000000000783563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c5d01f55eba7fd2021-12-20 16:03:40.424root 11241100x8000000000000000783564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c75e6b7a2c566222021-12-20 16:03:40.424root 11241100x8000000000000000783565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a162b4999337512021-12-20 16:03:40.424root 11241100x8000000000000000783566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475b692a7e9ac5892021-12-20 16:03:40.425root 11241100x8000000000000000783567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3400865217f4f52021-12-20 16:03:40.425root 11241100x8000000000000000783568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910cf5607570c99f2021-12-20 16:03:40.425root 11241100x8000000000000000783569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe19dfc86670580e2021-12-20 16:03:40.425root 11241100x8000000000000000783570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e703af9e5804c6ce2021-12-20 16:03:40.426root 11241100x8000000000000000783571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2d4b432b7b89bc2021-12-20 16:03:40.426root 11241100x8000000000000000783572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a070b6946f71c362021-12-20 16:03:40.426root 11241100x8000000000000000783573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262bad0be0fc8d662021-12-20 16:03:40.924root 11241100x8000000000000000783574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04310549ebc1d66a2021-12-20 16:03:40.924root 11241100x8000000000000000783575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caa06def2c18cc72021-12-20 16:03:40.925root 11241100x8000000000000000783576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3094f96870ca380f2021-12-20 16:03:40.925root 11241100x8000000000000000783577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c1712fcc7132462021-12-20 16:03:40.925root 11241100x8000000000000000783578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f381ea7f3fe0f08c2021-12-20 16:03:40.926root 11241100x8000000000000000783579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4f74fecfd134582021-12-20 16:03:40.926root 11241100x8000000000000000783580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa96ec0c4ec18a9e2021-12-20 16:03:40.926root 11241100x8000000000000000783581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f07bc79cc526b02021-12-20 16:03:40.926root 11241100x8000000000000000783582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5487247bd1e309972021-12-20 16:03:40.927root 354300x8000000000000000783583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.162{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51576-false10.0.1.12-8000- 11241100x8000000000000000783584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60afd7d5e853864f2021-12-20 16:03:41.424root 11241100x8000000000000000783585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ad321dfeefe2c82021-12-20 16:03:41.424root 11241100x8000000000000000783586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e4444103d64be62021-12-20 16:03:41.424root 11241100x8000000000000000783587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b46bd2b1d5e3ee82021-12-20 16:03:41.424root 11241100x8000000000000000783588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629622ae279235da2021-12-20 16:03:41.424root 11241100x8000000000000000783589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d833225970380d2021-12-20 16:03:41.425root 11241100x8000000000000000783590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7546fcd3cc2502532021-12-20 16:03:41.425root 11241100x8000000000000000783591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411622b610dd503a2021-12-20 16:03:41.425root 11241100x8000000000000000783592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b93a3be2eaaf342021-12-20 16:03:41.425root 11241100x8000000000000000783593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129055ac4082fefb2021-12-20 16:03:41.426root 11241100x8000000000000000783594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c15a4a286f1d712021-12-20 16:03:41.426root 11241100x8000000000000000783595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe5d3ca19f4c712021-12-20 16:03:41.924root 11241100x8000000000000000783596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841fc048dd4759a72021-12-20 16:03:41.924root 11241100x8000000000000000783597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab00afb515e716ac2021-12-20 16:03:41.924root 11241100x8000000000000000783598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f2ac31834d147e2021-12-20 16:03:41.924root 11241100x8000000000000000783599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832c2a90db52e9f92021-12-20 16:03:41.924root 11241100x8000000000000000783600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39c2023b9593a142021-12-20 16:03:41.925root 11241100x8000000000000000783601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01317c24e5ed13602021-12-20 16:03:41.925root 11241100x8000000000000000783602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a9d2d5df3281f02021-12-20 16:03:41.925root 11241100x8000000000000000783603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba228e67cc995e252021-12-20 16:03:41.925root 11241100x8000000000000000783604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9dd05fda479bc42021-12-20 16:03:41.925root 11241100x8000000000000000783605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617ae38e141f7992021-12-20 16:03:41.925root 11241100x8000000000000000783606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31bde7db85d70d22021-12-20 16:03:42.424root 11241100x8000000000000000783607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efd930f14e4826d2021-12-20 16:03:42.424root 11241100x8000000000000000783608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a71bfd2df091392021-12-20 16:03:42.425root 11241100x8000000000000000783609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20bdee95ff49eb02021-12-20 16:03:42.425root 11241100x8000000000000000783610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8323e54247852c2021-12-20 16:03:42.425root 11241100x8000000000000000783611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafe5c876f0659552021-12-20 16:03:42.425root 11241100x8000000000000000783612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab403342360f25ee2021-12-20 16:03:42.425root 11241100x8000000000000000783613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4707bb9dfd637c9b2021-12-20 16:03:42.425root 11241100x8000000000000000783614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d81c7ab6d48cfe02021-12-20 16:03:42.425root 11241100x8000000000000000783615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e2d49791aedc912021-12-20 16:03:42.425root 11241100x8000000000000000783616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79c55691a8e38d52021-12-20 16:03:42.426root 11241100x8000000000000000783617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6746cb5a7d3894cf2021-12-20 16:03:42.924root 11241100x8000000000000000783618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7933f83b5aeb522021-12-20 16:03:42.924root 11241100x8000000000000000783619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38931accf81d7492021-12-20 16:03:42.924root 11241100x8000000000000000783620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9da8115b483905a2021-12-20 16:03:42.925root 11241100x8000000000000000783621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42789ead560825042021-12-20 16:03:42.926root 11241100x8000000000000000783622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a456f26dd4c850e92021-12-20 16:03:42.926root 11241100x8000000000000000783623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d3cce7888ea31e2021-12-20 16:03:42.926root 11241100x8000000000000000783624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1968eae9cdb8e62021-12-20 16:03:42.926root 11241100x8000000000000000783625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5950cd2c3d9e4c512021-12-20 16:03:42.926root 11241100x8000000000000000783626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81842a1d691da19a2021-12-20 16:03:42.926root 11241100x8000000000000000783627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af291a263fefa6c72021-12-20 16:03:42.927root 11241100x8000000000000000783628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6aae6c4273b0d62021-12-20 16:03:43.424root 11241100x8000000000000000783629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d6b63faa5bfd732021-12-20 16:03:43.425root 11241100x8000000000000000783630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e6ffc0950ec5162021-12-20 16:03:43.425root 11241100x8000000000000000783631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b7889614866f6f2021-12-20 16:03:43.425root 11241100x8000000000000000783632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9f637ba7c125de2021-12-20 16:03:43.425root 11241100x8000000000000000783633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be93f12a8626bbfd2021-12-20 16:03:43.425root 11241100x8000000000000000783634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07440a84ec24b09a2021-12-20 16:03:43.425root 11241100x8000000000000000783635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856857a47dc3fc852021-12-20 16:03:43.426root 11241100x8000000000000000783636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2702ecf6e83b8d92021-12-20 16:03:43.426root 11241100x8000000000000000783637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73d5eb8d941cbb42021-12-20 16:03:43.426root 11241100x8000000000000000783638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8589d63d7ef755ae2021-12-20 16:03:43.426root 11241100x8000000000000000783639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020970d28122e8542021-12-20 16:03:43.924root 11241100x8000000000000000783640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec337dd8137a04d02021-12-20 16:03:43.924root 11241100x8000000000000000783641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4662907e48faf3b72021-12-20 16:03:43.924root 11241100x8000000000000000783642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d764c8c7442f0142021-12-20 16:03:43.924root 11241100x8000000000000000783643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3627c91bbc734b7c2021-12-20 16:03:43.924root 11241100x8000000000000000783644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada6cc4eac8ff0482021-12-20 16:03:43.924root 11241100x8000000000000000783645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fe92450cea2a9a2021-12-20 16:03:43.924root 11241100x8000000000000000783646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9763a626dd1678c82021-12-20 16:03:43.925root 11241100x8000000000000000783647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6051720b7d07d32c2021-12-20 16:03:43.925root 11241100x8000000000000000783648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a672807015a8dc9d2021-12-20 16:03:43.925root 11241100x8000000000000000783649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395fde283aa8e5c72021-12-20 16:03:43.925root 11241100x8000000000000000783650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce89ffa27686f3222021-12-20 16:03:44.424root 11241100x8000000000000000783651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbd13a498e73f452021-12-20 16:03:44.424root 11241100x8000000000000000783652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1452477e0dcdc5d02021-12-20 16:03:44.425root 11241100x8000000000000000783653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cb5200bfd067482021-12-20 16:03:44.425root 11241100x8000000000000000783654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb62cfff6d974692021-12-20 16:03:44.425root 11241100x8000000000000000783655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47148610d9b2bb42021-12-20 16:03:44.426root 11241100x8000000000000000783656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f228998335d4096f2021-12-20 16:03:44.426root 11241100x8000000000000000783657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9915c3cbc10d4a2021-12-20 16:03:44.426root 11241100x8000000000000000783658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd234a4836239d32021-12-20 16:03:44.427root 11241100x8000000000000000783659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfe71b91e43b2ce2021-12-20 16:03:44.427root 11241100x8000000000000000783660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8dd746bd55903e2021-12-20 16:03:44.427root 11241100x8000000000000000783661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b6c2a11559e33c2021-12-20 16:03:44.924root 11241100x8000000000000000783662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcefd5bdc23cb4b2021-12-20 16:03:44.924root 11241100x8000000000000000783663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f1c4df8fac32112021-12-20 16:03:44.924root 11241100x8000000000000000783664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689b78c5de31006c2021-12-20 16:03:44.924root 11241100x8000000000000000783665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42948e982d9e5b112021-12-20 16:03:44.924root 11241100x8000000000000000783666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97dba2e9fcf952f2021-12-20 16:03:44.925root 11241100x8000000000000000783667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533dc9ffd96126082021-12-20 16:03:44.925root 11241100x8000000000000000783668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76364a85422820ea2021-12-20 16:03:44.925root 11241100x8000000000000000783669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5ab5f8dde80e832021-12-20 16:03:44.925root 11241100x8000000000000000783670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7a5927f772e4b02021-12-20 16:03:44.925root 11241100x8000000000000000783671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cd6b3d13912b8a2021-12-20 16:03:44.925root 11241100x8000000000000000783672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9921904fda5b907f2021-12-20 16:03:45.424root 11241100x8000000000000000783673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57deb92be8dbd42f2021-12-20 16:03:45.424root 11241100x8000000000000000783674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09015a98a5a1e1172021-12-20 16:03:45.424root 11241100x8000000000000000783675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6075f4d4158da222021-12-20 16:03:45.424root 11241100x8000000000000000783676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c03af6670f017ca2021-12-20 16:03:45.424root 11241100x8000000000000000783677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5091c630844bc752021-12-20 16:03:45.424root 11241100x8000000000000000783678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca038a2cbbff7ea82021-12-20 16:03:45.424root 11241100x8000000000000000783679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bf55467c9107fc2021-12-20 16:03:45.425root 11241100x8000000000000000783680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819ff9c548db18ef2021-12-20 16:03:45.425root 11241100x8000000000000000783681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3884f9c060caea2021-12-20 16:03:45.425root 11241100x8000000000000000783682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663d30bf1d01789b2021-12-20 16:03:45.425root 11241100x8000000000000000783683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02f07cb9d541f502021-12-20 16:03:45.924root 11241100x8000000000000000783684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b394e94e05a2dbb22021-12-20 16:03:45.924root 11241100x8000000000000000783685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e6defc836dcd512021-12-20 16:03:45.925root 11241100x8000000000000000783686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2bc078862a14ca2021-12-20 16:03:45.925root 11241100x8000000000000000783687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d9e9f54d43a8632021-12-20 16:03:45.925root 11241100x8000000000000000783688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348ffe0c64de0f5e2021-12-20 16:03:45.925root 11241100x8000000000000000783689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bbdea6497280732021-12-20 16:03:45.926root 11241100x8000000000000000783690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59ec68ea29d46822021-12-20 16:03:45.926root 11241100x8000000000000000783691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504ddf566d62c83e2021-12-20 16:03:45.926root 11241100x8000000000000000783692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71de2f7b7180023e2021-12-20 16:03:45.927root 11241100x8000000000000000783693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:45.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e77a95f695311922021-12-20 16:03:45.927root 11241100x8000000000000000783694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027b7236f51ac6872021-12-20 16:03:46.424root 11241100x8000000000000000783695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2dc0b8a1c0c7842021-12-20 16:03:46.424root 11241100x8000000000000000783696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687558b9757f57072021-12-20 16:03:46.424root 11241100x8000000000000000783697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2cec562c8fe9712021-12-20 16:03:46.425root 11241100x8000000000000000783698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845d0959b52e1f1a2021-12-20 16:03:46.425root 11241100x8000000000000000783699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00de1a10e41bb5f42021-12-20 16:03:46.425root 11241100x8000000000000000783700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6169dd2dea2236ef2021-12-20 16:03:46.425root 11241100x8000000000000000783701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f668e34c4adaf3a2021-12-20 16:03:46.426root 11241100x8000000000000000783702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e9fd75d6c1fb702021-12-20 16:03:46.426root 11241100x8000000000000000783703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e6f6306b055f722021-12-20 16:03:46.426root 11241100x8000000000000000783704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966cf83e659353132021-12-20 16:03:46.426root 11241100x8000000000000000783705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06bf1ab6e2fe6cd2021-12-20 16:03:46.924root 11241100x8000000000000000783706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dfd19322bbeeca2021-12-20 16:03:46.924root 11241100x8000000000000000783707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd93f24bc92b8b3a2021-12-20 16:03:46.924root 11241100x8000000000000000783708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c4f71aee05236f2021-12-20 16:03:46.924root 11241100x8000000000000000783709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e29d515184c44052021-12-20 16:03:46.924root 11241100x8000000000000000783710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209eca41cd3543182021-12-20 16:03:46.924root 11241100x8000000000000000783711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fb23b0b2e8fa4e2021-12-20 16:03:46.924root 11241100x8000000000000000783712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acccc85a7996fe32021-12-20 16:03:46.925root 11241100x8000000000000000783713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb5785669a16cf52021-12-20 16:03:46.925root 11241100x8000000000000000783714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e2bcd5ddaf72892021-12-20 16:03:46.925root 11241100x8000000000000000783715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c78461236bfed92021-12-20 16:03:46.925root 354300x8000000000000000783716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.144{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51578-false10.0.1.12-8000- 11241100x8000000000000000783717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f41901f3ae613e02021-12-20 16:03:47.424root 11241100x8000000000000000783718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a45c060cc749c72021-12-20 16:03:47.424root 11241100x8000000000000000783719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a802a4b84d027ca42021-12-20 16:03:47.424root 11241100x8000000000000000783720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492d4c591fc767aa2021-12-20 16:03:47.424root 11241100x8000000000000000783721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0494606ed03d71c32021-12-20 16:03:47.424root 11241100x8000000000000000783722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c6807f583c5ae02021-12-20 16:03:47.424root 11241100x8000000000000000783723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821d474c49666c4d2021-12-20 16:03:47.424root 11241100x8000000000000000783724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9604f7526ec1a62021-12-20 16:03:47.425root 11241100x8000000000000000783725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a969022431b02282021-12-20 16:03:47.425root 11241100x8000000000000000783726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae5916af8f907fd2021-12-20 16:03:47.425root 11241100x8000000000000000783727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b7f46fb26b96a52021-12-20 16:03:47.425root 11241100x8000000000000000783728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e3b967d79b83472021-12-20 16:03:47.425root 11241100x8000000000000000783729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcf98a8446d84472021-12-20 16:03:47.924root 11241100x8000000000000000783730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b015a7461c5f392021-12-20 16:03:47.924root 11241100x8000000000000000783731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de3123679c39032021-12-20 16:03:47.924root 11241100x8000000000000000783732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9ad4fec23e8c382021-12-20 16:03:47.924root 11241100x8000000000000000783733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d025503a187afa172021-12-20 16:03:47.924root 11241100x8000000000000000783734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1a3a76652bfee52021-12-20 16:03:47.925root 11241100x8000000000000000783735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07515122d6c673a72021-12-20 16:03:47.925root 11241100x8000000000000000783736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ca8abd6d564d6f2021-12-20 16:03:47.925root 11241100x8000000000000000783737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddd6d9b12b89c672021-12-20 16:03:47.925root 11241100x8000000000000000783738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674657d3de74725b2021-12-20 16:03:47.925root 11241100x8000000000000000783739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaa44a9485ce1e72021-12-20 16:03:47.925root 11241100x8000000000000000783740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f0734aa25189d82021-12-20 16:03:47.925root 11241100x8000000000000000783741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d892c2e14afd39dd2021-12-20 16:03:48.424root 11241100x8000000000000000783742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158d5b5e4e3bfa1d2021-12-20 16:03:48.424root 11241100x8000000000000000783743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec79417d2cfe6ad2021-12-20 16:03:48.424root 11241100x8000000000000000783744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19453d988af458d2021-12-20 16:03:48.424root 11241100x8000000000000000783745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68f0b1e84f46c9a2021-12-20 16:03:48.424root 11241100x8000000000000000783746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08086a451120c72a2021-12-20 16:03:48.424root 11241100x8000000000000000783747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66de9af1354203402021-12-20 16:03:48.425root 11241100x8000000000000000783748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c4b0039f7d09c32021-12-20 16:03:48.425root 11241100x8000000000000000783749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522f5ee653e4058c2021-12-20 16:03:48.425root 11241100x8000000000000000783750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755b68c1a6ff89922021-12-20 16:03:48.425root 11241100x8000000000000000783751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f500d024ed7aa0072021-12-20 16:03:48.425root 11241100x8000000000000000783752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dbcd4cb2177d0a2021-12-20 16:03:48.425root 11241100x8000000000000000783753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8442d198d0d51daa2021-12-20 16:03:48.924root 11241100x8000000000000000783754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01834534fdd818752021-12-20 16:03:48.924root 11241100x8000000000000000783755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d47a634d69392b2021-12-20 16:03:48.925root 11241100x8000000000000000783756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075f95bfacd0cae02021-12-20 16:03:48.925root 11241100x8000000000000000783757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58c2911169f93b22021-12-20 16:03:48.925root 11241100x8000000000000000783758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e2386563447c562021-12-20 16:03:48.926root 11241100x8000000000000000783759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720943b419a0984a2021-12-20 16:03:48.926root 11241100x8000000000000000783760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7385e376ace38c2021-12-20 16:03:48.926root 11241100x8000000000000000783761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063573b1c38fb3c02021-12-20 16:03:48.926root 11241100x8000000000000000783762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66b7eeb590c7d7a2021-12-20 16:03:48.926root 11241100x8000000000000000783763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106f632239d7f3a62021-12-20 16:03:48.926root 11241100x8000000000000000783764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31c6c435f96877a2021-12-20 16:03:48.926root 11241100x8000000000000000783765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caa31f12cc427332021-12-20 16:03:49.424root 11241100x8000000000000000783766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49262d9ce1f59a0f2021-12-20 16:03:49.424root 11241100x8000000000000000783767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acd9d4d0d3d7f572021-12-20 16:03:49.424root 11241100x8000000000000000783768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b0201abf2afad52021-12-20 16:03:49.425root 11241100x8000000000000000783769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f003b9e252cdb852021-12-20 16:03:49.425root 11241100x8000000000000000783770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3097c12c8bd6d3b2021-12-20 16:03:49.425root 11241100x8000000000000000783771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536abb20e7501a862021-12-20 16:03:49.425root 11241100x8000000000000000783772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd09db876b8cb902021-12-20 16:03:49.425root 11241100x8000000000000000783773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f0206c76511e5a2021-12-20 16:03:49.425root 11241100x8000000000000000783774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a238796e551396892021-12-20 16:03:49.425root 11241100x8000000000000000783775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe8641a0378487b2021-12-20 16:03:49.426root 11241100x8000000000000000783776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed6a5fcd88460a72021-12-20 16:03:49.426root 11241100x8000000000000000783777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea88abadad0a99802021-12-20 16:03:49.924root 11241100x8000000000000000783778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e464521986dfed72021-12-20 16:03:49.924root 11241100x8000000000000000783779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167644788556f03b2021-12-20 16:03:49.924root 11241100x8000000000000000783780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dced5468ddccf852021-12-20 16:03:49.924root 11241100x8000000000000000783781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0dde14b3222efa2021-12-20 16:03:49.924root 11241100x8000000000000000783782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de2505ef4642c872021-12-20 16:03:49.925root 11241100x8000000000000000783783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065fb8a8ebba52e62021-12-20 16:03:49.925root 11241100x8000000000000000783784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833186950e6d7cb72021-12-20 16:03:49.925root 11241100x8000000000000000783785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b53145881d7c992021-12-20 16:03:49.925root 11241100x8000000000000000783786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ae71f1d2e1ad662021-12-20 16:03:49.925root 11241100x8000000000000000783787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5f8762eb3487432021-12-20 16:03:49.925root 11241100x8000000000000000783788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e0d1b46de2c9a32021-12-20 16:03:49.925root 11241100x8000000000000000783789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1754788f56cea22021-12-20 16:03:50.424root 11241100x8000000000000000783790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034cbc09bc18bfe82021-12-20 16:03:50.424root 11241100x8000000000000000783791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efd7dacba3b8b942021-12-20 16:03:50.424root 11241100x8000000000000000783792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d7a8e8923704782021-12-20 16:03:50.425root 11241100x8000000000000000783793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0420fdb6651f741a2021-12-20 16:03:50.425root 11241100x8000000000000000783794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5af2fe5a58d0e732021-12-20 16:03:50.425root 11241100x8000000000000000783795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ba9339aa8b61f52021-12-20 16:03:50.425root 11241100x8000000000000000783796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7a53a456c553332021-12-20 16:03:50.425root 11241100x8000000000000000783797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25949e03fc0497dc2021-12-20 16:03:50.425root 11241100x8000000000000000783798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfd36cc72d06f8e2021-12-20 16:03:50.425root 11241100x8000000000000000783799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295806453383b1062021-12-20 16:03:50.426root 11241100x8000000000000000783800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072fe975768041172021-12-20 16:03:50.426root 11241100x8000000000000000783801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43540a68ef328ae02021-12-20 16:03:50.924root 11241100x8000000000000000783802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ea88b1cff316812021-12-20 16:03:50.924root 11241100x8000000000000000783803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c201670f7d3504342021-12-20 16:03:50.925root 11241100x8000000000000000783804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631821f2e45007702021-12-20 16:03:50.925root 11241100x8000000000000000783805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284413eb6e8bac12021-12-20 16:03:50.925root 11241100x8000000000000000783806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b41ffac6859fcaf2021-12-20 16:03:50.925root 11241100x8000000000000000783807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6897baa6149a8b2021-12-20 16:03:50.926root 11241100x8000000000000000783808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0702cb85abbc33222021-12-20 16:03:50.926root 11241100x8000000000000000783809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd584df732b55572021-12-20 16:03:50.926root 11241100x8000000000000000783810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b3081b3046cb8a2021-12-20 16:03:50.926root 11241100x8000000000000000783811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34408c0d709351622021-12-20 16:03:50.926root 11241100x8000000000000000783812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd95a3b755c7bbe32021-12-20 16:03:50.926root 11241100x8000000000000000783813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45a65796c5420dd2021-12-20 16:03:51.424root 11241100x8000000000000000783814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094193430e34155e2021-12-20 16:03:51.424root 11241100x8000000000000000783815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fb66fb3fccc95d2021-12-20 16:03:51.425root 11241100x8000000000000000783816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e880b4ab743f53a2021-12-20 16:03:51.425root 11241100x8000000000000000783817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa1d26e5cd84df42021-12-20 16:03:51.425root 11241100x8000000000000000783818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e37e91984bedcf2021-12-20 16:03:51.425root 11241100x8000000000000000783819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841137d04cebf3a52021-12-20 16:03:51.425root 11241100x8000000000000000783820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3986b27760ec3a72021-12-20 16:03:51.425root 11241100x8000000000000000783821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e8f4e8f58d54f32021-12-20 16:03:51.425root 11241100x8000000000000000783822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7e59bac5cd36342021-12-20 16:03:51.426root 11241100x8000000000000000783823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4338d23323b84c82021-12-20 16:03:51.426root 11241100x8000000000000000783824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a86e077ce8f13b92021-12-20 16:03:51.426root 11241100x8000000000000000783825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218201ecb9c4a60e2021-12-20 16:03:51.924root 11241100x8000000000000000783826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4bfd565c3b51632021-12-20 16:03:51.924root 11241100x8000000000000000783827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65acc748cbd3964a2021-12-20 16:03:51.924root 11241100x8000000000000000783828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4c51b5b84c89cf2021-12-20 16:03:51.924root 11241100x8000000000000000783829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4561fe7cad0f976c2021-12-20 16:03:51.924root 11241100x8000000000000000783830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643e564a6c1e9ba62021-12-20 16:03:51.924root 11241100x8000000000000000783831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5cb127b89811522021-12-20 16:03:51.924root 11241100x8000000000000000783832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6507cbe0c0bd11db2021-12-20 16:03:51.925root 11241100x8000000000000000783833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f7384d5e8ec4412021-12-20 16:03:51.925root 11241100x8000000000000000783834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8386232d13c7a812021-12-20 16:03:51.925root 11241100x8000000000000000783835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4da8c3436eae8d2021-12-20 16:03:51.925root 11241100x8000000000000000783836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781c84508a8b5a452021-12-20 16:03:51.925root 11241100x8000000000000000783837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b16dec2b9149bb92021-12-20 16:03:52.424root 11241100x8000000000000000783838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63369ca082e661fd2021-12-20 16:03:52.424root 11241100x8000000000000000783839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d8df64cc3399e22021-12-20 16:03:52.424root 11241100x8000000000000000783840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3561e4aaafbd7822021-12-20 16:03:52.424root 11241100x8000000000000000783841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f36f0b372186c172021-12-20 16:03:52.425root 11241100x8000000000000000783842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aa45e822df0e622021-12-20 16:03:52.425root 11241100x8000000000000000783843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9381638f735bb7f2021-12-20 16:03:52.425root 11241100x8000000000000000783844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d197be1dcf3ba502021-12-20 16:03:52.425root 11241100x8000000000000000783845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67abe500a1af68882021-12-20 16:03:52.425root 11241100x8000000000000000783846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d968e7f86c8d482021-12-20 16:03:52.425root 11241100x8000000000000000783847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d19c9c3daa9b6b2021-12-20 16:03:52.425root 11241100x8000000000000000783848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce13e7938e45e7572021-12-20 16:03:52.425root 11241100x8000000000000000783849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def260d59da303f82021-12-20 16:03:52.924root 11241100x8000000000000000783850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03c6a8e71ac31332021-12-20 16:03:52.924root 11241100x8000000000000000783851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d65f0a0ab4e4732021-12-20 16:03:52.924root 11241100x8000000000000000783852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b3d570317cd0d92021-12-20 16:03:52.924root 11241100x8000000000000000783853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ce42f68e0107e02021-12-20 16:03:52.924root 11241100x8000000000000000783854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47813921455a21162021-12-20 16:03:52.924root 11241100x8000000000000000783855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153cf400383572742021-12-20 16:03:52.924root 11241100x8000000000000000783856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dc983cb4e70a332021-12-20 16:03:52.925root 11241100x8000000000000000783857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eee6129169e123b2021-12-20 16:03:52.925root 11241100x8000000000000000783858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b613d1d88022822021-12-20 16:03:52.925root 11241100x8000000000000000783859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0ae5afc49ff0d82021-12-20 16:03:52.925root 11241100x8000000000000000783860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817174ed129eac2f2021-12-20 16:03:52.925root 354300x8000000000000000783861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.095{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51580-false10.0.1.12-8000- 11241100x8000000000000000783862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002f2a720d5618382021-12-20 16:03:53.424root 11241100x8000000000000000783863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6c561a5b9f30372021-12-20 16:03:53.424root 11241100x8000000000000000783864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80654b042df0f12c2021-12-20 16:03:53.424root 11241100x8000000000000000783865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81bdf97991145c42021-12-20 16:03:53.425root 11241100x8000000000000000783866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28712fba96eab2e2021-12-20 16:03:53.425root 11241100x8000000000000000783867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb0bff00270e8ce2021-12-20 16:03:53.425root 11241100x8000000000000000783868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c06ab449aa8570d2021-12-20 16:03:53.426root 11241100x8000000000000000783869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd54e0b37350d7192021-12-20 16:03:53.426root 11241100x8000000000000000783870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495677da50d213cc2021-12-20 16:03:53.426root 11241100x8000000000000000783871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50f43d98c8c23a02021-12-20 16:03:53.426root 11241100x8000000000000000783872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1592bb806804a7ec2021-12-20 16:03:53.426root 11241100x8000000000000000783873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463cf9cd42c142702021-12-20 16:03:53.426root 11241100x8000000000000000783874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb763b8a6851304d2021-12-20 16:03:53.426root 11241100x8000000000000000783875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d98afa4b57a9c22021-12-20 16:03:53.924root 11241100x8000000000000000783876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f91f2efd6392f22021-12-20 16:03:53.924root 11241100x8000000000000000783877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4ccb489c63b9c72021-12-20 16:03:53.924root 11241100x8000000000000000783878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0331007c3883bef2021-12-20 16:03:53.924root 11241100x8000000000000000783879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a9849212ee15b72021-12-20 16:03:53.924root 11241100x8000000000000000783880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0bb951a43cd7162021-12-20 16:03:53.924root 11241100x8000000000000000783881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d3ef29285293732021-12-20 16:03:53.925root 11241100x8000000000000000783882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b878bfb781e481b2021-12-20 16:03:53.925root 11241100x8000000000000000783883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d0a815623cce422021-12-20 16:03:53.925root 11241100x8000000000000000783884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eeef24a753732f62021-12-20 16:03:53.925root 11241100x8000000000000000783885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc87ceef83a461442021-12-20 16:03:53.925root 11241100x8000000000000000783886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5effa846578b9e552021-12-20 16:03:53.925root 11241100x8000000000000000783887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b23331f4a08ce12021-12-20 16:03:53.925root 11241100x8000000000000000783888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31d91755850bf572021-12-20 16:03:54.424root 11241100x8000000000000000783889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088b1d0c4b2f31d62021-12-20 16:03:54.424root 11241100x8000000000000000783890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a1a85b17e1521f2021-12-20 16:03:54.424root 11241100x8000000000000000783891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5766bced0fecf6f2021-12-20 16:03:54.424root 11241100x8000000000000000783892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2210caa1bc04182021-12-20 16:03:54.425root 11241100x8000000000000000783893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ff98b2e85db1e72021-12-20 16:03:54.425root 11241100x8000000000000000783894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8141c9c6c59213012021-12-20 16:03:54.425root 11241100x8000000000000000783895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b198a062ff8f9b012021-12-20 16:03:54.425root 11241100x8000000000000000783896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef335415388497f2021-12-20 16:03:54.425root 11241100x8000000000000000783897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40da1e926a4bfb2a2021-12-20 16:03:54.425root 11241100x8000000000000000783898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4d87a7103ee0ba2021-12-20 16:03:54.425root 11241100x8000000000000000783899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1a8325d81afd0a2021-12-20 16:03:54.425root 11241100x8000000000000000783900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b68299ca90e429b2021-12-20 16:03:54.425root 11241100x8000000000000000783901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc9fbcd98a938582021-12-20 16:03:54.924root 11241100x8000000000000000783902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4227af5f146a90db2021-12-20 16:03:54.924root 11241100x8000000000000000783903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ed0a522511f2e62021-12-20 16:03:54.924root 11241100x8000000000000000783904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c37d0eb553e1302021-12-20 16:03:54.924root 11241100x8000000000000000783905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e15614d309c37692021-12-20 16:03:54.924root 11241100x8000000000000000783906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053e936a5b730e442021-12-20 16:03:54.924root 11241100x8000000000000000783907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8683988173494dd72021-12-20 16:03:54.925root 11241100x8000000000000000783908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4aca8708a8b8e212021-12-20 16:03:54.925root 11241100x8000000000000000783909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bc2b0c2758d1792021-12-20 16:03:54.925root 11241100x8000000000000000783910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83e5e638f3fd2c82021-12-20 16:03:54.925root 11241100x8000000000000000783911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2772220a5f9956b42021-12-20 16:03:54.925root 11241100x8000000000000000783912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6745f524ed047b2021-12-20 16:03:54.925root 11241100x8000000000000000783913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae20fbc3d481229e2021-12-20 16:03:54.925root 11241100x8000000000000000783914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b32cefe198bed8d2021-12-20 16:03:55.424root 11241100x8000000000000000783915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea255bc3ce51627c2021-12-20 16:03:55.424root 11241100x8000000000000000783916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdaee3a47a853bc2021-12-20 16:03:55.424root 11241100x8000000000000000783917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cd38f56ce5c1122021-12-20 16:03:55.424root 11241100x8000000000000000783918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30a325a8f8828462021-12-20 16:03:55.424root 11241100x8000000000000000783919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf64a96aab81684b2021-12-20 16:03:55.425root 11241100x8000000000000000783920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2783ee76050fe762021-12-20 16:03:55.425root 11241100x8000000000000000783921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d8683b348d62482021-12-20 16:03:55.425root 11241100x8000000000000000783922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbaa0447b276d3a42021-12-20 16:03:55.425root 11241100x8000000000000000783923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2d6c4f67a565152021-12-20 16:03:55.425root 11241100x8000000000000000783924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2da257c64ce368f2021-12-20 16:03:55.425root 11241100x8000000000000000783925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10078f351f8561592021-12-20 16:03:55.425root 11241100x8000000000000000783926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177ab5c0d70eef7c2021-12-20 16:03:55.425root 11241100x8000000000000000783927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921bbcc312acbbeb2021-12-20 16:03:55.924root 11241100x8000000000000000783928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743600bdcc9ed52a2021-12-20 16:03:55.924root 11241100x8000000000000000783929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666964dc7281e8242021-12-20 16:03:55.924root 11241100x8000000000000000783930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418c15b847f2216c2021-12-20 16:03:55.924root 11241100x8000000000000000783931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489a1557fba52a712021-12-20 16:03:55.924root 11241100x8000000000000000783932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e00c5b539ec36572021-12-20 16:03:55.924root 11241100x8000000000000000783933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15369bae5f066c3f2021-12-20 16:03:55.925root 11241100x8000000000000000783934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cb83ec8f2016e62021-12-20 16:03:55.925root 11241100x8000000000000000783935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18916c732c239ea62021-12-20 16:03:55.925root 11241100x8000000000000000783936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db955f0e87afa91a2021-12-20 16:03:55.925root 11241100x8000000000000000783937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5779fb0961bdcfb2021-12-20 16:03:55.925root 11241100x8000000000000000783938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb1a57cd09b53992021-12-20 16:03:55.925root 11241100x8000000000000000783939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db95f5f107fa2152021-12-20 16:03:55.925root 11241100x8000000000000000783940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce338d848ca033d82021-12-20 16:03:56.424root 11241100x8000000000000000783941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b34feb069471f032021-12-20 16:03:56.424root 11241100x8000000000000000783942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e74f66e3abfbd42021-12-20 16:03:56.424root 11241100x8000000000000000783943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7faf1ac61f04302021-12-20 16:03:56.424root 11241100x8000000000000000783944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb2ac88570aaaac2021-12-20 16:03:56.424root 11241100x8000000000000000783945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2053f68f0d0e732021-12-20 16:03:56.424root 11241100x8000000000000000783946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26876cec003145492021-12-20 16:03:56.425root 11241100x8000000000000000783947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd04f0cebc192372021-12-20 16:03:56.425root 11241100x8000000000000000783948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497b9a0de3c4fa012021-12-20 16:03:56.425root 11241100x8000000000000000783949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c6209fa4cccfc82021-12-20 16:03:56.425root 11241100x8000000000000000783950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc33b8ff90900ed2021-12-20 16:03:56.425root 11241100x8000000000000000783951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e224f6badfe58212021-12-20 16:03:56.425root 11241100x8000000000000000783952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e345d4ef204cd2b2021-12-20 16:03:56.425root 11241100x8000000000000000783953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491db3e59b826d3d2021-12-20 16:03:56.924root 11241100x8000000000000000783954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32db021bc381ed422021-12-20 16:03:56.924root 11241100x8000000000000000783955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dc48b585aa9b0b2021-12-20 16:03:56.924root 11241100x8000000000000000783956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43a2e6867d968762021-12-20 16:03:56.924root 11241100x8000000000000000783957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33c4f24bc7628ba2021-12-20 16:03:56.924root 11241100x8000000000000000783958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a0d9819478cb632021-12-20 16:03:56.924root 11241100x8000000000000000783959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c42706a9fd2f1a2021-12-20 16:03:56.925root 11241100x8000000000000000783960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b854a8d941c9aec42021-12-20 16:03:56.925root 11241100x8000000000000000783961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbbafa273f8758f2021-12-20 16:03:56.925root 11241100x8000000000000000783962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62a80ec194a78372021-12-20 16:03:56.925root 11241100x8000000000000000783963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6b91cc56198aec2021-12-20 16:03:56.925root 11241100x8000000000000000783964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b617fc073dd08b2021-12-20 16:03:56.925root 11241100x8000000000000000783965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a79699c0fa0bed12021-12-20 16:03:56.925root 11241100x8000000000000000783966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4d147338e720992021-12-20 16:03:57.424root 11241100x8000000000000000783967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0830f49831751f02021-12-20 16:03:57.424root 11241100x8000000000000000783968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091031427a34d4662021-12-20 16:03:57.424root 11241100x8000000000000000783969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969cc668522cd7cd2021-12-20 16:03:57.424root 11241100x8000000000000000783970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b51f38e37dfa7e62021-12-20 16:03:57.424root 11241100x8000000000000000783971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a412373e4205f4c2021-12-20 16:03:57.424root 11241100x8000000000000000783972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e143f22c25796b532021-12-20 16:03:57.425root 11241100x8000000000000000783973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a361eabf86317f862021-12-20 16:03:57.425root 11241100x8000000000000000783974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930998cb4d8564322021-12-20 16:03:57.425root 11241100x8000000000000000783975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30e51e567e29b6d2021-12-20 16:03:57.425root 11241100x8000000000000000783976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7081667de40765dc2021-12-20 16:03:57.425root 11241100x8000000000000000783977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034ab7997ed772fd2021-12-20 16:03:57.425root 11241100x8000000000000000783978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14be411d22e4c6672021-12-20 16:03:57.425root 11241100x8000000000000000783979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01b0db28970975d2021-12-20 16:03:57.924root 11241100x8000000000000000783980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e07b12a99de4812021-12-20 16:03:57.924root 11241100x8000000000000000783981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98faa1f12df4af7c2021-12-20 16:03:57.924root 11241100x8000000000000000783982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e28c13b1c27bea2021-12-20 16:03:57.925root 11241100x8000000000000000783983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3783136b2ac15f22021-12-20 16:03:57.925root 11241100x8000000000000000783984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a6600fe85f73512021-12-20 16:03:57.925root 11241100x8000000000000000783985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e894fd1b83a65a1d2021-12-20 16:03:57.925root 11241100x8000000000000000783986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91beac42166565a2021-12-20 16:03:57.925root 11241100x8000000000000000783987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004324cc30c586442021-12-20 16:03:57.925root 11241100x8000000000000000783988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c044fb9a00e1e4a2021-12-20 16:03:57.925root 11241100x8000000000000000783989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a84c995afc63f6c2021-12-20 16:03:57.925root 11241100x8000000000000000783990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c80f8bb1203269a2021-12-20 16:03:57.925root 11241100x8000000000000000783991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba65f5a31bde080c2021-12-20 16:03:57.926root 11241100x8000000000000000783992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0729af890d03990f2021-12-20 16:03:58.424root 11241100x8000000000000000783993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b52525f0d96b1e2021-12-20 16:03:58.424root 11241100x8000000000000000783994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591894226769c88e2021-12-20 16:03:58.425root 11241100x8000000000000000783995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cad67e7eaf3f1152021-12-20 16:03:58.425root 11241100x8000000000000000783996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036b3a874b4d3da02021-12-20 16:03:58.425root 11241100x8000000000000000783997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0f38e6d2ae5c8e2021-12-20 16:03:58.425root 11241100x8000000000000000783998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aca23774d1f5ffc2021-12-20 16:03:58.425root 11241100x8000000000000000783999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2706efc4b63adefc2021-12-20 16:03:58.425root 11241100x8000000000000000784000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9633bc9e259ccd762021-12-20 16:03:58.426root 11241100x8000000000000000784001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e4d7bbe1e007d42021-12-20 16:03:58.426root 11241100x8000000000000000784002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889016f71955bb0f2021-12-20 16:03:58.426root 11241100x8000000000000000784003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344da0678538b5f52021-12-20 16:03:58.426root 11241100x8000000000000000784004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0d07cd482e2ce02021-12-20 16:03:58.426root 11241100x8000000000000000784005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f164ccd2a9865b92021-12-20 16:03:58.924root 11241100x8000000000000000784006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62899b95b45b1a342021-12-20 16:03:58.924root 11241100x8000000000000000784007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ae93a7c3741ad72021-12-20 16:03:58.924root 11241100x8000000000000000784008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97712ab5284459b2021-12-20 16:03:58.924root 11241100x8000000000000000784009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba61bea8d6b232c2021-12-20 16:03:58.925root 11241100x8000000000000000784010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0cbbea592821d92021-12-20 16:03:58.925root 11241100x8000000000000000784011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cf8a7ab2139e722021-12-20 16:03:58.925root 11241100x8000000000000000784012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1ae7cf7851da412021-12-20 16:03:58.925root 11241100x8000000000000000784013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd4c9e91d336a652021-12-20 16:03:58.925root 11241100x8000000000000000784014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bcb97c810814202021-12-20 16:03:58.925root 11241100x8000000000000000784015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ff30a5a69982962021-12-20 16:03:58.925root 11241100x8000000000000000784016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce12b602c95024bd2021-12-20 16:03:58.926root 11241100x8000000000000000784017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d36662ec2fff2cb2021-12-20 16:03:58.926root 354300x8000000000000000784018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.058{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51582-false10.0.1.12-8000- 11241100x8000000000000000784019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e22238f89f31192021-12-20 16:03:59.424root 11241100x8000000000000000784020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5426a40397acc52021-12-20 16:03:59.424root 11241100x8000000000000000784021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1062e4cf2038d22021-12-20 16:03:59.425root 11241100x8000000000000000784022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b77ae0f84f2c812021-12-20 16:03:59.425root 11241100x8000000000000000784023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a4e0a29a4dd4022021-12-20 16:03:59.425root 11241100x8000000000000000784024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0901c46390b1e3fd2021-12-20 16:03:59.425root 11241100x8000000000000000784025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379ac28d2b3229db2021-12-20 16:03:59.425root 11241100x8000000000000000784026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052e53138caef4a42021-12-20 16:03:59.426root 11241100x8000000000000000784027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d027c9b56e0acc2021-12-20 16:03:59.426root 11241100x8000000000000000784028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119d0423770afe3b2021-12-20 16:03:59.427root 11241100x8000000000000000784029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c59a6231274d0f2021-12-20 16:03:59.427root 11241100x8000000000000000784030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712708c00bfa1b262021-12-20 16:03:59.427root 11241100x8000000000000000784031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc33641ced7c6c72021-12-20 16:03:59.427root 11241100x8000000000000000784032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca3c229b7b6cd652021-12-20 16:03:59.427root 11241100x8000000000000000784033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232c5e471c8758652021-12-20 16:03:59.924root 11241100x8000000000000000784034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4288c98738ccb6952021-12-20 16:03:59.924root 11241100x8000000000000000784035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2f6ebd5fc38a8f2021-12-20 16:03:59.924root 11241100x8000000000000000784036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78eb26dc17d21132021-12-20 16:03:59.924root 11241100x8000000000000000784037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d852bcc642f3b592021-12-20 16:03:59.925root 11241100x8000000000000000784038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534e608d00504a352021-12-20 16:03:59.925root 11241100x8000000000000000784039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542bbc33317dec0f2021-12-20 16:03:59.925root 11241100x8000000000000000784040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3be8da6cd53b6de2021-12-20 16:03:59.925root 11241100x8000000000000000784041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa97d12d5d295bdd2021-12-20 16:03:59.925root 11241100x8000000000000000784042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa54091127ffe182021-12-20 16:03:59.926root 11241100x8000000000000000784043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7a76f464290afc2021-12-20 16:03:59.926root 11241100x8000000000000000784044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7631b10f5884ccef2021-12-20 16:03:59.926root 11241100x8000000000000000784045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd3caa3980681c12021-12-20 16:03:59.926root 11241100x8000000000000000784046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e97866c428bd562021-12-20 16:03:59.927root 11241100x8000000000000000784047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:03:59.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae12cd4279ced9b12021-12-20 16:03:59.927root 11241100x8000000000000000784048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fa41a6a711c1ab2021-12-20 16:04:00.424root 11241100x8000000000000000784049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94926a2c463ddd3b2021-12-20 16:04:00.424root 11241100x8000000000000000784050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9db23fcb07ce842021-12-20 16:04:00.425root 11241100x8000000000000000784051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360380ef81789bca2021-12-20 16:04:00.425root 11241100x8000000000000000784052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c32e37f459c3732021-12-20 16:04:00.425root 11241100x8000000000000000784053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ca564f88ddc7212021-12-20 16:04:00.425root 11241100x8000000000000000784054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fcb11d2ffda7652021-12-20 16:04:00.425root 11241100x8000000000000000784055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd3c30c28b630672021-12-20 16:04:00.425root 11241100x8000000000000000784056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd28f1e01ec30c1e2021-12-20 16:04:00.426root 11241100x8000000000000000784057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f641b46ad7f4643f2021-12-20 16:04:00.426root 11241100x8000000000000000784058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc65d3ea2bd5504f2021-12-20 16:04:00.426root 11241100x8000000000000000784059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85419f40f7393d6f2021-12-20 16:04:00.426root 11241100x8000000000000000784060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f950a919670a3a2021-12-20 16:04:00.426root 11241100x8000000000000000784061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c11e6a32f503b6c2021-12-20 16:04:00.426root 11241100x8000000000000000784062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afb37fbbd57de6b2021-12-20 16:04:00.924root 11241100x8000000000000000784063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca4fc8077a837fb2021-12-20 16:04:00.924root 11241100x8000000000000000784064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16dea4b1bf6d3052021-12-20 16:04:00.924root 11241100x8000000000000000784065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa317c24ba28bd22021-12-20 16:04:00.924root 11241100x8000000000000000784066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b738bb14a2dd48f22021-12-20 16:04:00.924root 11241100x8000000000000000784067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1550a3f1263a7f032021-12-20 16:04:00.925root 11241100x8000000000000000784068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c23bd251aa676132021-12-20 16:04:00.925root 11241100x8000000000000000784069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc9da5888ef502b2021-12-20 16:04:00.925root 11241100x8000000000000000784070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1213241115f60fd2021-12-20 16:04:00.925root 11241100x8000000000000000784071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f41bd159a11f212021-12-20 16:04:00.925root 11241100x8000000000000000784072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394c4c81e4d5ffd32021-12-20 16:04:00.925root 11241100x8000000000000000784073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6deee73a13eb0e2021-12-20 16:04:00.925root 11241100x8000000000000000784074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcd97ef9118fb982021-12-20 16:04:00.925root 11241100x8000000000000000784075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5f4a71b6c462312021-12-20 16:04:00.925root 11241100x8000000000000000784076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36abef2bbc4cdfbb2021-12-20 16:04:01.424root 11241100x8000000000000000784077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a0b95deceab04e2021-12-20 16:04:01.424root 11241100x8000000000000000784078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974bb1c12d2e05462021-12-20 16:04:01.424root 11241100x8000000000000000784079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd83c5c923fca212021-12-20 16:04:01.425root 11241100x8000000000000000784080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afba549a6d4b1f282021-12-20 16:04:01.425root 11241100x8000000000000000784081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4414fd7eb33188f2021-12-20 16:04:01.425root 11241100x8000000000000000784082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2e02ff3ff110e32021-12-20 16:04:01.425root 11241100x8000000000000000784083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fd4efc42beda412021-12-20 16:04:01.425root 11241100x8000000000000000784084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb98b37cf1415622021-12-20 16:04:01.425root 11241100x8000000000000000784085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a436d7f8f9f6852021-12-20 16:04:01.425root 11241100x8000000000000000784086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46b7740879bc4b82021-12-20 16:04:01.425root 11241100x8000000000000000784087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7985d1760e77cf4c2021-12-20 16:04:01.425root 11241100x8000000000000000784088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab8f5e97a24c7aa2021-12-20 16:04:01.425root 11241100x8000000000000000784089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bcce2afc727a522021-12-20 16:04:01.426root 11241100x8000000000000000784090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad842460989b3432021-12-20 16:04:01.924root 11241100x8000000000000000784091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bf8ee7ddf0d7ab2021-12-20 16:04:01.924root 11241100x8000000000000000784092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b933c3c807cac8082021-12-20 16:04:01.924root 11241100x8000000000000000784093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6589f23fb5d54b52021-12-20 16:04:01.924root 11241100x8000000000000000784094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b56ecf2b9cd6c3b2021-12-20 16:04:01.925root 11241100x8000000000000000784095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81a5b28076afaf12021-12-20 16:04:01.925root 11241100x8000000000000000784096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756ad4360d3aac912021-12-20 16:04:01.925root 11241100x8000000000000000784097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31ca60b6ed41a792021-12-20 16:04:01.925root 11241100x8000000000000000784098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f4ac8a68b690b02021-12-20 16:04:01.925root 11241100x8000000000000000784099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cbd2417101ef0a2021-12-20 16:04:01.925root 11241100x8000000000000000784100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4036fff9348de8be2021-12-20 16:04:01.925root 11241100x8000000000000000784101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658be301d7fcbc8a2021-12-20 16:04:01.926root 11241100x8000000000000000784102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f08a4c16207ee72021-12-20 16:04:01.926root 11241100x8000000000000000784103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261aa5b7f8fdbfd22021-12-20 16:04:01.926root 11241100x8000000000000000784104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5af89011a496942021-12-20 16:04:02.424root 11241100x8000000000000000784105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1409e150bd28a2ec2021-12-20 16:04:02.424root 11241100x8000000000000000784106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcc93599019870d2021-12-20 16:04:02.424root 11241100x8000000000000000784107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc5126256837bb12021-12-20 16:04:02.425root 11241100x8000000000000000784108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71ebea29b9f50572021-12-20 16:04:02.425root 11241100x8000000000000000784109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc01e8755990aa82021-12-20 16:04:02.425root 11241100x8000000000000000784110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef7907e178603bb2021-12-20 16:04:02.425root 11241100x8000000000000000784111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1720f8a8f1ef4c2021-12-20 16:04:02.425root 11241100x8000000000000000784112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dc1c3571902e672021-12-20 16:04:02.425root 11241100x8000000000000000784113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856a1040b89d1a792021-12-20 16:04:02.425root 11241100x8000000000000000784114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b35f66e77680502021-12-20 16:04:02.425root 11241100x8000000000000000784115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8352e7de6105062021-12-20 16:04:02.425root 11241100x8000000000000000784116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff3ac8148ed93be2021-12-20 16:04:02.425root 11241100x8000000000000000784117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab8c621e3f875d12021-12-20 16:04:02.425root 11241100x8000000000000000784118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f24934076cfb0372021-12-20 16:04:02.924root 11241100x8000000000000000784119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4b09cbc2a9b5382021-12-20 16:04:02.924root 11241100x8000000000000000784120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49ed61f209969512021-12-20 16:04:02.925root 11241100x8000000000000000784121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a5649a03642aff2021-12-20 16:04:02.925root 11241100x8000000000000000784122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6325b9c3586140a2021-12-20 16:04:02.925root 11241100x8000000000000000784123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12df14414ff95de2021-12-20 16:04:02.925root 11241100x8000000000000000784124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb20cfd20cf800af2021-12-20 16:04:02.925root 11241100x8000000000000000784125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d4f5f044226bbe2021-12-20 16:04:02.925root 11241100x8000000000000000784126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0bd82a916f34642021-12-20 16:04:02.926root 11241100x8000000000000000784127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38c474f4a6e91c82021-12-20 16:04:02.926root 11241100x8000000000000000784128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffb1e8f2e1764c82021-12-20 16:04:02.926root 11241100x8000000000000000784129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdd0c5eb686826d2021-12-20 16:04:02.926root 11241100x8000000000000000784130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aaeb4ce9dcd9c12021-12-20 16:04:02.926root 11241100x8000000000000000784131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:02.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba0e946eb3715562021-12-20 16:04:02.926root 534500x8000000000000000784132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.226{ec2c97d1-67ad-61c0-c8ca-1059e4550000}459/lib/systemd/systemd-journaldroot 11241100x8000000000000000784133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53879669b60801b2021-12-20 16:04:03.227root 11241100x8000000000000000784134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3711710360ed7e4e2021-12-20 16:04:03.228root 11241100x8000000000000000784135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeb1329301519bc2021-12-20 16:04:03.228root 11241100x8000000000000000784136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45f53c715b652d02021-12-20 16:04:03.228root 11241100x8000000000000000784137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17870602b6cf20c2021-12-20 16:04:03.228root 11241100x8000000000000000784138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74836a8b48ba19242021-12-20 16:04:03.228root 11241100x8000000000000000784139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634c6cbd0d6daa602021-12-20 16:04:03.228root 11241100x8000000000000000784140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a84e9682a9543a2021-12-20 16:04:03.229root 11241100x8000000000000000784141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc2a709c1f487172021-12-20 16:04:03.229root 11241100x8000000000000000784142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212b308133a851f52021-12-20 16:04:03.229root 11241100x8000000000000000784143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.230{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cb22202afa49fa2021-12-20 16:04:03.230root 11241100x8000000000000000784144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.230{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0074909d017ec9402021-12-20 16:04:03.230root 11241100x8000000000000000784145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.230{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0729384d0cd3d0d92021-12-20 16:04:03.230root 11241100x8000000000000000784146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.231{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545facc05eb1a18c2021-12-20 16:04:03.231root 11241100x8000000000000000784147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2926dc07527b19792021-12-20 16:04:03.674root 11241100x8000000000000000784148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9901a468c17a82b22021-12-20 16:04:03.674root 11241100x8000000000000000784149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e127f9028ee46f72021-12-20 16:04:03.674root 11241100x8000000000000000784150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e5eb7c475353f22021-12-20 16:04:03.674root 11241100x8000000000000000784151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495e101c46c311302021-12-20 16:04:03.674root 11241100x8000000000000000784152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5d060e3facfa4a2021-12-20 16:04:03.674root 11241100x8000000000000000784153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce1635398479c1d2021-12-20 16:04:03.674root 11241100x8000000000000000784154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7946ad2f502e545f2021-12-20 16:04:03.674root 11241100x8000000000000000784155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b30bba563a7f2a72021-12-20 16:04:03.675root 11241100x8000000000000000784156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c1856b9fbdcfd22021-12-20 16:04:03.675root 11241100x8000000000000000784157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43da4aee25d6d1a12021-12-20 16:04:03.675root 11241100x8000000000000000784158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913bdd9ea6826f092021-12-20 16:04:03.675root 11241100x8000000000000000784159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da99a0da1d3ad42f2021-12-20 16:04:03.675root 11241100x8000000000000000784160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959efc861e9f97842021-12-20 16:04:03.675root 11241100x8000000000000000784161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895cca6865d05b0a2021-12-20 16:04:03.675root 11241100x8000000000000000784162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7170e1562ffd04052021-12-20 16:04:04.174root 11241100x8000000000000000784163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cece61b18920d5f32021-12-20 16:04:04.174root 11241100x8000000000000000784164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862de4cfb59fbb6e2021-12-20 16:04:04.174root 11241100x8000000000000000784165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd32888d44522542021-12-20 16:04:04.174root 11241100x8000000000000000784166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2215e756f05c75ac2021-12-20 16:04:04.175root 11241100x8000000000000000784167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bcee904a6bc49c2021-12-20 16:04:04.175root 11241100x8000000000000000784168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83d36b4001602c22021-12-20 16:04:04.175root 11241100x8000000000000000784169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb42482fc55682b2021-12-20 16:04:04.175root 11241100x8000000000000000784170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d72025bb0ef6672021-12-20 16:04:04.175root 11241100x8000000000000000784171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1880e6e78a4254cf2021-12-20 16:04:04.175root 11241100x8000000000000000784172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091bafa327c002b02021-12-20 16:04:04.175root 11241100x8000000000000000784173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230e24672c3673c02021-12-20 16:04:04.175root 11241100x8000000000000000784174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787a97c3c584f8382021-12-20 16:04:04.176root 11241100x8000000000000000784175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721289ca6eb5a9452021-12-20 16:04:04.176root 11241100x8000000000000000784176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1df7b509d58a7c82021-12-20 16:04:04.177root 11241100x8000000000000000784177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdcf7a0d2a23caf2021-12-20 16:04:04.674root 11241100x8000000000000000784178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f957c1b47f009232021-12-20 16:04:04.674root 11241100x8000000000000000784179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10836b22fd47ff2d2021-12-20 16:04:04.674root 11241100x8000000000000000784180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a8089bb8c3876b2021-12-20 16:04:04.674root 11241100x8000000000000000784181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2193a2fee1de7552021-12-20 16:04:04.674root 11241100x8000000000000000784182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19d72fbf397d6d02021-12-20 16:04:04.675root 11241100x8000000000000000784183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa67da192e9ce922021-12-20 16:04:04.675root 11241100x8000000000000000784184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b394a565d6603c562021-12-20 16:04:04.675root 11241100x8000000000000000784185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5e8f340eb67cad2021-12-20 16:04:04.675root 11241100x8000000000000000784186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460453c14b71849e2021-12-20 16:04:04.675root 11241100x8000000000000000784187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877fbde390ec91632021-12-20 16:04:04.675root 11241100x8000000000000000784188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fff4e60b9339d692021-12-20 16:04:04.675root 11241100x8000000000000000784189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7278f1e2f0506a162021-12-20 16:04:04.675root 11241100x8000000000000000784190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9051b9c87916342021-12-20 16:04:04.675root 11241100x8000000000000000784191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d50f2f2b467be6e2021-12-20 16:04:04.675root 354300x8000000000000000784192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.041{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51584-false10.0.1.12-8000- 11241100x8000000000000000784193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550421bae0b3abd62021-12-20 16:04:05.042root 11241100x8000000000000000784194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fda70c4888381e2021-12-20 16:04:05.042root 11241100x8000000000000000784195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.042{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72da98fb0956339e2021-12-20 16:04:05.042root 11241100x8000000000000000784196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949f46368759af4f2021-12-20 16:04:05.043root 11241100x8000000000000000784197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3864b01f7bb09ac22021-12-20 16:04:05.043root 11241100x8000000000000000784198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941d5bee37f2d0a72021-12-20 16:04:05.043root 11241100x8000000000000000784199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4350748a763f96762021-12-20 16:04:05.043root 11241100x8000000000000000784200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.043{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b6b61c21a71f6b2021-12-20 16:04:05.043root 11241100x8000000000000000784201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079dca5c63146c0c2021-12-20 16:04:05.044root 11241100x8000000000000000784202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af303a2cc93e40342021-12-20 16:04:05.044root 11241100x8000000000000000784203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f701eee195e81c2021-12-20 16:04:05.044root 11241100x8000000000000000784204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1060f9a8213868e62021-12-20 16:04:05.044root 11241100x8000000000000000784205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babd006687152e4a2021-12-20 16:04:05.044root 11241100x8000000000000000784206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.044{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d6f0fdfedb851f2021-12-20 16:04:05.044root 11241100x8000000000000000784207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a87dd1d1519d0052021-12-20 16:04:05.045root 11241100x8000000000000000784208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e3e92946ec27c02021-12-20 16:04:05.045root 11241100x8000000000000000784209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.045{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd05334cd50180942021-12-20 16:04:05.045root 11241100x8000000000000000784210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ee93d753ddc1712021-12-20 16:04:05.424root 11241100x8000000000000000784211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376489d87ce7100a2021-12-20 16:04:05.424root 11241100x8000000000000000784212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015432f78ae903352021-12-20 16:04:05.424root 11241100x8000000000000000784213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ecabefb412d47d2021-12-20 16:04:05.425root 11241100x8000000000000000784214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6671767ed3e667e2021-12-20 16:04:05.425root 11241100x8000000000000000784215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f968d891d203922021-12-20 16:04:05.425root 11241100x8000000000000000784216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fdbe0918a3fd772021-12-20 16:04:05.425root 11241100x8000000000000000784217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116dd8cb11cde4452021-12-20 16:04:05.425root 11241100x8000000000000000784218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6133dc026e1f772021-12-20 16:04:05.425root 11241100x8000000000000000784219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2673b942abd3b8c12021-12-20 16:04:05.425root 11241100x8000000000000000784220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e61e24e48c7b752021-12-20 16:04:05.425root 11241100x8000000000000000784221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1aa68b7ff01bca92021-12-20 16:04:05.426root 11241100x8000000000000000784222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1677d6a121c2390c2021-12-20 16:04:05.426root 11241100x8000000000000000784223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5593524e2baa052021-12-20 16:04:05.426root 11241100x8000000000000000784224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940d415e66c53d672021-12-20 16:04:05.426root 11241100x8000000000000000784225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648100fe562c10572021-12-20 16:04:05.426root 11241100x8000000000000000784226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a4d99a5e897c772021-12-20 16:04:05.924root 11241100x8000000000000000784227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189714d1c92ea3a92021-12-20 16:04:05.924root 11241100x8000000000000000784228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4b69f2a2e04a062021-12-20 16:04:05.924root 11241100x8000000000000000784229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f719999208e5f32021-12-20 16:04:05.924root 11241100x8000000000000000784230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879ee63c198851d42021-12-20 16:04:05.924root 11241100x8000000000000000784231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1ab310b191dc782021-12-20 16:04:05.924root 11241100x8000000000000000784232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bfda78cec410c62021-12-20 16:04:05.924root 11241100x8000000000000000784233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c29e2c69d5824082021-12-20 16:04:05.924root 11241100x8000000000000000784234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8b0d338a24e3402021-12-20 16:04:05.925root 11241100x8000000000000000784235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c81cfa70c56562021-12-20 16:04:05.925root 11241100x8000000000000000784236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7dc595533372a52021-12-20 16:04:05.925root 11241100x8000000000000000784237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e771093d0fe0fab2021-12-20 16:04:05.925root 11241100x8000000000000000784238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e3311a5a90bc8a2021-12-20 16:04:05.925root 11241100x8000000000000000784239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317ee264a4909e902021-12-20 16:04:05.925root 11241100x8000000000000000784240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf0f262da48f9822021-12-20 16:04:05.925root 11241100x8000000000000000784241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4117575b25f9f9ba2021-12-20 16:04:05.925root 11241100x8000000000000000784242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.066{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:04:06.066root 11241100x8000000000000000784243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189e28af7629372a2021-12-20 16:04:06.424root 11241100x8000000000000000784244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52edfc8598a082502021-12-20 16:04:06.424root 11241100x8000000000000000784245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaa92e553f8cd642021-12-20 16:04:06.424root 11241100x8000000000000000784246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8db772052baa6f2021-12-20 16:04:06.425root 11241100x8000000000000000784247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02600b38fed03a472021-12-20 16:04:06.425root 11241100x8000000000000000784248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4336b9a29787bf732021-12-20 16:04:06.425root 11241100x8000000000000000784249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebd3e78c00874fc2021-12-20 16:04:06.425root 11241100x8000000000000000784250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c549c280792932b32021-12-20 16:04:06.425root 11241100x8000000000000000784251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ed9fb8106d97052021-12-20 16:04:06.425root 11241100x8000000000000000784252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250bf7f172058aee2021-12-20 16:04:06.425root 11241100x8000000000000000784253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785a74e99af019692021-12-20 16:04:06.426root 11241100x8000000000000000784254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd173c7225e8bb772021-12-20 16:04:06.426root 11241100x8000000000000000784255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c603895800ef5a8a2021-12-20 16:04:06.426root 11241100x8000000000000000784256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7725d32681b1d982021-12-20 16:04:06.426root 11241100x8000000000000000784257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c991aca8785b0b692021-12-20 16:04:06.426root 11241100x8000000000000000784258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5daa25d7f09e5e32021-12-20 16:04:06.426root 11241100x8000000000000000784259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae080f43a0cf4892021-12-20 16:04:06.426root 11241100x8000000000000000784260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca65be696ad291362021-12-20 16:04:06.924root 11241100x8000000000000000784261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717a335ea351825f2021-12-20 16:04:06.924root 11241100x8000000000000000784262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf7bf2b01098b072021-12-20 16:04:06.924root 11241100x8000000000000000784263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c87b90c5b292bed2021-12-20 16:04:06.924root 11241100x8000000000000000784264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65269031e866c5c32021-12-20 16:04:06.924root 11241100x8000000000000000784265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2554746740b63c7b2021-12-20 16:04:06.924root 11241100x8000000000000000784266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743ab97f5bdc18022021-12-20 16:04:06.924root 11241100x8000000000000000784267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae8fa80144de6a42021-12-20 16:04:06.924root 11241100x8000000000000000784268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a58658023238fbf2021-12-20 16:04:06.924root 11241100x8000000000000000784269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f667f45f1b0403dc2021-12-20 16:04:06.925root 11241100x8000000000000000784270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceebcf25ba64f8f2021-12-20 16:04:06.925root 11241100x8000000000000000784271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad5c121abca6c2c2021-12-20 16:04:06.925root 11241100x8000000000000000784272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66775bce2b20746c2021-12-20 16:04:06.925root 11241100x8000000000000000784273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7efbad43902f6252021-12-20 16:04:06.925root 11241100x8000000000000000784274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2cdd0bf45d54122021-12-20 16:04:06.925root 11241100x8000000000000000784275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6403c0627f4b692021-12-20 16:04:06.925root 11241100x8000000000000000784276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4987394e1cef7dc2021-12-20 16:04:06.925root 11241100x8000000000000000784277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cdc2e091645bf02021-12-20 16:04:07.424root 11241100x8000000000000000784278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75960362f877a9732021-12-20 16:04:07.424root 11241100x8000000000000000784279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dd0a6613bfeeef2021-12-20 16:04:07.425root 11241100x8000000000000000784280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbd16705a60182b2021-12-20 16:04:07.425root 11241100x8000000000000000784281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e06f13456ecede2021-12-20 16:04:07.425root 11241100x8000000000000000784282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6262bcb6d466d152021-12-20 16:04:07.425root 11241100x8000000000000000784283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc243d78caf00dd2021-12-20 16:04:07.425root 11241100x8000000000000000784284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8949af912ff435c02021-12-20 16:04:07.426root 11241100x8000000000000000784285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb25efb16ea4050c2021-12-20 16:04:07.426root 11241100x8000000000000000784286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66d393d6fe3777d2021-12-20 16:04:07.426root 11241100x8000000000000000784287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029c5a90cbe85fe62021-12-20 16:04:07.426root 11241100x8000000000000000784288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5981ebcef69dbc6b2021-12-20 16:04:07.426root 11241100x8000000000000000784289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146b4013a04ee04a2021-12-20 16:04:07.426root 11241100x8000000000000000784290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deaf885ab3f73b92021-12-20 16:04:07.426root 11241100x8000000000000000784291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e083910bc72ec6a42021-12-20 16:04:07.426root 11241100x8000000000000000784292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07566f61907bdb5f2021-12-20 16:04:07.426root 11241100x8000000000000000784293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d53dfda9fa9492021-12-20 16:04:07.427root 11241100x8000000000000000784294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f414c378ceeb52ac2021-12-20 16:04:07.924root 11241100x8000000000000000784295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ec64a609464f952021-12-20 16:04:07.924root 11241100x8000000000000000784296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db063269c7005a52021-12-20 16:04:07.924root 11241100x8000000000000000784297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9b3a9e8066cd132021-12-20 16:04:07.924root 11241100x8000000000000000784298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205166726ced8a112021-12-20 16:04:07.924root 11241100x8000000000000000784299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03031ce8a3011ec2021-12-20 16:04:07.924root 11241100x8000000000000000784300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e420ccf35fba07be2021-12-20 16:04:07.925root 11241100x8000000000000000784301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb222a00683cdd12021-12-20 16:04:07.925root 11241100x8000000000000000784302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c986c972d090991b2021-12-20 16:04:07.925root 11241100x8000000000000000784303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5d31c8afe9c3332021-12-20 16:04:07.925root 11241100x8000000000000000784304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b660fbd920916f082021-12-20 16:04:07.925root 11241100x8000000000000000784305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f25aa89bb6e8d532021-12-20 16:04:07.925root 11241100x8000000000000000784306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9673b92916ebe72021-12-20 16:04:07.925root 11241100x8000000000000000784307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5dc04056b196b22021-12-20 16:04:07.925root 11241100x8000000000000000784308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6042a7bb4e94d0be2021-12-20 16:04:07.925root 11241100x8000000000000000784309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e53d6e01927f9c2021-12-20 16:04:07.925root 11241100x8000000000000000784310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36c773ac08f15d52021-12-20 16:04:07.925root 11241100x8000000000000000784311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334a6eaf8f1d276a2021-12-20 16:04:08.424root 11241100x8000000000000000784312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de2c15375d61d092021-12-20 16:04:08.424root 11241100x8000000000000000784313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6baf323f3726a82021-12-20 16:04:08.424root 11241100x8000000000000000784314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb56ae11f92524582021-12-20 16:04:08.424root 11241100x8000000000000000784315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7038dd6a2f873d942021-12-20 16:04:08.425root 11241100x8000000000000000784316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9942521499da77a2021-12-20 16:04:08.425root 11241100x8000000000000000784317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f795253a1776d882021-12-20 16:04:08.425root 11241100x8000000000000000784318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7907e57183916f7a2021-12-20 16:04:08.425root 11241100x8000000000000000784319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe68d54153d606012021-12-20 16:04:08.425root 11241100x8000000000000000784320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a14222c545766022021-12-20 16:04:08.425root 11241100x8000000000000000784321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813709daa952c7f32021-12-20 16:04:08.426root 11241100x8000000000000000784322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7254b2aa8659132021-12-20 16:04:08.426root 11241100x8000000000000000784323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6690f874a7c3de62021-12-20 16:04:08.426root 11241100x8000000000000000784324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c233a4d7df16d22021-12-20 16:04:08.426root 11241100x8000000000000000784325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46489f10a26d2442021-12-20 16:04:08.426root 11241100x8000000000000000784326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee56d72b277bca832021-12-20 16:04:08.426root 11241100x8000000000000000784327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b0dea7847daa952021-12-20 16:04:08.426root 11241100x8000000000000000784328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31ad28e93814c7f2021-12-20 16:04:08.924root 11241100x8000000000000000784329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2c8c3920da21fa2021-12-20 16:04:08.924root 11241100x8000000000000000784330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f2e1a3344862be2021-12-20 16:04:08.925root 11241100x8000000000000000784331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32a7771dce3e60a2021-12-20 16:04:08.925root 11241100x8000000000000000784332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61b1c655f4329cc2021-12-20 16:04:08.925root 11241100x8000000000000000784333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a69b744206000322021-12-20 16:04:08.925root 11241100x8000000000000000784334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3859e4055ce19f2021-12-20 16:04:08.925root 11241100x8000000000000000784335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cf0b1fe7f8a00a2021-12-20 16:04:08.925root 11241100x8000000000000000784336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f5ee5e119fde3d2021-12-20 16:04:08.925root 11241100x8000000000000000784337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557fb302903a9b552021-12-20 16:04:08.926root 11241100x8000000000000000784338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c9e0c835de6d512021-12-20 16:04:08.926root 11241100x8000000000000000784339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd83035b47e360f42021-12-20 16:04:08.926root 11241100x8000000000000000784340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdef9242398508172021-12-20 16:04:08.926root 11241100x8000000000000000784341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574931e8b6ec8b312021-12-20 16:04:08.926root 11241100x8000000000000000784342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d106330b7403f12021-12-20 16:04:08.926root 11241100x8000000000000000784343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05ebf059b19381f2021-12-20 16:04:08.927root 11241100x8000000000000000784344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf23d5ed50f83cf2021-12-20 16:04:08.927root 23542300x8000000000000000784345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000784346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e6ecadcd61439e2021-12-20 16:04:09.424root 11241100x8000000000000000784347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45127fb693cbae52021-12-20 16:04:09.424root 11241100x8000000000000000784348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f97801001e9db972021-12-20 16:04:09.424root 11241100x8000000000000000784349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb17695bf03ae772021-12-20 16:04:09.425root 11241100x8000000000000000784350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb350281ebc1d9c2021-12-20 16:04:09.425root 11241100x8000000000000000784351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f354173f97fbc04b2021-12-20 16:04:09.425root 11241100x8000000000000000784352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720a7d57142b93b52021-12-20 16:04:09.425root 11241100x8000000000000000784353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb50d0ac40591252021-12-20 16:04:09.426root 11241100x8000000000000000784354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5d765cf4d15c8f2021-12-20 16:04:09.426root 11241100x8000000000000000784355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba47f9ee1c630b02021-12-20 16:04:09.426root 11241100x8000000000000000784356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c193421b1b057ec2021-12-20 16:04:09.426root 11241100x8000000000000000784357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50153434b8ecef12021-12-20 16:04:09.426root 11241100x8000000000000000784358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea936b3f5162bbd22021-12-20 16:04:09.426root 11241100x8000000000000000784359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca284101cc4f01202021-12-20 16:04:09.427root 11241100x8000000000000000784360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d85dca904f8d2a22021-12-20 16:04:09.427root 11241100x8000000000000000784361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d906a13d8b923fb2021-12-20 16:04:09.428root 11241100x8000000000000000784362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc4d13bf22e3f022021-12-20 16:04:09.428root 11241100x8000000000000000784363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f489d0e6b36a1ca02021-12-20 16:04:09.428root 11241100x8000000000000000784364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558e2b868dbfc90b2021-12-20 16:04:09.428root 11241100x8000000000000000784365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6539b572205b83892021-12-20 16:04:09.924root 11241100x8000000000000000784366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb41f7be83d28f82021-12-20 16:04:09.924root 11241100x8000000000000000784367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8d5d4d60e71e052021-12-20 16:04:09.924root 11241100x8000000000000000784368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb8bd7fe651761b2021-12-20 16:04:09.925root 11241100x8000000000000000784369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceca82b5fcf03a72021-12-20 16:04:09.925root 11241100x8000000000000000784370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17416406b4eeb1732021-12-20 16:04:09.925root 11241100x8000000000000000784371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e718ecae5f1d23fe2021-12-20 16:04:09.925root 11241100x8000000000000000784372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82119813a66b734a2021-12-20 16:04:09.925root 11241100x8000000000000000784373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c2a41b45e8f4822021-12-20 16:04:09.925root 11241100x8000000000000000784374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2b078b184dc73a2021-12-20 16:04:09.926root 11241100x8000000000000000784375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087e3e7511d039372021-12-20 16:04:09.926root 11241100x8000000000000000784376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfeb447792371502021-12-20 16:04:09.926root 11241100x8000000000000000784377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6bd8884035f3382021-12-20 16:04:09.926root 11241100x8000000000000000784378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595c38fab82056b22021-12-20 16:04:09.926root 11241100x8000000000000000784379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949ccb27ef554d372021-12-20 16:04:09.926root 11241100x8000000000000000784380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85373ae9cdc4f152021-12-20 16:04:09.926root 11241100x8000000000000000784381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e2a01a7ad699462021-12-20 16:04:09.927root 11241100x8000000000000000784382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9522494a241e7412021-12-20 16:04:09.927root 354300x8000000000000000784383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.141{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51586-false10.0.1.12-8000- 11241100x8000000000000000784384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca66055b1617a882021-12-20 16:04:10.424root 11241100x8000000000000000784385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1364348de60ca7e2021-12-20 16:04:10.424root 11241100x8000000000000000784386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30aec37ea40c70bf2021-12-20 16:04:10.425root 11241100x8000000000000000784387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4dc8bed727aee2021-12-20 16:04:10.425root 11241100x8000000000000000784388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2761edb8d014815b2021-12-20 16:04:10.425root 11241100x8000000000000000784389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905717a018acb0082021-12-20 16:04:10.425root 11241100x8000000000000000784390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b892c9e940633a412021-12-20 16:04:10.426root 11241100x8000000000000000784391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8b7249873118912021-12-20 16:04:10.426root 11241100x8000000000000000784392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90a83de71f932852021-12-20 16:04:10.427root 11241100x8000000000000000784393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029dee276a0a77e12021-12-20 16:04:10.427root 11241100x8000000000000000784394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b70ff7f8c81afa2021-12-20 16:04:10.427root 11241100x8000000000000000784395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027dd2046c48aeaa2021-12-20 16:04:10.428root 11241100x8000000000000000784396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9c604346cc246c2021-12-20 16:04:10.428root 11241100x8000000000000000784397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c145b5aa37c1744f2021-12-20 16:04:10.428root 11241100x8000000000000000784398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32baaaae8e1f7c52021-12-20 16:04:10.428root 11241100x8000000000000000784399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c566cbd2dfb9bcf82021-12-20 16:04:10.429root 11241100x8000000000000000784400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb833850a449d9a72021-12-20 16:04:10.429root 11241100x8000000000000000784401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27487cb7bf814e002021-12-20 16:04:10.429root 11241100x8000000000000000784402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1805f80ac682eca72021-12-20 16:04:10.430root 11241100x8000000000000000784403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e875555346af20bb2021-12-20 16:04:10.924root 11241100x8000000000000000784404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22e8603e5ec69e92021-12-20 16:04:10.924root 11241100x8000000000000000784405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5fd44747840cc12021-12-20 16:04:10.924root 11241100x8000000000000000784406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8d910caf6922eb2021-12-20 16:04:10.924root 11241100x8000000000000000784407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e2eaf0d1aa48282021-12-20 16:04:10.925root 11241100x8000000000000000784408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383bf343819463482021-12-20 16:04:10.925root 11241100x8000000000000000784409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce35094279ed8322021-12-20 16:04:10.925root 11241100x8000000000000000784410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43ecd09148d08dd2021-12-20 16:04:10.925root 11241100x8000000000000000784411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59579873de1dcdc72021-12-20 16:04:10.925root 11241100x8000000000000000784412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26908932393a01412021-12-20 16:04:10.925root 11241100x8000000000000000784413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f55f476e2d74822021-12-20 16:04:10.925root 11241100x8000000000000000784414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70157c4ae78348372021-12-20 16:04:10.925root 11241100x8000000000000000784415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc38ceb965b35e422021-12-20 16:04:10.925root 11241100x8000000000000000784416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9200341abf9c542d2021-12-20 16:04:10.925root 11241100x8000000000000000784417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f7b74b4d574d9d2021-12-20 16:04:10.926root 11241100x8000000000000000784418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4683638ec1dbe50f2021-12-20 16:04:10.926root 11241100x8000000000000000784419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a64e5b5846fc372021-12-20 16:04:10.926root 11241100x8000000000000000784420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae822310945920482021-12-20 16:04:10.926root 11241100x8000000000000000784421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b568b0e88bbc562021-12-20 16:04:10.926root 11241100x8000000000000000784422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dc35d9d01f32712021-12-20 16:04:11.424root 11241100x8000000000000000784423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9592bedc6fea8012021-12-20 16:04:11.424root 11241100x8000000000000000784424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed5efafcf81abad2021-12-20 16:04:11.424root 11241100x8000000000000000784425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20ad2705055e7522021-12-20 16:04:11.425root 11241100x8000000000000000784426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91445b4d1c8e8d72021-12-20 16:04:11.425root 11241100x8000000000000000784427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2cc63065a4c7722021-12-20 16:04:11.426root 11241100x8000000000000000784428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57db0f9b328a3772021-12-20 16:04:11.426root 11241100x8000000000000000784429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e0ecc4ea2eee1a2021-12-20 16:04:11.426root 11241100x8000000000000000784430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4321db84c8a33292021-12-20 16:04:11.426root 11241100x8000000000000000784431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3bc8476572fc052021-12-20 16:04:11.426root 11241100x8000000000000000784432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b70c86de8954542021-12-20 16:04:11.427root 11241100x8000000000000000784433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6f4777444a2b4b2021-12-20 16:04:11.427root 11241100x8000000000000000784434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e37d85202547be2021-12-20 16:04:11.427root 11241100x8000000000000000784435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3567171581647e382021-12-20 16:04:11.428root 11241100x8000000000000000784436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc084edf3d0d6f5e2021-12-20 16:04:11.428root 11241100x8000000000000000784437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a5011d10d3cf882021-12-20 16:04:11.429root 11241100x8000000000000000784438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700694985fee19082021-12-20 16:04:11.429root 11241100x8000000000000000784439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2151dd5a1dca5c2021-12-20 16:04:11.429root 11241100x8000000000000000784440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f470cf97604dd9562021-12-20 16:04:11.429root 11241100x8000000000000000784441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772f98079839fb2d2021-12-20 16:04:11.924root 11241100x8000000000000000784442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1e97ae97665c822021-12-20 16:04:11.924root 11241100x8000000000000000784443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58854bb85bc22a0d2021-12-20 16:04:11.925root 11241100x8000000000000000784444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163d996b13387d5e2021-12-20 16:04:11.925root 11241100x8000000000000000784445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e796f418b158d2f92021-12-20 16:04:11.925root 11241100x8000000000000000784446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4455e48d5896812021-12-20 16:04:11.926root 11241100x8000000000000000784447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895c2a05c53783dc2021-12-20 16:04:11.926root 11241100x8000000000000000784448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52112470c35406e42021-12-20 16:04:11.926root 11241100x8000000000000000784449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e768a1f0aecf478b2021-12-20 16:04:11.926root 11241100x8000000000000000784450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba24c67383ff2512021-12-20 16:04:11.927root 11241100x8000000000000000784451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a0ab1cfb04f5192021-12-20 16:04:11.927root 11241100x8000000000000000784452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd65808088fe4232021-12-20 16:04:11.927root 11241100x8000000000000000784453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd51d7c9a365d322021-12-20 16:04:11.927root 11241100x8000000000000000784454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f36c82cbee52bb2021-12-20 16:04:11.927root 11241100x8000000000000000784455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1bfdbb811df2b22021-12-20 16:04:11.928root 11241100x8000000000000000784456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118f17835269563f2021-12-20 16:04:11.928root 11241100x8000000000000000784457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c112189a9b01b7c2021-12-20 16:04:11.928root 11241100x8000000000000000784458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be94cf717de409012021-12-20 16:04:11.929root 11241100x8000000000000000784459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:11.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90da054ee658a9c82021-12-20 16:04:11.929root 11241100x8000000000000000784460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539bf586085350c32021-12-20 16:04:12.424root 11241100x8000000000000000784461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e2f2a2118f28982021-12-20 16:04:12.424root 11241100x8000000000000000784462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579fe6c8963eeabd2021-12-20 16:04:12.424root 11241100x8000000000000000784463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f6e38df81cb1302021-12-20 16:04:12.425root 11241100x8000000000000000784464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c712f8812b161cee2021-12-20 16:04:12.425root 11241100x8000000000000000784465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccec8cf5bc9b8462021-12-20 16:04:12.425root 11241100x8000000000000000784466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9167f885ecf294ec2021-12-20 16:04:12.426root 11241100x8000000000000000784467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcfcc6efa44f1c62021-12-20 16:04:12.426root 11241100x8000000000000000784468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d89d43ddc96981e2021-12-20 16:04:12.426root 11241100x8000000000000000784469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5325fd94b8f7d6842021-12-20 16:04:12.427root 11241100x8000000000000000784470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d004c8f3366b8312021-12-20 16:04:12.427root 11241100x8000000000000000784471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa1dbdc28cc93f32021-12-20 16:04:12.427root 11241100x8000000000000000784472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101dc3aaf8118f832021-12-20 16:04:12.427root 11241100x8000000000000000784473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d26a40795a735d2021-12-20 16:04:12.428root 11241100x8000000000000000784474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15add4412cd2da32021-12-20 16:04:12.428root 11241100x8000000000000000784475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce45dc23bd5154e02021-12-20 16:04:12.428root 11241100x8000000000000000784476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b64f55e588f3f822021-12-20 16:04:12.428root 11241100x8000000000000000784477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdb6443b6621c5c2021-12-20 16:04:12.429root 11241100x8000000000000000784478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a486ef1103a214112021-12-20 16:04:12.429root 11241100x8000000000000000784479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192955f787c0ac332021-12-20 16:04:12.924root 11241100x8000000000000000784480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d8edf70ed75f012021-12-20 16:04:12.924root 11241100x8000000000000000784481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34160f39f39bf6a2021-12-20 16:04:12.924root 11241100x8000000000000000784482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d58056cf3b3b9dc2021-12-20 16:04:12.924root 11241100x8000000000000000784483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340c429b2ac472832021-12-20 16:04:12.924root 11241100x8000000000000000784484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8371961fd33ac42021-12-20 16:04:12.924root 11241100x8000000000000000784485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecde5acd5f2ea69f2021-12-20 16:04:12.925root 11241100x8000000000000000784486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e626c00271bd54a62021-12-20 16:04:12.925root 11241100x8000000000000000784487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c180ab2f0eb6ffd82021-12-20 16:04:12.925root 11241100x8000000000000000784488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c64555e8d20746f2021-12-20 16:04:12.925root 11241100x8000000000000000784489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e793e27456353fd2021-12-20 16:04:12.925root 11241100x8000000000000000784490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d60ece0699dc272021-12-20 16:04:12.925root 11241100x8000000000000000784491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a52142dc320e1c02021-12-20 16:04:12.925root 11241100x8000000000000000784492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe2cc1b249f68e92021-12-20 16:04:12.926root 11241100x8000000000000000784493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c6f16d5678c3f22021-12-20 16:04:12.926root 11241100x8000000000000000784494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfd28c4b9c117f32021-12-20 16:04:12.926root 11241100x8000000000000000784495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c98076077bb28962021-12-20 16:04:12.926root 11241100x8000000000000000784496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a507c6a71fe553812021-12-20 16:04:12.926root 11241100x8000000000000000784497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea95af898294673e2021-12-20 16:04:12.926root 11241100x8000000000000000784498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254110e754f539302021-12-20 16:04:13.424root 11241100x8000000000000000784499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b28a14801d06342021-12-20 16:04:13.424root 11241100x8000000000000000784500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42231be96f1968ea2021-12-20 16:04:13.424root 11241100x8000000000000000784501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0c4510258eb0172021-12-20 16:04:13.424root 11241100x8000000000000000784502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed8384283cc63be2021-12-20 16:04:13.424root 11241100x8000000000000000784503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36a6dfbf4e1631c2021-12-20 16:04:13.425root 11241100x8000000000000000784504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63262326e3fb8a6e2021-12-20 16:04:13.425root 11241100x8000000000000000784505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a430a314a58c2c42021-12-20 16:04:13.425root 11241100x8000000000000000784506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8a5b953cd0f7a72021-12-20 16:04:13.425root 11241100x8000000000000000784507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7270c8a56c103fa2021-12-20 16:04:13.425root 11241100x8000000000000000784508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5515f44d4777741b2021-12-20 16:04:13.425root 11241100x8000000000000000784509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54c434c0b0bdadd2021-12-20 16:04:13.425root 11241100x8000000000000000784510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c97e439d468e3e2021-12-20 16:04:13.425root 11241100x8000000000000000784511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99429985f45ea2f2021-12-20 16:04:13.425root 11241100x8000000000000000784512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5cec6087fcd4102021-12-20 16:04:13.425root 11241100x8000000000000000784513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176293fd1e73f8d62021-12-20 16:04:13.426root 11241100x8000000000000000784514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d5eb70ee74dabd2021-12-20 16:04:13.426root 11241100x8000000000000000784515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9882e076bd251c82021-12-20 16:04:13.426root 11241100x8000000000000000784516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5917a0e6eb64e06e2021-12-20 16:04:13.426root 11241100x8000000000000000784517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e75c5c786611522021-12-20 16:04:13.426root 11241100x8000000000000000784518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94731ff46437d0bd2021-12-20 16:04:13.426root 11241100x8000000000000000784519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63991b2ffc6f9192021-12-20 16:04:13.426root 11241100x8000000000000000784520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb3449e4473ac2c2021-12-20 16:04:13.426root 11241100x8000000000000000784521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a193c5101642fd2021-12-20 16:04:13.426root 11241100x8000000000000000784522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0234ea3f773ed822021-12-20 16:04:13.924root 11241100x8000000000000000784523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f079c63a5c6381e82021-12-20 16:04:13.924root 11241100x8000000000000000784524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532d50f7368d15c22021-12-20 16:04:13.924root 11241100x8000000000000000784525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ede332024e183952021-12-20 16:04:13.924root 11241100x8000000000000000784526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bc40b5f6b69a7a2021-12-20 16:04:13.925root 11241100x8000000000000000784527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c580b1367a6899582021-12-20 16:04:13.925root 11241100x8000000000000000784528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab8e0b5e4a2ac632021-12-20 16:04:13.925root 11241100x8000000000000000784529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fe97e1169daf452021-12-20 16:04:13.925root 11241100x8000000000000000784530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4566e0058b2c7a7e2021-12-20 16:04:13.925root 11241100x8000000000000000784531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905ef8b4ff9f7ab02021-12-20 16:04:13.925root 11241100x8000000000000000784532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcae29c1b3dd2932021-12-20 16:04:13.925root 11241100x8000000000000000784533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebd39d88b6330102021-12-20 16:04:13.926root 11241100x8000000000000000784534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53073a068aed759f2021-12-20 16:04:13.926root 11241100x8000000000000000784535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e72c5682981adc2021-12-20 16:04:13.926root 11241100x8000000000000000784536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5520fc6e583a3ad52021-12-20 16:04:13.926root 11241100x8000000000000000784537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82114060d0085282021-12-20 16:04:13.926root 11241100x8000000000000000784538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629076d503ffed902021-12-20 16:04:13.926root 11241100x8000000000000000784539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2829bbf4dda5e62021-12-20 16:04:13.926root 11241100x8000000000000000784540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004a6a25fe0abb8a2021-12-20 16:04:13.927root 11241100x8000000000000000784541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d00cc1e722b33c2021-12-20 16:04:13.927root 11241100x8000000000000000784542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88387c1087f9268c2021-12-20 16:04:13.927root 11241100x8000000000000000784543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e488ec7dca90572021-12-20 16:04:14.424root 11241100x8000000000000000784544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9764abfbcb66620e2021-12-20 16:04:14.424root 11241100x8000000000000000784545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074008b9b63af9442021-12-20 16:04:14.424root 11241100x8000000000000000784546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f5fbca346f8b8d2021-12-20 16:04:14.424root 11241100x8000000000000000784547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02f2a9cbcb9765e2021-12-20 16:04:14.425root 11241100x8000000000000000784548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d837862b00b27fc52021-12-20 16:04:14.425root 11241100x8000000000000000784549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a235aab3ecab212021-12-20 16:04:14.425root 11241100x8000000000000000784550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51e7692600dfe0c2021-12-20 16:04:14.425root 11241100x8000000000000000784551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e5b8c68d89fa9b2021-12-20 16:04:14.425root 11241100x8000000000000000784552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b5469bd226dbdd2021-12-20 16:04:14.425root 11241100x8000000000000000784553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a986ea5bc1db1e82021-12-20 16:04:14.425root 11241100x8000000000000000784554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df9f4d96f2da5752021-12-20 16:04:14.425root 11241100x8000000000000000784555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e793bc162adf52eb2021-12-20 16:04:14.425root 11241100x8000000000000000784556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ffd84a05379e042021-12-20 16:04:14.425root 11241100x8000000000000000784557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c09707120124162021-12-20 16:04:14.425root 11241100x8000000000000000784558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724b2020093fd6542021-12-20 16:04:14.425root 11241100x8000000000000000784559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c160657e20368152021-12-20 16:04:14.425root 11241100x8000000000000000784560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a3ac1b236e0fc62021-12-20 16:04:14.425root 11241100x8000000000000000784561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db653f42cd3c936c2021-12-20 16:04:14.425root 11241100x8000000000000000784562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f67c83bc3ca6df2021-12-20 16:04:14.924root 11241100x8000000000000000784563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d9c5837c9d902d2021-12-20 16:04:14.924root 11241100x8000000000000000784564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52c9065440cd69f2021-12-20 16:04:14.924root 11241100x8000000000000000784565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3e86cc15c3bc022021-12-20 16:04:14.924root 11241100x8000000000000000784566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122b5153e2c7dc982021-12-20 16:04:14.924root 11241100x8000000000000000784567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d474f814a910762021-12-20 16:04:14.924root 11241100x8000000000000000784568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275822586481a9122021-12-20 16:04:14.924root 11241100x8000000000000000784569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e87c289ff4b77b2021-12-20 16:04:14.924root 11241100x8000000000000000784570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1a41dab143b03d2021-12-20 16:04:14.925root 11241100x8000000000000000784571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ce2da54f8187c32021-12-20 16:04:14.925root 11241100x8000000000000000784572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53c88e9864594f42021-12-20 16:04:14.925root 11241100x8000000000000000784573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8c1b48d98fdd092021-12-20 16:04:14.925root 11241100x8000000000000000784574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6c26fe14f6f8472021-12-20 16:04:14.925root 11241100x8000000000000000784575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783060e980aa207b2021-12-20 16:04:14.925root 11241100x8000000000000000784576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b03bad537bb7fda2021-12-20 16:04:14.925root 11241100x8000000000000000784577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42c785e352267b92021-12-20 16:04:14.925root 11241100x8000000000000000784578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fdc59c416b556a2021-12-20 16:04:14.925root 11241100x8000000000000000784579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5b8864e69d457c2021-12-20 16:04:14.926root 11241100x8000000000000000784580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b8eaaced53f3022021-12-20 16:04:14.926root 11241100x8000000000000000784581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e1ce5c0fcddf2b2021-12-20 16:04:14.926root 11241100x8000000000000000784582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e486e986d27bb22021-12-20 16:04:14.926root 11241100x8000000000000000784583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7d8675a14560f02021-12-20 16:04:14.926root 11241100x8000000000000000784584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314fdd1d21e750dd2021-12-20 16:04:14.926root 11241100x8000000000000000784585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7328ea96c2692b6e2021-12-20 16:04:14.926root 11241100x8000000000000000784586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ffee0907f8d9d42021-12-20 16:04:14.926root 11241100x8000000000000000784587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8927d2219fdad642021-12-20 16:04:14.926root 11241100x8000000000000000784588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a15c85f3c3d14d2021-12-20 16:04:14.926root 11241100x8000000000000000784589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b99fffe8a7be5a2021-12-20 16:04:14.927root 11241100x8000000000000000784590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dad906430441bda2021-12-20 16:04:14.927root 11241100x8000000000000000784591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3efa557f10109372021-12-20 16:04:14.927root 11241100x8000000000000000784592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63062249e12c02472021-12-20 16:04:14.927root 11241100x8000000000000000784593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044f22d6a06260002021-12-20 16:04:14.927root 11241100x8000000000000000784594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d85c05ffbb11792021-12-20 16:04:14.927root 11241100x8000000000000000784595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585dd3bcef7f20832021-12-20 16:04:14.927root 11241100x8000000000000000784596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bceda72d9854b392021-12-20 16:04:15.424root 11241100x8000000000000000784597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0716f9fcc00cdbc02021-12-20 16:04:15.424root 11241100x8000000000000000784598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3347b7c42336e1a12021-12-20 16:04:15.424root 11241100x8000000000000000784599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c8a13c8b5a0e7c2021-12-20 16:04:15.425root 11241100x8000000000000000784600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffc69507e3368612021-12-20 16:04:15.425root 11241100x8000000000000000784601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c10dacf7a4a3b612021-12-20 16:04:15.425root 11241100x8000000000000000784602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14213cda0d9d736a2021-12-20 16:04:15.425root 11241100x8000000000000000784603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972abe76033af2f62021-12-20 16:04:15.425root 11241100x8000000000000000784604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0e333b1eddf20f2021-12-20 16:04:15.425root 11241100x8000000000000000784605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf6e1bd91ea39b22021-12-20 16:04:15.425root 11241100x8000000000000000784606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0662017bec90a22021-12-20 16:04:15.425root 11241100x8000000000000000784607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62b8f260b2575ed2021-12-20 16:04:15.425root 11241100x8000000000000000784608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ce52285aca26232021-12-20 16:04:15.425root 11241100x8000000000000000784609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c080fe463d0c8ed2021-12-20 16:04:15.425root 11241100x8000000000000000784610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726ca7cceebe43882021-12-20 16:04:15.426root 11241100x8000000000000000784611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9d1095dc635efa2021-12-20 16:04:15.426root 11241100x8000000000000000784612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba335324b6cb5f12021-12-20 16:04:15.426root 11241100x8000000000000000784613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6882c218b52ce02021-12-20 16:04:15.426root 11241100x8000000000000000784614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65561185ab208a252021-12-20 16:04:15.426root 11241100x8000000000000000784615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4be52d76e528652021-12-20 16:04:15.924root 11241100x8000000000000000784616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557e473ee726ecfb2021-12-20 16:04:15.924root 11241100x8000000000000000784617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad9736310a8b3422021-12-20 16:04:15.924root 11241100x8000000000000000784618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7bdcea6b8dce7f2021-12-20 16:04:15.924root 11241100x8000000000000000784619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac7c3d4fa1e21c2021-12-20 16:04:15.925root 11241100x8000000000000000784620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beab3827219f8d82021-12-20 16:04:15.925root 11241100x8000000000000000784621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654c1c74c1038d9f2021-12-20 16:04:15.925root 11241100x8000000000000000784622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44b7692e8153bf12021-12-20 16:04:15.925root 11241100x8000000000000000784623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d781f6b7a91f50292021-12-20 16:04:15.925root 11241100x8000000000000000784624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464f8591db1f80492021-12-20 16:04:15.925root 11241100x8000000000000000784625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1864e4de3dc09ce72021-12-20 16:04:15.925root 11241100x8000000000000000784626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7786550b354cfce2021-12-20 16:04:15.925root 11241100x8000000000000000784627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2a7dc5e5eac3eb2021-12-20 16:04:15.925root 11241100x8000000000000000784628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b57c80e0ca56cd2021-12-20 16:04:15.925root 11241100x8000000000000000784629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13e41a9413d81c72021-12-20 16:04:15.926root 11241100x8000000000000000784630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f329b68f864b0ee2021-12-20 16:04:15.926root 11241100x8000000000000000784631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7449ccecaeed0ef72021-12-20 16:04:15.926root 11241100x8000000000000000784632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501249c11b314e662021-12-20 16:04:15.926root 11241100x8000000000000000784633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032819b22249be4c2021-12-20 16:04:15.926root 354300x8000000000000000784634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.087{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51588-false10.0.1.12-8000- 11241100x8000000000000000784635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0671da202b594adb2021-12-20 16:04:16.424root 11241100x8000000000000000784636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42726448f8f0c3192021-12-20 16:04:16.424root 11241100x8000000000000000784637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a28049bb80571232021-12-20 16:04:16.424root 11241100x8000000000000000784638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2370a95cc2d299b62021-12-20 16:04:16.424root 11241100x8000000000000000784639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c204fc8cd2ddbb3d2021-12-20 16:04:16.424root 11241100x8000000000000000784640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf7dcd201d00e8b2021-12-20 16:04:16.424root 11241100x8000000000000000784641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef887629b1cf8fd92021-12-20 16:04:16.425root 11241100x8000000000000000784642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bf91652040be972021-12-20 16:04:16.425root 11241100x8000000000000000784643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdd2bedc17fdb142021-12-20 16:04:16.425root 11241100x8000000000000000784644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29871d72b99a45432021-12-20 16:04:16.425root 11241100x8000000000000000784645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f3052d65410e982021-12-20 16:04:16.425root 11241100x8000000000000000784646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd567746cb0a8862021-12-20 16:04:16.425root 11241100x8000000000000000784647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b6f667827ee5842021-12-20 16:04:16.426root 11241100x8000000000000000784648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5c20dd99fadb282021-12-20 16:04:16.426root 11241100x8000000000000000784649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a476b5f07db2f9a22021-12-20 16:04:16.426root 11241100x8000000000000000784650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b88bb05185e2f392021-12-20 16:04:16.426root 11241100x8000000000000000784651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7e1e12e70811102021-12-20 16:04:16.426root 11241100x8000000000000000784652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7d9208494f2af22021-12-20 16:04:16.426root 11241100x8000000000000000784653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477d85a1fd638fd52021-12-20 16:04:16.426root 11241100x8000000000000000784654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612695dadd8e890f2021-12-20 16:04:16.427root 11241100x8000000000000000784655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262a3b0304bc3f332021-12-20 16:04:16.427root 11241100x8000000000000000784656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbb8e7267c4401d2021-12-20 16:04:16.427root 11241100x8000000000000000784657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091af80383da70572021-12-20 16:04:16.427root 11241100x8000000000000000784658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5820360e62eaced02021-12-20 16:04:16.428root 11241100x8000000000000000784659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266734f7b3b2e31b2021-12-20 16:04:16.428root 11241100x8000000000000000784660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4eeccfbaea27632021-12-20 16:04:16.428root 11241100x8000000000000000784661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c9462a9fa6dec92021-12-20 16:04:16.428root 11241100x8000000000000000784662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998dbd50b160ca5e2021-12-20 16:04:16.924root 11241100x8000000000000000784663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fd080f24ecfe812021-12-20 16:04:16.924root 11241100x8000000000000000784664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024a3326caf4cd9b2021-12-20 16:04:16.924root 11241100x8000000000000000784665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41ac9fcfd494b992021-12-20 16:04:16.924root 11241100x8000000000000000784666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83760b79669b35252021-12-20 16:04:16.925root 11241100x8000000000000000784667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1e038c4c1b86e52021-12-20 16:04:16.925root 11241100x8000000000000000784668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12109a292f0d3edd2021-12-20 16:04:16.925root 11241100x8000000000000000784669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becd6b94eb594f1b2021-12-20 16:04:16.925root 11241100x8000000000000000784670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6863bdb78595be242021-12-20 16:04:16.925root 11241100x8000000000000000784671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac3ec8a8e0926322021-12-20 16:04:16.925root 11241100x8000000000000000784672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105d06f2203f64e92021-12-20 16:04:16.925root 11241100x8000000000000000784673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b0a850415cd4782021-12-20 16:04:16.925root 11241100x8000000000000000784674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232622b9c2ec38c22021-12-20 16:04:16.925root 11241100x8000000000000000784675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cef7f59653d59f2021-12-20 16:04:16.925root 11241100x8000000000000000784676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0fe38244e853662021-12-20 16:04:16.925root 11241100x8000000000000000784677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5eea7704d11a462021-12-20 16:04:16.925root 11241100x8000000000000000784678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1596866780c7267f2021-12-20 16:04:16.925root 11241100x8000000000000000784679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e93b7c25b8347032021-12-20 16:04:16.925root 11241100x8000000000000000784680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddf4d81cebbaebc2021-12-20 16:04:16.925root 11241100x8000000000000000784681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06da1a4d910cab342021-12-20 16:04:16.926root 11241100x8000000000000000784682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3610d0bdfd79b2002021-12-20 16:04:17.424root 11241100x8000000000000000784683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e96615068af5292021-12-20 16:04:17.424root 11241100x8000000000000000784684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3948f1a00017cbad2021-12-20 16:04:17.425root 11241100x8000000000000000784685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c2dbdf44f73ce52021-12-20 16:04:17.425root 11241100x8000000000000000784686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab823ede51ff26662021-12-20 16:04:17.425root 11241100x8000000000000000784687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e079bd9fdd58a18e2021-12-20 16:04:17.425root 11241100x8000000000000000784688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad940eccceeeb7a2021-12-20 16:04:17.425root 11241100x8000000000000000784689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598db97353f051d42021-12-20 16:04:17.425root 11241100x8000000000000000784690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e6a718a8e88e212021-12-20 16:04:17.425root 11241100x8000000000000000784691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494837b60df83b022021-12-20 16:04:17.425root 11241100x8000000000000000784692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e194ac67d5aaf3e02021-12-20 16:04:17.425root 11241100x8000000000000000784693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ac1b46551a70ea2021-12-20 16:04:17.425root 11241100x8000000000000000784694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad38fc1096009dc2021-12-20 16:04:17.426root 11241100x8000000000000000784695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52ec84d12be8aac2021-12-20 16:04:17.426root 11241100x8000000000000000784696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15257aacf07e6fa52021-12-20 16:04:17.426root 11241100x8000000000000000784697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b96d3178cfafe9c2021-12-20 16:04:17.426root 11241100x8000000000000000784698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7447ee091d839d022021-12-20 16:04:17.426root 11241100x8000000000000000784699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678f5a2ae83fbd512021-12-20 16:04:17.426root 11241100x8000000000000000784700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfa2bf9581808922021-12-20 16:04:17.426root 11241100x8000000000000000784701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a7bc7fc5ddb1e92021-12-20 16:04:17.426root 11241100x8000000000000000784702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71578d218a0d0a42021-12-20 16:04:17.924root 11241100x8000000000000000784703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dd8b49f21acb972021-12-20 16:04:17.924root 11241100x8000000000000000784704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db0a6e4d63d38c82021-12-20 16:04:17.924root 11241100x8000000000000000784705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b1aa9f5b27322d2021-12-20 16:04:17.924root 11241100x8000000000000000784706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f5a9b229054ba22021-12-20 16:04:17.925root 11241100x8000000000000000784707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfdd4c57af76d292021-12-20 16:04:17.925root 11241100x8000000000000000784708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f438607c99ac4542021-12-20 16:04:17.925root 11241100x8000000000000000784709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d614e0e2e28b6a6b2021-12-20 16:04:17.925root 11241100x8000000000000000784710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c127d099d88949122021-12-20 16:04:17.925root 11241100x8000000000000000784711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abecfdfd9fab2e472021-12-20 16:04:17.925root 11241100x8000000000000000784712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019d822445c788cc2021-12-20 16:04:17.925root 11241100x8000000000000000784713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f917a94f0024ea5a2021-12-20 16:04:17.925root 11241100x8000000000000000784714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e6a4831b75fc1e2021-12-20 16:04:17.925root 11241100x8000000000000000784715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33d156434542ad52021-12-20 16:04:17.925root 11241100x8000000000000000784716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b607cfab2e3c8c8c2021-12-20 16:04:17.926root 11241100x8000000000000000784717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506bd2e20c205f8a2021-12-20 16:04:17.926root 11241100x8000000000000000784718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab807ffa0e06a052021-12-20 16:04:17.926root 11241100x8000000000000000784719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2598d6c61f85b12021-12-20 16:04:17.926root 11241100x8000000000000000784720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1eb3f566f2f49f2021-12-20 16:04:17.926root 11241100x8000000000000000784721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42a7409dff2f45b2021-12-20 16:04:17.926root 11241100x8000000000000000784722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc57040292b6a8f2021-12-20 16:04:18.424root 11241100x8000000000000000784723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd6515ee4f6fda22021-12-20 16:04:18.424root 11241100x8000000000000000784724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57e5264e0312a762021-12-20 16:04:18.424root 11241100x8000000000000000784725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b038dc152291dd42021-12-20 16:04:18.425root 11241100x8000000000000000784726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd98ecc35b18b8832021-12-20 16:04:18.425root 11241100x8000000000000000784727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15d7e73118911092021-12-20 16:04:18.425root 11241100x8000000000000000784728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0668f36b7e09852021-12-20 16:04:18.425root 11241100x8000000000000000784729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17955ba4e596e1ae2021-12-20 16:04:18.425root 11241100x8000000000000000784730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb490e465760b3f2021-12-20 16:04:18.425root 11241100x8000000000000000784731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a823656faa273d42021-12-20 16:04:18.425root 11241100x8000000000000000784732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75bc949fe7e2d132021-12-20 16:04:18.425root 11241100x8000000000000000784733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a27e18664949882021-12-20 16:04:18.425root 11241100x8000000000000000784734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22683b4b58cf39e82021-12-20 16:04:18.425root 11241100x8000000000000000784735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8a7265ef9b45662021-12-20 16:04:18.425root 11241100x8000000000000000784736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c179e3db97f9c72021-12-20 16:04:18.425root 11241100x8000000000000000784737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29b13f1945f9bb92021-12-20 16:04:18.425root 11241100x8000000000000000784738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5eb1c585da044042021-12-20 16:04:18.425root 11241100x8000000000000000784739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daf02d1220b889d2021-12-20 16:04:18.425root 11241100x8000000000000000784740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f15b4daf0d5a2802021-12-20 16:04:18.426root 11241100x8000000000000000784741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7316ad6b1101eb72021-12-20 16:04:18.426root 11241100x8000000000000000784742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa60ab873d5d075d2021-12-20 16:04:18.924root 11241100x8000000000000000784743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06aae6bab507f222021-12-20 16:04:18.924root 11241100x8000000000000000784744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e0e6a618c6b8dd2021-12-20 16:04:18.924root 11241100x8000000000000000784745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea708b1780c616832021-12-20 16:04:18.924root 11241100x8000000000000000784746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f1851954cb30552021-12-20 16:04:18.925root 11241100x8000000000000000784747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f374dd96221806d2021-12-20 16:04:18.925root 11241100x8000000000000000784748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b93dc18c7cb42d12021-12-20 16:04:18.925root 11241100x8000000000000000784749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786f54d129bf59cb2021-12-20 16:04:18.925root 11241100x8000000000000000784750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7d69bc565be3b12021-12-20 16:04:18.925root 11241100x8000000000000000784751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cbdd75fba7413c2021-12-20 16:04:18.925root 11241100x8000000000000000784752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde55c20e5ff78262021-12-20 16:04:18.925root 11241100x8000000000000000784753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e032cd7fb68ccba2021-12-20 16:04:18.925root 11241100x8000000000000000784754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38532a549d72e32b2021-12-20 16:04:18.925root 11241100x8000000000000000784755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5204685a521f7792021-12-20 16:04:18.925root 11241100x8000000000000000784756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bb845b8f421fe82021-12-20 16:04:18.925root 11241100x8000000000000000784757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cb9db8ab8685fa2021-12-20 16:04:18.925root 11241100x8000000000000000784758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978811b6150879ea2021-12-20 16:04:18.925root 11241100x8000000000000000784759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118da7e7115661272021-12-20 16:04:18.926root 11241100x8000000000000000784760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4bdda04cdd6c422021-12-20 16:04:18.926root 11241100x8000000000000000784761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:18.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bb2524a6de9c4a2021-12-20 16:04:18.926root 11241100x8000000000000000784762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d355c845add2f4eb2021-12-20 16:04:19.424root 11241100x8000000000000000784763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f75da067cd51092021-12-20 16:04:19.424root 11241100x8000000000000000784764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965e0a652028a1642021-12-20 16:04:19.425root 11241100x8000000000000000784765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a6662d98c023832021-12-20 16:04:19.425root 11241100x8000000000000000784766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7c4333f2d93ffa2021-12-20 16:04:19.425root 11241100x8000000000000000784767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19eb40b9a1a779f2021-12-20 16:04:19.425root 11241100x8000000000000000784768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8e2b252e7081892021-12-20 16:04:19.426root 11241100x8000000000000000784769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b2fd3a520309b42021-12-20 16:04:19.426root 11241100x8000000000000000784770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b07853c373ed0912021-12-20 16:04:19.426root 11241100x8000000000000000784771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60420e7dee0225562021-12-20 16:04:19.426root 11241100x8000000000000000784772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c1709aa5a352a92021-12-20 16:04:19.426root 11241100x8000000000000000784773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9b88a7b0f821772021-12-20 16:04:19.426root 11241100x8000000000000000784774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1dc41caa4f09042021-12-20 16:04:19.427root 11241100x8000000000000000784775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57244ded1600d5c82021-12-20 16:04:19.427root 11241100x8000000000000000784776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4219b1222b3c0c9d2021-12-20 16:04:19.427root 11241100x8000000000000000784777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9aa31a7022f52b62021-12-20 16:04:19.427root 11241100x8000000000000000784778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e954c5f8d1335462021-12-20 16:04:19.427root 11241100x8000000000000000784779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69ad2cfb577c6802021-12-20 16:04:19.427root 11241100x8000000000000000784780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cf4a567b66844a2021-12-20 16:04:19.427root 11241100x8000000000000000784781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766b2ce881344a8e2021-12-20 16:04:19.427root 11241100x8000000000000000784782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e56d9b94bf43d6c2021-12-20 16:04:19.924root 11241100x8000000000000000784783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1c079bf90f47d72021-12-20 16:04:19.924root 11241100x8000000000000000784784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b6def48b0711ec2021-12-20 16:04:19.925root 11241100x8000000000000000784785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc0bb380755cf492021-12-20 16:04:19.925root 11241100x8000000000000000784786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95b90b55de163152021-12-20 16:04:19.925root 11241100x8000000000000000784787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a358b2fbf1ab2ac82021-12-20 16:04:19.925root 11241100x8000000000000000784788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f649a44e8a19a3ec2021-12-20 16:04:19.925root 11241100x8000000000000000784789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc663a342b08dea2021-12-20 16:04:19.925root 11241100x8000000000000000784790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae74a9da550f7d62021-12-20 16:04:19.925root 11241100x8000000000000000784791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d8a3c2b9db11152021-12-20 16:04:19.925root 11241100x8000000000000000784792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de918ad519b8c902021-12-20 16:04:19.925root 11241100x8000000000000000784793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e34ee7bba66b442021-12-20 16:04:19.925root 11241100x8000000000000000784794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b7aad6a8bf4e872021-12-20 16:04:19.926root 11241100x8000000000000000784795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5805226bba05551b2021-12-20 16:04:19.926root 11241100x8000000000000000784796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a006e1dc47572bd72021-12-20 16:04:19.926root 11241100x8000000000000000784797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3583b8d4957a9282021-12-20 16:04:19.926root 11241100x8000000000000000784798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641d63ae130fa08b2021-12-20 16:04:19.926root 11241100x8000000000000000784799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a95dab550c94a7f2021-12-20 16:04:19.926root 11241100x8000000000000000784800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9053b2e4e905b12021-12-20 16:04:19.926root 11241100x8000000000000000784801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:19.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa562c946c8b0532021-12-20 16:04:19.927root 354300x8000000000000000784802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.094{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46292-false10.0.1.12-8089- 11241100x8000000000000000784803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66319df29c48ef472021-12-20 16:04:20.424root 11241100x8000000000000000784804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d045394fe246e72021-12-20 16:04:20.424root 11241100x8000000000000000784805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1949015656c2450e2021-12-20 16:04:20.424root 11241100x8000000000000000784806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59056a4b76e31062021-12-20 16:04:20.424root 11241100x8000000000000000784807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35641157eedb6c962021-12-20 16:04:20.424root 11241100x8000000000000000784808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee244786635ea112021-12-20 16:04:20.424root 11241100x8000000000000000784809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883d6f9ae5c942102021-12-20 16:04:20.424root 11241100x8000000000000000784810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599acea1ba2d45782021-12-20 16:04:20.424root 11241100x8000000000000000784811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bf33b5ab7ef71f2021-12-20 16:04:20.424root 11241100x8000000000000000784812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad01074abcd5cf4a2021-12-20 16:04:20.425root 11241100x8000000000000000784813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32277e7487fd75102021-12-20 16:04:20.425root 11241100x8000000000000000784814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1ccef88f45f4bf2021-12-20 16:04:20.425root 11241100x8000000000000000784815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f1f936c0f1710e2021-12-20 16:04:20.425root 11241100x8000000000000000784816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02107d631b7f932021-12-20 16:04:20.425root 11241100x8000000000000000784817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d76be5891bab4692021-12-20 16:04:20.425root 11241100x8000000000000000784818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed8aeceb575f2902021-12-20 16:04:20.425root 11241100x8000000000000000784819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db77f47ef7fb74292021-12-20 16:04:20.426root 11241100x8000000000000000784820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48ce35c731adafe2021-12-20 16:04:20.426root 11241100x8000000000000000784821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9087d04d8e21eb2021-12-20 16:04:20.427root 11241100x8000000000000000784822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4dbd683acbcd6a2021-12-20 16:04:20.427root 11241100x8000000000000000784823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2001d7e52cb90ac2021-12-20 16:04:20.427root 11241100x8000000000000000784824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b271ac21f9c7ae2021-12-20 16:04:20.428root 11241100x8000000000000000784825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0ded5c24d0925b2021-12-20 16:04:20.924root 11241100x8000000000000000784826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167f91563c58e7232021-12-20 16:04:20.924root 11241100x8000000000000000784827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060d248313c763012021-12-20 16:04:20.924root 11241100x8000000000000000784828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a5a576914fb20c2021-12-20 16:04:20.924root 11241100x8000000000000000784829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08c5bcd9481c1732021-12-20 16:04:20.924root 11241100x8000000000000000784830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0106b53a3ee3c02021-12-20 16:04:20.924root 11241100x8000000000000000784831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e7db0141b3c7762021-12-20 16:04:20.925root 11241100x8000000000000000784832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0317c37512650c2021-12-20 16:04:20.925root 11241100x8000000000000000784833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e0161b42699e3d2021-12-20 16:04:20.925root 11241100x8000000000000000784834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41532144f28f20ca2021-12-20 16:04:20.925root 11241100x8000000000000000784835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ce0c14050a4c722021-12-20 16:04:20.925root 11241100x8000000000000000784836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4500734feb1f702021-12-20 16:04:20.925root 11241100x8000000000000000784837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6531e4f167297f132021-12-20 16:04:20.925root 11241100x8000000000000000784838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64874f8b389220872021-12-20 16:04:20.925root 11241100x8000000000000000784839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a09efb827de55b2021-12-20 16:04:20.926root 11241100x8000000000000000784840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d080339af6a885bf2021-12-20 16:04:20.926root 11241100x8000000000000000784841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb4616d2373f1ae2021-12-20 16:04:20.926root 11241100x8000000000000000784842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5750cb46d03bd7c2021-12-20 16:04:20.926root 11241100x8000000000000000784843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6b9e5ad5506dc62021-12-20 16:04:20.926root 11241100x8000000000000000784844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d9e872c3914d262021-12-20 16:04:20.926root 11241100x8000000000000000784845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184a94ec0e9199b82021-12-20 16:04:20.926root 11241100x8000000000000000784846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c52cc68b6d1808e2021-12-20 16:04:20.926root 11241100x8000000000000000784847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd134e6b70e6a252021-12-20 16:04:20.926root 11241100x8000000000000000784848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7b7878a1a879092021-12-20 16:04:20.926root 11241100x8000000000000000784849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752d6a377393c26a2021-12-20 16:04:20.926root 11241100x8000000000000000784850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfd8fe11c8e1b262021-12-20 16:04:20.926root 11241100x8000000000000000784851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff988012298a01d2021-12-20 16:04:20.926root 11241100x8000000000000000784852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:20.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39024b1b9759c1612021-12-20 16:04:20.927root 11241100x8000000000000000784853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03e451a83ea75802021-12-20 16:04:21.424root 11241100x8000000000000000784854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaff04a472d33ce2021-12-20 16:04:21.424root 11241100x8000000000000000784855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfc13e7da70bbcd2021-12-20 16:04:21.425root 11241100x8000000000000000784856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba14f1887f59059e2021-12-20 16:04:21.425root 11241100x8000000000000000784857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7569a1e45985c992021-12-20 16:04:21.425root 11241100x8000000000000000784858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a673acc340bee42021-12-20 16:04:21.425root 11241100x8000000000000000784859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85f7aefcd74985c2021-12-20 16:04:21.425root 11241100x8000000000000000784860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfcdc3e0e829da02021-12-20 16:04:21.425root 11241100x8000000000000000784861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb0dff7d149621f2021-12-20 16:04:21.425root 11241100x8000000000000000784862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88979812b3cd86932021-12-20 16:04:21.426root 11241100x8000000000000000784863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd5b049f6e7f1a32021-12-20 16:04:21.426root 11241100x8000000000000000784864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19f7701cefcbd342021-12-20 16:04:21.426root 11241100x8000000000000000784865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e2a02b1c4c20b82021-12-20 16:04:21.426root 11241100x8000000000000000784866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f1ee31555acf4a2021-12-20 16:04:21.426root 11241100x8000000000000000784867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b803f2cad709d972021-12-20 16:04:21.426root 11241100x8000000000000000784868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc60d21f1fb563c2021-12-20 16:04:21.426root 11241100x8000000000000000784869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab393eb64bdf72cf2021-12-20 16:04:21.426root 11241100x8000000000000000784870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db145ac7a5a9aca2021-12-20 16:04:21.426root 11241100x8000000000000000784871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c637f64e651ae452021-12-20 16:04:21.427root 11241100x8000000000000000784872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71047d850b4f592d2021-12-20 16:04:21.427root 11241100x8000000000000000784873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc261fde2da72a7d2021-12-20 16:04:21.427root 11241100x8000000000000000784874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd1e38a480ec5a72021-12-20 16:04:21.924root 11241100x8000000000000000784875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fbd133e8db91482021-12-20 16:04:21.924root 11241100x8000000000000000784876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b86600bc5258502021-12-20 16:04:21.924root 11241100x8000000000000000784877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74fe2609a5524662021-12-20 16:04:21.925root 11241100x8000000000000000784878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f46e6c667911922021-12-20 16:04:21.925root 11241100x8000000000000000784879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a0f61b41a06d5e2021-12-20 16:04:21.925root 11241100x8000000000000000784880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333a4b79e29b4f3c2021-12-20 16:04:21.925root 11241100x8000000000000000784881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea710dbd071b5912021-12-20 16:04:21.925root 11241100x8000000000000000784882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16dc121bbfd2ec82021-12-20 16:04:21.926root 11241100x8000000000000000784883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b46b6233c3885df2021-12-20 16:04:21.926root 11241100x8000000000000000784884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888169aaa96580082021-12-20 16:04:21.926root 11241100x8000000000000000784885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8503b36afa70b92021-12-20 16:04:21.926root 11241100x8000000000000000784886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fe85120b821cab2021-12-20 16:04:21.926root 11241100x8000000000000000784887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa1c17b4236c6ec2021-12-20 16:04:21.926root 11241100x8000000000000000784888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537be253580ca2582021-12-20 16:04:21.927root 11241100x8000000000000000784889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d81d444b00b0f42021-12-20 16:04:21.927root 11241100x8000000000000000784890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0417c7f3538d8912021-12-20 16:04:21.927root 11241100x8000000000000000784891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb29b2d7485df4682021-12-20 16:04:21.927root 11241100x8000000000000000784892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9052fee23289d312021-12-20 16:04:21.927root 11241100x8000000000000000784893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a952760345460c812021-12-20 16:04:21.928root 11241100x8000000000000000784894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:21.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d795b8c0d68cb0342021-12-20 16:04:21.928root 354300x8000000000000000784895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.068{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51592-false10.0.1.12-8000- 154100x8000000000000000784896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.393{ec2c97d1-a986-61c0-68a4-099b77550000}10245/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000784897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.395{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada7beb56bcaadde2021-12-20 16:04:22.395root 11241100x8000000000000000784898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.395{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0e32e2bf64ad7b2021-12-20 16:04:22.395root 11241100x8000000000000000784899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.396{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5c320db720b5e02021-12-20 16:04:22.396root 11241100x8000000000000000784900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.396{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9222dc5e93098d372021-12-20 16:04:22.396root 11241100x8000000000000000784901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.396{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20105fd0f14f12172021-12-20 16:04:22.396root 11241100x8000000000000000784902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.396{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97038c98100a5202021-12-20 16:04:22.396root 11241100x8000000000000000784903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.396{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c04807e1ab225a2021-12-20 16:04:22.396root 11241100x8000000000000000784904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.396{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba21c1656536ba42021-12-20 16:04:22.396root 11241100x8000000000000000784905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.396{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf5ce81119810622021-12-20 16:04:22.396root 11241100x8000000000000000784906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.396{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae9c99d2e6387362021-12-20 16:04:22.396root 11241100x8000000000000000784907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.397{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c855631d495b2d572021-12-20 16:04:22.397root 11241100x8000000000000000784908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.397{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfca6ec827554112021-12-20 16:04:22.397root 11241100x8000000000000000784909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.397{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866eb1a756b9bfea2021-12-20 16:04:22.397root 11241100x8000000000000000784910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.397{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06cfd9842dc32812021-12-20 16:04:22.397root 11241100x8000000000000000784911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.397{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c9ddb3a433aad22021-12-20 16:04:22.397root 11241100x8000000000000000784912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.397{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17d8c7fd42371ef2021-12-20 16:04:22.397root 11241100x8000000000000000784913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.397{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8683de1624823e2021-12-20 16:04:22.397root 11241100x8000000000000000784914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.397{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295f886b1c4e22b82021-12-20 16:04:22.397root 11241100x8000000000000000784915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.397{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c512407a633b7752021-12-20 16:04:22.397root 11241100x8000000000000000784916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.398{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a23382776ac26d2021-12-20 16:04:22.398root 11241100x8000000000000000784917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.398{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e829b06041995f2021-12-20 16:04:22.398root 11241100x8000000000000000784918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.398{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eed916ac6f09c0b2021-12-20 16:04:22.398root 11241100x8000000000000000784919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.398{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09039b0846ac0eb72021-12-20 16:04:22.398root 534500x8000000000000000784920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.413{ec2c97d1-a986-61c0-68a4-099b77550000}10245/bin/psroot 534500x8000000000000000784921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.472{00000000-0000-0000-0000-000000000000}5594<unknown process>root 11241100x8000000000000000784922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13288103e568724c2021-12-20 16:04:22.674root 11241100x8000000000000000784923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7610d7fcc62d2802021-12-20 16:04:22.674root 11241100x8000000000000000784924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfa721216cfc8352021-12-20 16:04:22.674root 11241100x8000000000000000784925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029332e018a6675a2021-12-20 16:04:22.674root 11241100x8000000000000000784926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cab936bd90916a02021-12-20 16:04:22.674root 11241100x8000000000000000784927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64682c87fea89522021-12-20 16:04:22.674root 11241100x8000000000000000784928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1562314d228b3e12021-12-20 16:04:22.674root 11241100x8000000000000000784929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87682915631199dd2021-12-20 16:04:22.674root 11241100x8000000000000000784930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df722f1936713f22021-12-20 16:04:22.675root 11241100x8000000000000000784931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f76c171e4fbe64d2021-12-20 16:04:22.675root 11241100x8000000000000000784932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccca3b5131758f52021-12-20 16:04:22.675root 11241100x8000000000000000784933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510288b8ce4ade072021-12-20 16:04:22.675root 11241100x8000000000000000784934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbd98a7409dd1ee2021-12-20 16:04:22.675root 11241100x8000000000000000784935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e4080cd8d418382021-12-20 16:04:22.675root 11241100x8000000000000000784936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c72d41e764981e2021-12-20 16:04:22.675root 11241100x8000000000000000784937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1608a44996fd48032021-12-20 16:04:22.675root 11241100x8000000000000000784938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cb14889c16a4032021-12-20 16:04:22.676root 11241100x8000000000000000784939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf77d61c7d060f032021-12-20 16:04:22.676root 11241100x8000000000000000784940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bef8e62372888662021-12-20 16:04:22.676root 11241100x8000000000000000784941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883a240a17e7881e2021-12-20 16:04:22.676root 11241100x8000000000000000784942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e56b9666ec75992021-12-20 16:04:22.678root 11241100x8000000000000000784943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf368f4ab272dbe2021-12-20 16:04:22.678root 11241100x8000000000000000784944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859ad85ae6fbb57b2021-12-20 16:04:22.678root 11241100x8000000000000000784945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d1b774d5b5f1102021-12-20 16:04:22.678root 11241100x8000000000000000784946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a822a0ae24380b2021-12-20 16:04:22.678root 11241100x8000000000000000784947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976e0bce2a6dcd112021-12-20 16:04:22.679root 11241100x8000000000000000784948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:22.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470648ff903273052021-12-20 16:04:22.679root 11241100x8000000000000000784949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b487e7c069f57f2021-12-20 16:04:23.174root 11241100x8000000000000000784950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ac6a67114279f42021-12-20 16:04:23.174root 11241100x8000000000000000784951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f10a0426f8415fa2021-12-20 16:04:23.174root 11241100x8000000000000000784952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c49af27ff980112021-12-20 16:04:23.174root 11241100x8000000000000000784953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9f2ba99bec6e932021-12-20 16:04:23.174root 11241100x8000000000000000784954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee4579dcbd6003d2021-12-20 16:04:23.175root 11241100x8000000000000000784955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3ca67bd138c59f2021-12-20 16:04:23.175root 11241100x8000000000000000784956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f5a7e04c7af65a2021-12-20 16:04:23.175root 11241100x8000000000000000784957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5813afbfbc2c3a562021-12-20 16:04:23.175root 11241100x8000000000000000784958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4367b50cdbb568412021-12-20 16:04:23.175root 11241100x8000000000000000784959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f35a10d6b803062021-12-20 16:04:23.175root 11241100x8000000000000000784960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da319bbf2ef735e62021-12-20 16:04:23.175root 11241100x8000000000000000784961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e1780bac968d2d2021-12-20 16:04:23.176root 11241100x8000000000000000784962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc6d70f4a2d3c812021-12-20 16:04:23.176root 11241100x8000000000000000784963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860096fef15402ef2021-12-20 16:04:23.176root 11241100x8000000000000000784964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4bf506528b8da72021-12-20 16:04:23.176root 11241100x8000000000000000784965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e7e57e0a26f2aa2021-12-20 16:04:23.176root 11241100x8000000000000000784966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6f194adfdc97762021-12-20 16:04:23.176root 11241100x8000000000000000784967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ee66088f8396ca2021-12-20 16:04:23.176root 11241100x8000000000000000784968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a721a2a6860f42021-12-20 16:04:23.176root 11241100x8000000000000000784969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257cb0ea9197d0482021-12-20 16:04:23.176root 11241100x8000000000000000784970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17251427b88244cd2021-12-20 16:04:23.176root 11241100x8000000000000000784971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e216c360bc82c032021-12-20 16:04:23.177root 11241100x8000000000000000784972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad474e3d8ad72222021-12-20 16:04:23.177root 11241100x8000000000000000784973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a8f18d700726002021-12-20 16:04:23.177root 11241100x8000000000000000784974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d007e77af01b8bc12021-12-20 16:04:23.177root 11241100x8000000000000000784975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95aac97146a9641b2021-12-20 16:04:23.177root 11241100x8000000000000000784976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a40ede21460f7c2021-12-20 16:04:23.177root 11241100x8000000000000000784977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b6b78614b71b192021-12-20 16:04:23.177root 11241100x8000000000000000784978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22012d91058616ea2021-12-20 16:04:23.177root 11241100x8000000000000000784979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3d411376c01ab52021-12-20 16:04:23.177root 11241100x8000000000000000784980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d6e42939fb7b842021-12-20 16:04:23.177root 11241100x8000000000000000784981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4e5060e43a26362021-12-20 16:04:23.177root 11241100x8000000000000000784982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a658b889b048d14a2021-12-20 16:04:23.177root 11241100x8000000000000000784983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1e5e10a7e0e64b2021-12-20 16:04:23.178root 11241100x8000000000000000784984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d256b8e2543c9b52021-12-20 16:04:23.178root 11241100x8000000000000000784985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae0eb311951b0422021-12-20 16:04:23.178root 11241100x8000000000000000784986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6229fbbd5b3066fa2021-12-20 16:04:23.178root 11241100x8000000000000000784987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9041508972c6d0b42021-12-20 16:04:23.178root 11241100x8000000000000000784988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c81373047f8eb7f2021-12-20 16:04:23.675root 11241100x8000000000000000784989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e49d637360a9922021-12-20 16:04:23.675root 11241100x8000000000000000784990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5527a3830ab0d32021-12-20 16:04:23.675root 11241100x8000000000000000784991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3329595e989ca4ed2021-12-20 16:04:23.675root 11241100x8000000000000000784992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7497b9aca56dc032021-12-20 16:04:23.675root 11241100x8000000000000000784993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafafce4d96f4ed02021-12-20 16:04:23.675root 11241100x8000000000000000784994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38285629df8c68692021-12-20 16:04:23.676root 11241100x8000000000000000784995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68059429ce3e1d642021-12-20 16:04:23.676root 11241100x8000000000000000784996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054ddd56fc0f1bcb2021-12-20 16:04:23.676root 11241100x8000000000000000784997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2838ee02ebe3013d2021-12-20 16:04:23.676root 11241100x8000000000000000784998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab99c8e363296a72021-12-20 16:04:23.676root 11241100x8000000000000000784999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3fac965b8d25b32021-12-20 16:04:23.676root 11241100x8000000000000000785000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17614203c1a141902021-12-20 16:04:23.676root 11241100x8000000000000000785001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03313596843be55f2021-12-20 16:04:23.676root 11241100x8000000000000000785002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b386d689e430792021-12-20 16:04:23.676root 11241100x8000000000000000785003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68aad8aaf35c74622021-12-20 16:04:23.677root 11241100x8000000000000000785004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238f5e489e033f1e2021-12-20 16:04:23.677root 11241100x8000000000000000785005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d87e3a612eb92d2021-12-20 16:04:23.677root 11241100x8000000000000000785006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdae17fc31468f72021-12-20 16:04:23.677root 11241100x8000000000000000785007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872b00cf982492c52021-12-20 16:04:23.677root 11241100x8000000000000000785008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746a9cbd371023f02021-12-20 16:04:23.677root 11241100x8000000000000000785009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d1120f19f9fec72021-12-20 16:04:23.677root 11241100x8000000000000000785010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45c6858b817342b2021-12-20 16:04:23.677root 11241100x8000000000000000785011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81b8d257aca36332021-12-20 16:04:23.678root 11241100x8000000000000000785012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:23.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9517386a14a7832021-12-20 16:04:23.678root 11241100x8000000000000000785013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84eebbae8cf175a2021-12-20 16:04:24.174root 11241100x8000000000000000785014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d667b5b0c22fae2021-12-20 16:04:24.174root 11241100x8000000000000000785015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa67a71e1ec8c542021-12-20 16:04:24.174root 11241100x8000000000000000785016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa620c346f439a192021-12-20 16:04:24.174root 11241100x8000000000000000785017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a670bd51208a632021-12-20 16:04:24.174root 11241100x8000000000000000785018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d993b8ffaa8a264f2021-12-20 16:04:24.175root 11241100x8000000000000000785019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f599b0cb9519c2c2021-12-20 16:04:24.175root 11241100x8000000000000000785020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ade5e789abd6ad32021-12-20 16:04:24.175root 11241100x8000000000000000785021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ef8709a64356672021-12-20 16:04:24.176root 11241100x8000000000000000785022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248731a0a7fdeafb2021-12-20 16:04:24.176root 11241100x8000000000000000785023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b6ba4c226746d12021-12-20 16:04:24.176root 11241100x8000000000000000785024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6614c612e02ac6832021-12-20 16:04:24.176root 11241100x8000000000000000785025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef5bcb908b3099c2021-12-20 16:04:24.176root 11241100x8000000000000000785026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f48afe2882d45502021-12-20 16:04:24.176root 11241100x8000000000000000785027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd60972ab0092de2021-12-20 16:04:24.177root 11241100x8000000000000000785028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f718768d4d1970a2021-12-20 16:04:24.177root 11241100x8000000000000000785029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9e8cea2ca574462021-12-20 16:04:24.177root 11241100x8000000000000000785030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5ac00376e494542021-12-20 16:04:24.177root 11241100x8000000000000000785031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49d43ab5d384e392021-12-20 16:04:24.177root 11241100x8000000000000000785032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c581f2203003285a2021-12-20 16:04:24.177root 11241100x8000000000000000785033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90a5fd12d78d4602021-12-20 16:04:24.178root 11241100x8000000000000000785034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db9360c13fa9bc62021-12-20 16:04:24.178root 11241100x8000000000000000785035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93639038053696632021-12-20 16:04:24.178root 11241100x8000000000000000785036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0b5451614db5f92021-12-20 16:04:24.179root 11241100x8000000000000000785037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b0be6264ce5c032021-12-20 16:04:24.179root 11241100x8000000000000000785038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fcd933d8cbc0f62021-12-20 16:04:24.179root 11241100x8000000000000000785039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586cc3e8350593aa2021-12-20 16:04:24.674root 11241100x8000000000000000785040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f184560557cefd2b2021-12-20 16:04:24.675root 11241100x8000000000000000785041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e865874113395c2021-12-20 16:04:24.675root 11241100x8000000000000000785042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159fe1a4622aa9f32021-12-20 16:04:24.675root 11241100x8000000000000000785043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb0d02e3dd7fbd12021-12-20 16:04:24.675root 11241100x8000000000000000785044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720f7c23601c1deb2021-12-20 16:04:24.675root 11241100x8000000000000000785045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3abcacadb4376c2021-12-20 16:04:24.675root 11241100x8000000000000000785046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97371ceafd3fa37d2021-12-20 16:04:24.676root 11241100x8000000000000000785047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940f7556da48ad882021-12-20 16:04:24.676root 11241100x8000000000000000785048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010172a75e91a752021-12-20 16:04:24.676root 11241100x8000000000000000785049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6e1dd66c87f4f82021-12-20 16:04:24.676root 11241100x8000000000000000785050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d36b80836b843a12021-12-20 16:04:24.676root 11241100x8000000000000000785051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89955262007e2eca2021-12-20 16:04:24.676root 11241100x8000000000000000785052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8527a138752815e82021-12-20 16:04:24.676root 11241100x8000000000000000785053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fa10187fe1ef7d2021-12-20 16:04:24.676root 11241100x8000000000000000785054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f578ea1602a49c2021-12-20 16:04:24.676root 11241100x8000000000000000785055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537322177d9f665d2021-12-20 16:04:24.676root 11241100x8000000000000000785056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aecbb729a7935e2021-12-20 16:04:24.676root 11241100x8000000000000000785057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b2ccaa8fbe06ee2021-12-20 16:04:24.676root 11241100x8000000000000000785058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f8836d2a13c8dc2021-12-20 16:04:24.677root 11241100x8000000000000000785059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591afc8caec332332021-12-20 16:04:24.677root 11241100x8000000000000000785060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d5c0eb98a141e12021-12-20 16:04:24.677root 11241100x8000000000000000785061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d23311b6c76f8f42021-12-20 16:04:24.677root 11241100x8000000000000000785062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e10fcd297122c892021-12-20 16:04:24.677root 11241100x8000000000000000785063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:24.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cb9e3d26cf1fa42021-12-20 16:04:24.677root 11241100x8000000000000000785064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146f6b43b29d0e4d2021-12-20 16:04:25.174root 11241100x8000000000000000785065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072ce1f8432a93022021-12-20 16:04:25.174root 11241100x8000000000000000785066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b0387edbf86fa62021-12-20 16:04:25.174root 11241100x8000000000000000785067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c4f4a7e86fa4d92021-12-20 16:04:25.174root 11241100x8000000000000000785068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d1a03de1cd6dba2021-12-20 16:04:25.175root 11241100x8000000000000000785069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de52b53ad2588312021-12-20 16:04:25.175root 11241100x8000000000000000785070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39e08e97d0cc81a2021-12-20 16:04:25.175root 11241100x8000000000000000785071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ff2cc45f9e517b2021-12-20 16:04:25.175root 11241100x8000000000000000785072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112529756a5b3e222021-12-20 16:04:25.175root 11241100x8000000000000000785073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e7ab99fea142e42021-12-20 16:04:25.176root 11241100x8000000000000000785074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32a29a9fc7ee6902021-12-20 16:04:25.176root 11241100x8000000000000000785075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fadf1024bc4dabf2021-12-20 16:04:25.176root 11241100x8000000000000000785076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01540a784baa28d82021-12-20 16:04:25.176root 11241100x8000000000000000785077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b6470de1bad5d22021-12-20 16:04:25.176root 11241100x8000000000000000785078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a309df3701ea2d272021-12-20 16:04:25.176root 11241100x8000000000000000785079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa4dae563870d8f2021-12-20 16:04:25.177root 11241100x8000000000000000785080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba89719c25e4486a2021-12-20 16:04:25.177root 11241100x8000000000000000785081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648b50a1f3e53e912021-12-20 16:04:25.177root 11241100x8000000000000000785082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054a00f13bd0a76c2021-12-20 16:04:25.177root 11241100x8000000000000000785083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc51bc7a1ac42a62021-12-20 16:04:25.177root 11241100x8000000000000000785084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e3cdfd49b2904e2021-12-20 16:04:25.177root 11241100x8000000000000000785085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27081b5872d38832021-12-20 16:04:25.178root 11241100x8000000000000000785086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaeb3ad9eec3afd2021-12-20 16:04:25.178root 11241100x8000000000000000785087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294617deb929fddd2021-12-20 16:04:25.178root 11241100x8000000000000000785088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cd097bb05c33132021-12-20 16:04:25.179root 11241100x8000000000000000785089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6ff562e8a817fb2021-12-20 16:04:25.179root 11241100x8000000000000000785090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0576c610e9068a82021-12-20 16:04:25.675root 11241100x8000000000000000785091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba722b1f1296c12c2021-12-20 16:04:25.675root 11241100x8000000000000000785092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd0878f1f2e63b42021-12-20 16:04:25.675root 11241100x8000000000000000785093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db93ecb3bcacad772021-12-20 16:04:25.675root 11241100x8000000000000000785094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3225b07d01a8ae432021-12-20 16:04:25.675root 11241100x8000000000000000785095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5a03f0c4cbf09c2021-12-20 16:04:25.676root 11241100x8000000000000000785096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8115b9f071fa89712021-12-20 16:04:25.676root 11241100x8000000000000000785097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367054342f5277ff2021-12-20 16:04:25.676root 11241100x8000000000000000785098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed9dfe6b5f9950d2021-12-20 16:04:25.676root 11241100x8000000000000000785099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01cc3686679eed32021-12-20 16:04:25.676root 11241100x8000000000000000785100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1478050a01f750ed2021-12-20 16:04:25.677root 11241100x8000000000000000785101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35d925e307946552021-12-20 16:04:25.677root 11241100x8000000000000000785102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6e85cbe34ac0e92021-12-20 16:04:25.677root 11241100x8000000000000000785103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5085ec4d1c03c42021-12-20 16:04:25.677root 11241100x8000000000000000785104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ee2401487c26b52021-12-20 16:04:25.678root 11241100x8000000000000000785105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aa100164ae91582021-12-20 16:04:25.678root 11241100x8000000000000000785106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3d05fabf7a2b702021-12-20 16:04:25.678root 11241100x8000000000000000785107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e97b31abcbaccbc2021-12-20 16:04:25.678root 11241100x8000000000000000785108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2584261e47d697e2021-12-20 16:04:25.678root 11241100x8000000000000000785109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d9e79ff35212b52021-12-20 16:04:25.678root 11241100x8000000000000000785110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d261c4b0099e772d2021-12-20 16:04:25.678root 11241100x8000000000000000785111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cacc2aeead6b8e2021-12-20 16:04:25.678root 11241100x8000000000000000785112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab21f47056704aa12021-12-20 16:04:25.678root 11241100x8000000000000000785113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e0810ecee8cf682021-12-20 16:04:25.678root 11241100x8000000000000000785114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:25.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7721a5dd94803ac2021-12-20 16:04:25.679root 11241100x8000000000000000785115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f9e4d9549850a42021-12-20 16:04:26.174root 11241100x8000000000000000785116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355ea35c1d99c3b52021-12-20 16:04:26.174root 11241100x8000000000000000785117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdd6212018bb7622021-12-20 16:04:26.174root 11241100x8000000000000000785118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55aa61133f1d9692021-12-20 16:04:26.174root 11241100x8000000000000000785119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f6656e4a658d852021-12-20 16:04:26.174root 11241100x8000000000000000785120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c23fad88f6d5292021-12-20 16:04:26.175root 11241100x8000000000000000785121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d1f7fff6eeaf1f2021-12-20 16:04:26.175root 11241100x8000000000000000785122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed591e6e80762142021-12-20 16:04:26.175root 11241100x8000000000000000785123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d845017c228d014f2021-12-20 16:04:26.175root 11241100x8000000000000000785124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951f664ba62fe5092021-12-20 16:04:26.175root 11241100x8000000000000000785125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c553da3c5d6fcc2021-12-20 16:04:26.175root 11241100x8000000000000000785126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46046147e28ccc122021-12-20 16:04:26.175root 11241100x8000000000000000785127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0708d9b652bc862021-12-20 16:04:26.176root 11241100x8000000000000000785128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000b2553cb38de042021-12-20 16:04:26.176root 11241100x8000000000000000785129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b500032e4f41e2b2021-12-20 16:04:26.176root 11241100x8000000000000000785130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771b23a7e70aba172021-12-20 16:04:26.176root 11241100x8000000000000000785131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4359cc0ee939b6292021-12-20 16:04:26.177root 11241100x8000000000000000785132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c2af3551a825032021-12-20 16:04:26.177root 11241100x8000000000000000785133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344131584c4b10d72021-12-20 16:04:26.177root 11241100x8000000000000000785134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9060b2dd403acaf2021-12-20 16:04:26.178root 11241100x8000000000000000785135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e55766a5e51ec72021-12-20 16:04:26.178root 11241100x8000000000000000785136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeb9b05351410d22021-12-20 16:04:26.179root 11241100x8000000000000000785137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a23537da5fba6c52021-12-20 16:04:26.179root 11241100x8000000000000000785138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadf5514f5a9b4912021-12-20 16:04:26.179root 11241100x8000000000000000785139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb077a494d826fa2021-12-20 16:04:26.180root 11241100x8000000000000000785140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a99a7ce1a6ab4c32021-12-20 16:04:26.674root 11241100x8000000000000000785141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a0e73dd19fb87d2021-12-20 16:04:26.674root 11241100x8000000000000000785142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80f35f9d3feb2222021-12-20 16:04:26.675root 11241100x8000000000000000785143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f8da37bf2458152021-12-20 16:04:26.675root 11241100x8000000000000000785144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea714d920ee967a02021-12-20 16:04:26.676root 11241100x8000000000000000785145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18936a816dad85b22021-12-20 16:04:26.676root 11241100x8000000000000000785146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59139bc598cf4c12021-12-20 16:04:26.676root 11241100x8000000000000000785147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f212719194d242021-12-20 16:04:26.677root 11241100x8000000000000000785148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8e423428aeee622021-12-20 16:04:26.677root 11241100x8000000000000000785149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88aa638dd9d6ce642021-12-20 16:04:26.677root 11241100x8000000000000000785150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea144dc02f527ecd2021-12-20 16:04:26.677root 11241100x8000000000000000785151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6215fb5e7a0948fa2021-12-20 16:04:26.678root 11241100x8000000000000000785152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149f64e33f7655662021-12-20 16:04:26.679root 11241100x8000000000000000785153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1494d48bae7b4bf22021-12-20 16:04:26.679root 11241100x8000000000000000785154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca97f5aeb155afd2021-12-20 16:04:26.679root 11241100x8000000000000000785155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bd58ee11b406702021-12-20 16:04:26.680root 11241100x8000000000000000785156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50917ee07eec88a2021-12-20 16:04:26.680root 11241100x8000000000000000785157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce7a0d460bfa9202021-12-20 16:04:26.680root 11241100x8000000000000000785158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55492ed8807997e2021-12-20 16:04:26.680root 11241100x8000000000000000785159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad216df091c3eb452021-12-20 16:04:26.680root 11241100x8000000000000000785160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22138dd3cb5a84b52021-12-20 16:04:26.681root 11241100x8000000000000000785161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee04fd8abc16ae842021-12-20 16:04:26.681root 11241100x8000000000000000785162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df05f68e7f67bc052021-12-20 16:04:26.681root 11241100x8000000000000000785163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bca2b98e38004332021-12-20 16:04:26.682root 11241100x8000000000000000785164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0af07993073d5d2021-12-20 16:04:26.682root 11241100x8000000000000000785165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3390e4e659640d2021-12-20 16:04:26.682root 11241100x8000000000000000785166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:26.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25117816f7842d552021-12-20 16:04:26.682root 11241100x8000000000000000785167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989669578937e1e02021-12-20 16:04:27.174root 11241100x8000000000000000785168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e154f0b4aa549ca2021-12-20 16:04:27.174root 11241100x8000000000000000785169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71db69e818a687452021-12-20 16:04:27.174root 11241100x8000000000000000785170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5623587809e3a1242021-12-20 16:04:27.174root 11241100x8000000000000000785171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51348c389cb9363a2021-12-20 16:04:27.175root 11241100x8000000000000000785172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bf03ff8770f4fa2021-12-20 16:04:27.175root 11241100x8000000000000000785173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0935cc37632f6c72021-12-20 16:04:27.175root 11241100x8000000000000000785174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2060f315cfb2b92021-12-20 16:04:27.175root 11241100x8000000000000000785175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056d29a5bbc7fd782021-12-20 16:04:27.176root 11241100x8000000000000000785176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014d6b90eddd5e012021-12-20 16:04:27.176root 11241100x8000000000000000785177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824696129a454c152021-12-20 16:04:27.176root 11241100x8000000000000000785178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8edf284bdc93e522021-12-20 16:04:27.176root 11241100x8000000000000000785179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e9ffd54b7de4862021-12-20 16:04:27.176root 11241100x8000000000000000785180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984eff6e4d5c28ec2021-12-20 16:04:27.177root 11241100x8000000000000000785181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7968d81fc9944052021-12-20 16:04:27.177root 11241100x8000000000000000785182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86de8f4c680d27992021-12-20 16:04:27.177root 11241100x8000000000000000785183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517a679ab614c0bb2021-12-20 16:04:27.177root 11241100x8000000000000000785184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7972f0616b8887bf2021-12-20 16:04:27.178root 11241100x8000000000000000785185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c478b3402b27eae52021-12-20 16:04:27.178root 11241100x8000000000000000785186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2291dfdbdee19eb72021-12-20 16:04:27.178root 11241100x8000000000000000785187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515aedf2d6e89a0f2021-12-20 16:04:27.178root 11241100x8000000000000000785188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8e9310869f88d22021-12-20 16:04:27.178root 11241100x8000000000000000785189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89e10d3a8abc8e32021-12-20 16:04:27.178root 11241100x8000000000000000785190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede00abb2a10773d2021-12-20 16:04:27.179root 11241100x8000000000000000785191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51b4e9dbfd3e2a92021-12-20 16:04:27.179root 11241100x8000000000000000785192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53de2726388d6c12021-12-20 16:04:27.677root 11241100x8000000000000000785193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5e618d189587a92021-12-20 16:04:27.677root 11241100x8000000000000000785194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ebe67c92bc19542021-12-20 16:04:27.677root 11241100x8000000000000000785195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ba056f9fe138342021-12-20 16:04:27.677root 11241100x8000000000000000785196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea1af8dafbed2f72021-12-20 16:04:27.677root 11241100x8000000000000000785197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2a00380df16e5e2021-12-20 16:04:27.677root 11241100x8000000000000000785198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956ebc48cfd41ebe2021-12-20 16:04:27.678root 11241100x8000000000000000785199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b4d3e91154429e2021-12-20 16:04:27.678root 11241100x8000000000000000785200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffde756dacae9ec12021-12-20 16:04:27.678root 11241100x8000000000000000785201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46fc80a511c376c2021-12-20 16:04:27.678root 11241100x8000000000000000785202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5056e1e929c74a1c2021-12-20 16:04:27.678root 11241100x8000000000000000785203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a777976384a154282021-12-20 16:04:27.678root 11241100x8000000000000000785204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce9420d46b57bb32021-12-20 16:04:27.678root 11241100x8000000000000000785205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6369196889d3b622021-12-20 16:04:27.679root 11241100x8000000000000000785206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e68353a9ac73952021-12-20 16:04:27.679root 11241100x8000000000000000785207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf964e0c72733382021-12-20 16:04:27.679root 11241100x8000000000000000785208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96476a21d8522232021-12-20 16:04:27.679root 11241100x8000000000000000785209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aa1b3f74365e962021-12-20 16:04:27.679root 11241100x8000000000000000785210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad54f101bead7342021-12-20 16:04:27.679root 11241100x8000000000000000785211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15063652c53d26d12021-12-20 16:04:27.679root 11241100x8000000000000000785212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be72ab9d256fb65c2021-12-20 16:04:27.680root 11241100x8000000000000000785213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d059db79cfbac1ff2021-12-20 16:04:27.680root 11241100x8000000000000000785214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46df520ef2466fff2021-12-20 16:04:27.680root 11241100x8000000000000000785215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174ad88a25ab35eb2021-12-20 16:04:27.680root 11241100x8000000000000000785216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:27.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e1017fdd17762b2021-12-20 16:04:27.680root 354300x8000000000000000785217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.015{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51594-false10.0.1.12-8000- 11241100x8000000000000000785218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.016{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639e1c2e9eb2b22d2021-12-20 16:04:28.016root 11241100x8000000000000000785219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.016{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aaf3b6464335d82021-12-20 16:04:28.016root 11241100x8000000000000000785220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.016{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce73ed0fe3a7194d2021-12-20 16:04:28.016root 11241100x8000000000000000785221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.016{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4651c46a8f516e52021-12-20 16:04:28.016root 11241100x8000000000000000785222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.016{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc2d11d45602ad02021-12-20 16:04:28.016root 11241100x8000000000000000785223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.016{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794ab803082656372021-12-20 16:04:28.016root 11241100x8000000000000000785224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.016{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4b8a7cde4bd0482021-12-20 16:04:28.016root 11241100x8000000000000000785225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.017{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585ab50a7218fd742021-12-20 16:04:28.017root 11241100x8000000000000000785226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.017{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facd14e17396c2532021-12-20 16:04:28.017root 11241100x8000000000000000785227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.017{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14432003cd9702e02021-12-20 16:04:28.017root 11241100x8000000000000000785228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.017{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2135a8ea5fc2f92021-12-20 16:04:28.017root 11241100x8000000000000000785229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.017{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5620be4046ca12572021-12-20 16:04:28.017root 11241100x8000000000000000785230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.017{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5c99347dc37d742021-12-20 16:04:28.017root 11241100x8000000000000000785231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.017{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39560d7b44cdc0b32021-12-20 16:04:28.017root 11241100x8000000000000000785232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.017{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18763314e2465f292021-12-20 16:04:28.017root 11241100x8000000000000000785233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.018{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed57196414a352882021-12-20 16:04:28.018root 11241100x8000000000000000785234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.018{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de716569d3d4f3002021-12-20 16:04:28.018root 11241100x8000000000000000785235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.018{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b840222849f33d372021-12-20 16:04:28.018root 11241100x8000000000000000785236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.018{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1dfd87c2e26bdd2021-12-20 16:04:28.018root 11241100x8000000000000000785237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.018{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b615bff1469ac0f2021-12-20 16:04:28.018root 11241100x8000000000000000785238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.019{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ff9b8a33affced2021-12-20 16:04:28.019root 11241100x8000000000000000785239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.019{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4782c86168f5e282021-12-20 16:04:28.019root 11241100x8000000000000000785240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.019{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187498cb3596bdb82021-12-20 16:04:28.019root 11241100x8000000000000000785241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.019{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2023daa7323a2ed02021-12-20 16:04:28.019root 11241100x8000000000000000785242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.019{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37df8b5ac7bf54f2021-12-20 16:04:28.019root 11241100x8000000000000000785243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.019{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a388a78ab556f1df2021-12-20 16:04:28.019root 11241100x8000000000000000785244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.019{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e069fdfdbca9762021-12-20 16:04:28.019root 11241100x8000000000000000785245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.019{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83189d37a2416b492021-12-20 16:04:28.019root 11241100x8000000000000000785246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f957be4b344cad2021-12-20 16:04:28.020root 11241100x8000000000000000785247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274c4c8305045bcc2021-12-20 16:04:28.020root 11241100x8000000000000000785248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400a17e3d0257ece2021-12-20 16:04:28.020root 11241100x8000000000000000785249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39aa70565bda4fcc2021-12-20 16:04:28.020root 11241100x8000000000000000785250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.020{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76185d402b65a0e72021-12-20 16:04:28.020root 11241100x8000000000000000785251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5d513047175c1e2021-12-20 16:04:28.424root 11241100x8000000000000000785252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67736b00a5aa7262021-12-20 16:04:28.424root 11241100x8000000000000000785253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8b25270c37e9bd2021-12-20 16:04:28.425root 11241100x8000000000000000785254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736d6d81863d4a782021-12-20 16:04:28.425root 11241100x8000000000000000785255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84348987b9ea13362021-12-20 16:04:28.425root 11241100x8000000000000000785256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2b9c489978a9632021-12-20 16:04:28.425root 11241100x8000000000000000785257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c0ef7c66b00e9e2021-12-20 16:04:28.425root 11241100x8000000000000000785258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73cc71b3165b5952021-12-20 16:04:28.425root 11241100x8000000000000000785259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c2913fd179b6842021-12-20 16:04:28.425root 11241100x8000000000000000785260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef7367514f69c4e2021-12-20 16:04:28.425root 11241100x8000000000000000785261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824b9af60af33d9a2021-12-20 16:04:28.425root 11241100x8000000000000000785262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eb13fa4a45bab82021-12-20 16:04:28.426root 11241100x8000000000000000785263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75be1a9d068690302021-12-20 16:04:28.426root 11241100x8000000000000000785264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87364a4ab4fcec4a2021-12-20 16:04:28.426root 11241100x8000000000000000785265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88629e7ae5c3db2b2021-12-20 16:04:28.427root 11241100x8000000000000000785266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ec5237cce98b012021-12-20 16:04:28.435root 11241100x8000000000000000785267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b1f96501476db42021-12-20 16:04:28.435root 11241100x8000000000000000785268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686b22fffe2430642021-12-20 16:04:28.435root 11241100x8000000000000000785269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f59de6a81511482021-12-20 16:04:28.435root 11241100x8000000000000000785270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7e1abef31c1ac42021-12-20 16:04:28.435root 11241100x8000000000000000785271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39eaca99f3561862021-12-20 16:04:28.435root 11241100x8000000000000000785272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0839ee5150b8a8e02021-12-20 16:04:28.436root 11241100x8000000000000000785273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e84fa0ce167ef92021-12-20 16:04:28.436root 11241100x8000000000000000785274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac5c7e67f4dec982021-12-20 16:04:28.436root 11241100x8000000000000000785275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bb02130d3524e72021-12-20 16:04:28.436root 11241100x8000000000000000785276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b323136f36bb6922021-12-20 16:04:28.436root 11241100x8000000000000000785277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22c8ba209fe9a7a2021-12-20 16:04:28.924root 11241100x8000000000000000785278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714d76776dd81aa12021-12-20 16:04:28.924root 11241100x8000000000000000785279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb0f11a5d2c18542021-12-20 16:04:28.925root 11241100x8000000000000000785280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1fd4725080bc762021-12-20 16:04:28.925root 11241100x8000000000000000785281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef071a59358524042021-12-20 16:04:28.925root 11241100x8000000000000000785282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d2d542d34b11a92021-12-20 16:04:28.925root 11241100x8000000000000000785283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e9160d1049bdf42021-12-20 16:04:28.925root 11241100x8000000000000000785284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2465e76d907ec1362021-12-20 16:04:28.925root 11241100x8000000000000000785285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043b0afbc20bdd4a2021-12-20 16:04:28.925root 11241100x8000000000000000785286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb28246167d5c0262021-12-20 16:04:28.925root 11241100x8000000000000000785287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aead97f21bc064c62021-12-20 16:04:28.925root 11241100x8000000000000000785288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a24d96455a8f71c2021-12-20 16:04:28.925root 11241100x8000000000000000785289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e56c3fedfa076472021-12-20 16:04:28.925root 11241100x8000000000000000785290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33c4fc47773b4ef2021-12-20 16:04:28.926root 11241100x8000000000000000785291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ea349359484b742021-12-20 16:04:28.926root 11241100x8000000000000000785292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76424606f75d0862021-12-20 16:04:28.926root 11241100x8000000000000000785293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df060b48759a7c592021-12-20 16:04:28.926root 11241100x8000000000000000785294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09816e5c1b1c7d452021-12-20 16:04:28.926root 11241100x8000000000000000785295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5f1f8895c456b02021-12-20 16:04:28.926root 11241100x8000000000000000785296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d77e73668a33a12021-12-20 16:04:28.926root 11241100x8000000000000000785297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d42f3376168f3af2021-12-20 16:04:28.926root 11241100x8000000000000000785298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428f0cec0b20d7a22021-12-20 16:04:28.926root 11241100x8000000000000000785299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f560301e0886b82021-12-20 16:04:28.926root 11241100x8000000000000000785300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11d0894599f9be62021-12-20 16:04:28.927root 11241100x8000000000000000785301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66844c79b1ad584e2021-12-20 16:04:28.927root 11241100x8000000000000000785302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0175697f02d98d7a2021-12-20 16:04:28.927root 11241100x8000000000000000785303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2369e0c338ada8942021-12-20 16:04:29.424root 11241100x8000000000000000785304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d37cadd198ad9d2021-12-20 16:04:29.424root 11241100x8000000000000000785305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf603a1d51cfca12021-12-20 16:04:29.425root 11241100x8000000000000000785306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff174a13b1fa2732021-12-20 16:04:29.425root 11241100x8000000000000000785307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958142f13c328bb72021-12-20 16:04:29.425root 11241100x8000000000000000785308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fdb54305cc36492021-12-20 16:04:29.425root 11241100x8000000000000000785309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30463eb0921211a72021-12-20 16:04:29.425root 11241100x8000000000000000785310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2e2c53742748402021-12-20 16:04:29.425root 11241100x8000000000000000785311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c07af7e0aaa90922021-12-20 16:04:29.425root 11241100x8000000000000000785312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283ab61090224fa92021-12-20 16:04:29.425root 11241100x8000000000000000785313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f4ea67c5407d462021-12-20 16:04:29.426root 11241100x8000000000000000785314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42120de04717c7b2021-12-20 16:04:29.426root 11241100x8000000000000000785315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d0c9429a2773092021-12-20 16:04:29.426root 11241100x8000000000000000785316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ba1f241f22b3a02021-12-20 16:04:29.426root 11241100x8000000000000000785317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6acb7578755157c2021-12-20 16:04:29.426root 11241100x8000000000000000785318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492f7944af8079762021-12-20 16:04:29.426root 11241100x8000000000000000785319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d191213a5ee96cad2021-12-20 16:04:29.426root 11241100x8000000000000000785320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d03dea599d94652021-12-20 16:04:29.426root 11241100x8000000000000000785321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c3e53c21b3bbc42021-12-20 16:04:29.426root 11241100x8000000000000000785322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2018699c9389a62021-12-20 16:04:29.427root 11241100x8000000000000000785323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164b2eac88facc232021-12-20 16:04:29.427root 11241100x8000000000000000785324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1142303a8fcee2782021-12-20 16:04:29.427root 11241100x8000000000000000785325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab021145fdbbf8992021-12-20 16:04:29.427root 11241100x8000000000000000785326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512511fd4b322da32021-12-20 16:04:29.427root 11241100x8000000000000000785327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340fabf90c86e2ac2021-12-20 16:04:29.427root 11241100x8000000000000000785328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440854898eca446e2021-12-20 16:04:29.427root 11241100x8000000000000000785329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aadc7ceca7253422021-12-20 16:04:29.924root 11241100x8000000000000000785330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b938ae1a9dc9a0572021-12-20 16:04:29.924root 11241100x8000000000000000785331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78b4a35a7edb1442021-12-20 16:04:29.925root 11241100x8000000000000000785332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48624ed42ecfe8982021-12-20 16:04:29.925root 11241100x8000000000000000785333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153f36b1d0477cdc2021-12-20 16:04:29.925root 11241100x8000000000000000785334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ad38b9448e603b2021-12-20 16:04:29.925root 11241100x8000000000000000785335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758d7b3e3a19bd032021-12-20 16:04:29.925root 11241100x8000000000000000785336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c76af04be53f75d2021-12-20 16:04:29.926root 11241100x8000000000000000785337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7e7561af8cc2f42021-12-20 16:04:29.926root 11241100x8000000000000000785338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d97fc89e285c5842021-12-20 16:04:29.926root 11241100x8000000000000000785339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb102a874386e9422021-12-20 16:04:29.926root 11241100x8000000000000000785340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025224e40583b0e52021-12-20 16:04:29.927root 11241100x8000000000000000785341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522c783ac5f27cbd2021-12-20 16:04:29.927root 11241100x8000000000000000785342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f3d13dd12df0542021-12-20 16:04:29.927root 11241100x8000000000000000785343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7140418a6e1bf28d2021-12-20 16:04:29.928root 11241100x8000000000000000785344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036b9294f0a7d64a2021-12-20 16:04:29.928root 11241100x8000000000000000785345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1fd1e4baeff5512021-12-20 16:04:29.928root 11241100x8000000000000000785346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4e9713947830702021-12-20 16:04:29.928root 11241100x8000000000000000785347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f50a2af7696dc9e2021-12-20 16:04:29.928root 11241100x8000000000000000785348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d5da201ecfbb6e2021-12-20 16:04:29.928root 11241100x8000000000000000785349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc218f3d90f61962021-12-20 16:04:29.929root 11241100x8000000000000000785350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7253ee1bbec569c42021-12-20 16:04:29.929root 11241100x8000000000000000785351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0262c3479950d8d2021-12-20 16:04:29.929root 11241100x8000000000000000785352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ff367454f2cc262021-12-20 16:04:29.929root 11241100x8000000000000000785353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defc1c6610e45d912021-12-20 16:04:29.929root 11241100x8000000000000000785354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a9121cbfb5419c2021-12-20 16:04:29.929root 11241100x8000000000000000785355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c67907cb1273bd2021-12-20 16:04:29.930root 11241100x8000000000000000785356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e03dbe0ccc169cc2021-12-20 16:04:29.930root 11241100x8000000000000000785357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb255a01097580b92021-12-20 16:04:29.931root 11241100x8000000000000000785358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb6b5a6918e5b4e2021-12-20 16:04:29.931root 11241100x8000000000000000785359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60928c62cee66cb2021-12-20 16:04:29.931root 11241100x8000000000000000785360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5484d34539da00f2021-12-20 16:04:29.932root 11241100x8000000000000000785361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ce7e993fe7f1722021-12-20 16:04:29.932root 11241100x8000000000000000785362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee8632672a9be942021-12-20 16:04:29.932root 11241100x8000000000000000785363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cde1acf56cdcd92021-12-20 16:04:29.932root 11241100x8000000000000000785364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:29.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e753e8d9192f4342021-12-20 16:04:29.932root 11241100x8000000000000000785365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b7e529437430232021-12-20 16:04:30.424root 11241100x8000000000000000785366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bf6df606ef24c82021-12-20 16:04:30.424root 11241100x8000000000000000785367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc2fb6970a431112021-12-20 16:04:30.424root 11241100x8000000000000000785368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60da25b3ff45e642021-12-20 16:04:30.424root 11241100x8000000000000000785369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a11d1f6de5c9cd32021-12-20 16:04:30.425root 11241100x8000000000000000785370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3871aad2d5d578cf2021-12-20 16:04:30.425root 11241100x8000000000000000785371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df14d38108487352021-12-20 16:04:30.425root 11241100x8000000000000000785372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bf2867da6aea252021-12-20 16:04:30.425root 11241100x8000000000000000785373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723559545722305b2021-12-20 16:04:30.425root 11241100x8000000000000000785374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d2f5778a9908c82021-12-20 16:04:30.425root 11241100x8000000000000000785375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eb2589203f94e62021-12-20 16:04:30.425root 11241100x8000000000000000785376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dedcef5f4158262021-12-20 16:04:30.425root 11241100x8000000000000000785377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1c72f6b67dd55a2021-12-20 16:04:30.425root 11241100x8000000000000000785378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f898b4149cf34772021-12-20 16:04:30.425root 11241100x8000000000000000785379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a085f4b1c787c22021-12-20 16:04:30.426root 11241100x8000000000000000785380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f7d0b71188183e2021-12-20 16:04:30.426root 11241100x8000000000000000785381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52793c9483abb2f22021-12-20 16:04:30.426root 11241100x8000000000000000785382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cab61aa0500f692021-12-20 16:04:30.426root 11241100x8000000000000000785383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425a7df272b2a84f2021-12-20 16:04:30.426root 11241100x8000000000000000785384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ab787522cd76102021-12-20 16:04:30.426root 11241100x8000000000000000785385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b02d0232b529cf2021-12-20 16:04:30.426root 11241100x8000000000000000785386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fd40363cf6fd632021-12-20 16:04:30.426root 11241100x8000000000000000785387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4ff336b55441c42021-12-20 16:04:30.427root 11241100x8000000000000000785388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f8dddb52a4cf222021-12-20 16:04:30.427root 11241100x8000000000000000785389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6015414503c3032021-12-20 16:04:30.427root 11241100x8000000000000000785390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3427118734004a592021-12-20 16:04:30.427root 11241100x8000000000000000785391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47195fcee786bb22021-12-20 16:04:30.924root 11241100x8000000000000000785392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc91c6c992d23a72021-12-20 16:04:30.924root 11241100x8000000000000000785393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398ff671087d73be2021-12-20 16:04:30.924root 11241100x8000000000000000785394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fc41f197d804f82021-12-20 16:04:30.924root 11241100x8000000000000000785395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b71ab2c13cf25d2021-12-20 16:04:30.924root 11241100x8000000000000000785396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8323eaa122aa8a82021-12-20 16:04:30.925root 11241100x8000000000000000785397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1412e3ea4ffe8f2021-12-20 16:04:30.925root 11241100x8000000000000000785398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdca7cb9f829fd92021-12-20 16:04:30.925root 11241100x8000000000000000785399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895f0f918d093c802021-12-20 16:04:30.925root 11241100x8000000000000000785400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45be792fd6f206a2021-12-20 16:04:30.925root 11241100x8000000000000000785401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ec15c3d5c3adac2021-12-20 16:04:30.926root 11241100x8000000000000000785402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730690e0111af4f22021-12-20 16:04:30.926root 11241100x8000000000000000785403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1081f312e4cf74cc2021-12-20 16:04:30.926root 11241100x8000000000000000785404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fc0842ff6f55762021-12-20 16:04:30.926root 11241100x8000000000000000785405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44456583fe574c3c2021-12-20 16:04:30.926root 11241100x8000000000000000785406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d68666a0de32642021-12-20 16:04:30.926root 11241100x8000000000000000785407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0efd0b7a49f66a82021-12-20 16:04:30.927root 11241100x8000000000000000785408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b560e34cf9bd332021-12-20 16:04:30.927root 11241100x8000000000000000785409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa3d48a6b5051052021-12-20 16:04:30.927root 11241100x8000000000000000785410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d94c17fbe70d152021-12-20 16:04:30.927root 11241100x8000000000000000785411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecd757fa6985adb2021-12-20 16:04:30.927root 11241100x8000000000000000785412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e6d364ad708b9d2021-12-20 16:04:30.927root 11241100x8000000000000000785413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee84da246735e192021-12-20 16:04:30.928root 11241100x8000000000000000785414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453cf33fbf0032a12021-12-20 16:04:30.928root 11241100x8000000000000000785415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3edfe60f913d3d32021-12-20 16:04:30.929root 11241100x8000000000000000785416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de7082e579575392021-12-20 16:04:30.929root 11241100x8000000000000000785417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d036e37adb5ac2d2021-12-20 16:04:30.929root 11241100x8000000000000000785418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b85bb60bcb6bb62021-12-20 16:04:30.929root 11241100x8000000000000000785419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee320b5b6654e93f2021-12-20 16:04:30.929root 11241100x8000000000000000785420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b9e87501e4b0da2021-12-20 16:04:30.929root 11241100x8000000000000000785421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3763c7756654999b2021-12-20 16:04:30.929root 11241100x8000000000000000785422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:30.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c984aafba50e28a82021-12-20 16:04:30.929root 11241100x8000000000000000785423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018eaf12801f18532021-12-20 16:04:31.424root 11241100x8000000000000000785424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981fa4912859e4382021-12-20 16:04:31.424root 11241100x8000000000000000785425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f6dd602c8cab112021-12-20 16:04:31.424root 11241100x8000000000000000785426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9288fd407044b3e42021-12-20 16:04:31.424root 11241100x8000000000000000785427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6b0f933f8038c32021-12-20 16:04:31.425root 11241100x8000000000000000785428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5641c36265bbd472021-12-20 16:04:31.425root 11241100x8000000000000000785429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a33ba5b7f942372021-12-20 16:04:31.425root 11241100x8000000000000000785430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888407323400707f2021-12-20 16:04:31.425root 11241100x8000000000000000785431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7b0dc227b806632021-12-20 16:04:31.425root 11241100x8000000000000000785432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342323e17a1fddfe2021-12-20 16:04:31.426root 11241100x8000000000000000785433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd39dec7f511c082021-12-20 16:04:31.426root 11241100x8000000000000000785434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d89e762b27bdc22021-12-20 16:04:31.426root 11241100x8000000000000000785435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dd988aecc7e7e72021-12-20 16:04:31.426root 11241100x8000000000000000785436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b451cf48b0f5f1b82021-12-20 16:04:31.426root 11241100x8000000000000000785437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecc8a8cfc3bd2a42021-12-20 16:04:31.426root 11241100x8000000000000000785438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77806ca52758fe4a2021-12-20 16:04:31.427root 11241100x8000000000000000785439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4064ad75126b63a2021-12-20 16:04:31.427root 11241100x8000000000000000785440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581ceb2bd5c71d212021-12-20 16:04:31.427root 11241100x8000000000000000785441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f0dbe637ba36f52021-12-20 16:04:31.427root 11241100x8000000000000000785442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b29d3cfec4732c2021-12-20 16:04:31.427root 11241100x8000000000000000785443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726f83c877a815dc2021-12-20 16:04:31.428root 11241100x8000000000000000785444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641d2503d884a0702021-12-20 16:04:31.428root 11241100x8000000000000000785445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dd6c79cca2539e2021-12-20 16:04:31.428root 11241100x8000000000000000785446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7434546b91128322021-12-20 16:04:31.428root 11241100x8000000000000000785447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0fe334a245a4862021-12-20 16:04:31.428root 11241100x8000000000000000785448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605b84324be2dfaf2021-12-20 16:04:31.428root 11241100x8000000000000000785449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0ac9ca12dd9ed92021-12-20 16:04:31.428root 11241100x8000000000000000785450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03754db504d79e8a2021-12-20 16:04:31.428root 11241100x8000000000000000785451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4b8188ae1a5fe02021-12-20 16:04:31.428root 11241100x8000000000000000785452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05f37b66c1fdee92021-12-20 16:04:31.429root 11241100x8000000000000000785453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bba4112a7bf9982021-12-20 16:04:31.924root 11241100x8000000000000000785454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd145c23cf8f01e72021-12-20 16:04:31.924root 11241100x8000000000000000785455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8308318eff58bd42021-12-20 16:04:31.924root 11241100x8000000000000000785456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261184ee1d4ac9312021-12-20 16:04:31.925root 11241100x8000000000000000785457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20246773e18df0f2021-12-20 16:04:31.925root 11241100x8000000000000000785458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f6249a91f6c4262021-12-20 16:04:31.925root 11241100x8000000000000000785459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f3d4bc683d25842021-12-20 16:04:31.925root 11241100x8000000000000000785460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a270b517f1dd032021-12-20 16:04:31.925root 11241100x8000000000000000785461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9d6b1514179a342021-12-20 16:04:31.925root 11241100x8000000000000000785462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd65250f48043082021-12-20 16:04:31.925root 11241100x8000000000000000785463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4ff68aa8a183542021-12-20 16:04:31.925root 11241100x8000000000000000785464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c3efda7760d2d72021-12-20 16:04:31.925root 11241100x8000000000000000785465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b255031f2d58712021-12-20 16:04:31.926root 11241100x8000000000000000785466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926316fa093cf3ac2021-12-20 16:04:31.926root 11241100x8000000000000000785467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff04575436eba572021-12-20 16:04:31.926root 11241100x8000000000000000785468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d7b061e6eb71632021-12-20 16:04:31.926root 11241100x8000000000000000785469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba145805ab9e2fb92021-12-20 16:04:31.926root 11241100x8000000000000000785470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb1decc21878c652021-12-20 16:04:31.926root 11241100x8000000000000000785471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d682b763472c23392021-12-20 16:04:31.926root 11241100x8000000000000000785472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f12d78fcd5e6e12021-12-20 16:04:31.927root 11241100x8000000000000000785473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea108d1bf0bbbda42021-12-20 16:04:31.927root 11241100x8000000000000000785474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcf93c7b1646c4a2021-12-20 16:04:31.927root 11241100x8000000000000000785475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf45aef3021164f2021-12-20 16:04:31.928root 11241100x8000000000000000785476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e711848bace4dac2021-12-20 16:04:31.928root 11241100x8000000000000000785477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0da1cc8370c874a2021-12-20 16:04:31.928root 11241100x8000000000000000785478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:31.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b262e1a69068e1f2021-12-20 16:04:31.929root 11241100x8000000000000000785479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9810a5217197f52021-12-20 16:04:32.424root 11241100x8000000000000000785480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1f8e6480981aa52021-12-20 16:04:32.424root 11241100x8000000000000000785481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e906f319c986479c2021-12-20 16:04:32.425root 11241100x8000000000000000785482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d73f1ad9a0c239d2021-12-20 16:04:32.425root 11241100x8000000000000000785483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178580735d3aa4c82021-12-20 16:04:32.425root 11241100x8000000000000000785484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebb61c7dbe92c902021-12-20 16:04:32.425root 11241100x8000000000000000785485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c102442682a38d02021-12-20 16:04:32.425root 11241100x8000000000000000785486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459650bce6a65df72021-12-20 16:04:32.425root 11241100x8000000000000000785487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df2c4894f6431e92021-12-20 16:04:32.426root 11241100x8000000000000000785488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f04db26ebdc8c92021-12-20 16:04:32.426root 11241100x8000000000000000785489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68996de80a77f1122021-12-20 16:04:32.426root 11241100x8000000000000000785490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74536854a03553802021-12-20 16:04:32.426root 11241100x8000000000000000785491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3236249372e6c9c92021-12-20 16:04:32.426root 11241100x8000000000000000785492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c464bb58d751c3172021-12-20 16:04:32.426root 11241100x8000000000000000785493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fa7e63e53d57bc2021-12-20 16:04:32.426root 11241100x8000000000000000785494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e9f21c7d64d1c32021-12-20 16:04:32.427root 11241100x8000000000000000785495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e10e6a4b62cf342021-12-20 16:04:32.427root 11241100x8000000000000000785496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2dbca889a36dea2021-12-20 16:04:32.427root 11241100x8000000000000000785497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f93b7db1f0ac15a2021-12-20 16:04:32.427root 11241100x8000000000000000785498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f47b54764a7a7432021-12-20 16:04:32.427root 11241100x8000000000000000785499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98853f3800a5e5c82021-12-20 16:04:32.427root 11241100x8000000000000000785500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7a08ab785da87d2021-12-20 16:04:32.427root 11241100x8000000000000000785501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1438c1353198a18a2021-12-20 16:04:32.428root 11241100x8000000000000000785502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c177695b8b9f022021-12-20 16:04:32.428root 11241100x8000000000000000785503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4e11c3326b25432021-12-20 16:04:32.428root 11241100x8000000000000000785504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e74f1879704bde2021-12-20 16:04:32.428root 11241100x8000000000000000785505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fc837dd55c5e852021-12-20 16:04:32.428root 11241100x8000000000000000785506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0c444a78870d672021-12-20 16:04:32.924root 11241100x8000000000000000785507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25117cff220b33b72021-12-20 16:04:32.924root 11241100x8000000000000000785508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e3b7d97169eadd2021-12-20 16:04:32.925root 11241100x8000000000000000785509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b956fa6f0bd9eb82021-12-20 16:04:32.925root 11241100x8000000000000000785510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085e13b4f0d558d32021-12-20 16:04:32.925root 11241100x8000000000000000785511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddbe5702671f28f2021-12-20 16:04:32.925root 11241100x8000000000000000785512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ed5b3d37ad96802021-12-20 16:04:32.925root 11241100x8000000000000000785513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d94297ee88180a2021-12-20 16:04:32.925root 11241100x8000000000000000785514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388f59af0a59da6f2021-12-20 16:04:32.925root 11241100x8000000000000000785515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2203335cfa0a31212021-12-20 16:04:32.926root 11241100x8000000000000000785516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0736e8c6d40db1602021-12-20 16:04:32.926root 11241100x8000000000000000785517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb1c72345082c3b2021-12-20 16:04:32.926root 11241100x8000000000000000785518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a72460e812ed1e72021-12-20 16:04:32.926root 11241100x8000000000000000785519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83e7b24a01601882021-12-20 16:04:32.927root 11241100x8000000000000000785520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eb57dcba80d87a2021-12-20 16:04:32.927root 11241100x8000000000000000785521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9712a8da4c0f0e42021-12-20 16:04:32.927root 11241100x8000000000000000785522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770664bcf4182f2c2021-12-20 16:04:32.928root 11241100x8000000000000000785523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1de6544ed01e3512021-12-20 16:04:32.928root 11241100x8000000000000000785524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8b1aa204c8d3512021-12-20 16:04:32.928root 11241100x8000000000000000785525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d2a70254dd073d2021-12-20 16:04:32.928root 11241100x8000000000000000785526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271b3bcdef29dc3b2021-12-20 16:04:32.928root 11241100x8000000000000000785527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bc45f3e136d02c2021-12-20 16:04:32.928root 11241100x8000000000000000785528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2852c9fe2d28982021-12-20 16:04:32.929root 11241100x8000000000000000785529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437115859210c0032021-12-20 16:04:32.929root 11241100x8000000000000000785530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e8b036503164782021-12-20 16:04:32.929root 11241100x8000000000000000785531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11916f018accac882021-12-20 16:04:32.929root 11241100x8000000000000000785532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:32.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e121d8fb1a8992582021-12-20 16:04:32.929root 354300x8000000000000000785533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.033{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51596-false10.0.1.12-8000- 11241100x8000000000000000785534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011de9b0e8d49dd42021-12-20 16:04:33.425root 11241100x8000000000000000785535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42931e333fb7a7322021-12-20 16:04:33.425root 11241100x8000000000000000785536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9f849e1185bb5b2021-12-20 16:04:33.425root 11241100x8000000000000000785537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4287cbee0c2548612021-12-20 16:04:33.425root 11241100x8000000000000000785538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79aeb9266bf050512021-12-20 16:04:33.426root 11241100x8000000000000000785539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f61bcfee3512ba2021-12-20 16:04:33.426root 11241100x8000000000000000785540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d21b5f48f3502b2021-12-20 16:04:33.426root 11241100x8000000000000000785541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9c57cd6777e2902021-12-20 16:04:33.426root 11241100x8000000000000000785542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df274f5700d646512021-12-20 16:04:33.426root 11241100x8000000000000000785543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f2e71d673b6a5f2021-12-20 16:04:33.427root 11241100x8000000000000000785544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86be0aa1a90505382021-12-20 16:04:33.427root 11241100x8000000000000000785545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951add902eb005eb2021-12-20 16:04:33.427root 11241100x8000000000000000785546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef7335fcd31b3f82021-12-20 16:04:33.427root 11241100x8000000000000000785547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e3c285786b59232021-12-20 16:04:33.427root 11241100x8000000000000000785548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc94d90cd54404d22021-12-20 16:04:33.427root 11241100x8000000000000000785549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be2eac8abfff5742021-12-20 16:04:33.428root 11241100x8000000000000000785550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330d1fe08f7097192021-12-20 16:04:33.428root 11241100x8000000000000000785551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3986c526932dcd822021-12-20 16:04:33.428root 11241100x8000000000000000785552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a221a80c5182182021-12-20 16:04:33.428root 11241100x8000000000000000785553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8059571a2b345772021-12-20 16:04:33.429root 11241100x8000000000000000785554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf72f459a651d2d2021-12-20 16:04:33.432root 11241100x8000000000000000785555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5315aecbb7891532021-12-20 16:04:33.432root 11241100x8000000000000000785556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55c51fa83ae0c812021-12-20 16:04:33.432root 11241100x8000000000000000785557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574b34cd3883c9a02021-12-20 16:04:33.432root 11241100x8000000000000000785558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bf7e33461f6b2d2021-12-20 16:04:33.433root 11241100x8000000000000000785559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adae43f8224924f2021-12-20 16:04:33.433root 11241100x8000000000000000785560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c9afb53a4d0d392021-12-20 16:04:33.433root 11241100x8000000000000000785561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa46be462883d89c2021-12-20 16:04:33.924root 11241100x8000000000000000785562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e5bb73ad2c49132021-12-20 16:04:33.924root 11241100x8000000000000000785563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f322d47594def252021-12-20 16:04:33.924root 11241100x8000000000000000785564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a92ffda9613140f2021-12-20 16:04:33.924root 11241100x8000000000000000785565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f48472d47302e6f2021-12-20 16:04:33.925root 11241100x8000000000000000785566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950454a9caa16f4f2021-12-20 16:04:33.925root 11241100x8000000000000000785567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97077fcdcadf4d3a2021-12-20 16:04:33.925root 11241100x8000000000000000785568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20566ae7881762d62021-12-20 16:04:33.925root 11241100x8000000000000000785569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96cbe13b0f8bfb02021-12-20 16:04:33.925root 11241100x8000000000000000785570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734837e0d9aafaaf2021-12-20 16:04:33.925root 11241100x8000000000000000785571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab6869fc449b5832021-12-20 16:04:33.925root 11241100x8000000000000000785572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b254f3a886fed9f12021-12-20 16:04:33.925root 11241100x8000000000000000785573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4834b364bc88059a2021-12-20 16:04:33.925root 11241100x8000000000000000785574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1d8c7e333b8ef02021-12-20 16:04:33.926root 11241100x8000000000000000785575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62777379fcc370f2021-12-20 16:04:33.926root 11241100x8000000000000000785576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9666210dd92a1642021-12-20 16:04:33.926root 11241100x8000000000000000785577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f452f74c2648d0622021-12-20 16:04:33.926root 11241100x8000000000000000785578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689783ffa182fb322021-12-20 16:04:33.926root 11241100x8000000000000000785579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b7fcf4e99dfc3a2021-12-20 16:04:33.926root 11241100x8000000000000000785580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e800941b57404a92021-12-20 16:04:33.926root 11241100x8000000000000000785581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae1bdcfb307b0ef2021-12-20 16:04:33.927root 11241100x8000000000000000785582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364c7616d82ae10e2021-12-20 16:04:33.927root 11241100x8000000000000000785583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e315b1d60c6711f52021-12-20 16:04:33.927root 11241100x8000000000000000785584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632e90bb8ec0747a2021-12-20 16:04:33.928root 11241100x8000000000000000785585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f227675ba090210e2021-12-20 16:04:33.928root 11241100x8000000000000000785586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a90cb144b4ee1f42021-12-20 16:04:33.928root 11241100x8000000000000000785587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5542a77555ae00d72021-12-20 16:04:33.928root 11241100x8000000000000000785588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2aba780ecb462f2021-12-20 16:04:33.929root 11241100x8000000000000000785589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a136cc385ecbe42021-12-20 16:04:33.929root 11241100x8000000000000000785590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:33.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f381e48a09c97b42021-12-20 16:04:33.929root 11241100x8000000000000000785591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b19823293c47c72021-12-20 16:04:34.424root 11241100x8000000000000000785592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24fe6e0d1fc37ba2021-12-20 16:04:34.424root 11241100x8000000000000000785593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff762ea44f0a562021-12-20 16:04:34.425root 11241100x8000000000000000785594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf390b01eb50a9d62021-12-20 16:04:34.425root 11241100x8000000000000000785595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f70e052584fd322021-12-20 16:04:34.425root 11241100x8000000000000000785596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa69076fad707ae2021-12-20 16:04:34.425root 11241100x8000000000000000785597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a961dd4b98be6a62021-12-20 16:04:34.425root 11241100x8000000000000000785598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6070f021d1f3572021-12-20 16:04:34.425root 11241100x8000000000000000785599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6f5097c35dadae2021-12-20 16:04:34.425root 11241100x8000000000000000785600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a34094c917cf312021-12-20 16:04:34.425root 11241100x8000000000000000785601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc981179181a65b62021-12-20 16:04:34.425root 11241100x8000000000000000785602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72d14d86d28b72b2021-12-20 16:04:34.426root 11241100x8000000000000000785603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b592c12beb8f9ac52021-12-20 16:04:34.426root 11241100x8000000000000000785604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51326e52ec0d1e8d2021-12-20 16:04:34.426root 11241100x8000000000000000785605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27d0d65fdabadad2021-12-20 16:04:34.426root 11241100x8000000000000000785606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312eac55f32c347a2021-12-20 16:04:34.426root 11241100x8000000000000000785607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d01780bb32fd8d52021-12-20 16:04:34.426root 11241100x8000000000000000785608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11139755a345cbc12021-12-20 16:04:34.426root 11241100x8000000000000000785609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4415a1a6d78d2f2021-12-20 16:04:34.426root 11241100x8000000000000000785610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737f8737f453353b2021-12-20 16:04:34.427root 11241100x8000000000000000785611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13ba5fb82f43fd92021-12-20 16:04:34.427root 11241100x8000000000000000785612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0a6a2e0f501b802021-12-20 16:04:34.427root 11241100x8000000000000000785613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbc22f17847dd082021-12-20 16:04:34.427root 11241100x8000000000000000785614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d217efbd9529750b2021-12-20 16:04:34.427root 11241100x8000000000000000785615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6130571508baee982021-12-20 16:04:34.427root 11241100x8000000000000000785616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745b5ccf43e847e92021-12-20 16:04:34.428root 11241100x8000000000000000785617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee021373d22de4e02021-12-20 16:04:34.428root 11241100x8000000000000000785618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd2d79eabc1d35f2021-12-20 16:04:34.924root 11241100x8000000000000000785619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa021b0d027162622021-12-20 16:04:34.924root 11241100x8000000000000000785620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fbb87c74b21ce12021-12-20 16:04:34.925root 11241100x8000000000000000785621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389255a4643262c22021-12-20 16:04:34.925root 11241100x8000000000000000785622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d599eec7da980f2a2021-12-20 16:04:34.925root 11241100x8000000000000000785623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122cb0bda831392c2021-12-20 16:04:34.925root 11241100x8000000000000000785624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c5010edc28b1262021-12-20 16:04:34.925root 11241100x8000000000000000785625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f04b444e3032442021-12-20 16:04:34.925root 11241100x8000000000000000785626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0d21e54204aaba2021-12-20 16:04:34.925root 11241100x8000000000000000785627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b356d61873035cf52021-12-20 16:04:34.926root 11241100x8000000000000000785628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75efa47740e2fab2021-12-20 16:04:34.926root 11241100x8000000000000000785629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fe2c0435d4704c2021-12-20 16:04:34.926root 11241100x8000000000000000785630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1244baf84cb3d432021-12-20 16:04:34.926root 11241100x8000000000000000785631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf662697df01211e2021-12-20 16:04:34.926root 11241100x8000000000000000785632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591ecbdeef28527c2021-12-20 16:04:34.926root 11241100x8000000000000000785633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53e8c8b2cdfd0682021-12-20 16:04:34.926root 11241100x8000000000000000785634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9fc041ad8ed7b92021-12-20 16:04:34.927root 11241100x8000000000000000785635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae18724e8a329a92021-12-20 16:04:34.927root 11241100x8000000000000000785636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ba967845ebe67d2021-12-20 16:04:34.927root 11241100x8000000000000000785637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c996d7ce9e237fcb2021-12-20 16:04:34.927root 11241100x8000000000000000785638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8427e978702e9a002021-12-20 16:04:34.927root 11241100x8000000000000000785639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c5445777e04e4b2021-12-20 16:04:34.927root 11241100x8000000000000000785640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca85aa7d17bdbc02021-12-20 16:04:34.928root 11241100x8000000000000000785641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0947942057688e762021-12-20 16:04:34.928root 11241100x8000000000000000785642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0968932bad38b262021-12-20 16:04:34.928root 11241100x8000000000000000785643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768593d6173902d32021-12-20 16:04:34.928root 11241100x8000000000000000785644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:34.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a228446e3d70702021-12-20 16:04:34.928root 11241100x8000000000000000785645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b571ddc948f1f022021-12-20 16:04:35.424root 11241100x8000000000000000785646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237d7bb7c1f87ff62021-12-20 16:04:35.424root 11241100x8000000000000000785647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9735d50e5cdb6fb02021-12-20 16:04:35.424root 11241100x8000000000000000785648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9690d0a84d48a4982021-12-20 16:04:35.424root 11241100x8000000000000000785649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8334c82db2ee2a9c2021-12-20 16:04:35.424root 11241100x8000000000000000785650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8e3b3a3a84ed4e2021-12-20 16:04:35.424root 11241100x8000000000000000785651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c6e63d9c0f65012021-12-20 16:04:35.424root 11241100x8000000000000000785652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfd41094c31c59e2021-12-20 16:04:35.425root 11241100x8000000000000000785653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2de2ee519d382e2021-12-20 16:04:35.425root 11241100x8000000000000000785654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975a5f154e7ada122021-12-20 16:04:35.425root 11241100x8000000000000000785655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6280ff37c4e1afb42021-12-20 16:04:35.425root 11241100x8000000000000000785656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2e14f4f50b78bd2021-12-20 16:04:35.425root 11241100x8000000000000000785657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3382bf51e0e045f2021-12-20 16:04:35.426root 11241100x8000000000000000785658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f2b615b598e41d2021-12-20 16:04:35.426root 11241100x8000000000000000785659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967da9283fe6816a2021-12-20 16:04:35.426root 11241100x8000000000000000785660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5822eb93388f2ec22021-12-20 16:04:35.426root 11241100x8000000000000000785661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d6352ae4ed3d462021-12-20 16:04:35.426root 11241100x8000000000000000785662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc593d5e7ac89162021-12-20 16:04:35.426root 11241100x8000000000000000785663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213dfe3c8c38804f2021-12-20 16:04:35.426root 11241100x8000000000000000785664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e6b4758c7a6c202021-12-20 16:04:35.427root 11241100x8000000000000000785665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e524af5f9c69072021-12-20 16:04:35.427root 11241100x8000000000000000785666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433256dcef1f7d9d2021-12-20 16:04:35.427root 11241100x8000000000000000785667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fde16c4a50b3ae2021-12-20 16:04:35.427root 11241100x8000000000000000785668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f613f4e65de8082021-12-20 16:04:35.427root 11241100x8000000000000000785669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac3b8968e8b80432021-12-20 16:04:35.427root 11241100x8000000000000000785670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e628609470cf31ad2021-12-20 16:04:35.427root 11241100x8000000000000000785671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b3df3e55c733a42021-12-20 16:04:35.428root 11241100x8000000000000000785672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1b9ea266c0f22b2021-12-20 16:04:35.428root 11241100x8000000000000000785673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f28edd0e2be04992021-12-20 16:04:35.428root 11241100x8000000000000000785674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e704dffad6764e2021-12-20 16:04:35.428root 11241100x8000000000000000785675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4c05553047f9182021-12-20 16:04:35.429root 11241100x8000000000000000785676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58456e55bdff32f92021-12-20 16:04:35.429root 11241100x8000000000000000785677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c685e429f1aa25992021-12-20 16:04:35.429root 11241100x8000000000000000785678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e19eb80a386a042021-12-20 16:04:35.429root 11241100x8000000000000000785679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c466a51270cb3f2021-12-20 16:04:35.429root 11241100x8000000000000000785680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c430750f0bf5292021-12-20 16:04:35.429root 11241100x8000000000000000785681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ef1f8b2243cecc2021-12-20 16:04:35.430root 11241100x8000000000000000785682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ec10d9a9b200ac2021-12-20 16:04:35.430root 11241100x8000000000000000785683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc3b596d32986852021-12-20 16:04:35.430root 11241100x8000000000000000785684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b967319544cc022021-12-20 16:04:35.430root 11241100x8000000000000000785685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51815b7b2cb057772021-12-20 16:04:35.430root 11241100x8000000000000000785686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee50fd52e800832021-12-20 16:04:35.430root 11241100x8000000000000000785687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b2aec146be9f0e2021-12-20 16:04:35.431root 11241100x8000000000000000785688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486ad4846070588d2021-12-20 16:04:35.431root 11241100x8000000000000000785689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d085764276b6be2021-12-20 16:04:35.431root 11241100x8000000000000000785690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d8c16248d27bfe2021-12-20 16:04:35.924root 11241100x8000000000000000785691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0b302508d83dba2021-12-20 16:04:35.924root 11241100x8000000000000000785692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f7ac24df81ea722021-12-20 16:04:35.924root 11241100x8000000000000000785693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3e86f75c3b67352021-12-20 16:04:35.924root 11241100x8000000000000000785694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd43c5ece717e872021-12-20 16:04:35.924root 11241100x8000000000000000785695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7fc1cfc74a7f842021-12-20 16:04:35.924root 11241100x8000000000000000785696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22729083a4bfd0542021-12-20 16:04:35.925root 11241100x8000000000000000785697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893934225035f0422021-12-20 16:04:35.925root 11241100x8000000000000000785698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7506dbf6537ec8242021-12-20 16:04:35.925root 11241100x8000000000000000785699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6045793e9858852021-12-20 16:04:35.925root 11241100x8000000000000000785700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce62ec526543e9932021-12-20 16:04:35.925root 11241100x8000000000000000785701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582dbc4887666e672021-12-20 16:04:35.925root 11241100x8000000000000000785702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472feb5675e223bd2021-12-20 16:04:35.925root 11241100x8000000000000000785703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11db60dbaf06d8472021-12-20 16:04:35.925root 11241100x8000000000000000785704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377f4b0b30b128ba2021-12-20 16:04:35.925root 11241100x8000000000000000785705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0511ed7c79692602021-12-20 16:04:35.925root 11241100x8000000000000000785706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926834df979b92b72021-12-20 16:04:35.926root 11241100x8000000000000000785707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c9311165f9dff82021-12-20 16:04:35.926root 11241100x8000000000000000785708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5186068b7f3e91742021-12-20 16:04:35.926root 11241100x8000000000000000785709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d49ee7c7bd9bf732021-12-20 16:04:35.926root 11241100x8000000000000000785710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d755a314f034a82021-12-20 16:04:35.926root 11241100x8000000000000000785711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83131acc253105202021-12-20 16:04:35.926root 11241100x8000000000000000785712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b9676b9ce1ed5e2021-12-20 16:04:35.926root 11241100x8000000000000000785713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86eb37438f22e072021-12-20 16:04:35.926root 11241100x8000000000000000785714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0052df1c59ca76482021-12-20 16:04:35.926root 11241100x8000000000000000785715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2741c08ec0f98b2021-12-20 16:04:35.926root 11241100x8000000000000000785716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf18fcd0c2ef0052021-12-20 16:04:35.926root 11241100x8000000000000000785717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99413f8aa0bcfab52021-12-20 16:04:35.927root 11241100x8000000000000000785718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a31b58d9e9b5a72021-12-20 16:04:35.927root 11241100x8000000000000000785719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd211fe3784818a2021-12-20 16:04:35.927root 11241100x8000000000000000785720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444ea5a9652411ad2021-12-20 16:04:35.927root 11241100x8000000000000000785721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b85d9780ae231022021-12-20 16:04:35.927root 11241100x8000000000000000785722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eb1a8fea9d3aa92021-12-20 16:04:35.927root 11241100x8000000000000000785723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113a95e2d12e67372021-12-20 16:04:35.927root 11241100x8000000000000000785724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21bc3ef75f2221c2021-12-20 16:04:35.927root 11241100x8000000000000000785725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a4f79a8a1b8f9a2021-12-20 16:04:35.927root 11241100x8000000000000000785726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17c766fb0f125db2021-12-20 16:04:35.928root 11241100x8000000000000000785727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9f2031f99fd0362021-12-20 16:04:35.928root 11241100x8000000000000000785728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:35.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c1e5e83085ca902021-12-20 16:04:35.928root 11241100x8000000000000000785729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.066{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:04:36.066root 11241100x8000000000000000785730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c125c26646fbda2021-12-20 16:04:36.424root 11241100x8000000000000000785731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64c2801d9bfbda62021-12-20 16:04:36.424root 11241100x8000000000000000785732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c252845c3d87ee2021-12-20 16:04:36.424root 11241100x8000000000000000785733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6547fe307c05bfb02021-12-20 16:04:36.424root 11241100x8000000000000000785734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4526ab62dc33c5cf2021-12-20 16:04:36.425root 11241100x8000000000000000785735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fc7787e1108b0d2021-12-20 16:04:36.425root 11241100x8000000000000000785736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a69dcc4db3958d82021-12-20 16:04:36.425root 11241100x8000000000000000785737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecd91df37a05f712021-12-20 16:04:36.425root 11241100x8000000000000000785738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30eddcabc1c114a82021-12-20 16:04:36.425root 11241100x8000000000000000785739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6923762e05c5279d2021-12-20 16:04:36.425root 11241100x8000000000000000785740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a7f44049a8b6ed2021-12-20 16:04:36.425root 11241100x8000000000000000785741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66958c0b9e9033c2021-12-20 16:04:36.425root 11241100x8000000000000000785742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7917f27f310e244c2021-12-20 16:04:36.425root 11241100x8000000000000000785743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de742fe436a480642021-12-20 16:04:36.425root 11241100x8000000000000000785744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b7850b3fdb9dec2021-12-20 16:04:36.425root 11241100x8000000000000000785745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b25db64f772c2c2021-12-20 16:04:36.425root 11241100x8000000000000000785746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7070c097bd420432021-12-20 16:04:36.425root 11241100x8000000000000000785747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec157ea718a2fce2021-12-20 16:04:36.425root 11241100x8000000000000000785748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc408f68773fe0c82021-12-20 16:04:36.425root 11241100x8000000000000000785749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5e03a1c9870b542021-12-20 16:04:36.426root 11241100x8000000000000000785750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e008edf667bd0dc82021-12-20 16:04:36.426root 11241100x8000000000000000785751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f192653b5403df0f2021-12-20 16:04:36.426root 11241100x8000000000000000785752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9d9795d942e8792021-12-20 16:04:36.426root 11241100x8000000000000000785753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bee2aa9f4278e942021-12-20 16:04:36.426root 11241100x8000000000000000785754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ee16ac0308ebbe2021-12-20 16:04:36.426root 11241100x8000000000000000785755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142302bff94682352021-12-20 16:04:36.426root 11241100x8000000000000000785756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d74623accb0ecf2021-12-20 16:04:36.427root 11241100x8000000000000000785757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaa64d472796da02021-12-20 16:04:36.427root 11241100x8000000000000000785758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d97ba4e3b0a16952021-12-20 16:04:36.427root 11241100x8000000000000000785759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f2116d27fafc5a2021-12-20 16:04:36.924root 11241100x8000000000000000785760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f061f5dec46b31dd2021-12-20 16:04:36.924root 11241100x8000000000000000785761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1f49d994553bfe2021-12-20 16:04:36.924root 11241100x8000000000000000785762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a248f4b29d4e502021-12-20 16:04:36.924root 11241100x8000000000000000785763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb57fde37302a6d2021-12-20 16:04:36.924root 11241100x8000000000000000785764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b200da863e257e42021-12-20 16:04:36.924root 11241100x8000000000000000785765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d18087365e74972021-12-20 16:04:36.924root 11241100x8000000000000000785766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1ea67a164296082021-12-20 16:04:36.925root 11241100x8000000000000000785767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc60e7cb7d1c8162021-12-20 16:04:36.925root 11241100x8000000000000000785768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896261ae61990b152021-12-20 16:04:36.925root 11241100x8000000000000000785769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee29199d408a937a2021-12-20 16:04:36.925root 11241100x8000000000000000785770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83980e9d5b5c8b8c2021-12-20 16:04:36.925root 11241100x8000000000000000785771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd077ada53647e22021-12-20 16:04:36.925root 11241100x8000000000000000785772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa9477dc3ca904d2021-12-20 16:04:36.925root 11241100x8000000000000000785773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e47833cc5d5fa002021-12-20 16:04:36.925root 11241100x8000000000000000785774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8d16560e6ee1952021-12-20 16:04:36.925root 11241100x8000000000000000785775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8456253e869ab02021-12-20 16:04:36.925root 11241100x8000000000000000785776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139f831f8587344a2021-12-20 16:04:36.925root 11241100x8000000000000000785777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbf95c9ca05a1d82021-12-20 16:04:36.925root 11241100x8000000000000000785778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd142e89235199502021-12-20 16:04:36.925root 11241100x8000000000000000785779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4142b7bec2aba1762021-12-20 16:04:36.925root 11241100x8000000000000000785780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87f7f3aae287e312021-12-20 16:04:36.925root 11241100x8000000000000000785781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8662db586ec671cd2021-12-20 16:04:36.926root 11241100x8000000000000000785782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0221ec38768ca9e2021-12-20 16:04:36.926root 11241100x8000000000000000785783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f99e2419b4e2eab2021-12-20 16:04:36.926root 11241100x8000000000000000785784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fb757f7edda94c2021-12-20 16:04:36.926root 11241100x8000000000000000785785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01ed0f6fac17f522021-12-20 16:04:36.926root 11241100x8000000000000000785786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785bde80521a2f012021-12-20 16:04:36.926root 11241100x8000000000000000785787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632fbc1054f4bdbd2021-12-20 16:04:36.926root 11241100x8000000000000000785788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a66c89d37076ab2021-12-20 16:04:36.927root 11241100x8000000000000000785789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931dddbec3bb6e6a2021-12-20 16:04:36.927root 11241100x8000000000000000785790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700767b6f1f73e7c2021-12-20 16:04:36.927root 11241100x8000000000000000785791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144cca6e25decc3e2021-12-20 16:04:36.927root 11241100x8000000000000000785792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f35edc4a55d0782021-12-20 16:04:36.927root 11241100x8000000000000000785793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:36.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83485af5bd29a4ec2021-12-20 16:04:36.927root 11241100x8000000000000000785794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aea3911e6121482021-12-20 16:04:37.424root 11241100x8000000000000000785795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25d699a95e64ad82021-12-20 16:04:37.424root 11241100x8000000000000000785796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b824c5a3f5aff1b2021-12-20 16:04:37.424root 11241100x8000000000000000785797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98fc3c8a68212f22021-12-20 16:04:37.425root 11241100x8000000000000000785798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6aa3406401287802021-12-20 16:04:37.425root 11241100x8000000000000000785799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d91a9adf3b669952021-12-20 16:04:37.425root 11241100x8000000000000000785800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b558cbc80fe8df2021-12-20 16:04:37.425root 11241100x8000000000000000785801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a625a7fdb07d0a2021-12-20 16:04:37.425root 11241100x8000000000000000785802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bbce24c4e7af672021-12-20 16:04:37.425root 11241100x8000000000000000785803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150c6b6822eca6f02021-12-20 16:04:37.426root 11241100x8000000000000000785804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0f8f5aefe0753b2021-12-20 16:04:37.426root 11241100x8000000000000000785805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78a333f9eb39c4e2021-12-20 16:04:37.426root 11241100x8000000000000000785806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae5eeac5582744e2021-12-20 16:04:37.426root 11241100x8000000000000000785807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5801af2988dfc0012021-12-20 16:04:37.426root 11241100x8000000000000000785808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e116090657f2c32021-12-20 16:04:37.426root 11241100x8000000000000000785809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500bc1cdce75c8082021-12-20 16:04:37.427root 11241100x8000000000000000785810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040e0d9ce419c68d2021-12-20 16:04:37.427root 11241100x8000000000000000785811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312d134fa08237552021-12-20 16:04:37.427root 11241100x8000000000000000785812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aebc2b7c0eb9b772021-12-20 16:04:37.427root 11241100x8000000000000000785813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c19b6aca5b277e2021-12-20 16:04:37.427root 11241100x8000000000000000785814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fba76058cc544c32021-12-20 16:04:37.427root 11241100x8000000000000000785815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c8169d7f432afd2021-12-20 16:04:37.427root 11241100x8000000000000000785816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18de103371f990b2021-12-20 16:04:37.428root 11241100x8000000000000000785817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a4351fd1b6a0402021-12-20 16:04:37.428root 11241100x8000000000000000785818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af9bf870b9f22442021-12-20 16:04:37.428root 11241100x8000000000000000785819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e865cf4b9a105ee2021-12-20 16:04:37.428root 11241100x8000000000000000785820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb8a1fe4015e1e92021-12-20 16:04:37.428root 11241100x8000000000000000785821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb42456309e3e8332021-12-20 16:04:37.429root 11241100x8000000000000000785822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd42217fbc6bd482021-12-20 16:04:37.429root 11241100x8000000000000000785823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770799dce6c997262021-12-20 16:04:37.429root 11241100x8000000000000000785824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8432dd9999cb80c32021-12-20 16:04:37.429root 11241100x8000000000000000785825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1ae958989428822021-12-20 16:04:37.429root 11241100x8000000000000000785826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088cdb4cef9fa03d2021-12-20 16:04:37.924root 11241100x8000000000000000785827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a35cda99f7e3702021-12-20 16:04:37.924root 11241100x8000000000000000785828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714c072e0eac487f2021-12-20 16:04:37.924root 11241100x8000000000000000785829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e583bac9bcdd358a2021-12-20 16:04:37.924root 11241100x8000000000000000785830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d38bd862e242ae2021-12-20 16:04:37.925root 11241100x8000000000000000785831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8801c15a31de8292021-12-20 16:04:37.925root 11241100x8000000000000000785832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ca6ef15c0af0c22021-12-20 16:04:37.925root 11241100x8000000000000000785833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b86cf7b58fccd392021-12-20 16:04:37.925root 11241100x8000000000000000785834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfda52369c669982021-12-20 16:04:37.925root 11241100x8000000000000000785835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad321a577d6b87242021-12-20 16:04:37.925root 11241100x8000000000000000785836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dde15cbb267b8bd2021-12-20 16:04:37.926root 11241100x8000000000000000785837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4507daba3ef128272021-12-20 16:04:37.926root 11241100x8000000000000000785838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30114208614e44552021-12-20 16:04:37.926root 11241100x8000000000000000785839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddde0ab0ebeff0a32021-12-20 16:04:37.926root 11241100x8000000000000000785840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd2705fd0e3a5df2021-12-20 16:04:37.926root 11241100x8000000000000000785841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee8f10bb092c6152021-12-20 16:04:37.926root 11241100x8000000000000000785842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e005332b4d942e2021-12-20 16:04:37.926root 11241100x8000000000000000785843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b377f41577e32ee2021-12-20 16:04:37.927root 11241100x8000000000000000785844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652f7903a0cf3c872021-12-20 16:04:37.927root 11241100x8000000000000000785845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2345e0a6c1f813672021-12-20 16:04:37.927root 11241100x8000000000000000785846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f9c6b868a977902021-12-20 16:04:37.927root 11241100x8000000000000000785847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf459bf71e865b962021-12-20 16:04:37.927root 11241100x8000000000000000785848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2014fc5fdbb21d2021-12-20 16:04:37.927root 11241100x8000000000000000785849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e18fd111c9ad512021-12-20 16:04:37.927root 11241100x8000000000000000785850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d6b451d8bb6c6e2021-12-20 16:04:37.928root 11241100x8000000000000000785851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac07106c9e507f232021-12-20 16:04:37.928root 11241100x8000000000000000785852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3d09aeb50e40192021-12-20 16:04:37.928root 11241100x8000000000000000785853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2fdc31185d8dc82021-12-20 16:04:37.928root 11241100x8000000000000000785854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadcde8bcf354b2f2021-12-20 16:04:37.928root 11241100x8000000000000000785855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fb8a74f5a5c3df2021-12-20 16:04:37.928root 11241100x8000000000000000785856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97696d04d1ce56a2021-12-20 16:04:37.928root 11241100x8000000000000000785857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad7f408858372612021-12-20 16:04:37.929root 11241100x8000000000000000785858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a6443b880dd3122021-12-20 16:04:37.929root 11241100x8000000000000000785859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24c480b960a884f2021-12-20 16:04:37.929root 11241100x8000000000000000785860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6286fe461d2ee62021-12-20 16:04:37.929root 11241100x8000000000000000785861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e83ef98f33073012021-12-20 16:04:37.929root 11241100x8000000000000000785862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3ec8b8899af6972021-12-20 16:04:37.929root 11241100x8000000000000000785863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:37.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc458ace15410d9d2021-12-20 16:04:37.929root 11241100x8000000000000000785864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ca4f5f15b548d12021-12-20 16:04:38.424root 11241100x8000000000000000785865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652217836eded1a42021-12-20 16:04:38.424root 11241100x8000000000000000785866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228d4adef798e3c12021-12-20 16:04:38.424root 11241100x8000000000000000785867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70cc04d7875fdd52021-12-20 16:04:38.424root 11241100x8000000000000000785868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee86cad76baec3c2021-12-20 16:04:38.425root 11241100x8000000000000000785869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad8cd73e6b77a692021-12-20 16:04:38.425root 11241100x8000000000000000785870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bfc047be78a2852021-12-20 16:04:38.425root 11241100x8000000000000000785871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e486913d087f552021-12-20 16:04:38.425root 11241100x8000000000000000785872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ba5afc4eb0c6942021-12-20 16:04:38.425root 11241100x8000000000000000785873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25065384795988db2021-12-20 16:04:38.425root 11241100x8000000000000000785874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b7054a3c7efb422021-12-20 16:04:38.425root 11241100x8000000000000000785875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9c6d99f79d00aa2021-12-20 16:04:38.425root 11241100x8000000000000000785876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ce5f47fc67e7bd2021-12-20 16:04:38.426root 11241100x8000000000000000785877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8ac3e2cb68569d2021-12-20 16:04:38.426root 11241100x8000000000000000785878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57571b186651722a2021-12-20 16:04:38.426root 11241100x8000000000000000785879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c04c3d1c1022c812021-12-20 16:04:38.426root 11241100x8000000000000000785880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c90000608dd5492021-12-20 16:04:38.426root 11241100x8000000000000000785881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb69c92779eeb722021-12-20 16:04:38.426root 11241100x8000000000000000785882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3567564f828b8b32021-12-20 16:04:38.427root 11241100x8000000000000000785883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd1094d4433a2db2021-12-20 16:04:38.427root 11241100x8000000000000000785884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bec371cbe640a4e2021-12-20 16:04:38.427root 11241100x8000000000000000785885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb91f64beaaa36fd2021-12-20 16:04:38.427root 11241100x8000000000000000785886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e682de89b79411c2021-12-20 16:04:38.427root 11241100x8000000000000000785887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57515bdb046cf3d92021-12-20 16:04:38.427root 11241100x8000000000000000785888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bfc644d02a06bc2021-12-20 16:04:38.427root 11241100x8000000000000000785889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9637c15e2ee8dc0f2021-12-20 16:04:38.428root 11241100x8000000000000000785890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67a86282a7934872021-12-20 16:04:38.428root 11241100x8000000000000000785891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813b7c8b18e9ef052021-12-20 16:04:38.428root 11241100x8000000000000000785892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825fd649500639132021-12-20 16:04:38.428root 11241100x8000000000000000785893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2fae605e4c29852021-12-20 16:04:38.428root 11241100x8000000000000000785894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1fed6cf8e2cd8f2021-12-20 16:04:38.428root 11241100x8000000000000000785895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df279ce4e796fac2021-12-20 16:04:38.428root 11241100x8000000000000000785896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c318e011f9695de2021-12-20 16:04:38.429root 11241100x8000000000000000785897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ed2a24ed7a3eda2021-12-20 16:04:38.924root 11241100x8000000000000000785898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12eedfc602da02e2021-12-20 16:04:38.925root 11241100x8000000000000000785899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d6f0f9bfba2d882021-12-20 16:04:38.925root 11241100x8000000000000000785900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f267ae57d103fb2021-12-20 16:04:38.925root 11241100x8000000000000000785901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac024f90a84f1712021-12-20 16:04:38.925root 11241100x8000000000000000785902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e957197eb64dc42021-12-20 16:04:38.926root 11241100x8000000000000000785903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfe20d92ff25ec22021-12-20 16:04:38.926root 11241100x8000000000000000785904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4e6893a530c1d82021-12-20 16:04:38.926root 11241100x8000000000000000785905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769b1871b6086baf2021-12-20 16:04:38.927root 11241100x8000000000000000785906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02494d17e7bd8ad2021-12-20 16:04:38.927root 11241100x8000000000000000785907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab5d919823470df2021-12-20 16:04:38.927root 11241100x8000000000000000785908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3320bb3362e4e26c2021-12-20 16:04:38.927root 11241100x8000000000000000785909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6729f1a040933b52021-12-20 16:04:38.928root 11241100x8000000000000000785910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85797d2226fb0472021-12-20 16:04:38.928root 11241100x8000000000000000785911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f99995f0ca31ba2021-12-20 16:04:38.928root 11241100x8000000000000000785912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf441c28869e8502021-12-20 16:04:38.928root 11241100x8000000000000000785913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8713cd931d81722021-12-20 16:04:38.929root 11241100x8000000000000000785914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5491436d370bce732021-12-20 16:04:38.929root 11241100x8000000000000000785915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2e283b7c390a412021-12-20 16:04:38.929root 11241100x8000000000000000785916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329eeec0ca8a6b9a2021-12-20 16:04:38.929root 11241100x8000000000000000785917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2b051019fa6bb92021-12-20 16:04:38.929root 11241100x8000000000000000785918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b54555c1db13c182021-12-20 16:04:38.929root 11241100x8000000000000000785919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368aaf9131328c322021-12-20 16:04:38.929root 11241100x8000000000000000785920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2a9fe16b6240e62021-12-20 16:04:38.929root 11241100x8000000000000000785921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96b5634d755ee522021-12-20 16:04:38.929root 11241100x8000000000000000785922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bb3d5750d743752021-12-20 16:04:38.929root 11241100x8000000000000000785923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c763e56c969acbee2021-12-20 16:04:38.929root 11241100x8000000000000000785924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4839e2d2f7f92f42021-12-20 16:04:38.929root 11241100x8000000000000000785925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:38.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374bb9597f817d902021-12-20 16:04:38.929root 354300x8000000000000000785926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.014{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51598-false10.0.1.12-8000- 23542300x8000000000000000785927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000785928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7693ef10359ed23b2021-12-20 16:04:39.424root 11241100x8000000000000000785929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffd8a5833c541cd2021-12-20 16:04:39.424root 11241100x8000000000000000785930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbffb7755c67a6b2021-12-20 16:04:39.424root 11241100x8000000000000000785931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e7958179847a902021-12-20 16:04:39.425root 11241100x8000000000000000785932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b85b0516c70e4e2021-12-20 16:04:39.425root 11241100x8000000000000000785933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4444f0a3b0f63ca42021-12-20 16:04:39.425root 11241100x8000000000000000785934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c125b075432a73912021-12-20 16:04:39.425root 11241100x8000000000000000785935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ef97ec5f5587742021-12-20 16:04:39.425root 11241100x8000000000000000785936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ebddee156390bd2021-12-20 16:04:39.425root 11241100x8000000000000000785937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1458b72ba9b4a81b2021-12-20 16:04:39.425root 11241100x8000000000000000785938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a615aea9043b3462021-12-20 16:04:39.426root 11241100x8000000000000000785939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ba104b2f1a285d2021-12-20 16:04:39.426root 11241100x8000000000000000785940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e109ab42f352c822021-12-20 16:04:39.426root 11241100x8000000000000000785941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4333472177d3f1a62021-12-20 16:04:39.426root 11241100x8000000000000000785942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c163794830c900b2021-12-20 16:04:39.426root 11241100x8000000000000000785943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2c90326bc60ac72021-12-20 16:04:39.427root 11241100x8000000000000000785944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc2f59b18df17752021-12-20 16:04:39.427root 11241100x8000000000000000785945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f325ffb06813002021-12-20 16:04:39.427root 11241100x8000000000000000785946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d519a2543e87552021-12-20 16:04:39.427root 11241100x8000000000000000785947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805b12614644a79b2021-12-20 16:04:39.427root 11241100x8000000000000000785948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644ec87ea1ba04342021-12-20 16:04:39.427root 11241100x8000000000000000785949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14187d363896c8d72021-12-20 16:04:39.427root 11241100x8000000000000000785950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d66bbb46021b552021-12-20 16:04:39.428root 11241100x8000000000000000785951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8781fae23b47a6f2021-12-20 16:04:39.428root 11241100x8000000000000000785952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e35923592bb4be2021-12-20 16:04:39.428root 11241100x8000000000000000785953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5334016e794d8f2021-12-20 16:04:39.428root 11241100x8000000000000000785954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccde00ea8c4789832021-12-20 16:04:39.435root 11241100x8000000000000000785955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f25e2ad4ec69942021-12-20 16:04:39.435root 11241100x8000000000000000785956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e06f5a7f29675d2021-12-20 16:04:39.435root 11241100x8000000000000000785957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6dd270e331ff7d2021-12-20 16:04:39.435root 11241100x8000000000000000785958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1572351715375d782021-12-20 16:04:39.924root 11241100x8000000000000000785959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55e304006bc43df2021-12-20 16:04:39.924root 11241100x8000000000000000785960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dac0e6e674a72352021-12-20 16:04:39.924root 11241100x8000000000000000785961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6f98a6151173b22021-12-20 16:04:39.925root 11241100x8000000000000000785962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f194e75971043f342021-12-20 16:04:39.925root 11241100x8000000000000000785963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e67aa55cd40cf6a2021-12-20 16:04:39.925root 11241100x8000000000000000785964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9b5d6cc558c9a02021-12-20 16:04:39.925root 11241100x8000000000000000785965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeac8b57942426a12021-12-20 16:04:39.925root 11241100x8000000000000000785966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b933c8cfaafa512021-12-20 16:04:39.925root 11241100x8000000000000000785967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e813b0ba580924f62021-12-20 16:04:39.925root 11241100x8000000000000000785968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dedf661fb573e42021-12-20 16:04:39.925root 11241100x8000000000000000785969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9431777563595092021-12-20 16:04:39.925root 11241100x8000000000000000785970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563a7d56c7985fb42021-12-20 16:04:39.925root 11241100x8000000000000000785971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6893db668b97a7082021-12-20 16:04:39.926root 11241100x8000000000000000785972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed7022fe88045aa2021-12-20 16:04:39.926root 11241100x8000000000000000785973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940b3d187e2120392021-12-20 16:04:39.926root 11241100x8000000000000000785974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be087dfb768d892021-12-20 16:04:39.926root 11241100x8000000000000000785975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813d36194863cc082021-12-20 16:04:39.926root 11241100x8000000000000000785976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5067d2ed6a92bc532021-12-20 16:04:39.926root 11241100x8000000000000000785977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43829f84c0fe6732021-12-20 16:04:39.926root 11241100x8000000000000000785978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e9a538273dcb462021-12-20 16:04:39.926root 11241100x8000000000000000785979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975f2aa934211acc2021-12-20 16:04:39.926root 11241100x8000000000000000785980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443862f7d0e2285c2021-12-20 16:04:39.926root 11241100x8000000000000000785981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8dfc5fc863c3212021-12-20 16:04:39.927root 11241100x8000000000000000785982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a2efd4ff2057002021-12-20 16:04:39.927root 11241100x8000000000000000785983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32dc189247d1c9f2021-12-20 16:04:39.927root 11241100x8000000000000000785984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d17bc4c3031c5632021-12-20 16:04:39.927root 11241100x8000000000000000785985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebb62e3f2aef3632021-12-20 16:04:39.927root 11241100x8000000000000000785986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc9d73be3be96df2021-12-20 16:04:39.927root 11241100x8000000000000000785987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:39.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3bc6474134c0702021-12-20 16:04:39.927root 11241100x8000000000000000785988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97748bdbefcc08112021-12-20 16:04:40.424root 11241100x8000000000000000785989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee222b2e3970ef262021-12-20 16:04:40.424root 11241100x8000000000000000785990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249f18b50ca126472021-12-20 16:04:40.425root 11241100x8000000000000000785991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb748e4a4880df12021-12-20 16:04:40.425root 11241100x8000000000000000785992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cee18f26ffbb0932021-12-20 16:04:40.425root 11241100x8000000000000000785993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3fcaa6dfe4f2fc2021-12-20 16:04:40.425root 11241100x8000000000000000785994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81be7907d4ae1b42021-12-20 16:04:40.425root 11241100x8000000000000000785995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f166972e5be881ab2021-12-20 16:04:40.425root 11241100x8000000000000000785996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de6dcb7a87ae2672021-12-20 16:04:40.426root 11241100x8000000000000000785997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d722441469dc4442021-12-20 16:04:40.426root 11241100x8000000000000000785998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a16492b6c6f2be2021-12-20 16:04:40.426root 11241100x8000000000000000785999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b30623e1f9dd232021-12-20 16:04:40.426root 11241100x8000000000000000786000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be89b835f271b9d2021-12-20 16:04:40.426root 11241100x8000000000000000786001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32351b20bf43fe512021-12-20 16:04:40.426root 11241100x8000000000000000786002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea7c216642a5a112021-12-20 16:04:40.426root 11241100x8000000000000000786003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9228b58a26d68eab2021-12-20 16:04:40.427root 11241100x8000000000000000786004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cb2636d3d6de632021-12-20 16:04:40.427root 11241100x8000000000000000786005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8bf35b1d931bcd2021-12-20 16:04:40.427root 11241100x8000000000000000786006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d8e66a944bf2ff2021-12-20 16:04:40.427root 11241100x8000000000000000786007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e8f3ae775d8e752021-12-20 16:04:40.427root 11241100x8000000000000000786008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1d90d43a3aaaf02021-12-20 16:04:40.427root 11241100x8000000000000000786009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe1418d975dce162021-12-20 16:04:40.427root 11241100x8000000000000000786010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d14cec4b57ba6892021-12-20 16:04:40.428root 11241100x8000000000000000786011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68274583f49a49d82021-12-20 16:04:40.428root 11241100x8000000000000000786012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f43a9f7b02711f2021-12-20 16:04:40.428root 11241100x8000000000000000786013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3bd1edd5ccda272021-12-20 16:04:40.428root 11241100x8000000000000000786014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db5e413adf6f1d82021-12-20 16:04:40.428root 11241100x8000000000000000786015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8de33e8d36333732021-12-20 16:04:40.428root 11241100x8000000000000000786016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9521a4524cf850342021-12-20 16:04:40.429root 11241100x8000000000000000786017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c2a99246f813062021-12-20 16:04:40.429root 11241100x8000000000000000786018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00748ef61e17537a2021-12-20 16:04:40.429root 11241100x8000000000000000786019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc23dcc2adfc52d2021-12-20 16:04:40.924root 11241100x8000000000000000786020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51df06c20e8a2ebf2021-12-20 16:04:40.924root 11241100x8000000000000000786021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fad4820f7ffa82a2021-12-20 16:04:40.924root 11241100x8000000000000000786022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84811ce0083b59262021-12-20 16:04:40.924root 11241100x8000000000000000786023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55c32d4bf8db3f42021-12-20 16:04:40.924root 11241100x8000000000000000786024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ca8de61f88fd7e2021-12-20 16:04:40.924root 11241100x8000000000000000786025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cb4cd618376c372021-12-20 16:04:40.925root 11241100x8000000000000000786026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70846340d8dfcadd2021-12-20 16:04:40.925root 11241100x8000000000000000786027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e48f0b614473aec2021-12-20 16:04:40.925root 11241100x8000000000000000786028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f760622a59a5ef2021-12-20 16:04:40.925root 11241100x8000000000000000786029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd0b9833702dd442021-12-20 16:04:40.925root 11241100x8000000000000000786030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467cbeea657a66aa2021-12-20 16:04:40.925root 11241100x8000000000000000786031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a17ea55bc9d9b52021-12-20 16:04:40.925root 11241100x8000000000000000786032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a92ed9e182917162021-12-20 16:04:40.925root 11241100x8000000000000000786033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b5d0b4c62643092021-12-20 16:04:40.925root 11241100x8000000000000000786034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89b3c54de5ab1052021-12-20 16:04:40.925root 11241100x8000000000000000786035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b7289e9e98c2fc2021-12-20 16:04:40.925root 11241100x8000000000000000786036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf259a246327a6a52021-12-20 16:04:40.925root 11241100x8000000000000000786037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48000b23c0ccf5072021-12-20 16:04:40.926root 11241100x8000000000000000786038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a167dfe891227782021-12-20 16:04:40.926root 11241100x8000000000000000786039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e41bdd7b88bd4e42021-12-20 16:04:40.926root 11241100x8000000000000000786040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a739cac2989511e22021-12-20 16:04:40.926root 11241100x8000000000000000786041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8484fa52047a462021-12-20 16:04:40.926root 11241100x8000000000000000786042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afa369c367816392021-12-20 16:04:40.926root 11241100x8000000000000000786043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890235f301b951a52021-12-20 16:04:40.926root 11241100x8000000000000000786044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51e9708ce89a7cb2021-12-20 16:04:40.926root 11241100x8000000000000000786045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b38d4c4dc2e6e7c2021-12-20 16:04:40.926root 11241100x8000000000000000786046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fe96cb5d5596882021-12-20 16:04:40.926root 11241100x8000000000000000786047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec4c98b1596d4f12021-12-20 16:04:40.926root 11241100x8000000000000000786048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac8037f4083dbf82021-12-20 16:04:40.926root 11241100x8000000000000000786049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c508133f394c7112021-12-20 16:04:40.926root 11241100x8000000000000000786050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:40.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c592bf151cdf86e12021-12-20 16:04:40.927root 11241100x8000000000000000786051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05d687ef673cb4f2021-12-20 16:04:41.424root 11241100x8000000000000000786052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d44413995b307b02021-12-20 16:04:41.424root 11241100x8000000000000000786053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5890ec154943952021-12-20 16:04:41.424root 11241100x8000000000000000786054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e16a00b51d607ab2021-12-20 16:04:41.424root 11241100x8000000000000000786055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afba9de3a889523f2021-12-20 16:04:41.425root 11241100x8000000000000000786056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229d566480fe37912021-12-20 16:04:41.425root 11241100x8000000000000000786057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e8808e3870fbd72021-12-20 16:04:41.425root 11241100x8000000000000000786058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e32a9986be0cdbe2021-12-20 16:04:41.425root 11241100x8000000000000000786059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c88b95c9a542fe2021-12-20 16:04:41.425root 11241100x8000000000000000786060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccb3c07d5fbaa9a2021-12-20 16:04:41.425root 11241100x8000000000000000786061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e9f17b96fb10222021-12-20 16:04:41.425root 11241100x8000000000000000786062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f532739dfe7e7572021-12-20 16:04:41.425root 11241100x8000000000000000786063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ea1ee1f80c7f492021-12-20 16:04:41.425root 11241100x8000000000000000786064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403a50f1720ccd522021-12-20 16:04:41.425root 11241100x8000000000000000786065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da09dcef0bb9bed2021-12-20 16:04:41.425root 11241100x8000000000000000786066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a19b76585ca7d6f2021-12-20 16:04:41.426root 11241100x8000000000000000786067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f287d99dd1578d02021-12-20 16:04:41.426root 11241100x8000000000000000786068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7220048535a05c7c2021-12-20 16:04:41.426root 11241100x8000000000000000786069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7ea47d78f67eb62021-12-20 16:04:41.426root 11241100x8000000000000000786070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312eb1044c267b412021-12-20 16:04:41.426root 11241100x8000000000000000786071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6405d65b2642f542021-12-20 16:04:41.426root 11241100x8000000000000000786072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec929c659a6b7de12021-12-20 16:04:41.426root 11241100x8000000000000000786073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc468fe2fef1f772021-12-20 16:04:41.426root 11241100x8000000000000000786074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816732691fd79a3b2021-12-20 16:04:41.426root 11241100x8000000000000000786075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac90f1f97743c9c72021-12-20 16:04:41.426root 11241100x8000000000000000786076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aee3386c19d74432021-12-20 16:04:41.427root 11241100x8000000000000000786077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6323abc8fed8cb42021-12-20 16:04:41.427root 11241100x8000000000000000786078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e6d1ed00fb2752021-12-20 16:04:41.427root 11241100x8000000000000000786079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47b71fa024de0912021-12-20 16:04:41.427root 11241100x8000000000000000786080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de86d7f9bd6e33bc2021-12-20 16:04:41.427root 11241100x8000000000000000786081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b90ea1df65c5a932021-12-20 16:04:41.427root 11241100x8000000000000000786082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5909df68a904db2021-12-20 16:04:41.427root 11241100x8000000000000000786083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dad26235caa4c22021-12-20 16:04:41.427root 11241100x8000000000000000786084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba167044e53b6442021-12-20 16:04:41.924root 11241100x8000000000000000786085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb681de42d64ef12021-12-20 16:04:41.924root 11241100x8000000000000000786086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a8327e82d23bd72021-12-20 16:04:41.924root 11241100x8000000000000000786087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff855aabd5035b32021-12-20 16:04:41.924root 11241100x8000000000000000786088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4db324add885342021-12-20 16:04:41.925root 11241100x8000000000000000786089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b5ea1dbd53a88a2021-12-20 16:04:41.925root 11241100x8000000000000000786090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d11bd9f6f58c64f2021-12-20 16:04:41.925root 11241100x8000000000000000786091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3dd345e8d82db32021-12-20 16:04:41.925root 11241100x8000000000000000786092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c47e7568495397d2021-12-20 16:04:41.925root 11241100x8000000000000000786093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2191f4655e81e02021-12-20 16:04:41.925root 11241100x8000000000000000786094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1b0b1b249c7c9a2021-12-20 16:04:41.925root 11241100x8000000000000000786095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283625dbfc3250852021-12-20 16:04:41.925root 11241100x8000000000000000786096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60ee8486b8dfcc22021-12-20 16:04:41.925root 11241100x8000000000000000786097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1be4ee64887ac362021-12-20 16:04:41.925root 11241100x8000000000000000786098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880dac6296e33f302021-12-20 16:04:41.926root 11241100x8000000000000000786099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9afa60b51abff62021-12-20 16:04:41.926root 11241100x8000000000000000786100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a2851f89bba58e2021-12-20 16:04:41.926root 11241100x8000000000000000786101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c6c68329f5a4f92021-12-20 16:04:41.926root 11241100x8000000000000000786102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b10f43aea3831b12021-12-20 16:04:41.926root 11241100x8000000000000000786103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4967bd78a5245a2021-12-20 16:04:41.926root 11241100x8000000000000000786104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf8dbaebad5b4bf2021-12-20 16:04:41.926root 11241100x8000000000000000786105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca68694fa57c5ee2021-12-20 16:04:41.926root 11241100x8000000000000000786106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6134be6c5f6379892021-12-20 16:04:41.926root 11241100x8000000000000000786107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625129cca64196672021-12-20 16:04:41.926root 11241100x8000000000000000786108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2d9d9997f749282021-12-20 16:04:41.927root 11241100x8000000000000000786109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91187429ecc6bab72021-12-20 16:04:41.927root 11241100x8000000000000000786110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981425db4ea7045f2021-12-20 16:04:41.927root 11241100x8000000000000000786111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c80160efc6e18192021-12-20 16:04:41.927root 11241100x8000000000000000786112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7538a6401e894cc92021-12-20 16:04:41.927root 11241100x8000000000000000786113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2950bb25cee28952021-12-20 16:04:41.927root 11241100x8000000000000000786114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d032cf451cd4e652021-12-20 16:04:41.927root 11241100x8000000000000000786115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:41.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd37e961f4b05822021-12-20 16:04:41.927root 11241100x8000000000000000786116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc3c907231f82712021-12-20 16:04:42.424root 11241100x8000000000000000786117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73d5e738b9cb3202021-12-20 16:04:42.424root 11241100x8000000000000000786118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe83847c96a2f4c2021-12-20 16:04:42.424root 11241100x8000000000000000786119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e4d307b704d4fb2021-12-20 16:04:42.424root 11241100x8000000000000000786120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad25bdd4945d12242021-12-20 16:04:42.424root 11241100x8000000000000000786121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0a80b9ec168ba52021-12-20 16:04:42.425root 11241100x8000000000000000786122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc9c1317cd88ef12021-12-20 16:04:42.425root 11241100x8000000000000000786123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ea767455d8675d2021-12-20 16:04:42.425root 11241100x8000000000000000786124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e87b55a61c923ec2021-12-20 16:04:42.425root 11241100x8000000000000000786125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cb84ce2cf078862021-12-20 16:04:42.425root 11241100x8000000000000000786126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786ae25baafb007f2021-12-20 16:04:42.426root 11241100x8000000000000000786127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728a4dc0126e063f2021-12-20 16:04:42.426root 11241100x8000000000000000786128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cda80f4e5e9b67a2021-12-20 16:04:42.426root 11241100x8000000000000000786129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd3f7071fdc4ae12021-12-20 16:04:42.426root 11241100x8000000000000000786130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae40c2c499cf6cc2021-12-20 16:04:42.427root 11241100x8000000000000000786131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ff07af35874ff32021-12-20 16:04:42.427root 11241100x8000000000000000786132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a76b6115a293c6c2021-12-20 16:04:42.427root 11241100x8000000000000000786133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488b8a29e791cedb2021-12-20 16:04:42.427root 11241100x8000000000000000786134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0871fedef969df182021-12-20 16:04:42.427root 11241100x8000000000000000786135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd9cb181befc2b22021-12-20 16:04:42.427root 11241100x8000000000000000786136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2884605e08d86e042021-12-20 16:04:42.427root 11241100x8000000000000000786137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcd2b26f71233ba2021-12-20 16:04:42.427root 11241100x8000000000000000786138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f55119a48073f5a2021-12-20 16:04:42.427root 11241100x8000000000000000786139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122a052aac1d17782021-12-20 16:04:42.428root 11241100x8000000000000000786140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d159e593fbf08462021-12-20 16:04:42.428root 11241100x8000000000000000786141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a105b4dc106b24d72021-12-20 16:04:42.428root 11241100x8000000000000000786142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4e4229201479c32021-12-20 16:04:42.428root 11241100x8000000000000000786143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccac0e984c4bf172021-12-20 16:04:42.428root 11241100x8000000000000000786144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298761f47b60e8492021-12-20 16:04:42.428root 11241100x8000000000000000786145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0c48a45935bf852021-12-20 16:04:42.428root 11241100x8000000000000000786146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a531ca396c664472021-12-20 16:04:42.428root 11241100x8000000000000000786147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f1a83a9761d0382021-12-20 16:04:42.429root 11241100x8000000000000000786148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a5107a321285582021-12-20 16:04:42.429root 11241100x8000000000000000786149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78834344de536dc2021-12-20 16:04:42.429root 11241100x8000000000000000786150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fd41cda2d5fbb12021-12-20 16:04:42.429root 11241100x8000000000000000786151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd345a6123e94ee2021-12-20 16:04:42.429root 11241100x8000000000000000786152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8122b90c17dfbe2021-12-20 16:04:42.429root 11241100x8000000000000000786153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e690de58a3e37e402021-12-20 16:04:42.429root 11241100x8000000000000000786154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab85617aeae4efaa2021-12-20 16:04:42.429root 11241100x8000000000000000786155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ddf059f5b5bffa2021-12-20 16:04:42.429root 11241100x8000000000000000786156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4944c95df34408cd2021-12-20 16:04:42.430root 11241100x8000000000000000786157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7730f6d2cd4ee62021-12-20 16:04:42.430root 11241100x8000000000000000786158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2a498b8c603f332021-12-20 16:04:42.430root 11241100x8000000000000000786159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6338614fb9a6643b2021-12-20 16:04:42.430root 11241100x8000000000000000786160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1966a9ec7194b5e62021-12-20 16:04:42.924root 11241100x8000000000000000786161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc048dd900f2676a2021-12-20 16:04:42.924root 11241100x8000000000000000786162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f13a7e5fc2027d2021-12-20 16:04:42.924root 11241100x8000000000000000786163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4162f807f6a300392021-12-20 16:04:42.924root 11241100x8000000000000000786164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d65d726425798e2021-12-20 16:04:42.925root 11241100x8000000000000000786165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e776c5caad501132021-12-20 16:04:42.925root 11241100x8000000000000000786166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558a5fc48fa7a06a2021-12-20 16:04:42.925root 11241100x8000000000000000786167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389d359365e10d9a2021-12-20 16:04:42.925root 11241100x8000000000000000786168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224b6b1b3a2608082021-12-20 16:04:42.925root 11241100x8000000000000000786169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc187f62b0e1aab62021-12-20 16:04:42.925root 11241100x8000000000000000786170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cfa7889416f13f2021-12-20 16:04:42.925root 11241100x8000000000000000786171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd59efd96750043d2021-12-20 16:04:42.925root 11241100x8000000000000000786172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d6371e7e5c11842021-12-20 16:04:42.925root 11241100x8000000000000000786173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0509c3df4469825b2021-12-20 16:04:42.925root 11241100x8000000000000000786174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee90fef80bc1a2e2021-12-20 16:04:42.925root 11241100x8000000000000000786175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d0456ea066260d2021-12-20 16:04:42.926root 11241100x8000000000000000786176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80a4732251fb63c2021-12-20 16:04:42.926root 11241100x8000000000000000786177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba97909517073e72021-12-20 16:04:42.926root 11241100x8000000000000000786178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd310587ea3fc3be2021-12-20 16:04:42.926root 11241100x8000000000000000786179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fdf0411464d36e2021-12-20 16:04:42.926root 11241100x8000000000000000786180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9943c8482f00c72021-12-20 16:04:42.926root 11241100x8000000000000000786181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0192f393c05a8edd2021-12-20 16:04:42.926root 11241100x8000000000000000786182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbdabfadd85ede02021-12-20 16:04:42.926root 11241100x8000000000000000786183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a663069805081dc2021-12-20 16:04:42.926root 11241100x8000000000000000786184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0084bb0a670974d2021-12-20 16:04:42.926root 11241100x8000000000000000786185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20372fdf8ae418282021-12-20 16:04:42.927root 11241100x8000000000000000786186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f74a3fb117f4f652021-12-20 16:04:42.927root 11241100x8000000000000000786187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6383a58b39b12712021-12-20 16:04:42.927root 11241100x8000000000000000786188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f94dfaeef097f82021-12-20 16:04:42.927root 11241100x8000000000000000786189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:42.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27b98d78894e1c52021-12-20 16:04:42.927root 11241100x8000000000000000786190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd763cf5fdb71f0d2021-12-20 16:04:43.424root 11241100x8000000000000000786191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86ee542b8e7e6f82021-12-20 16:04:43.424root 11241100x8000000000000000786192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3dc40894b6f6ff2021-12-20 16:04:43.424root 11241100x8000000000000000786193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf7dc5a2fff07492021-12-20 16:04:43.425root 11241100x8000000000000000786194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe9eeee638aa63a2021-12-20 16:04:43.425root 11241100x8000000000000000786195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833330ce0f1c9c902021-12-20 16:04:43.425root 11241100x8000000000000000786196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5bd36251e3095e2021-12-20 16:04:43.425root 11241100x8000000000000000786197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bb66a6d6b179af2021-12-20 16:04:43.425root 11241100x8000000000000000786198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a52eeb10657bab2021-12-20 16:04:43.425root 11241100x8000000000000000786199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b18c8a97a9bd092021-12-20 16:04:43.425root 11241100x8000000000000000786200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d5cf060173efea2021-12-20 16:04:43.425root 11241100x8000000000000000786201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d002a5851a396ff2021-12-20 16:04:43.425root 11241100x8000000000000000786202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4978a01121e3aa2021-12-20 16:04:43.426root 11241100x8000000000000000786203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81bd56457278a592021-12-20 16:04:43.426root 11241100x8000000000000000786204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09094bce55fc0ad2021-12-20 16:04:43.426root 11241100x8000000000000000786205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707296544851c21a2021-12-20 16:04:43.426root 11241100x8000000000000000786206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98dd30b17bf2a5f22021-12-20 16:04:43.426root 11241100x8000000000000000786207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a383b85305edbc6a2021-12-20 16:04:43.426root 11241100x8000000000000000786208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6b0725fc0492ad2021-12-20 16:04:43.426root 11241100x8000000000000000786209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0dd8fde6fea94d2021-12-20 16:04:43.427root 11241100x8000000000000000786210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4d0eda723b87dd2021-12-20 16:04:43.427root 11241100x8000000000000000786211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7b26f6a4f101352021-12-20 16:04:43.427root 11241100x8000000000000000786212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e2fe7e65a496d72021-12-20 16:04:43.427root 11241100x8000000000000000786213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0ad96b86cbf6842021-12-20 16:04:43.427root 11241100x8000000000000000786214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86420472e4d680b12021-12-20 16:04:43.427root 11241100x8000000000000000786215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6cada706e86a932021-12-20 16:04:43.427root 11241100x8000000000000000786216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8105beb57396e702021-12-20 16:04:43.428root 11241100x8000000000000000786217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca4135c6880435c2021-12-20 16:04:43.428root 11241100x8000000000000000786218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a13c7941a1aa132021-12-20 16:04:43.428root 11241100x8000000000000000786219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01acac49ffef8c692021-12-20 16:04:43.428root 11241100x8000000000000000786220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7594ab1e50438892021-12-20 16:04:43.428root 11241100x8000000000000000786221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8919770bf8f8e462021-12-20 16:04:43.924root 11241100x8000000000000000786222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38379d19dece1be52021-12-20 16:04:43.924root 11241100x8000000000000000786223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5503dc2c14a3292021-12-20 16:04:43.925root 11241100x8000000000000000786224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ffb1774b68beb02021-12-20 16:04:43.925root 11241100x8000000000000000786225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d122419dbf6a297b2021-12-20 16:04:43.925root 11241100x8000000000000000786226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84861ad71ea04982021-12-20 16:04:43.925root 11241100x8000000000000000786227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37296644ff1aa2a12021-12-20 16:04:43.925root 11241100x8000000000000000786228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa605bfad19a0cd2021-12-20 16:04:43.925root 11241100x8000000000000000786229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423f9b69c51327922021-12-20 16:04:43.925root 11241100x8000000000000000786230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4a588f9da78bda2021-12-20 16:04:43.926root 11241100x8000000000000000786231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1566f03ecc29c82021-12-20 16:04:43.926root 11241100x8000000000000000786232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21a855a38326a732021-12-20 16:04:43.926root 11241100x8000000000000000786233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8b4f7ddf3bb9792021-12-20 16:04:43.926root 11241100x8000000000000000786234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855620a2fb5e5ef42021-12-20 16:04:43.926root 11241100x8000000000000000786235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265091819daf46152021-12-20 16:04:43.926root 11241100x8000000000000000786236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fe0a616e78eb8a2021-12-20 16:04:43.926root 11241100x8000000000000000786237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2631a6886b84d80f2021-12-20 16:04:43.927root 11241100x8000000000000000786238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f1d408927f5aa52021-12-20 16:04:43.927root 11241100x8000000000000000786239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d1b197aca365d42021-12-20 16:04:43.927root 11241100x8000000000000000786240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31800b39bfec30ca2021-12-20 16:04:43.928root 11241100x8000000000000000786241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbb4b4d7f716aa92021-12-20 16:04:43.928root 11241100x8000000000000000786242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20479929194c7a932021-12-20 16:04:43.928root 11241100x8000000000000000786243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ffffca806b58142021-12-20 16:04:43.928root 11241100x8000000000000000786244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb39d4a9321ab132021-12-20 16:04:43.929root 11241100x8000000000000000786245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b1a67214dc14ba2021-12-20 16:04:43.929root 11241100x8000000000000000786246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac804c5927cb69e52021-12-20 16:04:43.929root 11241100x8000000000000000786247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08bf0eefcd8b11d2021-12-20 16:04:43.929root 11241100x8000000000000000786248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7158150d66aa7a242021-12-20 16:04:43.930root 11241100x8000000000000000786249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa1527b5f6148e42021-12-20 16:04:43.930root 11241100x8000000000000000786250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d8ab30c5727e992021-12-20 16:04:43.930root 11241100x8000000000000000786251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:43.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677e00d29886a2042021-12-20 16:04:43.930root 354300x8000000000000000786252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.224{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51600-false10.0.1.12-8000- 11241100x8000000000000000786253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1648f49a356d7782021-12-20 16:04:44.226root 11241100x8000000000000000786254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875e7987f906cd602021-12-20 16:04:44.226root 11241100x8000000000000000786255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8030f644a39e29f32021-12-20 16:04:44.226root 11241100x8000000000000000786256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0808d93292ce710b2021-12-20 16:04:44.226root 11241100x8000000000000000786257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b13fdb5e63b4e72021-12-20 16:04:44.226root 11241100x8000000000000000786258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c1d043b1277ca62021-12-20 16:04:44.226root 11241100x8000000000000000786259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a585ba912b49006f2021-12-20 16:04:44.226root 11241100x8000000000000000786260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a35999979a2def2021-12-20 16:04:44.226root 11241100x8000000000000000786261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.226{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e058dd5937cba68c2021-12-20 16:04:44.226root 11241100x8000000000000000786262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6337b22f2a2d88a2021-12-20 16:04:44.227root 11241100x8000000000000000786263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35719e194c24c8612021-12-20 16:04:44.227root 11241100x8000000000000000786264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c089c79091ebf12021-12-20 16:04:44.227root 11241100x8000000000000000786265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f291039aef548a2021-12-20 16:04:44.227root 11241100x8000000000000000786266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.227{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aedb4acd3a062552021-12-20 16:04:44.227root 11241100x8000000000000000786267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6106f2df73b89e2021-12-20 16:04:44.228root 11241100x8000000000000000786268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06bd886614592682021-12-20 16:04:44.228root 11241100x8000000000000000786269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a9ca6704e704762021-12-20 16:04:44.228root 11241100x8000000000000000786270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce58f56cc15793d2021-12-20 16:04:44.228root 11241100x8000000000000000786271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb95e58641c7047f2021-12-20 16:04:44.228root 11241100x8000000000000000786272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3fc210e6e91f222021-12-20 16:04:44.228root 11241100x8000000000000000786273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2981ae04ffdc2a852021-12-20 16:04:44.228root 11241100x8000000000000000786274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.228{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc44255d7d25f5372021-12-20 16:04:44.228root 11241100x8000000000000000786275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1796385da10d98582021-12-20 16:04:44.229root 11241100x8000000000000000786276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920bf2c07865fd182021-12-20 16:04:44.229root 11241100x8000000000000000786277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365106a23474c1c2021-12-20 16:04:44.229root 11241100x8000000000000000786278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fbd6b6e98188da2021-12-20 16:04:44.229root 11241100x8000000000000000786279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ec41e50cd595eb2021-12-20 16:04:44.229root 11241100x8000000000000000786280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401d146f811e856a2021-12-20 16:04:44.229root 11241100x8000000000000000786281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67096f2d964489fa2021-12-20 16:04:44.229root 11241100x8000000000000000786282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.229{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831646d420a6eeea2021-12-20 16:04:44.229root 11241100x8000000000000000786283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.231{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb153c9b58305652021-12-20 16:04:44.231root 11241100x8000000000000000786284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6626067dfe40b4e2021-12-20 16:04:44.674root 11241100x8000000000000000786285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225a42a9416608822021-12-20 16:04:44.674root 11241100x8000000000000000786286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71532f131bb306282021-12-20 16:04:44.675root 11241100x8000000000000000786287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a15b1edc0a18682021-12-20 16:04:44.675root 11241100x8000000000000000786288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7194522e3e50a71e2021-12-20 16:04:44.675root 11241100x8000000000000000786289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033a5fdfe5f093cf2021-12-20 16:04:44.675root 11241100x8000000000000000786290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74578cee4dad40ee2021-12-20 16:04:44.675root 11241100x8000000000000000786291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1842efc6bafeacc2021-12-20 16:04:44.675root 11241100x8000000000000000786292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db76ff5c6793fa92021-12-20 16:04:44.675root 11241100x8000000000000000786293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b8508205c905042021-12-20 16:04:44.676root 11241100x8000000000000000786294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461de0218864499b2021-12-20 16:04:44.676root 11241100x8000000000000000786295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340b6885786765ba2021-12-20 16:04:44.676root 11241100x8000000000000000786296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5b607e492c4c522021-12-20 16:04:44.676root 11241100x8000000000000000786297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33424d67b8ebaa0a2021-12-20 16:04:44.676root 11241100x8000000000000000786298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac9e3c7ad636a192021-12-20 16:04:44.676root 11241100x8000000000000000786299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c795302d3b364aca2021-12-20 16:04:44.676root 11241100x8000000000000000786300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06237745e2f6c1342021-12-20 16:04:44.676root 11241100x8000000000000000786301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4a30e5c317805c2021-12-20 16:04:44.677root 11241100x8000000000000000786302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523e35ccd6943ca92021-12-20 16:04:44.677root 11241100x8000000000000000786303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279a369cc99bcbc92021-12-20 16:04:44.677root 11241100x8000000000000000786304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44be45ddbf03bd792021-12-20 16:04:44.677root 11241100x8000000000000000786305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7137ad811d94c3c2021-12-20 16:04:44.677root 11241100x8000000000000000786306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6b7d5f035a91f02021-12-20 16:04:44.677root 11241100x8000000000000000786307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b234521a3d8e80e42021-12-20 16:04:44.677root 11241100x8000000000000000786308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc08c32e51100692021-12-20 16:04:44.677root 11241100x8000000000000000786309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d4337f289a59f22021-12-20 16:04:44.678root 11241100x8000000000000000786310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57091b3220c2b1a22021-12-20 16:04:44.679root 11241100x8000000000000000786311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d2cf0b3a7ddad62021-12-20 16:04:44.679root 11241100x8000000000000000786312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69de606f3814ede92021-12-20 16:04:44.679root 11241100x8000000000000000786313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d53e55c708f09242021-12-20 16:04:44.679root 11241100x8000000000000000786314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:44.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3089f5a4bac99b102021-12-20 16:04:44.679root 11241100x8000000000000000786315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bea63c1abfb9d62021-12-20 16:04:45.174root 11241100x8000000000000000786316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375889bc7ca70ab82021-12-20 16:04:45.174root 11241100x8000000000000000786317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a327671f86b32ceb2021-12-20 16:04:45.174root 11241100x8000000000000000786318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987168c486e2b6bb2021-12-20 16:04:45.174root 11241100x8000000000000000786319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b452a4fd07a26e32021-12-20 16:04:45.174root 11241100x8000000000000000786320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892e652eed55510b2021-12-20 16:04:45.175root 11241100x8000000000000000786321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de39ab4d438995fa2021-12-20 16:04:45.175root 11241100x8000000000000000786322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7169f9f30e6b362021-12-20 16:04:45.175root 11241100x8000000000000000786323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836cc4ae799e202c2021-12-20 16:04:45.175root 11241100x8000000000000000786324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f700da7174ef3a902021-12-20 16:04:45.175root 11241100x8000000000000000786325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5023c7f93086bb972021-12-20 16:04:45.175root 11241100x8000000000000000786326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4f3973be7e223b2021-12-20 16:04:45.175root 11241100x8000000000000000786327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a28ed50c0ab20ba2021-12-20 16:04:45.175root 11241100x8000000000000000786328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7b153d3f6310d92021-12-20 16:04:45.175root 11241100x8000000000000000786329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d172e449b61570e2021-12-20 16:04:45.175root 11241100x8000000000000000786330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d2411961f7edbe2021-12-20 16:04:45.176root 11241100x8000000000000000786331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0add69e16df99ae02021-12-20 16:04:45.176root 11241100x8000000000000000786332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48429fa9ad0e81262021-12-20 16:04:45.176root 11241100x8000000000000000786333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67df138075e1c522021-12-20 16:04:45.176root 11241100x8000000000000000786334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18c4559deba6ec62021-12-20 16:04:45.176root 11241100x8000000000000000786335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a11986f0cec46222021-12-20 16:04:45.176root 11241100x8000000000000000786336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87079364c9a31ae42021-12-20 16:04:45.176root 11241100x8000000000000000786337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e889059858c707c2021-12-20 16:04:45.176root 11241100x8000000000000000786338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1de4eb1e3ffdfd12021-12-20 16:04:45.176root 11241100x8000000000000000786339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a716f8cacd449d2021-12-20 16:04:45.177root 11241100x8000000000000000786340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d1d0b7db9376652021-12-20 16:04:45.177root 11241100x8000000000000000786341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b5fc21e28e01c92021-12-20 16:04:45.177root 11241100x8000000000000000786342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d535b729e435b49e2021-12-20 16:04:45.177root 11241100x8000000000000000786343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3af23961c88e752021-12-20 16:04:45.177root 11241100x8000000000000000786344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82284b7be5d6bfa42021-12-20 16:04:45.177root 11241100x8000000000000000786345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edce0680e9315c952021-12-20 16:04:45.178root 11241100x8000000000000000786346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c23f75680ff012e2021-12-20 16:04:45.178root 11241100x8000000000000000786347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38c17fe5d19e7c72021-12-20 16:04:45.178root 11241100x8000000000000000786348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cbdf41bd0366022021-12-20 16:04:45.178root 11241100x8000000000000000786349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba6485e979d63d12021-12-20 16:04:45.674root 11241100x8000000000000000786350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba20e56cc99ad84e2021-12-20 16:04:45.675root 11241100x8000000000000000786351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa5cf25c7f80c182021-12-20 16:04:45.675root 11241100x8000000000000000786352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4de5a5ff2dbf372021-12-20 16:04:45.675root 11241100x8000000000000000786353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050fcdfb53cdb6da2021-12-20 16:04:45.675root 11241100x8000000000000000786354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801252e406fc5a302021-12-20 16:04:45.675root 11241100x8000000000000000786355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d987acea832ca512021-12-20 16:04:45.676root 11241100x8000000000000000786356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6698cfffbcf22ba2021-12-20 16:04:45.676root 11241100x8000000000000000786357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba15cdffe1f958682021-12-20 16:04:45.676root 11241100x8000000000000000786358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f773bed37292ff632021-12-20 16:04:45.676root 11241100x8000000000000000786359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b890d10a22d45a6c2021-12-20 16:04:45.676root 11241100x8000000000000000786360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaf56a392cfabb62021-12-20 16:04:45.676root 11241100x8000000000000000786361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef70c49ab8dfab3e2021-12-20 16:04:45.677root 11241100x8000000000000000786362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d5cbaacdb442472021-12-20 16:04:45.677root 11241100x8000000000000000786363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c851b18b83e94282021-12-20 16:04:45.677root 11241100x8000000000000000786364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4852284772dcde8d2021-12-20 16:04:45.677root 11241100x8000000000000000786365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc229310cf8c1cb02021-12-20 16:04:45.677root 11241100x8000000000000000786366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f678d80e019115e12021-12-20 16:04:45.677root 11241100x8000000000000000786367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de705a998bfaedc2021-12-20 16:04:45.677root 11241100x8000000000000000786368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a70dec2ba600b62021-12-20 16:04:45.678root 11241100x8000000000000000786369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2f042b8e5cdb902021-12-20 16:04:45.678root 11241100x8000000000000000786370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64be3f07d09d7902021-12-20 16:04:45.678root 11241100x8000000000000000786371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8f74b3a6004a4f2021-12-20 16:04:45.678root 11241100x8000000000000000786372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bb8798ac59837b2021-12-20 16:04:45.678root 11241100x8000000000000000786373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3424d8e4aa2dcc362021-12-20 16:04:45.678root 11241100x8000000000000000786374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865e4169384ccd272021-12-20 16:04:45.678root 11241100x8000000000000000786375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0736706bf57b23112021-12-20 16:04:45.679root 11241100x8000000000000000786376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7217745c264704732021-12-20 16:04:45.679root 11241100x8000000000000000786377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2a47db5f203fa82021-12-20 16:04:45.679root 11241100x8000000000000000786378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704f23ee52dcce102021-12-20 16:04:45.679root 11241100x8000000000000000786379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d4b7e3a3f708da2021-12-20 16:04:45.679root 11241100x8000000000000000786380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:45.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e2d5c7eaf75e652021-12-20 16:04:45.679root 11241100x8000000000000000786381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcbb91ccfca9ead2021-12-20 16:04:46.174root 11241100x8000000000000000786382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9415620561da08472021-12-20 16:04:46.174root 11241100x8000000000000000786383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce3ad98b7b294a82021-12-20 16:04:46.174root 11241100x8000000000000000786384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704b765a82a936102021-12-20 16:04:46.175root 11241100x8000000000000000786385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a4018bda95002f2021-12-20 16:04:46.175root 11241100x8000000000000000786386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43281120fef3f05c2021-12-20 16:04:46.175root 11241100x8000000000000000786387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dbb4d4886faca42021-12-20 16:04:46.175root 11241100x8000000000000000786388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee7812c9ae9701f2021-12-20 16:04:46.175root 11241100x8000000000000000786389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14c021f7d922ec72021-12-20 16:04:46.175root 11241100x8000000000000000786390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2ade822463142e2021-12-20 16:04:46.175root 11241100x8000000000000000786391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acc66e4a76fcda62021-12-20 16:04:46.175root 11241100x8000000000000000786392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70a60d270c7c2b62021-12-20 16:04:46.175root 11241100x8000000000000000786393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92301188fd11f752021-12-20 16:04:46.175root 11241100x8000000000000000786394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cedc4c22bbbb8dd2021-12-20 16:04:46.176root 11241100x8000000000000000786395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19f92e17d2e36e72021-12-20 16:04:46.176root 11241100x8000000000000000786396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a4160ba86294282021-12-20 16:04:46.176root 11241100x8000000000000000786397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433e2148c5b924eb2021-12-20 16:04:46.176root 11241100x8000000000000000786398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395efcf86a7624ae2021-12-20 16:04:46.176root 11241100x8000000000000000786399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c74dda29705f06c2021-12-20 16:04:46.176root 11241100x8000000000000000786400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e2ea2a0f21d1692021-12-20 16:04:46.176root 11241100x8000000000000000786401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a656b0a700bf792021-12-20 16:04:46.176root 11241100x8000000000000000786402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1955e502232b2762021-12-20 16:04:46.177root 11241100x8000000000000000786403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d597a16f7b1604912021-12-20 16:04:46.177root 11241100x8000000000000000786404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4585c08d65610fc2021-12-20 16:04:46.177root 11241100x8000000000000000786405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a870d3cbba7b97f02021-12-20 16:04:46.177root 11241100x8000000000000000786406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c694ce49d54a8602021-12-20 16:04:46.177root 11241100x8000000000000000786407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c0bea374fd8e042021-12-20 16:04:46.177root 11241100x8000000000000000786408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb735e4d88c23322021-12-20 16:04:46.177root 11241100x8000000000000000786409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4eef787f812e7a2021-12-20 16:04:46.178root 11241100x8000000000000000786410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec8a5918c7e72122021-12-20 16:04:46.178root 11241100x8000000000000000786411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc5ce206f97ad482021-12-20 16:04:46.178root 11241100x8000000000000000786412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a155347460c2ab892021-12-20 16:04:46.178root 11241100x8000000000000000786413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b45e705dd6f4f052021-12-20 16:04:46.178root 11241100x8000000000000000786414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce44a3a807a91742021-12-20 16:04:46.178root 11241100x8000000000000000786415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14d961aa44c70522021-12-20 16:04:46.178root 11241100x8000000000000000786416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7e2f94fe980d222021-12-20 16:04:46.178root 11241100x8000000000000000786417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a720e30dbf52bd12021-12-20 16:04:46.674root 11241100x8000000000000000786418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9714f7e86d81d83a2021-12-20 16:04:46.674root 11241100x8000000000000000786419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3857ce005341ea472021-12-20 16:04:46.674root 11241100x8000000000000000786420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d200ac092e8b1b82021-12-20 16:04:46.674root 11241100x8000000000000000786421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011949ff6f6f6a572021-12-20 16:04:46.674root 11241100x8000000000000000786422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6a107f2827778e2021-12-20 16:04:46.674root 11241100x8000000000000000786423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e853e2b94264cd5e2021-12-20 16:04:46.674root 11241100x8000000000000000786424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1dea4c492983282021-12-20 16:04:46.674root 11241100x8000000000000000786425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5eb6dc746d052162021-12-20 16:04:46.675root 11241100x8000000000000000786426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f8b5e65895b1a12021-12-20 16:04:46.675root 11241100x8000000000000000786427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2c23bf74cb03792021-12-20 16:04:46.675root 11241100x8000000000000000786428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f06a080228a1e482021-12-20 16:04:46.675root 11241100x8000000000000000786429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc397efbf4a2e2e52021-12-20 16:04:46.675root 11241100x8000000000000000786430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ed9623e7894c982021-12-20 16:04:46.675root 11241100x8000000000000000786431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f117766338af5562021-12-20 16:04:46.675root 11241100x8000000000000000786432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2175131330157212021-12-20 16:04:46.675root 11241100x8000000000000000786433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bdb28e557be6b42021-12-20 16:04:46.675root 11241100x8000000000000000786434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0940ecf9fbe6d3372021-12-20 16:04:46.676root 11241100x8000000000000000786435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa56f5e114bacc62021-12-20 16:04:46.676root 11241100x8000000000000000786436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314ac393169edeff2021-12-20 16:04:46.676root 11241100x8000000000000000786437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a921959685e2106c2021-12-20 16:04:46.676root 11241100x8000000000000000786438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3fbe1919aa5b5f2021-12-20 16:04:46.676root 11241100x8000000000000000786439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00de1b139878e982021-12-20 16:04:46.676root 11241100x8000000000000000786440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cc85f0b7325a052021-12-20 16:04:46.677root 11241100x8000000000000000786441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1048d63b099d4c2021-12-20 16:04:46.677root 11241100x8000000000000000786442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1556194449e081722021-12-20 16:04:46.677root 11241100x8000000000000000786443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219967cacc69111e2021-12-20 16:04:46.677root 11241100x8000000000000000786444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2af31d519efd4b2021-12-20 16:04:46.677root 11241100x8000000000000000786445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bfb919f4c941192021-12-20 16:04:46.677root 11241100x8000000000000000786446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd79ef3ae694a6ac2021-12-20 16:04:46.677root 11241100x8000000000000000786447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dc5f7bd657cb172021-12-20 16:04:46.677root 11241100x8000000000000000786448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad453199a733818f2021-12-20 16:04:46.678root 11241100x8000000000000000786449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5733fc875198a34d2021-12-20 16:04:46.678root 11241100x8000000000000000786450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b36cd82f8e260dd2021-12-20 16:04:46.678root 11241100x8000000000000000786451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18b053e7255130d2021-12-20 16:04:46.678root 11241100x8000000000000000786452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ee8856286106af2021-12-20 16:04:46.678root 11241100x8000000000000000786453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:46.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cc2e0953bcf0a32021-12-20 16:04:46.678root 11241100x8000000000000000786454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1fbc30316d97142021-12-20 16:04:47.174root 11241100x8000000000000000786455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475500422e0802d92021-12-20 16:04:47.175root 11241100x8000000000000000786456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501716a364d6f3f72021-12-20 16:04:47.175root 11241100x8000000000000000786457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50f70846887d38a2021-12-20 16:04:47.176root 11241100x8000000000000000786458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb9a9c96939b7802021-12-20 16:04:47.176root 11241100x8000000000000000786459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc78ef5b98751b52021-12-20 16:04:47.176root 11241100x8000000000000000786460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a25bc99409de7a2021-12-20 16:04:47.176root 11241100x8000000000000000786461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef3df96489000f72021-12-20 16:04:47.177root 11241100x8000000000000000786462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c5a367adb8abaa2021-12-20 16:04:47.177root 11241100x8000000000000000786463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db9907afeb826c12021-12-20 16:04:47.177root 11241100x8000000000000000786464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5420a6e82ec730872021-12-20 16:04:47.177root 11241100x8000000000000000786465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb8801786c0d7e02021-12-20 16:04:47.177root 11241100x8000000000000000786466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a254ce501949322021-12-20 16:04:47.177root 11241100x8000000000000000786467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d907f74b6f48aa362021-12-20 16:04:47.178root 11241100x8000000000000000786468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360cc24ac67815ef2021-12-20 16:04:47.178root 11241100x8000000000000000786469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa275a8e90835e32021-12-20 16:04:47.178root 11241100x8000000000000000786470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9e6a03b6e5dec82021-12-20 16:04:47.178root 11241100x8000000000000000786471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc7c7e0ebc101fb2021-12-20 16:04:47.178root 11241100x8000000000000000786472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84ac93d311f0cc32021-12-20 16:04:47.178root 11241100x8000000000000000786473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5816965cfcf5ff82021-12-20 16:04:47.181root 11241100x8000000000000000786474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d88f1c5b69f9392021-12-20 16:04:47.182root 11241100x8000000000000000786475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd42a79ba26827f22021-12-20 16:04:47.182root 11241100x8000000000000000786476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62f9b370c1415992021-12-20 16:04:47.182root 11241100x8000000000000000786477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69df6a9c892340722021-12-20 16:04:47.182root 11241100x8000000000000000786478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8abad70fef594d62021-12-20 16:04:47.182root 11241100x8000000000000000786479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f72735dafefe542021-12-20 16:04:47.182root 11241100x8000000000000000786480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59c1cfae2e73ed12021-12-20 16:04:47.182root 11241100x8000000000000000786481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17be5dd1b23ec4522021-12-20 16:04:47.182root 11241100x8000000000000000786482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd88b49d09b2435f2021-12-20 16:04:47.182root 11241100x8000000000000000786483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5df709e123f33e72021-12-20 16:04:47.183root 11241100x8000000000000000786484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdb31b2dc07b5a32021-12-20 16:04:47.183root 11241100x8000000000000000786485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa6ac5eb9b32d022021-12-20 16:04:47.674root 11241100x8000000000000000786486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0490e7d80c5c26d2021-12-20 16:04:47.674root 11241100x8000000000000000786487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0674206d613f6ecc2021-12-20 16:04:47.675root 11241100x8000000000000000786488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a8946a647fcb7f2021-12-20 16:04:47.675root 11241100x8000000000000000786489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ffb53c65902bda2021-12-20 16:04:47.675root 11241100x8000000000000000786490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7ae1ea8c09ced32021-12-20 16:04:47.675root 11241100x8000000000000000786491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f6f02722b82a2f2021-12-20 16:04:47.675root 11241100x8000000000000000786492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d4005ad2304722021-12-20 16:04:47.675root 11241100x8000000000000000786493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88e8e01b08153b02021-12-20 16:04:47.675root 11241100x8000000000000000786494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fd83a0b27afe8e2021-12-20 16:04:47.676root 11241100x8000000000000000786495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e3dd150ca99e3d2021-12-20 16:04:47.676root 11241100x8000000000000000786496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeead11f933e59f2021-12-20 16:04:47.676root 11241100x8000000000000000786497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a765af2cad182e6e2021-12-20 16:04:47.676root 11241100x8000000000000000786498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8658174fcaad71a42021-12-20 16:04:47.676root 11241100x8000000000000000786499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df5f2452d94b7cc2021-12-20 16:04:47.676root 11241100x8000000000000000786500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb16f5c4ff4c28a82021-12-20 16:04:47.676root 11241100x8000000000000000786501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98ba9f7573e3a642021-12-20 16:04:47.677root 11241100x8000000000000000786502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2abf0cf2875fa882021-12-20 16:04:47.677root 11241100x8000000000000000786503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffae4b34d69cb2e2021-12-20 16:04:47.677root 11241100x8000000000000000786504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f46e5794f91448e2021-12-20 16:04:47.677root 11241100x8000000000000000786505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdd6f8a4f6f00892021-12-20 16:04:47.677root 11241100x8000000000000000786506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d6566f70e7130a2021-12-20 16:04:47.677root 11241100x8000000000000000786507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c4020c63c1c7fa2021-12-20 16:04:47.678root 11241100x8000000000000000786508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb0872de3fd59db2021-12-20 16:04:47.678root 11241100x8000000000000000786509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3464dd081962756f2021-12-20 16:04:47.678root 11241100x8000000000000000786510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b12581ad8df0e322021-12-20 16:04:47.678root 11241100x8000000000000000786511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ab916c35b93aee2021-12-20 16:04:47.678root 11241100x8000000000000000786512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4f54487601b2672021-12-20 16:04:47.678root 11241100x8000000000000000786513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc7a8d9f3529eaa2021-12-20 16:04:47.678root 11241100x8000000000000000786514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5272f9a25aa29f72021-12-20 16:04:47.678root 11241100x8000000000000000786515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:47.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456074cf4514c2be2021-12-20 16:04:47.678root 11241100x8000000000000000786516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6571c8a54b6bde2021-12-20 16:04:48.174root 11241100x8000000000000000786517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920b134d7301008c2021-12-20 16:04:48.174root 11241100x8000000000000000786518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0869464e6c928e22021-12-20 16:04:48.174root 11241100x8000000000000000786519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e51bdc929291d02021-12-20 16:04:48.174root 11241100x8000000000000000786520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdd3306cff106952021-12-20 16:04:48.174root 11241100x8000000000000000786521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7045fdf74f2cf82021-12-20 16:04:48.174root 11241100x8000000000000000786522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f52463096c684cf2021-12-20 16:04:48.175root 11241100x8000000000000000786523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d86894f66647c0b2021-12-20 16:04:48.175root 11241100x8000000000000000786524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029be390945807522021-12-20 16:04:48.175root 11241100x8000000000000000786525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46632fe27c04cb162021-12-20 16:04:48.175root 11241100x8000000000000000786526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ec91fbec7d392c2021-12-20 16:04:48.175root 11241100x8000000000000000786527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86db0180a33caf502021-12-20 16:04:48.175root 11241100x8000000000000000786528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac37b9dcde2231042021-12-20 16:04:48.175root 11241100x8000000000000000786529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615fcbeb641e59942021-12-20 16:04:48.175root 11241100x8000000000000000786530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d91100eb71571de2021-12-20 16:04:48.175root 11241100x8000000000000000786531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a472f2c6a2757a92021-12-20 16:04:48.175root 11241100x8000000000000000786532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f191cc9f027a4c72021-12-20 16:04:48.176root 11241100x8000000000000000786533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bf9cd46f4505642021-12-20 16:04:48.176root 11241100x8000000000000000786534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14660e34650613d2021-12-20 16:04:48.176root 11241100x8000000000000000786535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2878c1a766e587962021-12-20 16:04:48.176root 11241100x8000000000000000786536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e94ce516a727f5b2021-12-20 16:04:48.176root 11241100x8000000000000000786537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916a772f21f8b72a2021-12-20 16:04:48.177root 11241100x8000000000000000786538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418fe2125c1edd282021-12-20 16:04:48.177root 11241100x8000000000000000786539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b658e85504565242021-12-20 16:04:48.177root 11241100x8000000000000000786540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e19c42e397e389a2021-12-20 16:04:48.177root 11241100x8000000000000000786541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec95a02a61becb962021-12-20 16:04:48.177root 11241100x8000000000000000786542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da8d2e738ae749e2021-12-20 16:04:48.177root 11241100x8000000000000000786543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f63ad7f8f8bec22021-12-20 16:04:48.177root 11241100x8000000000000000786544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fa02bcd1001cd62021-12-20 16:04:48.177root 11241100x8000000000000000786545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95283a9f13fbbdb2021-12-20 16:04:48.177root 11241100x8000000000000000786546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce20d9b402aa41ac2021-12-20 16:04:48.177root 11241100x8000000000000000786547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f2e439c5ff3f832021-12-20 16:04:48.177root 11241100x8000000000000000786548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c0f3fa055a6cb82021-12-20 16:04:48.177root 11241100x8000000000000000786549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7e1745e3b3bb042021-12-20 16:04:48.178root 11241100x8000000000000000786550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc79a411bcdd33d12021-12-20 16:04:48.178root 11241100x8000000000000000786551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dba08568c5f3ff2021-12-20 16:04:48.178root 11241100x8000000000000000786552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75785116a28567132021-12-20 16:04:48.178root 11241100x8000000000000000786553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1086498d06a14c2021-12-20 16:04:48.178root 11241100x8000000000000000786554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e5dbbcdfd6accf2021-12-20 16:04:48.179root 11241100x8000000000000000786555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d056fc84c3a943f62021-12-20 16:04:48.674root 11241100x8000000000000000786556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a235678b7575c472021-12-20 16:04:48.674root 11241100x8000000000000000786557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43d7113eda2e6ae2021-12-20 16:04:48.674root 11241100x8000000000000000786558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87425acbfb9033a52021-12-20 16:04:48.675root 11241100x8000000000000000786559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41928b9800f62ed2021-12-20 16:04:48.675root 11241100x8000000000000000786560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db9d685fc6e48422021-12-20 16:04:48.675root 11241100x8000000000000000786561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d181c09141e579a32021-12-20 16:04:48.675root 11241100x8000000000000000786562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd95a71ef8ae0bf12021-12-20 16:04:48.675root 11241100x8000000000000000786563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde4ae67f7ac65aa2021-12-20 16:04:48.675root 11241100x8000000000000000786564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea3fe580aef84fd2021-12-20 16:04:48.675root 11241100x8000000000000000786565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e333cc2f5dd29f2021-12-20 16:04:48.675root 11241100x8000000000000000786566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7859b3b7247d07b32021-12-20 16:04:48.675root 11241100x8000000000000000786567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dfaf3bde73d79d2021-12-20 16:04:48.675root 11241100x8000000000000000786568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa7437420279e622021-12-20 16:04:48.676root 11241100x8000000000000000786569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f9dae3452deed22021-12-20 16:04:48.676root 11241100x8000000000000000786570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2febaad55d67a6a82021-12-20 16:04:48.676root 11241100x8000000000000000786571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd54312363f3cf22021-12-20 16:04:48.676root 11241100x8000000000000000786572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687f59db392146332021-12-20 16:04:48.676root 11241100x8000000000000000786573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd791d61aa360b12021-12-20 16:04:48.676root 11241100x8000000000000000786574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d071bb0448c08b2021-12-20 16:04:48.676root 11241100x8000000000000000786575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b68b5a495fe80d2021-12-20 16:04:48.676root 11241100x8000000000000000786576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f2ee69023e71ea2021-12-20 16:04:48.676root 11241100x8000000000000000786577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce984e3296821762021-12-20 16:04:48.676root 11241100x8000000000000000786578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1986b353769a92e2021-12-20 16:04:48.677root 11241100x8000000000000000786579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb9def6e72804142021-12-20 16:04:48.677root 11241100x8000000000000000786580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3afe1b9ea5db4232021-12-20 16:04:48.677root 11241100x8000000000000000786581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9b1c7d9a4c0f402021-12-20 16:04:48.678root 11241100x8000000000000000786582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbfb31a15b7f63b2021-12-20 16:04:48.678root 11241100x8000000000000000786583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419a72ff09651ca32021-12-20 16:04:48.678root 11241100x8000000000000000786584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b26285d639f3c22021-12-20 16:04:48.678root 11241100x8000000000000000786585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:48.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346c0c21b60f404c2021-12-20 16:04:48.678root 11241100x8000000000000000786586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb60e106809bf2eb2021-12-20 16:04:49.174root 11241100x8000000000000000786587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf300c13a562c7c62021-12-20 16:04:49.174root 11241100x8000000000000000786588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b029be52bd5fdc182021-12-20 16:04:49.174root 11241100x8000000000000000786589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0220b06670bc602021-12-20 16:04:49.174root 11241100x8000000000000000786590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5586471a4841b9702021-12-20 16:04:49.175root 11241100x8000000000000000786591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6211035ae669dc6c2021-12-20 16:04:49.175root 11241100x8000000000000000786592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647af652ca6f25122021-12-20 16:04:49.175root 11241100x8000000000000000786593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e29624af142f6ac2021-12-20 16:04:49.175root 11241100x8000000000000000786594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952e7a481d26283e2021-12-20 16:04:49.175root 11241100x8000000000000000786595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26c87fee6bfe9e02021-12-20 16:04:49.175root 11241100x8000000000000000786596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c7d28451d25c7a2021-12-20 16:04:49.175root 11241100x8000000000000000786597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ece5bfc1ab625e32021-12-20 16:04:49.175root 11241100x8000000000000000786598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d719147a4887ad92021-12-20 16:04:49.175root 11241100x8000000000000000786599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6f984bc118f01c2021-12-20 16:04:49.175root 11241100x8000000000000000786600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902f861ad7a664182021-12-20 16:04:49.175root 11241100x8000000000000000786601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd95249b459f46b2021-12-20 16:04:49.176root 11241100x8000000000000000786602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1ff329df7092d82021-12-20 16:04:49.176root 11241100x8000000000000000786603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e740576138e7ce182021-12-20 16:04:49.176root 11241100x8000000000000000786604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2eef5ea0264cbd12021-12-20 16:04:49.176root 11241100x8000000000000000786605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508fde6410107ed72021-12-20 16:04:49.176root 11241100x8000000000000000786606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dd2dd71449372e2021-12-20 16:04:49.176root 11241100x8000000000000000786607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3706849dfa22c42021-12-20 16:04:49.176root 11241100x8000000000000000786608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3e191f83f155832021-12-20 16:04:49.176root 11241100x8000000000000000786609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77879d2a63dad43d2021-12-20 16:04:49.176root 11241100x8000000000000000786610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1695bcbe1434312021-12-20 16:04:49.176root 11241100x8000000000000000786611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9746f71ced7a80322021-12-20 16:04:49.176root 11241100x8000000000000000786612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daf5ffae8070fe22021-12-20 16:04:49.176root 11241100x8000000000000000786613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eeed3e6a5b09dfa2021-12-20 16:04:49.176root 11241100x8000000000000000786614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9753b0d3a22078152021-12-20 16:04:49.176root 11241100x8000000000000000786615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62f74c5dc37df4c2021-12-20 16:04:49.176root 11241100x8000000000000000786616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318e186d08e967132021-12-20 16:04:49.177root 11241100x8000000000000000786617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232bd62ac6718b562021-12-20 16:04:49.177root 11241100x8000000000000000786618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1ff51f8375f0952021-12-20 16:04:49.674root 11241100x8000000000000000786619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f591f23ead49c852021-12-20 16:04:49.674root 11241100x8000000000000000786620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11fb712fec1c3282021-12-20 16:04:49.674root 11241100x8000000000000000786621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a17eaef2190e3ee2021-12-20 16:04:49.674root 11241100x8000000000000000786622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405d744b6238cba22021-12-20 16:04:49.674root 11241100x8000000000000000786623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dfd78755dd8e882021-12-20 16:04:49.674root 11241100x8000000000000000786624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d651c529e4a2f12021-12-20 16:04:49.674root 11241100x8000000000000000786625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b289f879b3cb092021-12-20 16:04:49.674root 11241100x8000000000000000786626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e288ebf30fc8772021-12-20 16:04:49.674root 11241100x8000000000000000786627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02934c3c47bbe36f2021-12-20 16:04:49.674root 11241100x8000000000000000786628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156c36e47c4f17ef2021-12-20 16:04:49.675root 11241100x8000000000000000786629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942a83d7bc5895e12021-12-20 16:04:49.675root 11241100x8000000000000000786630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308695e89131b5902021-12-20 16:04:49.675root 11241100x8000000000000000786631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a107cf018f6d53d2021-12-20 16:04:49.675root 11241100x8000000000000000786632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fb7a967ad12db22021-12-20 16:04:49.675root 11241100x8000000000000000786633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565a37caeb7aab1d2021-12-20 16:04:49.675root 11241100x8000000000000000786634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc6d742f2e6991d2021-12-20 16:04:49.675root 11241100x8000000000000000786635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecae89b92cb8d05a2021-12-20 16:04:49.675root 11241100x8000000000000000786636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c55e4397b184292021-12-20 16:04:49.675root 11241100x8000000000000000786637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6641164f6b7c1e3a2021-12-20 16:04:49.676root 11241100x8000000000000000786638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b226fd7eaf85462021-12-20 16:04:49.676root 11241100x8000000000000000786639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea9aec86d7a4c082021-12-20 16:04:49.676root 11241100x8000000000000000786640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd85c9ce7b9b1832021-12-20 16:04:49.676root 11241100x8000000000000000786641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3ab3e1833d21f22021-12-20 16:04:49.676root 11241100x8000000000000000786642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2619149c4bd106e92021-12-20 16:04:49.676root 11241100x8000000000000000786643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8e2998e087e2062021-12-20 16:04:49.676root 11241100x8000000000000000786644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d045d1abb95a8ec2021-12-20 16:04:49.676root 11241100x8000000000000000786645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3fcdbf81e613752021-12-20 16:04:49.676root 11241100x8000000000000000786646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6093ed029a057dec2021-12-20 16:04:49.676root 11241100x8000000000000000786647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1187f47bd2416f2021-12-20 16:04:49.676root 11241100x8000000000000000786648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0429315cf636b0472021-12-20 16:04:49.677root 11241100x8000000000000000786649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa96a816f99f7572021-12-20 16:04:49.677root 11241100x8000000000000000786650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b486b3ff220074592021-12-20 16:04:49.677root 11241100x8000000000000000786651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87d0832b258fa192021-12-20 16:04:49.677root 11241100x8000000000000000786652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831039e6f2cacac72021-12-20 16:04:49.681root 11241100x8000000000000000786653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6843c35a2ffe25a2021-12-20 16:04:49.681root 11241100x8000000000000000786654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:49.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6881b427b21294f82021-12-20 16:04:49.681root 11241100x8000000000000000786655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de776590af0066942021-12-20 16:04:50.174root 11241100x8000000000000000786656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf86d59bb9f67542021-12-20 16:04:50.175root 11241100x8000000000000000786657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380ca63c3a7ca3e12021-12-20 16:04:50.175root 11241100x8000000000000000786658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bc1b6b22e6dbf92021-12-20 16:04:50.175root 11241100x8000000000000000786659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb9c3a16a1822402021-12-20 16:04:50.175root 11241100x8000000000000000786660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67d4c37715a67b52021-12-20 16:04:50.175root 11241100x8000000000000000786661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaab9d0fdcad47d2021-12-20 16:04:50.175root 11241100x8000000000000000786662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473f95dde25f5bae2021-12-20 16:04:50.175root 11241100x8000000000000000786663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be31900d6aa2f4fe2021-12-20 16:04:50.175root 11241100x8000000000000000786664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c55094d6c87d552021-12-20 16:04:50.175root 11241100x8000000000000000786665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8e37b1514946752021-12-20 16:04:50.175root 11241100x8000000000000000786666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe23c1f7aecf9d42021-12-20 16:04:50.176root 11241100x8000000000000000786667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2683a37d4e50d8732021-12-20 16:04:50.176root 11241100x8000000000000000786668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe30d01d87d6add62021-12-20 16:04:50.176root 11241100x8000000000000000786669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fd95e48629c4472021-12-20 16:04:50.176root 11241100x8000000000000000786670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ff6671e52616262021-12-20 16:04:50.176root 11241100x8000000000000000786671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfdc3577a956ceb2021-12-20 16:04:50.176root 11241100x8000000000000000786672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d1e4dd28b892332021-12-20 16:04:50.176root 11241100x8000000000000000786673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f415384eb79898c2021-12-20 16:04:50.176root 11241100x8000000000000000786674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796f8e2ac250cd382021-12-20 16:04:50.176root 11241100x8000000000000000786675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8960d6104796d4a92021-12-20 16:04:50.176root 11241100x8000000000000000786676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ab44cdcb9122a62021-12-20 16:04:50.176root 11241100x8000000000000000786677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1db0145597e0ef92021-12-20 16:04:50.177root 11241100x8000000000000000786678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8741dbabf30db2672021-12-20 16:04:50.177root 11241100x8000000000000000786679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5328e6e9e681632021-12-20 16:04:50.177root 11241100x8000000000000000786680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c735b6037b9523052021-12-20 16:04:50.177root 11241100x8000000000000000786681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb676db503ef2ffa2021-12-20 16:04:50.177root 11241100x8000000000000000786682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fce8f76fa928432021-12-20 16:04:50.177root 11241100x8000000000000000786683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb4350f003c2f072021-12-20 16:04:50.177root 11241100x8000000000000000786684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652a84b9565488972021-12-20 16:04:50.177root 11241100x8000000000000000786685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1f3f47977b9d8a2021-12-20 16:04:50.182root 11241100x8000000000000000786686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7639a187be2a60a42021-12-20 16:04:50.182root 11241100x8000000000000000786687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c75de2c841647dc2021-12-20 16:04:50.182root 11241100x8000000000000000786688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb628d4dffdc86c2021-12-20 16:04:50.182root 11241100x8000000000000000786689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb16dc87afdbed1e2021-12-20 16:04:50.182root 11241100x8000000000000000786690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42423e722b1d10f92021-12-20 16:04:50.182root 11241100x8000000000000000786691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd537b754f90f3cd2021-12-20 16:04:50.182root 11241100x8000000000000000786692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92f77b5d160f0652021-12-20 16:04:50.182root 11241100x8000000000000000786693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.183{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe96e62ac29bf612021-12-20 16:04:50.183root 354300x8000000000000000786694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.211{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51602-false10.0.1.12-8000- 11241100x8000000000000000786695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dad265c4b787cb2021-12-20 16:04:50.674root 11241100x8000000000000000786696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7797e33fd609404e2021-12-20 16:04:50.674root 11241100x8000000000000000786697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8368e9613049912021-12-20 16:04:50.675root 11241100x8000000000000000786698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32120b4f55240e9c2021-12-20 16:04:50.675root 11241100x8000000000000000786699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f943a6afd24d602021-12-20 16:04:50.675root 11241100x8000000000000000786700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2664410f06e32c9f2021-12-20 16:04:50.675root 11241100x8000000000000000786701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572b416d52cf24272021-12-20 16:04:50.675root 11241100x8000000000000000786702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20243f042f0613f2021-12-20 16:04:50.675root 11241100x8000000000000000786703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a309cb0ca9998b42021-12-20 16:04:50.676root 11241100x8000000000000000786704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ede0c66892038c2021-12-20 16:04:50.676root 11241100x8000000000000000786705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c963f49fdd2a40f2021-12-20 16:04:50.676root 11241100x8000000000000000786706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50a36051e55a0072021-12-20 16:04:50.676root 11241100x8000000000000000786707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d5014d494f9b342021-12-20 16:04:50.676root 11241100x8000000000000000786708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87cd74ee3b55d1f2021-12-20 16:04:50.676root 11241100x8000000000000000786709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f66701def661bd22021-12-20 16:04:50.676root 11241100x8000000000000000786710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49c9660f5db648e2021-12-20 16:04:50.676root 11241100x8000000000000000786711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb21e019085b3f02021-12-20 16:04:50.676root 11241100x8000000000000000786712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7b96e001fe417e2021-12-20 16:04:50.676root 11241100x8000000000000000786713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cc23e81a0ddfa52021-12-20 16:04:50.676root 11241100x8000000000000000786714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b28a280fa596502021-12-20 16:04:50.677root 11241100x8000000000000000786715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a81ac06cea18e562021-12-20 16:04:50.677root 11241100x8000000000000000786716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b1373cf60ef77d2021-12-20 16:04:50.677root 11241100x8000000000000000786717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c912c316d731df7d2021-12-20 16:04:50.677root 11241100x8000000000000000786718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05744dbb75bd41f42021-12-20 16:04:50.677root 11241100x8000000000000000786719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c85ca485a6782f2021-12-20 16:04:50.677root 11241100x8000000000000000786720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf62da08174982472021-12-20 16:04:50.677root 11241100x8000000000000000786721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4b48f5de9e7ace2021-12-20 16:04:50.677root 11241100x8000000000000000786722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc6ebe53598e88c2021-12-20 16:04:50.677root 11241100x8000000000000000786723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d6fb5d2bba1d632021-12-20 16:04:50.677root 11241100x8000000000000000786724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def83d66b424f4c82021-12-20 16:04:50.677root 11241100x8000000000000000786725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56c897fd2e428982021-12-20 16:04:50.677root 11241100x8000000000000000786726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d625fb63f207da32021-12-20 16:04:50.678root 11241100x8000000000000000786727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c41c12ade36c242021-12-20 16:04:50.678root 11241100x8000000000000000786728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:50.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda17bedb7c6409c2021-12-20 16:04:50.678root 11241100x8000000000000000786729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fa2e395cec97eb2021-12-20 16:04:51.174root 11241100x8000000000000000786730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60747161cc371122021-12-20 16:04:51.174root 11241100x8000000000000000786731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d87b22988b5cfc2021-12-20 16:04:51.174root 11241100x8000000000000000786732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddd8d90565cbe782021-12-20 16:04:51.175root 11241100x8000000000000000786733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd8703a251813122021-12-20 16:04:51.175root 11241100x8000000000000000786734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cce560aae9ddf82021-12-20 16:04:51.175root 11241100x8000000000000000786735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad0f6e077d97adc2021-12-20 16:04:51.175root 11241100x8000000000000000786736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd96292cba620b62021-12-20 16:04:51.175root 11241100x8000000000000000786737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5c44eb95e0f8912021-12-20 16:04:51.175root 11241100x8000000000000000786738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4921eafe24b35242021-12-20 16:04:51.175root 11241100x8000000000000000786739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae85d8b0c8521ac2021-12-20 16:04:51.175root 11241100x8000000000000000786740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a02e703a6d16192021-12-20 16:04:51.175root 11241100x8000000000000000786741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d559380fac1c1ff2021-12-20 16:04:51.176root 11241100x8000000000000000786742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ee43fbc01e01642021-12-20 16:04:51.176root 11241100x8000000000000000786743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e960e7e95c556f732021-12-20 16:04:51.176root 11241100x8000000000000000786744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a875c287f07523062021-12-20 16:04:51.176root 11241100x8000000000000000786745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ea9322c2b63ea92021-12-20 16:04:51.176root 11241100x8000000000000000786746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5055c22f4f9faf52021-12-20 16:04:51.176root 11241100x8000000000000000786747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2470212293cbb4ea2021-12-20 16:04:51.177root 11241100x8000000000000000786748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899e9bb9595cd3c72021-12-20 16:04:51.177root 11241100x8000000000000000786749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662d9afd82c57b522021-12-20 16:04:51.177root 11241100x8000000000000000786750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f772c82779b5fe62021-12-20 16:04:51.177root 11241100x8000000000000000786751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d72d1359a5ab6682021-12-20 16:04:51.177root 11241100x8000000000000000786752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e0b2c68b2b90282021-12-20 16:04:51.177root 11241100x8000000000000000786753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ef4bf9b8ec42332021-12-20 16:04:51.177root 11241100x8000000000000000786754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82affb908cd050932021-12-20 16:04:51.177root 11241100x8000000000000000786755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b0cdbec8d22b412021-12-20 16:04:51.177root 11241100x8000000000000000786756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513c2cebee76fc2b2021-12-20 16:04:51.178root 11241100x8000000000000000786757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8d6430c2cded642021-12-20 16:04:51.178root 11241100x8000000000000000786758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394cd2109e2eb6352021-12-20 16:04:51.178root 11241100x8000000000000000786759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0968e04c7f86b2712021-12-20 16:04:51.178root 11241100x8000000000000000786760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b8d16e4c5d83be2021-12-20 16:04:51.178root 11241100x8000000000000000786761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836f5d477ea8dd6f2021-12-20 16:04:51.178root 11241100x8000000000000000786762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da55ac53d9285c882021-12-20 16:04:51.674root 11241100x8000000000000000786763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756e86e5675f38ab2021-12-20 16:04:51.674root 11241100x8000000000000000786764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7d368c9307362a2021-12-20 16:04:51.674root 11241100x8000000000000000786765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ea25236b22481c2021-12-20 16:04:51.674root 11241100x8000000000000000786766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15246b7b34650f72021-12-20 16:04:51.674root 11241100x8000000000000000786767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b103813ce813f2da2021-12-20 16:04:51.674root 11241100x8000000000000000786768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827acde57cb8bf262021-12-20 16:04:51.674root 11241100x8000000000000000786769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d15107ae59ee742021-12-20 16:04:51.675root 11241100x8000000000000000786770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844dc3f26873a6492021-12-20 16:04:51.675root 11241100x8000000000000000786771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4905e3a007bd886c2021-12-20 16:04:51.675root 11241100x8000000000000000786772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db2fc979d95b18a2021-12-20 16:04:51.675root 11241100x8000000000000000786773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbdcd8e921a20dc2021-12-20 16:04:51.675root 11241100x8000000000000000786774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5695cbbb7c89eba42021-12-20 16:04:51.675root 11241100x8000000000000000786775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f49462e4cf61e372021-12-20 16:04:51.676root 11241100x8000000000000000786776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541ee9dd0bcec2642021-12-20 16:04:51.676root 11241100x8000000000000000786777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7efba7bddcd5f92021-12-20 16:04:51.676root 11241100x8000000000000000786778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bb59fac097456e2021-12-20 16:04:51.676root 11241100x8000000000000000786779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8d5f683dfe46a62021-12-20 16:04:51.676root 11241100x8000000000000000786780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6329a25b5b74a0642021-12-20 16:04:51.676root 11241100x8000000000000000786781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef871f108de540e52021-12-20 16:04:51.676root 11241100x8000000000000000786782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fcaa4c245818612021-12-20 16:04:51.676root 11241100x8000000000000000786783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568c5e073099bea62021-12-20 16:04:51.676root 11241100x8000000000000000786784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a9e29363513012021-12-20 16:04:51.677root 11241100x8000000000000000786785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8d1cfd2bfd239d2021-12-20 16:04:51.677root 11241100x8000000000000000786786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf0839f8deb96792021-12-20 16:04:51.677root 11241100x8000000000000000786787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326729f18948746c2021-12-20 16:04:51.677root 11241100x8000000000000000786788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bbebbcf29295da2021-12-20 16:04:51.677root 11241100x8000000000000000786789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b316c9a5f4a2af12021-12-20 16:04:51.677root 11241100x8000000000000000786790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8825ea44bbc5a5982021-12-20 16:04:51.678root 11241100x8000000000000000786791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2ba8e4b79e87c62021-12-20 16:04:51.678root 11241100x8000000000000000786792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38b65cdda87e31d2021-12-20 16:04:51.679root 11241100x8000000000000000786793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10915d3ca508eb8a2021-12-20 16:04:51.679root 11241100x8000000000000000786794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa8765f8dbb82da2021-12-20 16:04:51.679root 11241100x8000000000000000786795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacd6905b0f83c0f2021-12-20 16:04:51.679root 11241100x8000000000000000786796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ac9ab78f62ea1f2021-12-20 16:04:51.679root 11241100x8000000000000000786797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2e97f39dbdd0e52021-12-20 16:04:51.679root 11241100x8000000000000000786798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddd87d22f0d0e302021-12-20 16:04:51.680root 11241100x8000000000000000786799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7dd22c8ffe3d242021-12-20 16:04:51.681root 11241100x8000000000000000786800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:51.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bccbfa09350fc7b2021-12-20 16:04:51.681root 11241100x8000000000000000786801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d443d36f90be31152021-12-20 16:04:52.174root 11241100x8000000000000000786802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e387997a195a30fb2021-12-20 16:04:52.175root 11241100x8000000000000000786803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dafffac98e66e32021-12-20 16:04:52.175root 11241100x8000000000000000786804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8900be6d1aae155f2021-12-20 16:04:52.175root 11241100x8000000000000000786805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec189bbfd5b6de902021-12-20 16:04:52.175root 11241100x8000000000000000786806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b77fe56a57659e72021-12-20 16:04:52.175root 11241100x8000000000000000786807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f42de31468db2892021-12-20 16:04:52.175root 11241100x8000000000000000786808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d560b5c85838692021-12-20 16:04:52.175root 11241100x8000000000000000786809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb511dd2cf4cc672021-12-20 16:04:52.175root 11241100x8000000000000000786810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce937dc61ef83d5c2021-12-20 16:04:52.175root 11241100x8000000000000000786811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6175865ed00dfe2021-12-20 16:04:52.175root 11241100x8000000000000000786812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986ac852ee7963f62021-12-20 16:04:52.175root 11241100x8000000000000000786813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69be0e0501aa29122021-12-20 16:04:52.176root 11241100x8000000000000000786814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9731b094c617aff2021-12-20 16:04:52.176root 11241100x8000000000000000786815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f56be4b0036e8ca2021-12-20 16:04:52.176root 11241100x8000000000000000786816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bfa785efc1ad0d2021-12-20 16:04:52.176root 11241100x8000000000000000786817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669eab2f4aef3f552021-12-20 16:04:52.176root 11241100x8000000000000000786818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456f0e2e8d1a9cc42021-12-20 16:04:52.176root 11241100x8000000000000000786819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebd841af897c49f2021-12-20 16:04:52.176root 11241100x8000000000000000786820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb4434188df85ec2021-12-20 16:04:52.176root 11241100x8000000000000000786821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4aea05950f51d4f2021-12-20 16:04:52.177root 11241100x8000000000000000786822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a662819c0a452f4f2021-12-20 16:04:52.177root 11241100x8000000000000000786823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cf086eca83deed2021-12-20 16:04:52.177root 11241100x8000000000000000786824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e363142c7286b92021-12-20 16:04:52.177root 11241100x8000000000000000786825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f1482b6f38eff92021-12-20 16:04:52.177root 11241100x8000000000000000786826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54154e367eaccbc52021-12-20 16:04:52.177root 11241100x8000000000000000786827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910a3976beaf7ef02021-12-20 16:04:52.177root 11241100x8000000000000000786828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b0dc169ac5509f2021-12-20 16:04:52.177root 11241100x8000000000000000786829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c460c66916b53162021-12-20 16:04:52.177root 11241100x8000000000000000786830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf64daa7e19a8772021-12-20 16:04:52.177root 11241100x8000000000000000786831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391dda292820ad752021-12-20 16:04:52.178root 11241100x8000000000000000786832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6053f902fc463452021-12-20 16:04:52.178root 11241100x8000000000000000786833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768c075beae8d2212021-12-20 16:04:52.674root 11241100x8000000000000000786834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c00f929c3c6dcdd2021-12-20 16:04:52.674root 11241100x8000000000000000786835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549fb112bcc759972021-12-20 16:04:52.674root 11241100x8000000000000000786836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec5bd5c450dc96c2021-12-20 16:04:52.674root 11241100x8000000000000000786837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b034215fa741a592021-12-20 16:04:52.675root 11241100x8000000000000000786838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae2b347a3509e9b2021-12-20 16:04:52.675root 11241100x8000000000000000786839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c50bb6d9a15a4c2021-12-20 16:04:52.675root 11241100x8000000000000000786840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41df5c2aac6a8192021-12-20 16:04:52.675root 11241100x8000000000000000786841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb1bc2f615932a72021-12-20 16:04:52.675root 11241100x8000000000000000786842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f329f46bc242a1e2021-12-20 16:04:52.675root 11241100x8000000000000000786843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e1fe67836649652021-12-20 16:04:52.675root 11241100x8000000000000000786844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344b8670b53889bb2021-12-20 16:04:52.675root 11241100x8000000000000000786845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc0138c431b223b2021-12-20 16:04:52.675root 11241100x8000000000000000786846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5123f1348e68ac8e2021-12-20 16:04:52.676root 11241100x8000000000000000786847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650ecb6a6dd4301b2021-12-20 16:04:52.676root 11241100x8000000000000000786848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c058fedfd8dd48102021-12-20 16:04:52.676root 11241100x8000000000000000786849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b155b28fc80a022021-12-20 16:04:52.676root 11241100x8000000000000000786850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c3ebd0e3cabcc02021-12-20 16:04:52.676root 11241100x8000000000000000786851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb6e1726066a642021-12-20 16:04:52.676root 11241100x8000000000000000786852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b710369b38ad75d72021-12-20 16:04:52.677root 11241100x8000000000000000786853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ef81816dfa2d5a2021-12-20 16:04:52.677root 11241100x8000000000000000786854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de175d73b8c69c882021-12-20 16:04:52.677root 11241100x8000000000000000786855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0943a1c33d527d2c2021-12-20 16:04:52.677root 11241100x8000000000000000786856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642ba9499bc806602021-12-20 16:04:52.677root 11241100x8000000000000000786857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbadadd7e2b3a062021-12-20 16:04:52.677root 11241100x8000000000000000786858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edfb6eb4a0bdf3d2021-12-20 16:04:52.677root 11241100x8000000000000000786859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463016b5c929f6ba2021-12-20 16:04:52.677root 11241100x8000000000000000786860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5984f49594d865a92021-12-20 16:04:52.677root 11241100x8000000000000000786861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb9ad201e0e68462021-12-20 16:04:52.677root 11241100x8000000000000000786862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47386d1facc60ffd2021-12-20 16:04:52.678root 11241100x8000000000000000786863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465cac2ea5a9859c2021-12-20 16:04:52.678root 11241100x8000000000000000786864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffacee633ca6f3d2021-12-20 16:04:52.678root 11241100x8000000000000000786865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd9b767e98664d02021-12-20 16:04:52.678root 11241100x8000000000000000786866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:52.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73711cc926f94672021-12-20 16:04:52.678root 11241100x8000000000000000786867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd291d6de69252fc2021-12-20 16:04:53.174root 11241100x8000000000000000786868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915579fcae210b0e2021-12-20 16:04:53.174root 11241100x8000000000000000786869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2337e0b695ebce882021-12-20 16:04:53.174root 11241100x8000000000000000786870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecbaabc8615743b2021-12-20 16:04:53.174root 11241100x8000000000000000786871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5d6bd78ca978bc2021-12-20 16:04:53.174root 11241100x8000000000000000786872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66a75b72b68a7152021-12-20 16:04:53.175root 11241100x8000000000000000786873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d980789a53cd63942021-12-20 16:04:53.175root 11241100x8000000000000000786874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054bc1069c468f2e2021-12-20 16:04:53.175root 11241100x8000000000000000786875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456a180301aaf0fc2021-12-20 16:04:53.175root 11241100x8000000000000000786876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53af891bc50279e2021-12-20 16:04:53.175root 11241100x8000000000000000786877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e30a542f2e91442021-12-20 16:04:53.175root 11241100x8000000000000000786878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4d65197c64ca092021-12-20 16:04:53.175root 11241100x8000000000000000786879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daa1280d64f3ee62021-12-20 16:04:53.175root 11241100x8000000000000000786880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8597506c0b38c4822021-12-20 16:04:53.176root 11241100x8000000000000000786881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a39ae92bba80c42021-12-20 16:04:53.176root 11241100x8000000000000000786882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e848ca991981692021-12-20 16:04:53.176root 11241100x8000000000000000786883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c2aaf5715f44892021-12-20 16:04:53.176root 11241100x8000000000000000786884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776c39792a7b38662021-12-20 16:04:53.176root 11241100x8000000000000000786885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386a9ecdd76132d92021-12-20 16:04:53.176root 11241100x8000000000000000786886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95c8bc30e8504282021-12-20 16:04:53.176root 11241100x8000000000000000786887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d69728b328e59e2021-12-20 16:04:53.176root 11241100x8000000000000000786888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0b81761caae5e62021-12-20 16:04:53.176root 11241100x8000000000000000786889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9138c8227ce647832021-12-20 16:04:53.176root 11241100x8000000000000000786890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad04b47f0ff660d72021-12-20 16:04:53.176root 11241100x8000000000000000786891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f3c404c88f2bd22021-12-20 16:04:53.176root 11241100x8000000000000000786892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f3b8ab144c6b282021-12-20 16:04:53.177root 11241100x8000000000000000786893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d44eaa81695c0982021-12-20 16:04:53.177root 11241100x8000000000000000786894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464a5110f190f38b2021-12-20 16:04:53.177root 11241100x8000000000000000786895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c74eb14404771fb2021-12-20 16:04:53.177root 11241100x8000000000000000786896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098823fa877aaa002021-12-20 16:04:53.177root 11241100x8000000000000000786897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d110b671a775c15b2021-12-20 16:04:53.177root 11241100x8000000000000000786898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb06dd4ddd1a6e22021-12-20 16:04:53.177root 11241100x8000000000000000786899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f8a828f318be732021-12-20 16:04:53.177root 11241100x8000000000000000786900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8cab3345ff3b8a2021-12-20 16:04:53.177root 11241100x8000000000000000786901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43333b75cc290ca92021-12-20 16:04:53.177root 11241100x8000000000000000786902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49bdad9f869bac32021-12-20 16:04:53.177root 11241100x8000000000000000786903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53470f90b71920132021-12-20 16:04:53.674root 11241100x8000000000000000786904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfeeb8c1fdfaff2c2021-12-20 16:04:53.674root 11241100x8000000000000000786905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4ed1515da106de2021-12-20 16:04:53.674root 11241100x8000000000000000786906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8971fc8528f8eb7b2021-12-20 16:04:53.674root 11241100x8000000000000000786907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d481f1c371ac43b62021-12-20 16:04:53.674root 11241100x8000000000000000786908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c617009302ce9952021-12-20 16:04:53.674root 11241100x8000000000000000786909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ef0b2a014fc8222021-12-20 16:04:53.674root 11241100x8000000000000000786910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1df3bd1ed324fcc2021-12-20 16:04:53.674root 11241100x8000000000000000786911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c994a1c0dfd2fed2021-12-20 16:04:53.674root 11241100x8000000000000000786912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a7f5cc93043b6c2021-12-20 16:04:53.674root 11241100x8000000000000000786913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b907115129de919e2021-12-20 16:04:53.674root 11241100x8000000000000000786914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b413fe7f4ee1b53c2021-12-20 16:04:53.675root 11241100x8000000000000000786915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05877642ee3d04b62021-12-20 16:04:53.675root 11241100x8000000000000000786916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b96eb5c3e22a172021-12-20 16:04:53.675root 11241100x8000000000000000786917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d455b10afb2d0c9b2021-12-20 16:04:53.675root 11241100x8000000000000000786918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a8fc1e62dcc3cc2021-12-20 16:04:53.675root 11241100x8000000000000000786919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516997ec932010452021-12-20 16:04:53.675root 11241100x8000000000000000786920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759ba951d3ccb34a2021-12-20 16:04:53.675root 11241100x8000000000000000786921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f75d27435841fad2021-12-20 16:04:53.675root 11241100x8000000000000000786922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952c33086d211f5c2021-12-20 16:04:53.675root 11241100x8000000000000000786923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf3cc47a2376c382021-12-20 16:04:53.675root 11241100x8000000000000000786924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46db9d27015b88aa2021-12-20 16:04:53.676root 11241100x8000000000000000786925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d5cd3d38ffd8be2021-12-20 16:04:53.676root 11241100x8000000000000000786926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dc82c097fb11c82021-12-20 16:04:53.676root 11241100x8000000000000000786927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be775aec0fa18fae2021-12-20 16:04:53.676root 11241100x8000000000000000786928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d0d378bb984eac2021-12-20 16:04:53.676root 11241100x8000000000000000786929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de20ae6d0e9ee062021-12-20 16:04:53.676root 11241100x8000000000000000786930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04cadbe6a746a132021-12-20 16:04:53.676root 11241100x8000000000000000786931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015df584f837221e2021-12-20 16:04:53.676root 11241100x8000000000000000786932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c24d24fac11d75e2021-12-20 16:04:53.676root 11241100x8000000000000000786933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3976c93d537ac192021-12-20 16:04:53.676root 11241100x8000000000000000786934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597338e671c7b1272021-12-20 16:04:53.677root 11241100x8000000000000000786935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03980d9c843332a2021-12-20 16:04:53.677root 11241100x8000000000000000786936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452b68ed7f887de52021-12-20 16:04:53.677root 11241100x8000000000000000786937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91deabfd27409d02021-12-20 16:04:53.677root 11241100x8000000000000000786938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc13737b3edd0aa2021-12-20 16:04:53.677root 11241100x8000000000000000786939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df518cea014fd3db2021-12-20 16:04:53.677root 11241100x8000000000000000786940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896454bd5e39bcbe2021-12-20 16:04:53.677root 11241100x8000000000000000786941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2b122dbe9689432021-12-20 16:04:53.677root 11241100x8000000000000000786942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:53.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7976f36bcd2591f02021-12-20 16:04:53.677root 11241100x8000000000000000786943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9637c382dfc80a032021-12-20 16:04:54.174root 11241100x8000000000000000786944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ee5bbb3c5a9bba2021-12-20 16:04:54.174root 11241100x8000000000000000786945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaa436924b13a982021-12-20 16:04:54.175root 11241100x8000000000000000786946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717a61e36b600e652021-12-20 16:04:54.175root 11241100x8000000000000000786947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8711e5de172d00a82021-12-20 16:04:54.175root 11241100x8000000000000000786948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1f72e0e620320b2021-12-20 16:04:54.175root 11241100x8000000000000000786949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfe3104bc09a0832021-12-20 16:04:54.175root 11241100x8000000000000000786950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86cf3a19a36feee2021-12-20 16:04:54.176root 11241100x8000000000000000786951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e52be304ecedba2021-12-20 16:04:54.176root 11241100x8000000000000000786952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d323c5c9105de32021-12-20 16:04:54.176root 11241100x8000000000000000786953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ced35dd9f83c3e2021-12-20 16:04:54.176root 11241100x8000000000000000786954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fcfb762286e3732021-12-20 16:04:54.176root 11241100x8000000000000000786955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c173fc57eff09eb2021-12-20 16:04:54.176root 11241100x8000000000000000786956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257679a4178559142021-12-20 16:04:54.177root 11241100x8000000000000000786957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9984b21c4519087c2021-12-20 16:04:54.177root 11241100x8000000000000000786958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce7e1378e48723a2021-12-20 16:04:54.177root 11241100x8000000000000000786959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fcac321e8f350b2021-12-20 16:04:54.177root 11241100x8000000000000000786960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fce06ec51dd0c2f2021-12-20 16:04:54.177root 11241100x8000000000000000786961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c56dff0800bb8272021-12-20 16:04:54.177root 11241100x8000000000000000786962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaa7f5d17ba125a2021-12-20 16:04:54.177root 11241100x8000000000000000786963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b00be341951015c2021-12-20 16:04:54.177root 11241100x8000000000000000786964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab4225ff93bfe1b2021-12-20 16:04:54.177root 11241100x8000000000000000786965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de739744930d3f582021-12-20 16:04:54.177root 11241100x8000000000000000786966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf246bebcd6e8c32021-12-20 16:04:54.177root 11241100x8000000000000000786967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa94d011e076a17d2021-12-20 16:04:54.177root 11241100x8000000000000000786968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2164e6a8967b8c8e2021-12-20 16:04:54.177root 11241100x8000000000000000786969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa939ed377a5be72021-12-20 16:04:54.178root 11241100x8000000000000000786970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3973c843f4732582021-12-20 16:04:54.178root 11241100x8000000000000000786971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191b1ae5f47ad22d2021-12-20 16:04:54.178root 11241100x8000000000000000786972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d4c9bfd2efe2782021-12-20 16:04:54.178root 11241100x8000000000000000786973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2903b3bba30408c2021-12-20 16:04:54.178root 11241100x8000000000000000786974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f409443dad704872021-12-20 16:04:54.178root 11241100x8000000000000000786975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ea5f12669a9652021-12-20 16:04:54.178root 11241100x8000000000000000786976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7836889ec4218d1e2021-12-20 16:04:54.178root 11241100x8000000000000000786977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8104e5ea7c77d5ce2021-12-20 16:04:54.675root 11241100x8000000000000000786978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ef03d7275e83612021-12-20 16:04:54.675root 11241100x8000000000000000786979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c594e1fac41677ab2021-12-20 16:04:54.675root 11241100x8000000000000000786980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfc5d7cea4665be2021-12-20 16:04:54.675root 11241100x8000000000000000786981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a762cb2e7288670a2021-12-20 16:04:54.675root 11241100x8000000000000000786982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d290a2d3d6e4fc252021-12-20 16:04:54.675root 11241100x8000000000000000786983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f2d0232689ce522021-12-20 16:04:54.675root 11241100x8000000000000000786984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7167389cc562302021-12-20 16:04:54.675root 11241100x8000000000000000786985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec94590661cb9852021-12-20 16:04:54.675root 11241100x8000000000000000786986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efca1e54068376942021-12-20 16:04:54.676root 11241100x8000000000000000786987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac02acec85493482021-12-20 16:04:54.676root 11241100x8000000000000000786988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850fee48b24f035d2021-12-20 16:04:54.676root 11241100x8000000000000000786989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55596525c4bad2752021-12-20 16:04:54.676root 11241100x8000000000000000786990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da87ffad79a59bec2021-12-20 16:04:54.676root 11241100x8000000000000000786991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b0e4a8a1f8f2d22021-12-20 16:04:54.676root 11241100x8000000000000000786992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7631e298998d69c2021-12-20 16:04:54.676root 11241100x8000000000000000786993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5b9c3ca347cbc12021-12-20 16:04:54.676root 11241100x8000000000000000786994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047720e8bed67d0c2021-12-20 16:04:54.676root 11241100x8000000000000000786995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5f222558e4d1de2021-12-20 16:04:54.676root 11241100x8000000000000000786996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0d457a98fc995e2021-12-20 16:04:54.676root 11241100x8000000000000000786997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6e469f0c87eaca2021-12-20 16:04:54.676root 11241100x8000000000000000786998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eee8dc62cb0ec8d2021-12-20 16:04:54.676root 11241100x8000000000000000786999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f6fcb64d0604b72021-12-20 16:04:54.676root 11241100x8000000000000000787000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00d53ee79cae0b12021-12-20 16:04:54.676root 11241100x8000000000000000787001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e900613ac5315b0c2021-12-20 16:04:54.676root 11241100x8000000000000000787002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f17fa5cabbb9912021-12-20 16:04:54.677root 11241100x8000000000000000787003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f50d451147559e2021-12-20 16:04:54.677root 11241100x8000000000000000787004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8a9989b0d00ed52021-12-20 16:04:54.677root 11241100x8000000000000000787005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b364edba2c1bc2a2021-12-20 16:04:54.677root 11241100x8000000000000000787006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cd682223ca135b2021-12-20 16:04:54.677root 11241100x8000000000000000787007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e083f0fcc163904e2021-12-20 16:04:54.677root 11241100x8000000000000000787008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:54.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad139d8894a30bf2021-12-20 16:04:54.677root 11241100x8000000000000000787009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04602ec5e2186e992021-12-20 16:04:55.175root 11241100x8000000000000000787010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2812baf5f3874a582021-12-20 16:04:55.175root 11241100x8000000000000000787011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c675ed7574a51f2021-12-20 16:04:55.175root 11241100x8000000000000000787012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21caa770283e1022021-12-20 16:04:55.175root 11241100x8000000000000000787013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf0811c7b96a4362021-12-20 16:04:55.175root 11241100x8000000000000000787014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7af87a8a1536652021-12-20 16:04:55.175root 11241100x8000000000000000787015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3729ee634a8e89472021-12-20 16:04:55.175root 11241100x8000000000000000787016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b7f4e90e94b6332021-12-20 16:04:55.175root 11241100x8000000000000000787017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1372cedb846887772021-12-20 16:04:55.176root 11241100x8000000000000000787018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a4b31f769b1cec2021-12-20 16:04:55.176root 11241100x8000000000000000787019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7214a8e9562e16f92021-12-20 16:04:55.176root 11241100x8000000000000000787020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4da4e6a9832c5652021-12-20 16:04:55.176root 11241100x8000000000000000787021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6587768b91d79ad92021-12-20 16:04:55.176root 11241100x8000000000000000787022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3aff82a5a760232021-12-20 16:04:55.176root 11241100x8000000000000000787023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ccc6736d5671ca2021-12-20 16:04:55.176root 11241100x8000000000000000787024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d3a5f9dad198d72021-12-20 16:04:55.176root 11241100x8000000000000000787025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3482ec43270bc9c92021-12-20 16:04:55.176root 11241100x8000000000000000787026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941c49359c8b0e412021-12-20 16:04:55.176root 11241100x8000000000000000787027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0471989bc2c84b2021-12-20 16:04:55.176root 11241100x8000000000000000787028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3418a65217e480942021-12-20 16:04:55.176root 11241100x8000000000000000787029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0109196d1d85902021-12-20 16:04:55.177root 11241100x8000000000000000787030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d736aac49af3752021-12-20 16:04:55.177root 11241100x8000000000000000787031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e622d7fe725ea46f2021-12-20 16:04:55.177root 11241100x8000000000000000787032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f429d011d22a8b452021-12-20 16:04:55.177root 11241100x8000000000000000787033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d3666b73a87efe2021-12-20 16:04:55.177root 11241100x8000000000000000787034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7467677716d1c72021-12-20 16:04:55.177root 11241100x8000000000000000787035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5123b3702a0d033e2021-12-20 16:04:55.177root 11241100x8000000000000000787036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fe13994ed8bbd72021-12-20 16:04:55.177root 11241100x8000000000000000787037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acf1851239f40b32021-12-20 16:04:55.177root 11241100x8000000000000000787038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f129c28e99b660d72021-12-20 16:04:55.177root 11241100x8000000000000000787039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86041f42700497542021-12-20 16:04:55.177root 11241100x8000000000000000787040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cb758c3613e4ea2021-12-20 16:04:55.177root 354300x8000000000000000787041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.252{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51604-false10.0.1.12-8000- 11241100x8000000000000000787042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24be71e5d5e7e69c2021-12-20 16:04:55.675root 11241100x8000000000000000787043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ec9b407bf1d8ae2021-12-20 16:04:55.675root 11241100x8000000000000000787044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886212c1baca1e9a2021-12-20 16:04:55.675root 11241100x8000000000000000787045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeaa021e43095a82021-12-20 16:04:55.675root 11241100x8000000000000000787046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4de8d5c783c50ef2021-12-20 16:04:55.675root 11241100x8000000000000000787047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a855b4256e26322021-12-20 16:04:55.675root 11241100x8000000000000000787048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f3e49bfd68ddc92021-12-20 16:04:55.675root 11241100x8000000000000000787049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54774161c66c9672021-12-20 16:04:55.675root 11241100x8000000000000000787050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280786f227366fea2021-12-20 16:04:55.675root 11241100x8000000000000000787051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f573563f5600c3c2021-12-20 16:04:55.676root 11241100x8000000000000000787052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1759e73625b8e1e2021-12-20 16:04:55.676root 11241100x8000000000000000787053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176dc2b3c0c184d22021-12-20 16:04:55.676root 11241100x8000000000000000787054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7751872eb23ddf2021-12-20 16:04:55.676root 11241100x8000000000000000787055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4378dc72f4ff6abc2021-12-20 16:04:55.676root 11241100x8000000000000000787056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88524085e18933cc2021-12-20 16:04:55.676root 11241100x8000000000000000787057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ac7535ee890f3b2021-12-20 16:04:55.676root 11241100x8000000000000000787058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bc6b8aa905a3872021-12-20 16:04:55.676root 11241100x8000000000000000787059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ab139ab6655b422021-12-20 16:04:55.676root 11241100x8000000000000000787060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd5e47a8223f7042021-12-20 16:04:55.676root 11241100x8000000000000000787061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44f0ffac5bbcc132021-12-20 16:04:55.676root 11241100x8000000000000000787062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44d3f763a8afdc22021-12-20 16:04:55.676root 11241100x8000000000000000787063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd185330f233a8242021-12-20 16:04:55.676root 11241100x8000000000000000787064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666eff4629059bd72021-12-20 16:04:55.676root 11241100x8000000000000000787065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e54a0352b6c8062021-12-20 16:04:55.676root 11241100x8000000000000000787066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaa53d5c5c07a922021-12-20 16:04:55.677root 11241100x8000000000000000787067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8855e8617a2b03b62021-12-20 16:04:55.677root 11241100x8000000000000000787068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e9d6529136ecc22021-12-20 16:04:55.677root 11241100x8000000000000000787069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6b2c8e617d491f2021-12-20 16:04:55.677root 11241100x8000000000000000787070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e5d1981bd136d02021-12-20 16:04:55.677root 11241100x8000000000000000787071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c8ecae5a1296892021-12-20 16:04:55.677root 11241100x8000000000000000787072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b110e834dd43442021-12-20 16:04:55.677root 11241100x8000000000000000787073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a67dc3654cd6162021-12-20 16:04:55.677root 11241100x8000000000000000787074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:55.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a14caf4e66467e2021-12-20 16:04:55.677root 11241100x8000000000000000787075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a23e7229e9ef2392021-12-20 16:04:56.175root 11241100x8000000000000000787076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6a78c3c55d3c382021-12-20 16:04:56.175root 11241100x8000000000000000787077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2482f6ded6a42ac2021-12-20 16:04:56.175root 11241100x8000000000000000787078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb83e117f3bce8e2021-12-20 16:04:56.175root 11241100x8000000000000000787079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2616302830b33222021-12-20 16:04:56.175root 11241100x8000000000000000787080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d287d47f4694932021-12-20 16:04:56.175root 11241100x8000000000000000787081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fefc838b51b32e2021-12-20 16:04:56.175root 11241100x8000000000000000787082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dfe788262a08b92021-12-20 16:04:56.175root 11241100x8000000000000000787083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7fbb5167b62ead2021-12-20 16:04:56.176root 11241100x8000000000000000787084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d8e35a66282f0f2021-12-20 16:04:56.176root 11241100x8000000000000000787085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaab4ee2366a2d72021-12-20 16:04:56.176root 11241100x8000000000000000787086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97939fd44a2f17b72021-12-20 16:04:56.176root 11241100x8000000000000000787087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbc482ba33d51db2021-12-20 16:04:56.176root 11241100x8000000000000000787088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49844ca668f64552021-12-20 16:04:56.176root 11241100x8000000000000000787089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8b5a5cac7bd8e02021-12-20 16:04:56.176root 11241100x8000000000000000787090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08536be36c1bce532021-12-20 16:04:56.176root 11241100x8000000000000000787091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0511b22b8ab9fc3b2021-12-20 16:04:56.176root 11241100x8000000000000000787092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a685484d8b6de6bb2021-12-20 16:04:56.176root 11241100x8000000000000000787093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c88734475da3e892021-12-20 16:04:56.176root 11241100x8000000000000000787094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a966edba73fdd02021-12-20 16:04:56.177root 11241100x8000000000000000787095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb75e6312e43cced2021-12-20 16:04:56.177root 11241100x8000000000000000787096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15832f3708145f8f2021-12-20 16:04:56.177root 11241100x8000000000000000787097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d884ff534ae34382021-12-20 16:04:56.177root 11241100x8000000000000000787098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acf252e289648862021-12-20 16:04:56.177root 11241100x8000000000000000787099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55333e04168ce2962021-12-20 16:04:56.177root 11241100x8000000000000000787100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd09b8c816c74b62021-12-20 16:04:56.177root 11241100x8000000000000000787101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee53b5f1d8151ecf2021-12-20 16:04:56.177root 11241100x8000000000000000787102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26834bc103df1be92021-12-20 16:04:56.177root 11241100x8000000000000000787103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0527788b51fee3d42021-12-20 16:04:56.177root 11241100x8000000000000000787104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e178f64992797d2021-12-20 16:04:56.177root 11241100x8000000000000000787105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764836cfd844559a2021-12-20 16:04:56.177root 11241100x8000000000000000787106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302e1e0246ab7ecb2021-12-20 16:04:56.177root 11241100x8000000000000000787107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2045284b5ed99d2021-12-20 16:04:56.177root 11241100x8000000000000000787108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce2496b397b36722021-12-20 16:04:56.675root 11241100x8000000000000000787109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81693c3e8bbc13e2021-12-20 16:04:56.675root 11241100x8000000000000000787110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afec2cdce7043fee2021-12-20 16:04:56.675root 11241100x8000000000000000787111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6529d2fdcc702ac2021-12-20 16:04:56.675root 11241100x8000000000000000787112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36056e54b093ec792021-12-20 16:04:56.675root 11241100x8000000000000000787113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6029475c2a8c933d2021-12-20 16:04:56.675root 11241100x8000000000000000787114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcf9e71ab90c6302021-12-20 16:04:56.675root 11241100x8000000000000000787115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b3e399bdb2cdf02021-12-20 16:04:56.676root 11241100x8000000000000000787116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda8413f2bf0bb1d2021-12-20 16:04:56.676root 11241100x8000000000000000787117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6aa2fd7ab1740c42021-12-20 16:04:56.676root 11241100x8000000000000000787118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d4fb68f3b4d5a32021-12-20 16:04:56.676root 11241100x8000000000000000787119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c42709968e51e52021-12-20 16:04:56.676root 11241100x8000000000000000787120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7a30e6d53be7962021-12-20 16:04:56.676root 11241100x8000000000000000787121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a10c69a7ecab2202021-12-20 16:04:56.676root 11241100x8000000000000000787122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb5b2aab3e5aa7c2021-12-20 16:04:56.676root 11241100x8000000000000000787123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c77fe8ee517aa42021-12-20 16:04:56.676root 11241100x8000000000000000787124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e19a8f59cc726292021-12-20 16:04:56.676root 11241100x8000000000000000787125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdf50c08806ccbc2021-12-20 16:04:56.677root 11241100x8000000000000000787126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135c1e539fb953192021-12-20 16:04:56.677root 11241100x8000000000000000787127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d5f4bfef79f58d2021-12-20 16:04:56.677root 11241100x8000000000000000787128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1616350e6c214b582021-12-20 16:04:56.677root 11241100x8000000000000000787129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57df2d1ba01c75b2021-12-20 16:04:56.677root 11241100x8000000000000000787130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82359b24f18a92922021-12-20 16:04:56.677root 11241100x8000000000000000787131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf245bfbcaabe422021-12-20 16:04:56.677root 11241100x8000000000000000787132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5809ee97150d445b2021-12-20 16:04:56.677root 11241100x8000000000000000787133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7bfd1d8fd3070b2021-12-20 16:04:56.677root 11241100x8000000000000000787134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7d003eea9c9ec92021-12-20 16:04:56.677root 11241100x8000000000000000787135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfe52dcbca5c5602021-12-20 16:04:56.677root 11241100x8000000000000000787136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746ec2732094f1c82021-12-20 16:04:56.677root 11241100x8000000000000000787137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44134c3b162337a72021-12-20 16:04:56.677root 11241100x8000000000000000787138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f8a52b25f5badd2021-12-20 16:04:56.677root 11241100x8000000000000000787139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917a62fddf8866bb2021-12-20 16:04:56.677root 11241100x8000000000000000787140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:56.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6609193e669fa22021-12-20 16:04:56.677root 11241100x8000000000000000787141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bad50b9ac722d1f2021-12-20 16:04:57.175root 11241100x8000000000000000787142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5979c86cfe0d514b2021-12-20 16:04:57.175root 11241100x8000000000000000787143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876a680a555abe202021-12-20 16:04:57.175root 11241100x8000000000000000787144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a25617a36fc9cc2021-12-20 16:04:57.175root 11241100x8000000000000000787145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a579256e2ae5ff2021-12-20 16:04:57.175root 11241100x8000000000000000787146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611eb8d15874cff12021-12-20 16:04:57.175root 11241100x8000000000000000787147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d24b2b9937bff72021-12-20 16:04:57.175root 11241100x8000000000000000787148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3c6e9b8c4dd3fc2021-12-20 16:04:57.176root 11241100x8000000000000000787149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d539028818b8d382021-12-20 16:04:57.176root 11241100x8000000000000000787150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc19b76b0011cff42021-12-20 16:04:57.176root 11241100x8000000000000000787151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2243661ece209ee2021-12-20 16:04:57.176root 11241100x8000000000000000787152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc9ce415e3151f02021-12-20 16:04:57.176root 11241100x8000000000000000787153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fe0dac9a3a78f42021-12-20 16:04:57.176root 11241100x8000000000000000787154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2239e297e8c04f2021-12-20 16:04:57.176root 11241100x8000000000000000787155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bf631559b730c92021-12-20 16:04:57.176root 11241100x8000000000000000787156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42f71bff3ff28432021-12-20 16:04:57.176root 11241100x8000000000000000787157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c357e65c0300efee2021-12-20 16:04:57.176root 11241100x8000000000000000787158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05594e0aeac184c2021-12-20 16:04:57.176root 11241100x8000000000000000787159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05735dc16664a722021-12-20 16:04:57.176root 11241100x8000000000000000787160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f36961c593c11112021-12-20 16:04:57.176root 11241100x8000000000000000787161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9deb0fa0089c58b72021-12-20 16:04:57.176root 11241100x8000000000000000787162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d028fb2dccdac32021-12-20 16:04:57.176root 11241100x8000000000000000787163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beac251a8a685a382021-12-20 16:04:57.176root 11241100x8000000000000000787164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9380c5bbdc14fe9d2021-12-20 16:04:57.177root 11241100x8000000000000000787165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b7fe9a8891b4c32021-12-20 16:04:57.177root 11241100x8000000000000000787166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc7ded5163c469b2021-12-20 16:04:57.177root 11241100x8000000000000000787167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087704062733dd862021-12-20 16:04:57.177root 11241100x8000000000000000787168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa63acdd0f34f82c2021-12-20 16:04:57.177root 11241100x8000000000000000787169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1278c2b3ec7c4f2021-12-20 16:04:57.177root 11241100x8000000000000000787170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caf6960d041f5cb2021-12-20 16:04:57.177root 11241100x8000000000000000787171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa1839528a9a98b2021-12-20 16:04:57.177root 11241100x8000000000000000787172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce4e023870b6c362021-12-20 16:04:57.177root 11241100x8000000000000000787173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed10fe24d6ec807f2021-12-20 16:04:57.177root 11241100x8000000000000000787174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28091ce5c58dec7c2021-12-20 16:04:57.675root 11241100x8000000000000000787175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc56da10a0390e632021-12-20 16:04:57.675root 11241100x8000000000000000787176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af98a61aa7e20722021-12-20 16:04:57.675root 11241100x8000000000000000787177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a3480f6e463d572021-12-20 16:04:57.675root 11241100x8000000000000000787178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48157f00fcf49812021-12-20 16:04:57.675root 11241100x8000000000000000787179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93d5d91b74a1f1c2021-12-20 16:04:57.675root 11241100x8000000000000000787180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e1a9473be906da2021-12-20 16:04:57.675root 11241100x8000000000000000787181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd323f692b3cc812021-12-20 16:04:57.676root 11241100x8000000000000000787182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3580fa2721029fc52021-12-20 16:04:57.676root 11241100x8000000000000000787183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597d9314198233452021-12-20 16:04:57.676root 11241100x8000000000000000787184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4479cb1711b7668a2021-12-20 16:04:57.676root 11241100x8000000000000000787185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d45b74b3e74043e2021-12-20 16:04:57.676root 11241100x8000000000000000787186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f96ecf4eaa9c5f2021-12-20 16:04:57.676root 11241100x8000000000000000787187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c29e60c2ac39fb2021-12-20 16:04:57.676root 11241100x8000000000000000787188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901bb138ae8acfe52021-12-20 16:04:57.676root 11241100x8000000000000000787189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54539ef31d1f9d8b2021-12-20 16:04:57.676root 11241100x8000000000000000787190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d9ea62108b5f992021-12-20 16:04:57.676root 11241100x8000000000000000787191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e766cb25f068fd082021-12-20 16:04:57.676root 11241100x8000000000000000787192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd68d93858f256de2021-12-20 16:04:57.676root 11241100x8000000000000000787193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bf6af0a6ef3bde2021-12-20 16:04:57.677root 11241100x8000000000000000787194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1354e4286a9dde52021-12-20 16:04:57.677root 11241100x8000000000000000787195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4882232759308bc02021-12-20 16:04:57.677root 11241100x8000000000000000787196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df43d555d37ad63e2021-12-20 16:04:57.677root 11241100x8000000000000000787197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996b7f38a6e337d92021-12-20 16:04:57.677root 11241100x8000000000000000787198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f1b06c1880775d2021-12-20 16:04:57.677root 11241100x8000000000000000787199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4160c935a4a0bcc42021-12-20 16:04:57.677root 11241100x8000000000000000787200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1489e998daf200d82021-12-20 16:04:57.677root 11241100x8000000000000000787201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc811b969756fee92021-12-20 16:04:57.677root 11241100x8000000000000000787202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104093642259d3792021-12-20 16:04:57.677root 11241100x8000000000000000787203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88db49f986fb026e2021-12-20 16:04:57.677root 11241100x8000000000000000787204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792b4a4b15563cad2021-12-20 16:04:57.677root 11241100x8000000000000000787205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644f0ca753ab1b8c2021-12-20 16:04:57.677root 11241100x8000000000000000787206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:57.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b36109b4f4e44622021-12-20 16:04:57.677root 11241100x8000000000000000787207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8fd194fa04e7052021-12-20 16:04:58.175root 11241100x8000000000000000787208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9712765f6706922021-12-20 16:04:58.175root 11241100x8000000000000000787209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc856bdf32c9ea52021-12-20 16:04:58.175root 11241100x8000000000000000787210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288b3c6f8bb1b10a2021-12-20 16:04:58.175root 11241100x8000000000000000787211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0933a23268f441b42021-12-20 16:04:58.175root 11241100x8000000000000000787212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db77a9b92c6f95e62021-12-20 16:04:58.175root 11241100x8000000000000000787213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0708579d423109032021-12-20 16:04:58.175root 11241100x8000000000000000787214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e4391540a5385f2021-12-20 16:04:58.176root 11241100x8000000000000000787215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102e8174f4487a8e2021-12-20 16:04:58.176root 11241100x8000000000000000787216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5dca9ef2642af32021-12-20 16:04:58.176root 11241100x8000000000000000787217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45598ce2ec5d2582021-12-20 16:04:58.176root 11241100x8000000000000000787218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c883fb7c8e3d732021-12-20 16:04:58.176root 11241100x8000000000000000787219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25c12fa5f9669a22021-12-20 16:04:58.176root 11241100x8000000000000000787220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f75d3184656eed82021-12-20 16:04:58.176root 11241100x8000000000000000787221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f3b988162887c42021-12-20 16:04:58.176root 11241100x8000000000000000787222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a51be3b309c1762021-12-20 16:04:58.176root 11241100x8000000000000000787223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f2c00bbdbc49222021-12-20 16:04:58.176root 11241100x8000000000000000787224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89181f6672ab82c2021-12-20 16:04:58.176root 11241100x8000000000000000787225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ed468670e68bc02021-12-20 16:04:58.176root 11241100x8000000000000000787226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e244cc08dc6d02cc2021-12-20 16:04:58.176root 11241100x8000000000000000787227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf83adf9c85287d92021-12-20 16:04:58.176root 11241100x8000000000000000787228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b6efb82b9f10d42021-12-20 16:04:58.176root 11241100x8000000000000000787229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490c64095eadc7c62021-12-20 16:04:58.176root 11241100x8000000000000000787230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6639868f9c99e75d2021-12-20 16:04:58.177root 11241100x8000000000000000787231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29983bbfdf7eae82021-12-20 16:04:58.177root 11241100x8000000000000000787232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04114cd5aaaeecdb2021-12-20 16:04:58.177root 11241100x8000000000000000787233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc22320158dc05e2021-12-20 16:04:58.177root 11241100x8000000000000000787234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64f0c47807ba4d42021-12-20 16:04:58.177root 11241100x8000000000000000787235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e505ef7e6c35e99b2021-12-20 16:04:58.177root 11241100x8000000000000000787236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187f05f333614dc22021-12-20 16:04:58.177root 11241100x8000000000000000787237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac61d511f88109592021-12-20 16:04:58.177root 11241100x8000000000000000787238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d92017ca7fa62b72021-12-20 16:04:58.177root 11241100x8000000000000000787239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c6a026d1fe559d2021-12-20 16:04:58.177root 11241100x8000000000000000787240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49835cb15e93ca8c2021-12-20 16:04:58.675root 11241100x8000000000000000787241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaf82a20e20740c2021-12-20 16:04:58.675root 11241100x8000000000000000787242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d489230eb277d4962021-12-20 16:04:58.675root 11241100x8000000000000000787243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd173960be47b0fa2021-12-20 16:04:58.675root 11241100x8000000000000000787244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f57e5e155d4cdff2021-12-20 16:04:58.675root 11241100x8000000000000000787245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2926f68ba166de2021-12-20 16:04:58.675root 11241100x8000000000000000787246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039827324730a3ac2021-12-20 16:04:58.675root 11241100x8000000000000000787247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf4cea6e291bf432021-12-20 16:04:58.676root 11241100x8000000000000000787248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd059d05836118df2021-12-20 16:04:58.676root 11241100x8000000000000000787249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c8344660170b092021-12-20 16:04:58.676root 11241100x8000000000000000787250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc610fc5860dffe2021-12-20 16:04:58.676root 11241100x8000000000000000787251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bc8d2b8bfa68a42021-12-20 16:04:58.676root 11241100x8000000000000000787252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785be0aa95f1f9f52021-12-20 16:04:58.676root 11241100x8000000000000000787253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac19236976639b0e2021-12-20 16:04:58.676root 11241100x8000000000000000787254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae62111ed422e04a2021-12-20 16:04:58.676root 11241100x8000000000000000787255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a1ff30137a7f932021-12-20 16:04:58.676root 11241100x8000000000000000787256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416c16d3086309ad2021-12-20 16:04:58.676root 11241100x8000000000000000787257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906e04d4ecf94c6c2021-12-20 16:04:58.676root 11241100x8000000000000000787258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a856bb68e190d2042021-12-20 16:04:58.676root 11241100x8000000000000000787259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d231446153214c2021-12-20 16:04:58.676root 11241100x8000000000000000787260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510004c7f54b8d632021-12-20 16:04:58.676root 11241100x8000000000000000787261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f56d0921115c4c2021-12-20 16:04:58.676root 11241100x8000000000000000787262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a77c447b427132d2021-12-20 16:04:58.676root 11241100x8000000000000000787263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551376d0a679eb302021-12-20 16:04:58.677root 11241100x8000000000000000787264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a1a3b718c49f5e2021-12-20 16:04:58.677root 11241100x8000000000000000787265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8f13c35d30bdbe2021-12-20 16:04:58.677root 11241100x8000000000000000787266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd994909db1564e32021-12-20 16:04:58.677root 11241100x8000000000000000787267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f452639af3ac882021-12-20 16:04:58.677root 11241100x8000000000000000787268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb6d627c24104622021-12-20 16:04:58.677root 11241100x8000000000000000787269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe18ec646f5c07e2021-12-20 16:04:58.677root 11241100x8000000000000000787270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da46a4973758e78d2021-12-20 16:04:58.677root 11241100x8000000000000000787271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d5a13160bdbf822021-12-20 16:04:58.677root 11241100x8000000000000000787272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:58.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351c266ca07f38082021-12-20 16:04:58.677root 11241100x8000000000000000787273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ce633db6c570102021-12-20 16:04:59.175root 11241100x8000000000000000787274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d077e7e96d438b72021-12-20 16:04:59.175root 11241100x8000000000000000787275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a5fc58996839002021-12-20 16:04:59.175root 11241100x8000000000000000787276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cf811fa81d195b2021-12-20 16:04:59.175root 11241100x8000000000000000787277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991757934c0893162021-12-20 16:04:59.175root 11241100x8000000000000000787278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf21dcf4076d78092021-12-20 16:04:59.175root 11241100x8000000000000000787279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b3b498e6959e642021-12-20 16:04:59.175root 11241100x8000000000000000787280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f43540b9cd89fa2021-12-20 16:04:59.175root 11241100x8000000000000000787281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3170876d53c76132021-12-20 16:04:59.176root 11241100x8000000000000000787282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b96561133a4d0a2021-12-20 16:04:59.176root 11241100x8000000000000000787283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba6f64825f60b182021-12-20 16:04:59.176root 11241100x8000000000000000787284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b1e58a92732f402021-12-20 16:04:59.176root 11241100x8000000000000000787285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58e8309676288552021-12-20 16:04:59.176root 11241100x8000000000000000787286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5336da8518ed4482021-12-20 16:04:59.176root 11241100x8000000000000000787287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bfc695bba371df2021-12-20 16:04:59.176root 11241100x8000000000000000787288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79902d11adca78992021-12-20 16:04:59.176root 11241100x8000000000000000787289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b6cf70367846372021-12-20 16:04:59.176root 11241100x8000000000000000787290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f987b925db4883fa2021-12-20 16:04:59.176root 11241100x8000000000000000787291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb775b08542d63e2021-12-20 16:04:59.176root 11241100x8000000000000000787292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c83483c880b63d2021-12-20 16:04:59.176root 11241100x8000000000000000787293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5eede7dfe789af62021-12-20 16:04:59.176root 11241100x8000000000000000787294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd340a634640ebf2021-12-20 16:04:59.176root 11241100x8000000000000000787295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a96ed37a0a5333a2021-12-20 16:04:59.176root 11241100x8000000000000000787296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2f6142bc3766332021-12-20 16:04:59.176root 11241100x8000000000000000787297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055ed224a1066fc22021-12-20 16:04:59.177root 11241100x8000000000000000787298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2924a2b827039a8c2021-12-20 16:04:59.177root 11241100x8000000000000000787299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1a51e1736bb0402021-12-20 16:04:59.177root 11241100x8000000000000000787300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740a53e5acdb5c482021-12-20 16:04:59.177root 11241100x8000000000000000787301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d0e44d945789632021-12-20 16:04:59.177root 11241100x8000000000000000787302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f668a0450fd76d82021-12-20 16:04:59.177root 11241100x8000000000000000787303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bb08149e4cb83e2021-12-20 16:04:59.177root 11241100x8000000000000000787304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c456be1cc39e982021-12-20 16:04:59.177root 11241100x8000000000000000787305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bceed8e4616ff052021-12-20 16:04:59.177root 11241100x8000000000000000787306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc6ab50d5304fb82021-12-20 16:04:59.675root 11241100x8000000000000000787307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005d7b098a43bc542021-12-20 16:04:59.675root 11241100x8000000000000000787308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85c39c081682d862021-12-20 16:04:59.675root 11241100x8000000000000000787309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd7e1178209c37f2021-12-20 16:04:59.675root 11241100x8000000000000000787310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc0710a8874d0522021-12-20 16:04:59.675root 11241100x8000000000000000787311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0565eab2132baa2021-12-20 16:04:59.675root 11241100x8000000000000000787312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b3e47155f83d942021-12-20 16:04:59.675root 11241100x8000000000000000787313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c734307f6312e4332021-12-20 16:04:59.675root 11241100x8000000000000000787314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc310334b0696562021-12-20 16:04:59.676root 11241100x8000000000000000787315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f4f19990330cff2021-12-20 16:04:59.676root 11241100x8000000000000000787316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4950db29aca6aed2021-12-20 16:04:59.676root 11241100x8000000000000000787317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e9cf39274c78702021-12-20 16:04:59.676root 11241100x8000000000000000787318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b44caff0073dc9b2021-12-20 16:04:59.676root 11241100x8000000000000000787319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922cd37fb33ded5a2021-12-20 16:04:59.676root 11241100x8000000000000000787320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1ce9a22650191a2021-12-20 16:04:59.676root 11241100x8000000000000000787321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17c46978e68886f2021-12-20 16:04:59.676root 11241100x8000000000000000787322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f617e60d670d1052021-12-20 16:04:59.676root 11241100x8000000000000000787323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60baf45f4a1776de2021-12-20 16:04:59.676root 11241100x8000000000000000787324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c8abdb5fe9a8a62021-12-20 16:04:59.676root 11241100x8000000000000000787325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9d073c71b572aa2021-12-20 16:04:59.676root 11241100x8000000000000000787326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363f8cb64b6854cc2021-12-20 16:04:59.676root 11241100x8000000000000000787327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c7a8c7934cb89f2021-12-20 16:04:59.676root 11241100x8000000000000000787328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496587e8b937506d2021-12-20 16:04:59.676root 11241100x8000000000000000787329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779d853134902bde2021-12-20 16:04:59.676root 11241100x8000000000000000787330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece1ad5d3d35516e2021-12-20 16:04:59.677root 11241100x8000000000000000787331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e392ea8d5885fae2021-12-20 16:04:59.677root 11241100x8000000000000000787332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7086ce9c1ca19fcf2021-12-20 16:04:59.677root 11241100x8000000000000000787333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1981c5a8cfe1722021-12-20 16:04:59.677root 11241100x8000000000000000787334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e276d17c77a9547f2021-12-20 16:04:59.677root 11241100x8000000000000000787335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029afd25e95f74d12021-12-20 16:04:59.677root 11241100x8000000000000000787336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c7f3ae1f3e6aa22021-12-20 16:04:59.677root 11241100x8000000000000000787337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be0656d31b5e84b2021-12-20 16:04:59.677root 11241100x8000000000000000787338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:04:59.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04458941352328742021-12-20 16:04:59.677root 11241100x8000000000000000787339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5b82a56e32a7352021-12-20 16:05:00.175root 11241100x8000000000000000787340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fce343811a21b8a2021-12-20 16:05:00.175root 11241100x8000000000000000787341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c910e8d8bc38cf2021-12-20 16:05:00.175root 11241100x8000000000000000787342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba7d46cad3cc1412021-12-20 16:05:00.175root 11241100x8000000000000000787343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6270b94290f5026e2021-12-20 16:05:00.175root 11241100x8000000000000000787344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f679a4f8ca880bb02021-12-20 16:05:00.175root 11241100x8000000000000000787345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ca7ec5583347212021-12-20 16:05:00.175root 11241100x8000000000000000787346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1091f23f728e93e2021-12-20 16:05:00.175root 11241100x8000000000000000787347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5959c2708305c8542021-12-20 16:05:00.176root 11241100x8000000000000000787348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b38e138be396c42021-12-20 16:05:00.176root 11241100x8000000000000000787349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3ea43dd1ea26b62021-12-20 16:05:00.176root 11241100x8000000000000000787350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe5a0944addcdb2021-12-20 16:05:00.176root 11241100x8000000000000000787351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2072b984b7d4bec42021-12-20 16:05:00.176root 11241100x8000000000000000787352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7bd51715e5fe412021-12-20 16:05:00.176root 11241100x8000000000000000787353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e850cf07061fd3942021-12-20 16:05:00.176root 11241100x8000000000000000787354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b03f8fdb36eb192021-12-20 16:05:00.176root 11241100x8000000000000000787355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6540ea2770b63b32021-12-20 16:05:00.176root 11241100x8000000000000000787356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87487baccbf017312021-12-20 16:05:00.176root 11241100x8000000000000000787357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe315516988969c62021-12-20 16:05:00.176root 11241100x8000000000000000787358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044acc4dcad5e8c32021-12-20 16:05:00.176root 11241100x8000000000000000787359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4f887bcc2a7a3c2021-12-20 16:05:00.176root 11241100x8000000000000000787360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2742b3a41d2047f92021-12-20 16:05:00.176root 11241100x8000000000000000787361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b905f6e6f2cbda32021-12-20 16:05:00.176root 11241100x8000000000000000787362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b025ff4cdea0f26d2021-12-20 16:05:00.177root 11241100x8000000000000000787363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49851a1c9b4eb702021-12-20 16:05:00.177root 11241100x8000000000000000787364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228e23e32f414d2f2021-12-20 16:05:00.177root 11241100x8000000000000000787365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e02c01751f50bf2021-12-20 16:05:00.177root 11241100x8000000000000000787366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ec892236c877262021-12-20 16:05:00.177root 11241100x8000000000000000787367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484e951032290af32021-12-20 16:05:00.177root 11241100x8000000000000000787368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2b5ee1abf138792021-12-20 16:05:00.177root 11241100x8000000000000000787369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953fbc0729342b042021-12-20 16:05:00.177root 11241100x8000000000000000787370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8a2e8f41eef88c2021-12-20 16:05:00.178root 11241100x8000000000000000787371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3841c0fc2a5c535b2021-12-20 16:05:00.178root 11241100x8000000000000000787372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00f733549e728312021-12-20 16:05:00.675root 11241100x8000000000000000787373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c914b05313eb34e52021-12-20 16:05:00.675root 11241100x8000000000000000787374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84f50488e921f442021-12-20 16:05:00.675root 11241100x8000000000000000787375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53478070ccebc6972021-12-20 16:05:00.675root 11241100x8000000000000000787376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15185e2ac68cc0ff2021-12-20 16:05:00.675root 11241100x8000000000000000787377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2c7923174dac7c2021-12-20 16:05:00.675root 11241100x8000000000000000787378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db00186e8e6491b82021-12-20 16:05:00.675root 11241100x8000000000000000787379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3205e5cc5b30d942021-12-20 16:05:00.675root 11241100x8000000000000000787380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb723283562a3572021-12-20 16:05:00.676root 11241100x8000000000000000787381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a3db1db7c61a892021-12-20 16:05:00.676root 11241100x8000000000000000787382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ab0496cba668a22021-12-20 16:05:00.676root 11241100x8000000000000000787383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16353e5b628232062021-12-20 16:05:00.676root 11241100x8000000000000000787384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afe9fb7f5bfde2e2021-12-20 16:05:00.676root 11241100x8000000000000000787385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a6ab7fb385c2b42021-12-20 16:05:00.676root 11241100x8000000000000000787386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0783bd260e1fd2922021-12-20 16:05:00.676root 11241100x8000000000000000787387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f23ba50b6e6c7fb2021-12-20 16:05:00.676root 11241100x8000000000000000787388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a7427c5c6f35ea2021-12-20 16:05:00.676root 11241100x8000000000000000787389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde05dd0ea2363422021-12-20 16:05:00.676root 11241100x8000000000000000787390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf1ae642657a0812021-12-20 16:05:00.676root 11241100x8000000000000000787391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67732ae948163572021-12-20 16:05:00.676root 11241100x8000000000000000787392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e51e280b93770aa2021-12-20 16:05:00.676root 11241100x8000000000000000787393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6eefb4a83c65db2021-12-20 16:05:00.676root 11241100x8000000000000000787394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bce328598ed8ae2021-12-20 16:05:00.676root 11241100x8000000000000000787395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def781d1c97b010a2021-12-20 16:05:00.677root 11241100x8000000000000000787396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fb1155a8e8aa3f2021-12-20 16:05:00.677root 11241100x8000000000000000787397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153216ebce11f1c52021-12-20 16:05:00.677root 11241100x8000000000000000787398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42aa8d0e611265b82021-12-20 16:05:00.677root 11241100x8000000000000000787399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f31fba66e7e26712021-12-20 16:05:00.677root 11241100x8000000000000000787400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc222e4a1768e7e72021-12-20 16:05:00.677root 11241100x8000000000000000787401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9299899a399787b2021-12-20 16:05:00.677root 11241100x8000000000000000787402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc74785940d78462021-12-20 16:05:00.677root 11241100x8000000000000000787403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4cd7ca8f317ecc2021-12-20 16:05:00.677root 11241100x8000000000000000787404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:00.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74e19748a30526a2021-12-20 16:05:00.677root 11241100x8000000000000000787405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192a868314b059522021-12-20 16:05:01.175root 11241100x8000000000000000787406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa170d29568fee52021-12-20 16:05:01.175root 11241100x8000000000000000787407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b54f1f5f27ce06e2021-12-20 16:05:01.175root 11241100x8000000000000000787408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be4e4c71b4b807f2021-12-20 16:05:01.175root 11241100x8000000000000000787409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38747d58a7233e972021-12-20 16:05:01.175root 11241100x8000000000000000787410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6335dd177f2a9982021-12-20 16:05:01.175root 11241100x8000000000000000787411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4842efee81e6a4fc2021-12-20 16:05:01.175root 11241100x8000000000000000787412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17211b35b30be9342021-12-20 16:05:01.175root 11241100x8000000000000000787413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1974d2b20a8fea562021-12-20 16:05:01.175root 11241100x8000000000000000787414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498f79b35cd46f5c2021-12-20 16:05:01.176root 11241100x8000000000000000787415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a090e661a85d0b0f2021-12-20 16:05:01.176root 11241100x8000000000000000787416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c7d95e418fd7692021-12-20 16:05:01.176root 11241100x8000000000000000787417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5feb94f486c19c5a2021-12-20 16:05:01.176root 11241100x8000000000000000787418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb0920f661d067c2021-12-20 16:05:01.176root 11241100x8000000000000000787419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25434bc53006456a2021-12-20 16:05:01.176root 11241100x8000000000000000787420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f49cf766f3de8f2021-12-20 16:05:01.176root 11241100x8000000000000000787421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab597553fdeb2792021-12-20 16:05:01.176root 11241100x8000000000000000787422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0be5483feb79f832021-12-20 16:05:01.176root 11241100x8000000000000000787423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d03205b60cb2e62021-12-20 16:05:01.176root 11241100x8000000000000000787424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d40db2fd44753d2021-12-20 16:05:01.176root 11241100x8000000000000000787425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f40a037c60d3492021-12-20 16:05:01.176root 11241100x8000000000000000787426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d99b91c172f9db72021-12-20 16:05:01.176root 11241100x8000000000000000787427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5412f502463a8a2021-12-20 16:05:01.176root 11241100x8000000000000000787428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daf0cb7289bdffd2021-12-20 16:05:01.176root 11241100x8000000000000000787429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858ec4e58bd5ecf02021-12-20 16:05:01.176root 11241100x8000000000000000787430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1667844efe1b67062021-12-20 16:05:01.177root 11241100x8000000000000000787431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a896e11d9644b1842021-12-20 16:05:01.177root 11241100x8000000000000000787432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1187a3bf593487b2021-12-20 16:05:01.177root 11241100x8000000000000000787433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b692e18eea11bdf2021-12-20 16:05:01.177root 11241100x8000000000000000787434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2ff7999ea162a62021-12-20 16:05:01.177root 11241100x8000000000000000787435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc1f3a8f8b75cda2021-12-20 16:05:01.177root 11241100x8000000000000000787436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ed9505404b94392021-12-20 16:05:01.177root 11241100x8000000000000000787437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d636871c276c4882021-12-20 16:05:01.177root 354300x8000000000000000787438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.216{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51606-false10.0.1.12-8000- 11241100x8000000000000000787439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d2bf12f439e7392021-12-20 16:05:01.675root 11241100x8000000000000000787440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd04e94393a01f562021-12-20 16:05:01.675root 11241100x8000000000000000787441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b44539e05c2e3f12021-12-20 16:05:01.675root 11241100x8000000000000000787442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81abb5a3f8922cd2021-12-20 16:05:01.675root 11241100x8000000000000000787443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6ca006c9e492dd2021-12-20 16:05:01.675root 11241100x8000000000000000787444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9131697c99b6dbff2021-12-20 16:05:01.675root 11241100x8000000000000000787445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184ee9bef4eb7e692021-12-20 16:05:01.675root 11241100x8000000000000000787446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4575325ce07205d62021-12-20 16:05:01.675root 11241100x8000000000000000787447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff3fd49ad5718b82021-12-20 16:05:01.676root 11241100x8000000000000000787448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452edada7671d6042021-12-20 16:05:01.676root 11241100x8000000000000000787449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6de98e093a197f2021-12-20 16:05:01.676root 11241100x8000000000000000787450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b6f3aa708467112021-12-20 16:05:01.676root 11241100x8000000000000000787451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca66604f5942b3c22021-12-20 16:05:01.676root 11241100x8000000000000000787452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcf739c45d2b2652021-12-20 16:05:01.676root 11241100x8000000000000000787453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5579a121e7ba6bd22021-12-20 16:05:01.676root 11241100x8000000000000000787454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f753a9d09199d212021-12-20 16:05:01.676root 11241100x8000000000000000787455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7fb65727545cf52021-12-20 16:05:01.676root 11241100x8000000000000000787456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6da686b88986a542021-12-20 16:05:01.676root 11241100x8000000000000000787457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce0a6f3abcec6be2021-12-20 16:05:01.676root 11241100x8000000000000000787458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff61446a6850b25f2021-12-20 16:05:01.676root 11241100x8000000000000000787459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb75d7d868a2d12b2021-12-20 16:05:01.676root 11241100x8000000000000000787460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8f942d752d9dff2021-12-20 16:05:01.676root 11241100x8000000000000000787461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe446b8377e326c2021-12-20 16:05:01.676root 11241100x8000000000000000787462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06fefb26e0f64d42021-12-20 16:05:01.677root 11241100x8000000000000000787463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda97f0b27fcfc132021-12-20 16:05:01.677root 11241100x8000000000000000787464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e97e027351244e2021-12-20 16:05:01.677root 11241100x8000000000000000787465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54529d8cfc4bb1712021-12-20 16:05:01.677root 11241100x8000000000000000787466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787708132026c4022021-12-20 16:05:01.677root 11241100x8000000000000000787467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6440a62ee71135fb2021-12-20 16:05:01.677root 11241100x8000000000000000787468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23ed888bd86d9612021-12-20 16:05:01.677root 11241100x8000000000000000787469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c64087c6aed74482021-12-20 16:05:01.677root 11241100x8000000000000000787470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533620e7b9a24c6e2021-12-20 16:05:01.677root 11241100x8000000000000000787471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1375d2ade393d442021-12-20 16:05:01.677root 11241100x8000000000000000787472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:01.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8d956dff50358c2021-12-20 16:05:01.677root 11241100x8000000000000000787473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ba47298a53a4712021-12-20 16:05:02.175root 11241100x8000000000000000787474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b3bede8d40b4f52021-12-20 16:05:02.175root 11241100x8000000000000000787475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46525574d8abff52021-12-20 16:05:02.175root 11241100x8000000000000000787476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91f78f4879f36992021-12-20 16:05:02.175root 11241100x8000000000000000787477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8e42d970f1f0832021-12-20 16:05:02.176root 11241100x8000000000000000787478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821bb2f3b0b9aa4d2021-12-20 16:05:02.176root 11241100x8000000000000000787479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd630c6132d1e802021-12-20 16:05:02.176root 11241100x8000000000000000787480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c908f0ce40b2142021-12-20 16:05:02.176root 11241100x8000000000000000787481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409051bbadc811c72021-12-20 16:05:02.176root 11241100x8000000000000000787482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc41b9e8984550d2021-12-20 16:05:02.176root 11241100x8000000000000000787483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b580b8ef62e9892021-12-20 16:05:02.177root 11241100x8000000000000000787484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581d6780936610bd2021-12-20 16:05:02.177root 11241100x8000000000000000787485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09004df56e987c62021-12-20 16:05:02.177root 11241100x8000000000000000787486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83689933891ae692021-12-20 16:05:02.177root 11241100x8000000000000000787487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03eec16ad4eccb422021-12-20 16:05:02.177root 11241100x8000000000000000787488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759b8b15edffed5d2021-12-20 16:05:02.177root 11241100x8000000000000000787489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60be737446721da52021-12-20 16:05:02.177root 11241100x8000000000000000787490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4fbd6bff4b86032021-12-20 16:05:02.178root 11241100x8000000000000000787491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da02c85a95a82d972021-12-20 16:05:02.178root 11241100x8000000000000000787492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887caab64a42d0e82021-12-20 16:05:02.178root 11241100x8000000000000000787493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8ea79b91d8bef32021-12-20 16:05:02.178root 11241100x8000000000000000787494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55951f5e700c92172021-12-20 16:05:02.178root 11241100x8000000000000000787495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1902a85a38036a1a2021-12-20 16:05:02.178root 11241100x8000000000000000787496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e85a3c1db5a88222021-12-20 16:05:02.178root 11241100x8000000000000000787497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af183e4197215942021-12-20 16:05:02.178root 11241100x8000000000000000787498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c0308abebff5f12021-12-20 16:05:02.178root 11241100x8000000000000000787499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeda925aee3121d62021-12-20 16:05:02.178root 11241100x8000000000000000787500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40ccaf5716996502021-12-20 16:05:02.178root 11241100x8000000000000000787501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1232e6742ddbf3872021-12-20 16:05:02.178root 11241100x8000000000000000787502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106af66d09bc45f72021-12-20 16:05:02.178root 11241100x8000000000000000787503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5d60371d0d01952021-12-20 16:05:02.179root 11241100x8000000000000000787504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942e86c0011301172021-12-20 16:05:02.179root 11241100x8000000000000000787505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57494fcc0b20474d2021-12-20 16:05:02.179root 11241100x8000000000000000787506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af9c8e22bfe41582021-12-20 16:05:02.179root 11241100x8000000000000000787507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e4b73d0522be062021-12-20 16:05:02.675root 11241100x8000000000000000787508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cc8c5bc9b680bf2021-12-20 16:05:02.675root 11241100x8000000000000000787509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0721390e7271ac92021-12-20 16:05:02.675root 11241100x8000000000000000787510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb40909479e317382021-12-20 16:05:02.675root 11241100x8000000000000000787511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a566a9785c5c3ba82021-12-20 16:05:02.675root 11241100x8000000000000000787512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf5e4628821a9472021-12-20 16:05:02.675root 11241100x8000000000000000787513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d60666764694fd2021-12-20 16:05:02.675root 11241100x8000000000000000787514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7730deafb7e80712021-12-20 16:05:02.676root 11241100x8000000000000000787515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0301642929e5bd2021-12-20 16:05:02.676root 11241100x8000000000000000787516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf66638c766598112021-12-20 16:05:02.676root 11241100x8000000000000000787517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9444117eb4b389172021-12-20 16:05:02.676root 11241100x8000000000000000787518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7763f8ef3c612da2021-12-20 16:05:02.676root 11241100x8000000000000000787519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7bcd93dbbcc7542021-12-20 16:05:02.676root 11241100x8000000000000000787520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aadb2cd9a580c4e2021-12-20 16:05:02.676root 11241100x8000000000000000787521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f948c2677206c1552021-12-20 16:05:02.676root 11241100x8000000000000000787522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ee213a29ac5e9d2021-12-20 16:05:02.676root 11241100x8000000000000000787523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ebd68c0cd80e6b2021-12-20 16:05:02.676root 11241100x8000000000000000787524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0399e704bdde7dce2021-12-20 16:05:02.676root 11241100x8000000000000000787525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df382a396739ccf2021-12-20 16:05:02.676root 11241100x8000000000000000787526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d86afcc835be5f52021-12-20 16:05:02.676root 11241100x8000000000000000787527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717812ecb2d2f7372021-12-20 16:05:02.676root 11241100x8000000000000000787528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3344d9e831a6db2021-12-20 16:05:02.676root 11241100x8000000000000000787529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb8ba0758dc103b2021-12-20 16:05:02.677root 11241100x8000000000000000787530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909416290ea1b94c2021-12-20 16:05:02.677root 11241100x8000000000000000787531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad24eedb8a9f62482021-12-20 16:05:02.677root 11241100x8000000000000000787532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ce48714331b99e2021-12-20 16:05:02.677root 11241100x8000000000000000787533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11abfd8f93afc7ab2021-12-20 16:05:02.677root 11241100x8000000000000000787534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad001bf9fbcd7aa52021-12-20 16:05:02.677root 11241100x8000000000000000787535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ab63b5d28944072021-12-20 16:05:02.677root 11241100x8000000000000000787536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c78069cfc850a62021-12-20 16:05:02.677root 11241100x8000000000000000787537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5557ab070c5e63442021-12-20 16:05:02.677root 11241100x8000000000000000787538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3690e384cc23642021-12-20 16:05:02.677root 11241100x8000000000000000787539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aa57d80af130f62021-12-20 16:05:02.677root 11241100x8000000000000000787540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:02.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8803706ed9b8732021-12-20 16:05:02.677root 11241100x8000000000000000787541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cbfc13fa35f7452021-12-20 16:05:03.175root 11241100x8000000000000000787542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6bf5570121d76f2021-12-20 16:05:03.175root 11241100x8000000000000000787543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf9109462ae16462021-12-20 16:05:03.175root 11241100x8000000000000000787544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdeba21af66651b2021-12-20 16:05:03.175root 11241100x8000000000000000787545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0decebd271c267f72021-12-20 16:05:03.175root 11241100x8000000000000000787546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decd8e651eafd2302021-12-20 16:05:03.175root 11241100x8000000000000000787547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5ff12341be53da2021-12-20 16:05:03.176root 11241100x8000000000000000787548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6272bbd43d359a682021-12-20 16:05:03.176root 11241100x8000000000000000787549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992e54618d83594f2021-12-20 16:05:03.176root 11241100x8000000000000000787550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0358360f4e72ed32021-12-20 16:05:03.176root 11241100x8000000000000000787551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f843cdaba83a8652021-12-20 16:05:03.176root 11241100x8000000000000000787552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c651ba3ea42f242021-12-20 16:05:03.176root 11241100x8000000000000000787553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efefa8285ab7d302021-12-20 16:05:03.176root 11241100x8000000000000000787554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7dcb0496de31292021-12-20 16:05:03.176root 11241100x8000000000000000787555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a3dcb4e63d7ada2021-12-20 16:05:03.176root 11241100x8000000000000000787556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba71c094bcd8eeee2021-12-20 16:05:03.176root 11241100x8000000000000000787557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca98e8f7eaf76b322021-12-20 16:05:03.176root 11241100x8000000000000000787558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0312cabab15fbc2021-12-20 16:05:03.176root 11241100x8000000000000000787559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1466350518294c02021-12-20 16:05:03.176root 11241100x8000000000000000787560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f57d222acf7f8d62021-12-20 16:05:03.176root 11241100x8000000000000000787561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573ffd80ba5c19be2021-12-20 16:05:03.176root 11241100x8000000000000000787562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595afb3ae6171abc2021-12-20 16:05:03.177root 11241100x8000000000000000787563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a988ae410aa1952021-12-20 16:05:03.181root 11241100x8000000000000000787564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d1bce20bbf45972021-12-20 16:05:03.182root 11241100x8000000000000000787565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb49da63d5f359a2021-12-20 16:05:03.182root 11241100x8000000000000000787566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2668ac33c1b036822021-12-20 16:05:03.182root 11241100x8000000000000000787567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fe0cee43e0a0ed2021-12-20 16:05:03.182root 11241100x8000000000000000787568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affe8646e237aa502021-12-20 16:05:03.182root 11241100x8000000000000000787569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3a68a23266a9f42021-12-20 16:05:03.182root 11241100x8000000000000000787570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527c89d917f533642021-12-20 16:05:03.182root 11241100x8000000000000000787571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec364992a5d6900c2021-12-20 16:05:03.182root 11241100x8000000000000000787572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869c4cc6b3a717e22021-12-20 16:05:03.182root 11241100x8000000000000000787573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c86773229ad302021-12-20 16:05:03.182root 11241100x8000000000000000787574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a303bd3000f5e4ff2021-12-20 16:05:03.184root 11241100x8000000000000000787575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f857f3d00a686b262021-12-20 16:05:03.674root 11241100x8000000000000000787576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2036e2ddf055ee62021-12-20 16:05:03.675root 11241100x8000000000000000787577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad69764e073c6db62021-12-20 16:05:03.675root 11241100x8000000000000000787578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d445a76421d0037b2021-12-20 16:05:03.675root 11241100x8000000000000000787579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9767534646551b692021-12-20 16:05:03.675root 11241100x8000000000000000787580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8054a7210bb5b22021-12-20 16:05:03.675root 11241100x8000000000000000787581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edada52405463f92021-12-20 16:05:03.675root 11241100x8000000000000000787582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298f48149ba20e402021-12-20 16:05:03.675root 11241100x8000000000000000787583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d941ea80249fbf2021-12-20 16:05:03.675root 11241100x8000000000000000787584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8a2ff6b1c7e5c02021-12-20 16:05:03.675root 11241100x8000000000000000787585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcda90836799e7cd2021-12-20 16:05:03.675root 11241100x8000000000000000787586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a855ff8e33a26ea32021-12-20 16:05:03.675root 11241100x8000000000000000787587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6e816b195ef8742021-12-20 16:05:03.676root 11241100x8000000000000000787588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fedfdc22c626bd42021-12-20 16:05:03.676root 11241100x8000000000000000787589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f36403ab4e6e992021-12-20 16:05:03.676root 11241100x8000000000000000787590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170f964130ef51ce2021-12-20 16:05:03.676root 11241100x8000000000000000787591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffe94af36d6823d2021-12-20 16:05:03.676root 11241100x8000000000000000787592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfce857c5e8ac06e2021-12-20 16:05:03.676root 11241100x8000000000000000787593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1193c47e1720372d2021-12-20 16:05:03.676root 11241100x8000000000000000787594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8c2017c19576202021-12-20 16:05:03.676root 11241100x8000000000000000787595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e16896166c22bd2021-12-20 16:05:03.676root 11241100x8000000000000000787596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310e2c3ec7f891f02021-12-20 16:05:03.677root 11241100x8000000000000000787597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062c976ab840c24f2021-12-20 16:05:03.677root 11241100x8000000000000000787598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e783d752687889e2021-12-20 16:05:03.677root 11241100x8000000000000000787599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c566037dc36432e2021-12-20 16:05:03.677root 11241100x8000000000000000787600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e824695f3dd63ca72021-12-20 16:05:03.678root 11241100x8000000000000000787601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63c4996a36350692021-12-20 16:05:03.678root 11241100x8000000000000000787602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a549591f97f67b2021-12-20 16:05:03.678root 11241100x8000000000000000787603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e76dc4ea96db2b72021-12-20 16:05:03.678root 11241100x8000000000000000787604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fbd035b5cc669c2021-12-20 16:05:03.678root 11241100x8000000000000000787605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441d61a0f06542662021-12-20 16:05:03.678root 11241100x8000000000000000787606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f3ced4e4f7a2aa2021-12-20 16:05:03.679root 11241100x8000000000000000787607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cda93d2b0abd872021-12-20 16:05:03.679root 11241100x8000000000000000787608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fee6538ff565d72021-12-20 16:05:03.679root 11241100x8000000000000000787609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccb13fdcc5427dd2021-12-20 16:05:03.679root 11241100x8000000000000000787610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd3ebaff8501c482021-12-20 16:05:03.679root 11241100x8000000000000000787611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbad2b95e6fc4962021-12-20 16:05:03.679root 11241100x8000000000000000787612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b9048da219ac012021-12-20 16:05:03.679root 11241100x8000000000000000787613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162ef63e75887e7f2021-12-20 16:05:03.679root 11241100x8000000000000000787614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae4357e61a62d6b2021-12-20 16:05:03.679root 11241100x8000000000000000787615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f548fa35478df0f2021-12-20 16:05:03.679root 11241100x8000000000000000787616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcba768c6d41902d2021-12-20 16:05:03.679root 11241100x8000000000000000787617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40faedb7d680821a2021-12-20 16:05:03.680root 11241100x8000000000000000787618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23043576cccdbe272021-12-20 16:05:03.680root 11241100x8000000000000000787619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b68eb6595d4ea5e2021-12-20 16:05:03.683root 11241100x8000000000000000787620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b8f09f2d4433502021-12-20 16:05:03.683root 11241100x8000000000000000787621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1681a3a569db922021-12-20 16:05:03.684root 11241100x8000000000000000787622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:03.684{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75510a94b925dd302021-12-20 16:05:03.684root 11241100x8000000000000000787623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4289ef285f3e77fb2021-12-20 16:05:04.174root 11241100x8000000000000000787624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077c15a9295212f82021-12-20 16:05:04.174root 11241100x8000000000000000787625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169acf76ff8e95582021-12-20 16:05:04.174root 11241100x8000000000000000787626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85a71ea27e37ab92021-12-20 16:05:04.174root 11241100x8000000000000000787627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d34ca0c3c7a72f2021-12-20 16:05:04.174root 11241100x8000000000000000787628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1138f3aa85911d32021-12-20 16:05:04.174root 11241100x8000000000000000787629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318d303eb944d11c2021-12-20 16:05:04.174root 11241100x8000000000000000787630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c5fa62fafbfb052021-12-20 16:05:04.174root 11241100x8000000000000000787631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9f3e3b965a8b852021-12-20 16:05:04.175root 11241100x8000000000000000787632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab93493cccf98e42021-12-20 16:05:04.175root 11241100x8000000000000000787633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f3dd514c7df682021-12-20 16:05:04.175root 11241100x8000000000000000787634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0a24ea0f7cabce2021-12-20 16:05:04.175root 11241100x8000000000000000787635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a590c81f2740562021-12-20 16:05:04.175root 11241100x8000000000000000787636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f2f489c81785132021-12-20 16:05:04.175root 11241100x8000000000000000787637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b6faaf9eb2b5782021-12-20 16:05:04.175root 11241100x8000000000000000787638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d72dc4550b3b8d52021-12-20 16:05:04.175root 11241100x8000000000000000787639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027feae905b2f8402021-12-20 16:05:04.175root 11241100x8000000000000000787640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811f57605e3c8a442021-12-20 16:05:04.176root 11241100x8000000000000000787641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f52749f764d4072021-12-20 16:05:04.176root 11241100x8000000000000000787642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404af4e99ce5fcd02021-12-20 16:05:04.176root 11241100x8000000000000000787643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495fd6c3633dea392021-12-20 16:05:04.176root 11241100x8000000000000000787644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc778175d6455dff2021-12-20 16:05:04.176root 11241100x8000000000000000787645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d4413f63910c2b2021-12-20 16:05:04.176root 11241100x8000000000000000787646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d708271a0df857bc2021-12-20 16:05:04.176root 11241100x8000000000000000787647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316976c3d1ba558a2021-12-20 16:05:04.177root 11241100x8000000000000000787648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a843ee3df6047aa2021-12-20 16:05:04.177root 11241100x8000000000000000787649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e882f273198d70fe2021-12-20 16:05:04.177root 11241100x8000000000000000787650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9737f94ce80ca0492021-12-20 16:05:04.177root 11241100x8000000000000000787651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b326b3c1a7614d842021-12-20 16:05:04.177root 11241100x8000000000000000787652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a17b3dd7673d5192021-12-20 16:05:04.177root 11241100x8000000000000000787653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3e1450bc7eab832021-12-20 16:05:04.177root 11241100x8000000000000000787654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b920bb09edc358eb2021-12-20 16:05:04.177root 11241100x8000000000000000787655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc5e4ad4d46e5b12021-12-20 16:05:04.178root 11241100x8000000000000000787656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4c9085489c9d242021-12-20 16:05:04.178root 11241100x8000000000000000787657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee222ca21adb732d2021-12-20 16:05:04.178root 11241100x8000000000000000787658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505be343727b29ba2021-12-20 16:05:04.675root 11241100x8000000000000000787659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22714011d281cb5f2021-12-20 16:05:04.675root 11241100x8000000000000000787660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3df8e55eaa77602021-12-20 16:05:04.675root 11241100x8000000000000000787661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b9f1e63f710d352021-12-20 16:05:04.675root 11241100x8000000000000000787662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf684d88ec6969d32021-12-20 16:05:04.675root 11241100x8000000000000000787663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9c209a45bab1442021-12-20 16:05:04.675root 11241100x8000000000000000787664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951d51091f3c41a72021-12-20 16:05:04.675root 11241100x8000000000000000787665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77accaa873b61d612021-12-20 16:05:04.675root 11241100x8000000000000000787666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a21ee2275339a62021-12-20 16:05:04.676root 11241100x8000000000000000787667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83b165003cb30132021-12-20 16:05:04.676root 11241100x8000000000000000787668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0245f26daed514d2021-12-20 16:05:04.676root 11241100x8000000000000000787669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1e4826dbf014232021-12-20 16:05:04.676root 11241100x8000000000000000787670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6993c82aeea6de42021-12-20 16:05:04.676root 11241100x8000000000000000787671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e64ec1171f6f1a2021-12-20 16:05:04.676root 11241100x8000000000000000787672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4c58a384883dda2021-12-20 16:05:04.676root 11241100x8000000000000000787673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0d66065c08b8392021-12-20 16:05:04.676root 11241100x8000000000000000787674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43716fbeee1ebe362021-12-20 16:05:04.676root 11241100x8000000000000000787675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365b808489fadce12021-12-20 16:05:04.676root 11241100x8000000000000000787676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70812a501976f7c2021-12-20 16:05:04.676root 11241100x8000000000000000787677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be90b32393d7e2d2021-12-20 16:05:04.676root 11241100x8000000000000000787678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558450d1d900c9732021-12-20 16:05:04.676root 11241100x8000000000000000787679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c3700a22c10ec82021-12-20 16:05:04.676root 11241100x8000000000000000787680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eead6eee6601af62021-12-20 16:05:04.677root 11241100x8000000000000000787681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00bfeab0f4b155d2021-12-20 16:05:04.677root 11241100x8000000000000000787682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32364d2281cb96fe2021-12-20 16:05:04.677root 11241100x8000000000000000787683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2884c2abb3145982021-12-20 16:05:04.677root 11241100x8000000000000000787684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc5e364be60241f2021-12-20 16:05:04.677root 11241100x8000000000000000787685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b52dc2e8969db62021-12-20 16:05:04.677root 11241100x8000000000000000787686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b253e892a7691c2021-12-20 16:05:04.677root 11241100x8000000000000000787687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a65f73a8f07ec6c2021-12-20 16:05:04.677root 11241100x8000000000000000787688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c5937608d7ec3e2021-12-20 16:05:04.677root 11241100x8000000000000000787689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e31da6c52136d02021-12-20 16:05:04.678root 11241100x8000000000000000787690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526553ac2252f77a2021-12-20 16:05:04.678root 11241100x8000000000000000787691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:04.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c1dd7f75e68c682021-12-20 16:05:04.678root 11241100x8000000000000000787692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3952926b52b31a5f2021-12-20 16:05:05.175root 11241100x8000000000000000787693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c7125dacfe57ff2021-12-20 16:05:05.175root 11241100x8000000000000000787694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194204ed059eba8a2021-12-20 16:05:05.175root 11241100x8000000000000000787695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7f06b3bb30fdf22021-12-20 16:05:05.175root 11241100x8000000000000000787696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386934073747cbfe2021-12-20 16:05:05.175root 11241100x8000000000000000787697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3525f64ed6594b82021-12-20 16:05:05.175root 11241100x8000000000000000787698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600775ab28a1b17d2021-12-20 16:05:05.175root 11241100x8000000000000000787699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02cfd5240bbfcd62021-12-20 16:05:05.176root 11241100x8000000000000000787700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb7327606622cd12021-12-20 16:05:05.176root 11241100x8000000000000000787701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ec55bbe7cd2cd62021-12-20 16:05:05.176root 11241100x8000000000000000787702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb3149a5ea8edbe2021-12-20 16:05:05.176root 11241100x8000000000000000787703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22413756b31371fc2021-12-20 16:05:05.176root 11241100x8000000000000000787704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c46922767a78f42021-12-20 16:05:05.176root 11241100x8000000000000000787705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bedc7dccfcaf6e2021-12-20 16:05:05.176root 11241100x8000000000000000787706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1283407bcfc5ee12021-12-20 16:05:05.176root 11241100x8000000000000000787707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2967b589f9d52ec32021-12-20 16:05:05.176root 11241100x8000000000000000787708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d110811a07cf4df52021-12-20 16:05:05.176root 11241100x8000000000000000787709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b82efae1435a7ce2021-12-20 16:05:05.176root 11241100x8000000000000000787710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167d647cb10ead472021-12-20 16:05:05.176root 11241100x8000000000000000787711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ea65b06fc9954e2021-12-20 16:05:05.176root 11241100x8000000000000000787712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a7a5acbb81a89f2021-12-20 16:05:05.176root 11241100x8000000000000000787713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97832e78e236e6962021-12-20 16:05:05.176root 11241100x8000000000000000787714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d982eba69058bd5e2021-12-20 16:05:05.177root 11241100x8000000000000000787715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd830aa1446fb62021-12-20 16:05:05.177root 11241100x8000000000000000787716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e7a57a5f96b3db2021-12-20 16:05:05.177root 11241100x8000000000000000787717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e788a100435f3fe42021-12-20 16:05:05.177root 11241100x8000000000000000787718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fedd578c5a68e5a2021-12-20 16:05:05.177root 11241100x8000000000000000787719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72f1b5aee5c47ec2021-12-20 16:05:05.178root 11241100x8000000000000000787720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d63d895c0a13c82021-12-20 16:05:05.178root 11241100x8000000000000000787721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01294f313f25c7e52021-12-20 16:05:05.178root 11241100x8000000000000000787722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84be2ce91f77eb182021-12-20 16:05:05.178root 11241100x8000000000000000787723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a540ad34333ebd6f2021-12-20 16:05:05.178root 11241100x8000000000000000787724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f109e65a684513222021-12-20 16:05:05.178root 11241100x8000000000000000787725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f64007a12f78af2021-12-20 16:05:05.178root 11241100x8000000000000000787726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b34df708526825e2021-12-20 16:05:05.675root 11241100x8000000000000000787727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbe8ed47efd2ece2021-12-20 16:05:05.675root 11241100x8000000000000000787728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768bf54e8e3757c22021-12-20 16:05:05.675root 11241100x8000000000000000787729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83af316da02df672021-12-20 16:05:05.675root 11241100x8000000000000000787730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed155b36e082d3572021-12-20 16:05:05.676root 11241100x8000000000000000787731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830f98e52ba768d12021-12-20 16:05:05.676root 11241100x8000000000000000787732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d09afc6a9931572021-12-20 16:05:05.676root 11241100x8000000000000000787733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea40313af7725012021-12-20 16:05:05.676root 11241100x8000000000000000787734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d27afefc5a5b4a72021-12-20 16:05:05.676root 11241100x8000000000000000787735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b751a8c45ace422021-12-20 16:05:05.676root 11241100x8000000000000000787736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a3f16dc38c79112021-12-20 16:05:05.676root 11241100x8000000000000000787737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2a02c675338f6a2021-12-20 16:05:05.676root 11241100x8000000000000000787738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb5180f1f6a0d7d2021-12-20 16:05:05.676root 11241100x8000000000000000787739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448e7c7ed5663d0e2021-12-20 16:05:05.676root 11241100x8000000000000000787740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f41cc1923608ca2021-12-20 16:05:05.676root 11241100x8000000000000000787741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea825279ab463e2021-12-20 16:05:05.676root 11241100x8000000000000000787742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e043d0d94d7f05c02021-12-20 16:05:05.676root 11241100x8000000000000000787743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f6a4f6e477cc232021-12-20 16:05:05.677root 11241100x8000000000000000787744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04bf0c04869002e2021-12-20 16:05:05.677root 11241100x8000000000000000787745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab69a36bad810b02021-12-20 16:05:05.677root 11241100x8000000000000000787746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28367cf2bc938c72021-12-20 16:05:05.677root 11241100x8000000000000000787747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d037c222df19f2572021-12-20 16:05:05.677root 11241100x8000000000000000787748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc58449684a5a402021-12-20 16:05:05.677root 11241100x8000000000000000787749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a9c181bf3ed0142021-12-20 16:05:05.677root 11241100x8000000000000000787750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3eebb6f69afe6e2021-12-20 16:05:05.678root 11241100x8000000000000000787751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692825231325376b2021-12-20 16:05:05.678root 11241100x8000000000000000787752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a16d2faef7680d2021-12-20 16:05:05.678root 11241100x8000000000000000787753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfda8220818c3d02021-12-20 16:05:05.678root 11241100x8000000000000000787754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56df1b76353c9522021-12-20 16:05:05.678root 11241100x8000000000000000787755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c585abe7e5124c12021-12-20 16:05:05.678root 11241100x8000000000000000787756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c853d872b47741672021-12-20 16:05:05.678root 11241100x8000000000000000787757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fa968ce54e21c42021-12-20 16:05:05.678root 11241100x8000000000000000787758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30951ee80f3714ba2021-12-20 16:05:05.678root 11241100x8000000000000000787759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:05.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7877b476de6a3b862021-12-20 16:05:05.678root 11241100x8000000000000000787760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.066{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:05:06.066root 11241100x8000000000000000787761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599ba2965312de812021-12-20 16:05:06.067root 11241100x8000000000000000787762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08142e71e4201a52021-12-20 16:05:06.067root 11241100x8000000000000000787763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d937214ca1603a2021-12-20 16:05:06.067root 11241100x8000000000000000787764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bd257fbd27d8282021-12-20 16:05:06.067root 11241100x8000000000000000787765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0beacf76b0eccf2021-12-20 16:05:06.067root 11241100x8000000000000000787766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e92402a2c7c2c32021-12-20 16:05:06.067root 11241100x8000000000000000787767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2b1098668f7fd42021-12-20 16:05:06.067root 11241100x8000000000000000787768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70aeb76b4d464f532021-12-20 16:05:06.068root 11241100x8000000000000000787769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e902454b2869772021-12-20 16:05:06.068root 11241100x8000000000000000787770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6159cd731d248a052021-12-20 16:05:06.068root 11241100x8000000000000000787771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffe7ab449968cab2021-12-20 16:05:06.068root 11241100x8000000000000000787772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28484c7d08c4f552021-12-20 16:05:06.068root 11241100x8000000000000000787773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99211186b96cc60a2021-12-20 16:05:06.068root 11241100x8000000000000000787774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e21b8f92749a492021-12-20 16:05:06.068root 11241100x8000000000000000787775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207a6246b6522b9e2021-12-20 16:05:06.068root 11241100x8000000000000000787776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd188c7a89208b9e2021-12-20 16:05:06.068root 11241100x8000000000000000787777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5ecd09fbc1a91b2021-12-20 16:05:06.068root 11241100x8000000000000000787778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3a8b15db76f53f2021-12-20 16:05:06.068root 11241100x8000000000000000787779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90d8cc383cafee92021-12-20 16:05:06.068root 11241100x8000000000000000787780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff8ec5f2fad1922021-12-20 16:05:06.068root 11241100x8000000000000000787781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03c8c0f259b028c2021-12-20 16:05:06.068root 11241100x8000000000000000787782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b214d2e2eab1aa2021-12-20 16:05:06.068root 11241100x8000000000000000787783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a52769067f46492021-12-20 16:05:06.069root 11241100x8000000000000000787784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8256021996e37c072021-12-20 16:05:06.069root 11241100x8000000000000000787785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bfc1e2ce41d14f2021-12-20 16:05:06.069root 11241100x8000000000000000787786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0bb689df726ff42021-12-20 16:05:06.069root 11241100x8000000000000000787787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b8bef5b9cd217e2021-12-20 16:05:06.069root 11241100x8000000000000000787788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a56e64bfcd027f52021-12-20 16:05:06.069root 11241100x8000000000000000787789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52873e43fa22013e2021-12-20 16:05:06.069root 11241100x8000000000000000787790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc677a4402eaa09b2021-12-20 16:05:06.069root 11241100x8000000000000000787791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17631a2125e4d362021-12-20 16:05:06.069root 11241100x8000000000000000787792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2b11b5960c54a52021-12-20 16:05:06.069root 11241100x8000000000000000787793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de8bb21f6bad3be2021-12-20 16:05:06.069root 11241100x8000000000000000787794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a0c47e8d7bed632021-12-20 16:05:06.069root 11241100x8000000000000000787795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9902e413dcc530f42021-12-20 16:05:06.424root 11241100x8000000000000000787796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5745511bb9eecab2021-12-20 16:05:06.424root 11241100x8000000000000000787797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a90106d80e187392021-12-20 16:05:06.424root 11241100x8000000000000000787798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbe1edcc63e8a952021-12-20 16:05:06.425root 11241100x8000000000000000787799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8f8a0816fbb4ca2021-12-20 16:05:06.425root 11241100x8000000000000000787800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e3f4edc7c6a41c2021-12-20 16:05:06.425root 11241100x8000000000000000787801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d487a8c55a82e32021-12-20 16:05:06.425root 11241100x8000000000000000787802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e9c60349954c3c2021-12-20 16:05:06.425root 11241100x8000000000000000787803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d9faa4ddcdb8512021-12-20 16:05:06.425root 11241100x8000000000000000787804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25023d2c450489892021-12-20 16:05:06.425root 11241100x8000000000000000787805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f973dfc566a04d972021-12-20 16:05:06.425root 11241100x8000000000000000787806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b459da06b817d22021-12-20 16:05:06.426root 11241100x8000000000000000787807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a58b7c4d112ffa2021-12-20 16:05:06.426root 11241100x8000000000000000787808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17f61631a3731972021-12-20 16:05:06.426root 11241100x8000000000000000787809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae56842d5a3de342021-12-20 16:05:06.426root 11241100x8000000000000000787810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49c046e523c7e5b2021-12-20 16:05:06.426root 11241100x8000000000000000787811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afd319babd57d592021-12-20 16:05:06.426root 11241100x8000000000000000787812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c88822fff3937e2021-12-20 16:05:06.426root 11241100x8000000000000000787813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59689a210a26a2ad2021-12-20 16:05:06.426root 11241100x8000000000000000787814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848e1b6b66e7258d2021-12-20 16:05:06.426root 11241100x8000000000000000787815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d19f02d644b3162021-12-20 16:05:06.426root 11241100x8000000000000000787816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6cd148a526e4fb2021-12-20 16:05:06.426root 11241100x8000000000000000787817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccc763f4fa58dfc2021-12-20 16:05:06.427root 11241100x8000000000000000787818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcba4080da9ba5c62021-12-20 16:05:06.427root 11241100x8000000000000000787819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054ebddfbcac6d082021-12-20 16:05:06.427root 11241100x8000000000000000787820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7b713e237cf3fb2021-12-20 16:05:06.427root 11241100x8000000000000000787821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2636896abab1a91b2021-12-20 16:05:06.427root 11241100x8000000000000000787822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b54ecc579825a42021-12-20 16:05:06.427root 11241100x8000000000000000787823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ad5f158f10f8312021-12-20 16:05:06.427root 11241100x8000000000000000787824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155a2d4d72f9515d2021-12-20 16:05:06.427root 11241100x8000000000000000787825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11aa35890f949deb2021-12-20 16:05:06.427root 11241100x8000000000000000787826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb05e5a3dbfecf42021-12-20 16:05:06.427root 11241100x8000000000000000787827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81eb7fe540c4d962021-12-20 16:05:06.427root 11241100x8000000000000000787828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c27a95ef769bd422021-12-20 16:05:06.428root 11241100x8000000000000000787829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab785c82a9944372021-12-20 16:05:06.428root 11241100x8000000000000000787830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2e27354c865bd72021-12-20 16:05:06.428root 11241100x8000000000000000787831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038a99c38656718c2021-12-20 16:05:06.428root 11241100x8000000000000000787832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc9aff6ee7c0a4a2021-12-20 16:05:06.428root 11241100x8000000000000000787833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef44b3a002ddfc172021-12-20 16:05:06.428root 11241100x8000000000000000787834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c3d3beacca7f332021-12-20 16:05:06.924root 11241100x8000000000000000787835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1ab3ecfea6f52f2021-12-20 16:05:06.924root 11241100x8000000000000000787836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7058065a16fca6452021-12-20 16:05:06.924root 11241100x8000000000000000787837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c2c1f9cf2240662021-12-20 16:05:06.924root 11241100x8000000000000000787838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d618449a9bce98d2021-12-20 16:05:06.925root 11241100x8000000000000000787839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1a5b41d82744f82021-12-20 16:05:06.925root 11241100x8000000000000000787840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371cd69aa2975fc52021-12-20 16:05:06.925root 11241100x8000000000000000787841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e274b8db5b7fe4d32021-12-20 16:05:06.925root 11241100x8000000000000000787842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed8c2bc4e8aa9f12021-12-20 16:05:06.925root 11241100x8000000000000000787843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987b07b51997045d2021-12-20 16:05:06.925root 11241100x8000000000000000787844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9285ea47df32ef2b2021-12-20 16:05:06.925root 11241100x8000000000000000787845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb65953b9ae53022021-12-20 16:05:06.926root 11241100x8000000000000000787846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d03cd29f650dc3b2021-12-20 16:05:06.926root 11241100x8000000000000000787847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79adb38b1f0172682021-12-20 16:05:06.926root 11241100x8000000000000000787848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625819977d6e07a02021-12-20 16:05:06.926root 11241100x8000000000000000787849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1ce898bdb94ab12021-12-20 16:05:06.926root 11241100x8000000000000000787850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081f7ad6a909956a2021-12-20 16:05:06.926root 11241100x8000000000000000787851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b22f7c45155ec72021-12-20 16:05:06.926root 11241100x8000000000000000787852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d3ee10d2482cb2021-12-20 16:05:06.926root 11241100x8000000000000000787853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a198f392446a2ee22021-12-20 16:05:06.926root 11241100x8000000000000000787854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039608699a5813b52021-12-20 16:05:06.926root 11241100x8000000000000000787855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dad69d144c4d1652021-12-20 16:05:06.927root 11241100x8000000000000000787856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353dc03348b0b0672021-12-20 16:05:06.927root 11241100x8000000000000000787857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03ee5091e26b74d2021-12-20 16:05:06.927root 11241100x8000000000000000787858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98185bf5f0383502021-12-20 16:05:06.927root 11241100x8000000000000000787859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e4c75d821331bb2021-12-20 16:05:06.927root 11241100x8000000000000000787860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18729cf5cb92ed482021-12-20 16:05:06.927root 11241100x8000000000000000787861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83375271c3568db2021-12-20 16:05:06.927root 11241100x8000000000000000787862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd04cf7b49c876902021-12-20 16:05:06.927root 11241100x8000000000000000787863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661a979f1441394f2021-12-20 16:05:06.927root 11241100x8000000000000000787864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8c29d9f89d649c2021-12-20 16:05:06.927root 11241100x8000000000000000787865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeb813cf2e1dfca2021-12-20 16:05:06.927root 11241100x8000000000000000787866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb358b8b44459672021-12-20 16:05:06.928root 11241100x8000000000000000787867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5272a8262c4e61162021-12-20 16:05:06.928root 11241100x8000000000000000787868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:06.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64d7378d45683822021-12-20 16:05:06.928root 354300x8000000000000000787869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.011{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51608-false10.0.1.12-8000- 11241100x8000000000000000787870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e338579cb82e972021-12-20 16:05:07.424root 11241100x8000000000000000787871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af5a6e1ae6a14ad2021-12-20 16:05:07.425root 11241100x8000000000000000787872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5521aba841b4c89e2021-12-20 16:05:07.425root 11241100x8000000000000000787873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f2580b5961b2a72021-12-20 16:05:07.425root 11241100x8000000000000000787874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c3063e9fb0331c2021-12-20 16:05:07.425root 11241100x8000000000000000787875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e66baaba8cf2512021-12-20 16:05:07.425root 11241100x8000000000000000787876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d152dda283eb7eaf2021-12-20 16:05:07.426root 11241100x8000000000000000787877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e887c77bf1562b2021-12-20 16:05:07.426root 11241100x8000000000000000787878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84289c003f4151302021-12-20 16:05:07.427root 11241100x8000000000000000787879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2eb5204c9762b22021-12-20 16:05:07.427root 11241100x8000000000000000787880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4f22e304194e3a2021-12-20 16:05:07.428root 11241100x8000000000000000787881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50a60917e9a79042021-12-20 16:05:07.428root 11241100x8000000000000000787882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52a0ec8a5cd6a922021-12-20 16:05:07.428root 11241100x8000000000000000787883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec2f348a9153ad72021-12-20 16:05:07.428root 11241100x8000000000000000787884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1bb4d2be8a05982021-12-20 16:05:07.428root 11241100x8000000000000000787885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2c3788021453b62021-12-20 16:05:07.429root 11241100x8000000000000000787886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a43d4d82719a6462021-12-20 16:05:07.429root 11241100x8000000000000000787887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464fa15b8d4f90062021-12-20 16:05:07.429root 11241100x8000000000000000787888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad0c8dde24a8b432021-12-20 16:05:07.429root 11241100x8000000000000000787889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8de4e16b7ac25da2021-12-20 16:05:07.429root 11241100x8000000000000000787890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3c9ae7cec17d472021-12-20 16:05:07.429root 11241100x8000000000000000787891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d05c09a1a2ba992021-12-20 16:05:07.429root 11241100x8000000000000000787892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec0987dac4843ea2021-12-20 16:05:07.429root 11241100x8000000000000000787893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8dd49a4e88e0062021-12-20 16:05:07.429root 11241100x8000000000000000787894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abd5606cecb01262021-12-20 16:05:07.429root 11241100x8000000000000000787895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e58b62fa2fdc2e82021-12-20 16:05:07.429root 11241100x8000000000000000787896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ba53ea4fa37fb02021-12-20 16:05:07.429root 11241100x8000000000000000787897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83b344c97e378fd2021-12-20 16:05:07.429root 11241100x8000000000000000787898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c1810a9ddc22422021-12-20 16:05:07.429root 11241100x8000000000000000787899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bceb487166e6952021-12-20 16:05:07.429root 11241100x8000000000000000787900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a603e2147b6e781d2021-12-20 16:05:07.429root 11241100x8000000000000000787901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5aa2005279ff922021-12-20 16:05:07.430root 11241100x8000000000000000787902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be6f71cf6edff122021-12-20 16:05:07.430root 11241100x8000000000000000787903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7c22ffb6baf8412021-12-20 16:05:07.430root 11241100x8000000000000000787904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3106a480f364662021-12-20 16:05:07.430root 11241100x8000000000000000787905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8892406c6497beb12021-12-20 16:05:07.430root 11241100x8000000000000000787906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e343487a4720d6d62021-12-20 16:05:07.430root 11241100x8000000000000000787907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4762f43da487ab42021-12-20 16:05:07.430root 11241100x8000000000000000787908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5472f48b26b067172021-12-20 16:05:07.430root 11241100x8000000000000000787909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584f670baed880472021-12-20 16:05:07.924root 11241100x8000000000000000787910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da84997d661aa092021-12-20 16:05:07.925root 11241100x8000000000000000787911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690dddf30ac240062021-12-20 16:05:07.925root 11241100x8000000000000000787912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1350bdb9f042e282021-12-20 16:05:07.925root 11241100x8000000000000000787913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c845535d6989bd22021-12-20 16:05:07.925root 11241100x8000000000000000787914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715bfc6e8278077b2021-12-20 16:05:07.925root 11241100x8000000000000000787915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1a547e12fdb7b02021-12-20 16:05:07.925root 11241100x8000000000000000787916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c84c2e32ba926f2021-12-20 16:05:07.925root 11241100x8000000000000000787917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5f0943be179bb12021-12-20 16:05:07.925root 11241100x8000000000000000787918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb4fbec3c88fc9f2021-12-20 16:05:07.925root 11241100x8000000000000000787919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b5d8eed5bca292021-12-20 16:05:07.925root 11241100x8000000000000000787920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd04aecdeafa49c2021-12-20 16:05:07.925root 11241100x8000000000000000787921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31960ee69cfddd3f2021-12-20 16:05:07.926root 11241100x8000000000000000787922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122a5ba87eb856e82021-12-20 16:05:07.926root 11241100x8000000000000000787923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d972e7b73c9d499b2021-12-20 16:05:07.926root 11241100x8000000000000000787924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cca03fcef56abaa2021-12-20 16:05:07.926root 11241100x8000000000000000787925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbde5b9dedb756a12021-12-20 16:05:07.926root 11241100x8000000000000000787926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19e882eb9aef5272021-12-20 16:05:07.926root 11241100x8000000000000000787927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5a7f3c8b29406d2021-12-20 16:05:07.926root 11241100x8000000000000000787928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7cdebe46c3df682021-12-20 16:05:07.926root 11241100x8000000000000000787929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bcb40d2e4747ef2021-12-20 16:05:07.926root 11241100x8000000000000000787930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2013b60619ca5e582021-12-20 16:05:07.926root 11241100x8000000000000000787931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7411bc001e5d402021-12-20 16:05:07.926root 11241100x8000000000000000787932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05ef40fb14a28012021-12-20 16:05:07.927root 11241100x8000000000000000787933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f44a87df9c6fbe2021-12-20 16:05:07.927root 11241100x8000000000000000787934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9d0715fa79dd712021-12-20 16:05:07.927root 11241100x8000000000000000787935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ea468052f515072021-12-20 16:05:07.927root 11241100x8000000000000000787936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b725ea9b25939e2021-12-20 16:05:07.927root 11241100x8000000000000000787937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c96f8b0f10afdc2021-12-20 16:05:07.927root 11241100x8000000000000000787938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d5989e977c2b552021-12-20 16:05:07.927root 11241100x8000000000000000787939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392519c87d6fd5ae2021-12-20 16:05:07.927root 11241100x8000000000000000787940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1464e9bf1ac1682021-12-20 16:05:07.927root 11241100x8000000000000000787941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a57d6f6879d0fee2021-12-20 16:05:07.927root 11241100x8000000000000000787942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85cc824086031492021-12-20 16:05:07.927root 11241100x8000000000000000787943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63802ab1762e96ed2021-12-20 16:05:07.928root 11241100x8000000000000000787944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10559d4d8aa0d0f72021-12-20 16:05:07.928root 11241100x8000000000000000787945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:07.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27bed117b5056cc2021-12-20 16:05:07.928root 11241100x8000000000000000787946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3a8a8d5feb5b142021-12-20 16:05:08.424root 11241100x8000000000000000787947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3a93ec93dfee2b2021-12-20 16:05:08.424root 11241100x8000000000000000787948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815f2834db21bde02021-12-20 16:05:08.424root 11241100x8000000000000000787949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b86d3d62cc2da72021-12-20 16:05:08.425root 11241100x8000000000000000787950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b623cb186bc614152021-12-20 16:05:08.425root 11241100x8000000000000000787951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007738b2b6b43dc02021-12-20 16:05:08.425root 11241100x8000000000000000787952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5046f3d67737e92021-12-20 16:05:08.425root 11241100x8000000000000000787953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdc595e42ef924b2021-12-20 16:05:08.425root 11241100x8000000000000000787954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666de2e8e805d8bb2021-12-20 16:05:08.426root 11241100x8000000000000000787955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf429284048cd70a2021-12-20 16:05:08.426root 11241100x8000000000000000787956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec82785032de0582021-12-20 16:05:08.426root 11241100x8000000000000000787957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979e05191224a0312021-12-20 16:05:08.427root 11241100x8000000000000000787958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba77101d398be7332021-12-20 16:05:08.427root 11241100x8000000000000000787959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ade9867126e8b552021-12-20 16:05:08.427root 11241100x8000000000000000787960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12815c56a6b428692021-12-20 16:05:08.427root 11241100x8000000000000000787961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af617ddd0e68b72021-12-20 16:05:08.428root 11241100x8000000000000000787962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e467ba5b4e488f532021-12-20 16:05:08.429root 11241100x8000000000000000787963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5628536710a9452e2021-12-20 16:05:08.429root 11241100x8000000000000000787964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05878a396f8032942021-12-20 16:05:08.429root 11241100x8000000000000000787965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e482fdc3210002672021-12-20 16:05:08.429root 11241100x8000000000000000787966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01edf722fe100232021-12-20 16:05:08.429root 11241100x8000000000000000787967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11496536efa540022021-12-20 16:05:08.430root 11241100x8000000000000000787968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9e7833cf4658842021-12-20 16:05:08.430root 11241100x8000000000000000787969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759817aad85ce4d12021-12-20 16:05:08.430root 11241100x8000000000000000787970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffad94fda74f9cc2021-12-20 16:05:08.430root 11241100x8000000000000000787971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bbb46b5c592fca2021-12-20 16:05:08.431root 11241100x8000000000000000787972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93b51a1ba8fa88a2021-12-20 16:05:08.431root 11241100x8000000000000000787973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c032d11f682e5b2021-12-20 16:05:08.434root 11241100x8000000000000000787974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2308173cb09a18bf2021-12-20 16:05:08.435root 11241100x8000000000000000787975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bf7bf39e77ef8d2021-12-20 16:05:08.435root 11241100x8000000000000000787976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d7e3f4ddeb76d62021-12-20 16:05:08.435root 11241100x8000000000000000787977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd733de961e966a12021-12-20 16:05:08.437root 11241100x8000000000000000787978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aebe9550a8d0d0d2021-12-20 16:05:08.437root 11241100x8000000000000000787979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f006f7d7dec78da2021-12-20 16:05:08.437root 11241100x8000000000000000787980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380defbc59e1c6be2021-12-20 16:05:08.437root 11241100x8000000000000000787981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8555c6ce479c932021-12-20 16:05:08.437root 11241100x8000000000000000787982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ab913bc3332ac72021-12-20 16:05:08.924root 11241100x8000000000000000787983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e07672be4734582021-12-20 16:05:08.924root 11241100x8000000000000000787984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ceb9d4300948dca2021-12-20 16:05:08.924root 11241100x8000000000000000787985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a23484b7189dcf2021-12-20 16:05:08.924root 11241100x8000000000000000787986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205dd39077acae952021-12-20 16:05:08.925root 11241100x8000000000000000787987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7fece4763143f52021-12-20 16:05:08.925root 11241100x8000000000000000787988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65823112c60f09f2021-12-20 16:05:08.925root 11241100x8000000000000000787989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d806f8003a6909f82021-12-20 16:05:08.925root 11241100x8000000000000000787990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883b87bcd9804f232021-12-20 16:05:08.925root 11241100x8000000000000000787991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccf2159fc14cf7f2021-12-20 16:05:08.926root 11241100x8000000000000000787992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c701b4f5cdac38d2021-12-20 16:05:08.926root 11241100x8000000000000000787993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5989a7a98334c0a02021-12-20 16:05:08.926root 11241100x8000000000000000787994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb501f3ea6471b852021-12-20 16:05:08.926root 11241100x8000000000000000787995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee8e21b1bd22c3c2021-12-20 16:05:08.927root 11241100x8000000000000000787996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc3981c4c91b9472021-12-20 16:05:08.927root 11241100x8000000000000000787997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ef8ac044fa738f2021-12-20 16:05:08.927root 11241100x8000000000000000787998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d7f41fd48414e62021-12-20 16:05:08.927root 11241100x8000000000000000787999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbd749d345f45a92021-12-20 16:05:08.928root 11241100x8000000000000000788000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7b1ec3639d9aa72021-12-20 16:05:08.928root 11241100x8000000000000000788001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca2ee258a9b57462021-12-20 16:05:08.928root 11241100x8000000000000000788002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395e4c46e881613d2021-12-20 16:05:08.928root 11241100x8000000000000000788003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48faa86a620027f82021-12-20 16:05:08.928root 11241100x8000000000000000788004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38791872304a21cd2021-12-20 16:05:08.929root 11241100x8000000000000000788005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c74e0b198211c1f2021-12-20 16:05:08.929root 11241100x8000000000000000788006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b52d8ee387e9b42021-12-20 16:05:08.929root 11241100x8000000000000000788007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a1ae9089e4cbbc2021-12-20 16:05:08.930root 11241100x8000000000000000788008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f51ad175809b672021-12-20 16:05:08.930root 11241100x8000000000000000788009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bb7befbfb19ac22021-12-20 16:05:08.930root 11241100x8000000000000000788010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcbaf17b83195f02021-12-20 16:05:08.930root 11241100x8000000000000000788011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c20b952630e2a1b2021-12-20 16:05:08.930root 11241100x8000000000000000788012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8ef0511bf1af9e2021-12-20 16:05:08.930root 11241100x8000000000000000788013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0c5b0393606e402021-12-20 16:05:08.930root 11241100x8000000000000000788014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9852df96609f2442021-12-20 16:05:08.931root 11241100x8000000000000000788015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a54f461368568582021-12-20 16:05:08.931root 11241100x8000000000000000788016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e05cf2d61a01782021-12-20 16:05:08.931root 11241100x8000000000000000788017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70972301d79beb382021-12-20 16:05:08.931root 11241100x8000000000000000788018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6d3d921967855d2021-12-20 16:05:08.931root 11241100x8000000000000000788019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aee5c31a3586aa2021-12-20 16:05:08.931root 11241100x8000000000000000788020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a97df2b5c23b622021-12-20 16:05:08.931root 11241100x8000000000000000788021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a4bb7abf8cd4692021-12-20 16:05:08.932root 11241100x8000000000000000788022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:08.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9302552a8954357a2021-12-20 16:05:08.932root 23542300x8000000000000000788023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.067{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000788024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc7b972299b402e2021-12-20 16:05:09.424root 11241100x8000000000000000788025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158e7cf9910187482021-12-20 16:05:09.425root 11241100x8000000000000000788026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2f15987bbfbe8c2021-12-20 16:05:09.425root 11241100x8000000000000000788027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2dd99477a025d62021-12-20 16:05:09.425root 11241100x8000000000000000788028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058fa080fea5e34a2021-12-20 16:05:09.425root 11241100x8000000000000000788029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fcc4dcf65c9ce12021-12-20 16:05:09.425root 11241100x8000000000000000788030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec324e08c1b6be292021-12-20 16:05:09.426root 11241100x8000000000000000788031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21041be0c8e14aba2021-12-20 16:05:09.426root 11241100x8000000000000000788032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef368a63114d4a12021-12-20 16:05:09.426root 11241100x8000000000000000788033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508a68025a01dc02021-12-20 16:05:09.426root 11241100x8000000000000000788034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f82db055f308512021-12-20 16:05:09.427root 11241100x8000000000000000788035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec4030c7816ba572021-12-20 16:05:09.427root 11241100x8000000000000000788036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824d0d1d07ed23182021-12-20 16:05:09.427root 11241100x8000000000000000788037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726a6a7bb253026c2021-12-20 16:05:09.427root 11241100x8000000000000000788038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d238050ca2eb6d2021-12-20 16:05:09.427root 11241100x8000000000000000788039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bce4da86a950ec42021-12-20 16:05:09.428root 11241100x8000000000000000788040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea6741bd9e129112021-12-20 16:05:09.428root 11241100x8000000000000000788041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f314815041aa8a32021-12-20 16:05:09.428root 11241100x8000000000000000788042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e0f63e358185d32021-12-20 16:05:09.428root 11241100x8000000000000000788043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b206990cdbf8a4c2021-12-20 16:05:09.429root 11241100x8000000000000000788044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ace052687d15b9e2021-12-20 16:05:09.429root 11241100x8000000000000000788045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7e6aee8fc3f1c52021-12-20 16:05:09.429root 11241100x8000000000000000788046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ddab961e38e3f12021-12-20 16:05:09.429root 11241100x8000000000000000788047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca59fcf2df470832021-12-20 16:05:09.429root 11241100x8000000000000000788048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c2016137d8817a2021-12-20 16:05:09.429root 11241100x8000000000000000788049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c277d73366cfb32021-12-20 16:05:09.429root 11241100x8000000000000000788050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec6d1a59ed7db132021-12-20 16:05:09.429root 11241100x8000000000000000788051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710c603d6817d3a52021-12-20 16:05:09.429root 11241100x8000000000000000788052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104c3a8fb0248f332021-12-20 16:05:09.429root 11241100x8000000000000000788053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c945dfc61ba63b42021-12-20 16:05:09.429root 11241100x8000000000000000788054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98132c20a0e060552021-12-20 16:05:09.430root 11241100x8000000000000000788055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432c19d26cb0ce4c2021-12-20 16:05:09.430root 11241100x8000000000000000788056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc07ff074c5d7662021-12-20 16:05:09.430root 11241100x8000000000000000788057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a09a1c8d249cef32021-12-20 16:05:09.430root 11241100x8000000000000000788058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1938cacd1dc2c72021-12-20 16:05:09.430root 11241100x8000000000000000788059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad65cb1cf4b6db02021-12-20 16:05:09.430root 11241100x8000000000000000788060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7d8459e8aa59bd2021-12-20 16:05:09.430root 11241100x8000000000000000788061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6903b5290df303902021-12-20 16:05:09.430root 11241100x8000000000000000788062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0aba9fd9111a2b2021-12-20 16:05:09.430root 11241100x8000000000000000788063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878907a61c8d52242021-12-20 16:05:09.430root 11241100x8000000000000000788064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01f59a1555d90f52021-12-20 16:05:09.924root 11241100x8000000000000000788065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f3a0bcd2448f772021-12-20 16:05:09.924root 11241100x8000000000000000788066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d558aac38642863f2021-12-20 16:05:09.924root 11241100x8000000000000000788067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d36735fd331d652021-12-20 16:05:09.924root 11241100x8000000000000000788068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90cd1478c6ef5fd2021-12-20 16:05:09.925root 11241100x8000000000000000788069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3fc4b6a894db7d2021-12-20 16:05:09.925root 11241100x8000000000000000788070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec50947c25fff4252021-12-20 16:05:09.925root 11241100x8000000000000000788071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810d7b84519a22be2021-12-20 16:05:09.925root 11241100x8000000000000000788072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94afa5bea5355812021-12-20 16:05:09.925root 11241100x8000000000000000788073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d77e6000e12db4a2021-12-20 16:05:09.925root 11241100x8000000000000000788074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f67d34305cbb612021-12-20 16:05:09.925root 11241100x8000000000000000788075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dd44a40ecfc4a92021-12-20 16:05:09.925root 11241100x8000000000000000788076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0313f8dae8aca82021-12-20 16:05:09.925root 11241100x8000000000000000788077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4685b0af1988c72021-12-20 16:05:09.926root 11241100x8000000000000000788078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c715ddad39dcf5452021-12-20 16:05:09.926root 11241100x8000000000000000788079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c85991b4cf54872021-12-20 16:05:09.926root 11241100x8000000000000000788080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f981c0973c142b372021-12-20 16:05:09.926root 11241100x8000000000000000788081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b18c1c06f649312021-12-20 16:05:09.926root 11241100x8000000000000000788082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1043ef05b4274cef2021-12-20 16:05:09.926root 11241100x8000000000000000788083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae45420cdf2429502021-12-20 16:05:09.926root 11241100x8000000000000000788084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06083c6bba23c7dc2021-12-20 16:05:09.926root 11241100x8000000000000000788085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00400095e9a0bf032021-12-20 16:05:09.926root 11241100x8000000000000000788086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446e5a6688160c372021-12-20 16:05:09.926root 11241100x8000000000000000788087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9294cff0855e3252021-12-20 16:05:09.927root 11241100x8000000000000000788088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f9275310b4044c2021-12-20 16:05:09.927root 11241100x8000000000000000788089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511be51b72c666282021-12-20 16:05:09.927root 11241100x8000000000000000788090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd33f7cd6feeb992021-12-20 16:05:09.927root 11241100x8000000000000000788091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b07108b4258b6d2021-12-20 16:05:09.927root 11241100x8000000000000000788092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b6f4ea3eb5c42d2021-12-20 16:05:09.927root 11241100x8000000000000000788093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b15e8997eceb6d12021-12-20 16:05:09.927root 11241100x8000000000000000788094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3255c8b6f87b2f2d2021-12-20 16:05:09.927root 11241100x8000000000000000788095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8a2f14c0f73a762021-12-20 16:05:09.927root 11241100x8000000000000000788096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a349656c02c56c2021-12-20 16:05:09.928root 11241100x8000000000000000788097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89713189338150912021-12-20 16:05:09.928root 11241100x8000000000000000788098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d41efc3df0fb712021-12-20 16:05:09.929root 11241100x8000000000000000788099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67338186cb627cc42021-12-20 16:05:09.929root 11241100x8000000000000000788100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca56ff2f74684572021-12-20 16:05:09.929root 11241100x8000000000000000788101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42c051cec0bfe062021-12-20 16:05:10.424root 11241100x8000000000000000788102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fe46de0cb2e5b52021-12-20 16:05:10.424root 11241100x8000000000000000788103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c016bff17002a92021-12-20 16:05:10.425root 11241100x8000000000000000788104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f853542948bc75d2021-12-20 16:05:10.425root 11241100x8000000000000000788105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a09b1ccacce492f2021-12-20 16:05:10.425root 11241100x8000000000000000788106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b82d95c39fceda2021-12-20 16:05:10.425root 11241100x8000000000000000788107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f01c555fff2d4902021-12-20 16:05:10.425root 11241100x8000000000000000788108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04636376b97554a42021-12-20 16:05:10.426root 11241100x8000000000000000788109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692085e42cbe8b982021-12-20 16:05:10.426root 11241100x8000000000000000788110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fce3b17d4aa70932021-12-20 16:05:10.426root 11241100x8000000000000000788111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e63446326761ed22021-12-20 16:05:10.426root 11241100x8000000000000000788112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731b4cfce6f3af382021-12-20 16:05:10.426root 11241100x8000000000000000788113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b8eeafe28c6b522021-12-20 16:05:10.427root 11241100x8000000000000000788114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38de704bcbe14b6c2021-12-20 16:05:10.427root 11241100x8000000000000000788115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cdcd3b204b28542021-12-20 16:05:10.427root 11241100x8000000000000000788116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762fad58bd35359d2021-12-20 16:05:10.427root 11241100x8000000000000000788117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9287be8593133fe82021-12-20 16:05:10.427root 11241100x8000000000000000788118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3981956d44da0c4c2021-12-20 16:05:10.427root 11241100x8000000000000000788119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76d181be2f845782021-12-20 16:05:10.427root 11241100x8000000000000000788120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05519feae13f9b292021-12-20 16:05:10.428root 11241100x8000000000000000788121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468f0ea485c13e2f2021-12-20 16:05:10.428root 11241100x8000000000000000788122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998a9f339edc881a2021-12-20 16:05:10.428root 11241100x8000000000000000788123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991c266f52739c7d2021-12-20 16:05:10.428root 11241100x8000000000000000788124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28804087d15d42e2021-12-20 16:05:10.428root 11241100x8000000000000000788125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d58f5372dec61962021-12-20 16:05:10.429root 11241100x8000000000000000788126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78623ec4859112a62021-12-20 16:05:10.429root 11241100x8000000000000000788127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39a023ebcb92e892021-12-20 16:05:10.429root 11241100x8000000000000000788128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8518da18000475e62021-12-20 16:05:10.429root 11241100x8000000000000000788129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016a9e4157f311132021-12-20 16:05:10.429root 11241100x8000000000000000788130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887c8d1f5287fba02021-12-20 16:05:10.429root 11241100x8000000000000000788131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2816b5ea4d755b42021-12-20 16:05:10.430root 11241100x8000000000000000788132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba45172643846c622021-12-20 16:05:10.430root 11241100x8000000000000000788133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398832a5c027b2322021-12-20 16:05:10.430root 11241100x8000000000000000788134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ddb2b7f14e222a2021-12-20 16:05:10.430root 11241100x8000000000000000788135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bc3e890354d22e2021-12-20 16:05:10.430root 11241100x8000000000000000788136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becc70beb92a738f2021-12-20 16:05:10.430root 11241100x8000000000000000788137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff55a6c25c2b23092021-12-20 16:05:10.430root 11241100x8000000000000000788138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda817ff1b5fd3092021-12-20 16:05:10.924root 11241100x8000000000000000788139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92db519be56a18cf2021-12-20 16:05:10.925root 11241100x8000000000000000788140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652c6a7c2bf988bd2021-12-20 16:05:10.925root 11241100x8000000000000000788141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0c042a11b878b72021-12-20 16:05:10.925root 11241100x8000000000000000788142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc44b7ecf622ada32021-12-20 16:05:10.925root 11241100x8000000000000000788143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10c949b4cab9a032021-12-20 16:05:10.926root 11241100x8000000000000000788144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a191e60110d277c2021-12-20 16:05:10.926root 11241100x8000000000000000788145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f436992394704f52021-12-20 16:05:10.926root 11241100x8000000000000000788146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f8ecc22e543d342021-12-20 16:05:10.926root 11241100x8000000000000000788147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410dc0fc2459507c2021-12-20 16:05:10.927root 11241100x8000000000000000788148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06a3db9cbb85d122021-12-20 16:05:10.927root 11241100x8000000000000000788149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f74d5f345a47ffb2021-12-20 16:05:10.927root 11241100x8000000000000000788150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe0ce4ffabf49632021-12-20 16:05:10.927root 11241100x8000000000000000788151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7f839d217afb922021-12-20 16:05:10.927root 11241100x8000000000000000788152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65845d944db233322021-12-20 16:05:10.928root 11241100x8000000000000000788153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85ed6a248a49eea2021-12-20 16:05:10.928root 11241100x8000000000000000788154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9265254a954123f02021-12-20 16:05:10.928root 11241100x8000000000000000788155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6915540bc9324b412021-12-20 16:05:10.928root 11241100x8000000000000000788156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb02b617c1cc760c2021-12-20 16:05:10.929root 11241100x8000000000000000788157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3650a1a3c5621932021-12-20 16:05:10.929root 11241100x8000000000000000788158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a985ce41d926f65e2021-12-20 16:05:10.932root 11241100x8000000000000000788159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a96c08cc6712bde2021-12-20 16:05:10.933root 11241100x8000000000000000788160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dd968114e31acf2021-12-20 16:05:10.933root 11241100x8000000000000000788161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb706b023dbc23d2021-12-20 16:05:10.933root 11241100x8000000000000000788162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd17aad15d2c76b2021-12-20 16:05:10.935root 11241100x8000000000000000788163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70192856ed6093952021-12-20 16:05:10.936root 11241100x8000000000000000788164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba7fa79b5d454ca2021-12-20 16:05:10.936root 11241100x8000000000000000788165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98dbe3bf3d90ae722021-12-20 16:05:10.937root 11241100x8000000000000000788166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde364fa1d8033572021-12-20 16:05:10.938root 11241100x8000000000000000788167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a11b791a6b5d662021-12-20 16:05:10.938root 11241100x8000000000000000788168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1735375320174952021-12-20 16:05:10.939root 11241100x8000000000000000788169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e2c1a64aad27d62021-12-20 16:05:10.939root 11241100x8000000000000000788170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b5c6ea0623d2fa2021-12-20 16:05:10.940root 11241100x8000000000000000788171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de95e69bfc8f5a052021-12-20 16:05:10.940root 11241100x8000000000000000788172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c886d8c1b10751722021-12-20 16:05:10.941root 11241100x8000000000000000788173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c00f979f7207e902021-12-20 16:05:10.942root 11241100x8000000000000000788174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5194a273919b09e2021-12-20 16:05:10.942root 11241100x8000000000000000788175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c82a15e6a1dcffe2021-12-20 16:05:10.942root 11241100x8000000000000000788176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8f8d07431194182021-12-20 16:05:10.944root 11241100x8000000000000000788177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:10.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769b76437d5362a62021-12-20 16:05:10.945root 11241100x8000000000000000788178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b327dcbd268ffc2021-12-20 16:05:11.424root 11241100x8000000000000000788179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525255cf346fcf5b2021-12-20 16:05:11.425root 11241100x8000000000000000788180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c271e5b6297f52e2021-12-20 16:05:11.425root 11241100x8000000000000000788181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d31ae7374389792021-12-20 16:05:11.425root 11241100x8000000000000000788182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f549c2e15c2176752021-12-20 16:05:11.425root 11241100x8000000000000000788183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fe1ca43cd87ff52021-12-20 16:05:11.425root 11241100x8000000000000000788184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb0d26e4557d0452021-12-20 16:05:11.425root 11241100x8000000000000000788185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5082c8ffd38a2f702021-12-20 16:05:11.426root 11241100x8000000000000000788186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b17b2bb2457f0b72021-12-20 16:05:11.426root 11241100x8000000000000000788187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2ccde8068a2c762021-12-20 16:05:11.426root 11241100x8000000000000000788188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e5abe3c2b49c442021-12-20 16:05:11.427root 11241100x8000000000000000788189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04debb0f088581c72021-12-20 16:05:11.427root 354300x8000000000000000788228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:18.071{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51612-false10.0.1.12-8000- 11241100x8000000000000000788229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:18.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e012d03f233b3722021-12-20 16:05:18.424root 11241100x8000000000000000788230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:18.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ad5112046885c02021-12-20 16:05:18.924root 11241100x8000000000000000788231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:19.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a440095d7e9bd1032021-12-20 16:05:19.424root 11241100x8000000000000000788232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:19.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91293dff97b9c8db2021-12-20 16:05:19.923root 354300x8000000000000000788233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:20.103{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46316-false10.0.1.12-8089- 11241100x8000000000000000788234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc24afb8f918b9db2021-12-20 16:05:20.424root 11241100x8000000000000000788235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991f2f6e27323a462021-12-20 16:05:20.424root 11241100x8000000000000000788236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6a8516f099fe5a2021-12-20 16:05:20.924root 11241100x8000000000000000788237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:20.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a38bfecca517ef2021-12-20 16:05:20.924root 11241100x8000000000000000788238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9657caf076f693382021-12-20 16:05:21.424root 11241100x8000000000000000788239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:21.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd03a2876575d412021-12-20 16:05:21.424root 11241100x8000000000000000788240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c030bf879a04ec1f2021-12-20 16:05:21.924root 11241100x8000000000000000788241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:21.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d756bdc94dc7d2fd2021-12-20 16:05:21.924root 11241100x8000000000000000788242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab8a0a7cbe1fd5c2021-12-20 16:05:22.424root 11241100x8000000000000000788243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:22.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54631bdd1dd528b62021-12-20 16:05:22.424root 11241100x8000000000000000788244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64ca1f822f846412021-12-20 16:05:22.924root 11241100x8000000000000000788245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:22.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8008f9330ba140782021-12-20 16:05:22.924root 354300x8000000000000000788246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.080{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51616-false10.0.1.12-8000- 154100x8000000000000000788247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.414{ec2c97d1-a9c3-61c0-68c4-b1ef90550000}10246/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000788248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.415{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b648c7b8b890cfc62021-12-20 16:05:23.415root 11241100x8000000000000000788249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.415{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126025ec193e52782021-12-20 16:05:23.415root 11241100x8000000000000000788250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.416{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c59c32fa1cacf2021-12-20 16:05:23.416root 534500x8000000000000000788251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.425{ec2c97d1-a9c3-61c0-68c4-b1ef90550000}10246/bin/psroot 11241100x8000000000000000788252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9979f3885e496a412021-12-20 16:05:23.674root 11241100x8000000000000000788253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316b153b1ca5463d2021-12-20 16:05:23.674root 11241100x8000000000000000788254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ae3ddfc0d621f22021-12-20 16:05:23.674root 11241100x8000000000000000788255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5222f543d5d2162021-12-20 16:05:23.674root 11241100x8000000000000000788256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:23.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17cfc0ab81a528f2021-12-20 16:05:23.674root 11241100x8000000000000000788257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:24.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7ba28bbe81bbfd2021-12-20 16:05:24.174root 11241100x8000000000000000788258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:24.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3bd5aa8a80b8fe2021-12-20 16:05:24.174root 11241100x8000000000000000788259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:24.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1aa556e205222d2021-12-20 16:05:24.174root 11241100x8000000000000000788260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:24.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cf0e440b40564b2021-12-20 16:05:24.174root 11241100x8000000000000000788261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:24.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a6b5a09e48e3d02021-12-20 16:05:24.174root 11241100x8000000000000000788262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:24.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5988d3b05ca56fa2021-12-20 16:05:24.674root 11241100x8000000000000000788263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:24.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6a182da6e36f732021-12-20 16:05:24.674root 11241100x8000000000000000788264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:24.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38347cf9b100b3e2021-12-20 16:05:24.674root 11241100x8000000000000000788265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:24.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93c695c655e935c2021-12-20 16:05:24.674root 11241100x8000000000000000788266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:24.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b11ec1516b982192021-12-20 16:05:24.674root 11241100x8000000000000000788267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:25.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f044625839eb20052021-12-20 16:05:25.174root 11241100x8000000000000000788268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:25.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bd57a822d9e7aa2021-12-20 16:05:25.174root 11241100x8000000000000000788269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:25.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c91a485644db1442021-12-20 16:05:25.174root 11241100x8000000000000000788270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:25.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b05a77119914ba2021-12-20 16:05:25.174root 11241100x8000000000000000788271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:25.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3da0453d93633a92021-12-20 16:05:25.174root 11241100x8000000000000000788272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:25.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05009202da975c5c2021-12-20 16:05:25.674root 11241100x8000000000000000788273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:25.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0eee8207f1f9422021-12-20 16:05:25.674root 11241100x8000000000000000788274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:25.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10007c5f0f6b0a602021-12-20 16:05:25.674root 11241100x8000000000000000788275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:25.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a864c10e32de2e632021-12-20 16:05:25.674root 11241100x8000000000000000788276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:25.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f23c3e204c6a202021-12-20 16:05:25.674root 11241100x8000000000000000788277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59d72253d942a982021-12-20 16:05:26.174root 11241100x8000000000000000788278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f73573dd45cc742021-12-20 16:05:26.174root 11241100x8000000000000000788279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabf21af8333ef222021-12-20 16:05:26.174root 11241100x8000000000000000788280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b168754d6d8bdf2021-12-20 16:05:26.174root 11241100x8000000000000000788281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:26.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9689464efbf04e512021-12-20 16:05:26.174root 11241100x8000000000000000788282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4865e3a96d51252021-12-20 16:05:26.674root 11241100x8000000000000000788283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca163551f354ee12021-12-20 16:05:26.674root 11241100x8000000000000000788284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f18280079a9a3132021-12-20 16:05:26.674root 11241100x8000000000000000788285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3c3deb131922e12021-12-20 16:05:26.674root 11241100x8000000000000000788286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:26.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a22214028cf0042021-12-20 16:05:26.674root 11241100x8000000000000000788287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3712e370bec31d5b2021-12-20 16:05:27.174root 11241100x8000000000000000788288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa7436233591c262021-12-20 16:05:27.174root 11241100x8000000000000000788289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b17ec415c50f622021-12-20 16:05:27.174root 11241100x8000000000000000788290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fa5022a4c6d2d92021-12-20 16:05:27.174root 11241100x8000000000000000788291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:27.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f922adbd038a6b232021-12-20 16:05:27.174root 11241100x8000000000000000788292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197890fe3be6d8c92021-12-20 16:05:27.674root 11241100x8000000000000000788293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776f1404e09590b12021-12-20 16:05:27.674root 11241100x8000000000000000788294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0601e19b2c06f86f2021-12-20 16:05:27.674root 11241100x8000000000000000788295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b15872857908882021-12-20 16:05:27.674root 11241100x8000000000000000788296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:27.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245ae43bf6e7b6882021-12-20 16:05:27.674root 354300x8000000000000000788297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.143{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51618-false10.0.1.12-8000- 11241100x8000000000000000788298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.144{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a150776d5a5bc32021-12-20 16:05:28.144root 11241100x8000000000000000788299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.144{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9145de67c220042021-12-20 16:05:28.144root 11241100x8000000000000000788300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.144{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772b0cf60231b2cf2021-12-20 16:05:28.144root 11241100x8000000000000000788301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.144{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2a091cc59367462021-12-20 16:05:28.144root 11241100x8000000000000000788302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.144{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704eab006ba4fb462021-12-20 16:05:28.144root 11241100x8000000000000000788303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.144{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646f985c9defe4e22021-12-20 16:05:28.144root 11241100x8000000000000000788304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589193af24b6b4572021-12-20 16:05:28.424root 11241100x8000000000000000788305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4f30fd53eba56f2021-12-20 16:05:28.424root 11241100x8000000000000000788306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fce4446d79ae7e2021-12-20 16:05:28.424root 11241100x8000000000000000788307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04169148c7834a032021-12-20 16:05:28.424root 11241100x8000000000000000788308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36a365e42a7c44b2021-12-20 16:05:28.424root 11241100x8000000000000000788309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007e00ecdfb3a79e2021-12-20 16:05:28.424root 11241100x8000000000000000788310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f772c26e536b2d52021-12-20 16:05:28.924root 11241100x8000000000000000788311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3636ab34e58ed56f2021-12-20 16:05:28.924root 11241100x8000000000000000788312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b297eca98a5a182021-12-20 16:05:28.924root 11241100x8000000000000000788313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163f06fd8c5c64352021-12-20 16:05:28.924root 11241100x8000000000000000788314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ce2d5edfc476392021-12-20 16:05:28.924root 11241100x8000000000000000788315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d5d15a6d64934e2021-12-20 16:05:28.924root 11241100x8000000000000000788316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c017fbebf3b7ba712021-12-20 16:05:29.424root 11241100x8000000000000000788317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6788da107a56822021-12-20 16:05:29.424root 11241100x8000000000000000788318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6127e0830bb05432021-12-20 16:05:29.424root 11241100x8000000000000000788319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde823f6fd0564b52021-12-20 16:05:29.424root 11241100x8000000000000000788320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53efcac67f62f0992021-12-20 16:05:29.424root 11241100x8000000000000000788321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73db7047e8baa172021-12-20 16:05:29.424root 11241100x8000000000000000788322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4381e76fa5525eef2021-12-20 16:05:29.924root 11241100x8000000000000000788323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d56881e3028ac012021-12-20 16:05:29.924root 11241100x8000000000000000788324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d140b094c6010f2021-12-20 16:05:29.924root 11241100x8000000000000000788325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcae160376f72a82021-12-20 16:05:29.924root 11241100x8000000000000000788326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6462882f98075f92021-12-20 16:05:29.924root 11241100x8000000000000000788327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:29.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2940fc961a4158e82021-12-20 16:05:29.924root 11241100x8000000000000000788328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a3fcf49ba42b462021-12-20 16:05:30.424root 11241100x8000000000000000788329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168eb1448de7b0a32021-12-20 16:05:30.424root 11241100x8000000000000000788330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3d4679284628d22021-12-20 16:05:30.424root 11241100x8000000000000000788331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e34faa7c212d9bf2021-12-20 16:05:30.424root 11241100x8000000000000000788332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29745f60751525062021-12-20 16:05:30.424root 11241100x8000000000000000788333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c29d341f0ce00a62021-12-20 16:05:30.424root 11241100x8000000000000000788334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1aa7fa4bd80183f2021-12-20 16:05:30.924root 11241100x8000000000000000788335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776b826e76c373d12021-12-20 16:05:30.924root 11241100x8000000000000000788336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c509bac38cc4ec2021-12-20 16:05:30.924root 11241100x8000000000000000788337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae6296ade75937f2021-12-20 16:05:30.924root 11241100x8000000000000000788338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88277b80e91078382021-12-20 16:05:30.924root 11241100x8000000000000000788339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:30.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9854037721ca30972021-12-20 16:05:30.924root 11241100x8000000000000000788340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97be837d45b988b2021-12-20 16:05:31.424root 11241100x8000000000000000788341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550865712cdd7f322021-12-20 16:05:31.424root 11241100x8000000000000000788342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2311a433b38fbc8f2021-12-20 16:05:31.424root 11241100x8000000000000000788343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec6efbebe3de8812021-12-20 16:05:31.424root 11241100x8000000000000000788344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b7d28bc9b33e5b2021-12-20 16:05:31.424root 11241100x8000000000000000788345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7a77a9e073053f2021-12-20 16:05:31.424root 11241100x8000000000000000788346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cc08b39176140d2021-12-20 16:05:31.924root 11241100x8000000000000000788347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73782b8dad346cab2021-12-20 16:05:31.924root 11241100x8000000000000000788348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b304905dc0c13c142021-12-20 16:05:31.924root 11241100x8000000000000000788349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e83a702d48de472021-12-20 16:05:31.924root 11241100x8000000000000000788350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb527deb6ff3f062021-12-20 16:05:31.924root 11241100x8000000000000000788351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:31.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab32dd5572d3d862021-12-20 16:05:31.924root 11241100x8000000000000000788352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15ffbb0c81ee0ab2021-12-20 16:05:32.424root 11241100x8000000000000000788353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8950042f1bbd1d2021-12-20 16:05:32.424root 11241100x8000000000000000788354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e52baa28d673392021-12-20 16:05:32.424root 11241100x8000000000000000788355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d369b8c45670942021-12-20 16:05:32.424root 11241100x8000000000000000788356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dade97186614382021-12-20 16:05:32.424root 11241100x8000000000000000788357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf20a065bba83982021-12-20 16:05:32.424root 11241100x8000000000000000788358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c075b9d0817aab7c2021-12-20 16:05:32.924root 11241100x8000000000000000788359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314da16cf5a9c3c22021-12-20 16:05:32.924root 11241100x8000000000000000788360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86bff390148b81e2021-12-20 16:05:32.924root 11241100x8000000000000000788361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9e514ea78591812021-12-20 16:05:32.924root 11241100x8000000000000000788362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902416fdbe5f0ba12021-12-20 16:05:32.924root 11241100x8000000000000000788363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:32.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651d0f733b97e6062021-12-20 16:05:32.925root 354300x8000000000000000788364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.177{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51620-false10.0.1.12-8000- 11241100x8000000000000000788365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89ca08b368aa31b2021-12-20 16:05:33.178root 11241100x8000000000000000788366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e80479949ca984f2021-12-20 16:05:33.178root 11241100x8000000000000000788367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c677325e220082cf2021-12-20 16:05:33.179root 11241100x8000000000000000788368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6cabfea39bef232021-12-20 16:05:33.179root 11241100x8000000000000000788369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88793780c59d2cad2021-12-20 16:05:33.179root 11241100x8000000000000000788370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66071c91f33413702021-12-20 16:05:33.179root 11241100x8000000000000000788371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d1e044b59c045b2021-12-20 16:05:33.179root 11241100x8000000000000000788372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a341679198d27cf2021-12-20 16:05:33.675root 11241100x8000000000000000788373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd90233e3bed3d22021-12-20 16:05:33.675root 11241100x8000000000000000788374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fb72472880daf62021-12-20 16:05:33.675root 11241100x8000000000000000788375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cb982ede8d375b2021-12-20 16:05:33.675root 11241100x8000000000000000788376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14278722b71b04042021-12-20 16:05:33.675root 11241100x8000000000000000788377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988043c10244893c2021-12-20 16:05:33.675root 11241100x8000000000000000788378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:33.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe842124f6bed4d62021-12-20 16:05:33.675root 11241100x8000000000000000788379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3f5d28c1f7b6d02021-12-20 16:05:34.174root 11241100x8000000000000000788380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445769664530ee962021-12-20 16:05:34.174root 11241100x8000000000000000788381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559c8ec29c6460022021-12-20 16:05:34.174root 11241100x8000000000000000788382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8577ab255dc8e0e42021-12-20 16:05:34.174root 11241100x8000000000000000788383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e00c216e14e3aa62021-12-20 16:05:34.174root 11241100x8000000000000000788384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c9fa2b055e1bfb2021-12-20 16:05:34.174root 11241100x8000000000000000788385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b900d234baa3b72021-12-20 16:05:34.174root 11241100x8000000000000000788386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e96bbd0970b8e12021-12-20 16:05:34.674root 11241100x8000000000000000788387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb493aa5c367e2ec2021-12-20 16:05:34.674root 11241100x8000000000000000788388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea939490888306172021-12-20 16:05:34.674root 11241100x8000000000000000788389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e55cb039be9f442021-12-20 16:05:34.674root 11241100x8000000000000000788390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf7536ff9508b1a2021-12-20 16:05:34.674root 11241100x8000000000000000788391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7edaaa5ff8fa6ab2021-12-20 16:05:34.674root 11241100x8000000000000000788392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:34.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08768e0663962d5c2021-12-20 16:05:34.674root 11241100x8000000000000000788393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ec79c3bd93e0f92021-12-20 16:05:35.174root 11241100x8000000000000000788394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d177484ec2f84bd42021-12-20 16:05:35.174root 11241100x8000000000000000788395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe43625ae4002012021-12-20 16:05:35.174root 11241100x8000000000000000788396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa74e9b5073413de2021-12-20 16:05:35.174root 11241100x8000000000000000788397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123a9d9b4345fe0f2021-12-20 16:05:35.174root 11241100x8000000000000000788398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad1e6962633a4f52021-12-20 16:05:35.174root 11241100x8000000000000000788399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.174{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63566cb5c5909952021-12-20 16:05:35.174root 11241100x8000000000000000788400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b1f00096fa970b2021-12-20 16:05:35.674root 11241100x8000000000000000788401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35181b1f1f114e942021-12-20 16:05:35.674root 11241100x8000000000000000788402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2754866e797c5572021-12-20 16:05:35.674root 11241100x8000000000000000788403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba8ee67160fd4d22021-12-20 16:05:35.674root 11241100x8000000000000000788404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9660b960b5cedad2021-12-20 16:05:35.674root 11241100x8000000000000000788405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51a5029a9b77ecf2021-12-20 16:05:35.674root 11241100x8000000000000000788406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:35.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210731fbb600887e2021-12-20 16:05:35.674root 11241100x8000000000000000788407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.065{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:05:36.065root 11241100x8000000000000000788408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebfa67dc2de722d2021-12-20 16:05:36.066root 11241100x8000000000000000788409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aee9283ddf3440f2021-12-20 16:05:36.067root 11241100x8000000000000000788410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9092f5fefb518e42021-12-20 16:05:36.067root 11241100x8000000000000000788411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bed25beac9e3c102021-12-20 16:05:36.067root 11241100x8000000000000000788412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272278a22a5d64262021-12-20 16:05:36.067root 11241100x8000000000000000788413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606f922ec5ccc2822021-12-20 16:05:36.067root 11241100x8000000000000000788414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ef5c343c1264d62021-12-20 16:05:36.067root 11241100x8000000000000000788415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ae6f363dc955772021-12-20 16:05:36.067root 11241100x8000000000000000788416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb57f7136f0f0a82021-12-20 16:05:36.424root 11241100x8000000000000000788417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97afd301738e5882021-12-20 16:05:36.424root 11241100x8000000000000000788418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3c0a92bc70d0462021-12-20 16:05:36.424root 11241100x8000000000000000788419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1a8d6a09648f792021-12-20 16:05:36.424root 11241100x8000000000000000788420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d287c51535f170d2021-12-20 16:05:36.424root 11241100x8000000000000000788421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c721b8129e8737f2021-12-20 16:05:36.424root 11241100x8000000000000000788422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7302dbcee399888b2021-12-20 16:05:36.424root 11241100x8000000000000000788423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ef286edae4e7c82021-12-20 16:05:36.425root 11241100x8000000000000000788424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf5efc364ebf8402021-12-20 16:05:36.924root 11241100x8000000000000000788425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530d3ac4e17182b02021-12-20 16:05:36.924root 11241100x8000000000000000788426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430a09687998e62e2021-12-20 16:05:36.924root 11241100x8000000000000000788427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6282eb32ee93352021-12-20 16:05:36.924root 11241100x8000000000000000788428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e50067e369f04e42021-12-20 16:05:36.924root 11241100x8000000000000000788429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a33d02f28a40182021-12-20 16:05:36.925root 11241100x8000000000000000788430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e17bfcda32b77c2021-12-20 16:05:36.925root 11241100x8000000000000000788431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:36.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabc4f2d5f0c07b12021-12-20 16:05:36.925root 11241100x8000000000000000788432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55ca5b4039d85ea2021-12-20 16:05:37.424root 11241100x8000000000000000788433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c700826da6f9ca4c2021-12-20 16:05:37.424root 11241100x8000000000000000788434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63831dda5fe0ddaf2021-12-20 16:05:37.425root 11241100x8000000000000000788435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ff3692937bd33d2021-12-20 16:05:37.425root 11241100x8000000000000000788436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8b91608f5bdbb52021-12-20 16:05:37.425root 11241100x8000000000000000788437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a8d73435c5132b2021-12-20 16:05:37.425root 11241100x8000000000000000788438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d38913ee76b7b42021-12-20 16:05:37.425root 11241100x8000000000000000788439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aea87f678df1282021-12-20 16:05:37.425root 11241100x8000000000000000788440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a63092b037f0c42021-12-20 16:05:37.924root 11241100x8000000000000000788441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edacdccf11372b722021-12-20 16:05:37.924root 11241100x8000000000000000788442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c03ef399c294c92021-12-20 16:05:37.924root 11241100x8000000000000000788443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8bef74ecbf77ff2021-12-20 16:05:37.924root 11241100x8000000000000000788444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664457a82924d0c52021-12-20 16:05:37.924root 11241100x8000000000000000788445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6931ca1dad0f5c2021-12-20 16:05:37.924root 11241100x8000000000000000788446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e77774f9c2bc9f2021-12-20 16:05:37.924root 11241100x8000000000000000788447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:37.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeab6001d94836002021-12-20 16:05:37.924root 11241100x8000000000000000788448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f4c45c473e77932021-12-20 16:05:38.424root 11241100x8000000000000000788449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f9f63e3518eb912021-12-20 16:05:38.424root 11241100x8000000000000000788450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313d8109a83640242021-12-20 16:05:38.424root 11241100x8000000000000000788451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f31da460710caf72021-12-20 16:05:38.424root 11241100x8000000000000000788452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c421e90ac324bac62021-12-20 16:05:38.424root 11241100x8000000000000000788453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501471ac62459f862021-12-20 16:05:38.424root 11241100x8000000000000000788454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8955c547881e38db2021-12-20 16:05:38.424root 11241100x8000000000000000788455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccb2ac0305970d22021-12-20 16:05:38.425root 11241100x8000000000000000788456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b0bce1b5f46dce2021-12-20 16:05:38.924root 11241100x8000000000000000788457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8bf7263f3e884e2021-12-20 16:05:38.924root 11241100x8000000000000000788458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7530e3cb4e2dda12021-12-20 16:05:38.924root 11241100x8000000000000000788459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4d04ff1e72db792021-12-20 16:05:38.924root 11241100x8000000000000000788460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d204d418859b962021-12-20 16:05:38.924root 11241100x8000000000000000788461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d547be78cd51f51d2021-12-20 16:05:38.924root 11241100x8000000000000000788462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff34094e6a90238b2021-12-20 16:05:38.924root 11241100x8000000000000000788463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:38.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa710670bef7be12021-12-20 16:05:38.924root 23542300x8000000000000000788464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.065{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000788465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.140{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51622-false10.0.1.12-8000- 11241100x8000000000000000788466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2847bfdd20d35f22021-12-20 16:05:39.424root 11241100x8000000000000000788467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36c006a8ba39b442021-12-20 16:05:39.424root 11241100x8000000000000000788468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fad29fd48cb5762021-12-20 16:05:39.424root 11241100x8000000000000000788469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2509951a9ec06b2021-12-20 16:05:39.424root 11241100x8000000000000000788470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9e968397f5007f2021-12-20 16:05:39.424root 11241100x8000000000000000788471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00be47e24a004f8d2021-12-20 16:05:39.424root 11241100x8000000000000000788472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd3cce68ac422492021-12-20 16:05:39.425root 11241100x8000000000000000788473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d29e2cb8c758e902021-12-20 16:05:39.425root 11241100x8000000000000000788474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c0f38abba4c8da2021-12-20 16:05:39.425root 11241100x8000000000000000788475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fcba26075c69222021-12-20 16:05:39.425root 11241100x8000000000000000788476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ec0b635c80a9382021-12-20 16:05:39.924root 11241100x8000000000000000788477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a68ea901dc4147f2021-12-20 16:05:39.924root 11241100x8000000000000000788478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea8ce5f525581bc2021-12-20 16:05:39.924root 11241100x8000000000000000788479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f8be8d72240632021-12-20 16:05:39.924root 11241100x8000000000000000788480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a9363c4294dce92021-12-20 16:05:39.924root 11241100x8000000000000000788481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cf2e4632d643252021-12-20 16:05:39.924root 11241100x8000000000000000788482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c92d3c72634379b2021-12-20 16:05:39.925root 11241100x8000000000000000788483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b099574b775429be2021-12-20 16:05:39.925root 11241100x8000000000000000788484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f45d2c7057d1d42021-12-20 16:05:39.925root 11241100x8000000000000000788485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:39.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579a0970977ca7f22021-12-20 16:05:39.925root 11241100x8000000000000000788486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3f49e60b7962252021-12-20 16:05:40.424root 11241100x8000000000000000788487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f54cb5010dae3d2021-12-20 16:05:40.424root 11241100x8000000000000000788488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f96384337b9bb1f2021-12-20 16:05:40.424root 11241100x8000000000000000788489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f2a3452c1b1a882021-12-20 16:05:40.424root 11241100x8000000000000000788490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d80b94e2ed712e2021-12-20 16:05:40.424root 11241100x8000000000000000788491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d4e623fa6031982021-12-20 16:05:40.425root 11241100x8000000000000000788492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e630ffa50f091d942021-12-20 16:05:40.425root 11241100x8000000000000000788493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8809f3d283ad10442021-12-20 16:05:40.425root 11241100x8000000000000000788494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9361246a90c9882021-12-20 16:05:40.425root 11241100x8000000000000000788495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24dddbbfd42e8fe52021-12-20 16:05:40.425root 11241100x8000000000000000788496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0939e286160fbac72021-12-20 16:05:40.924root 11241100x8000000000000000788497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b5a182fee179832021-12-20 16:05:40.924root 11241100x8000000000000000788498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9257f2b4c9ac715c2021-12-20 16:05:40.924root 11241100x8000000000000000788499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8d44f53ebabfbe2021-12-20 16:05:40.924root 11241100x8000000000000000788500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619ab3f201fb7ab12021-12-20 16:05:40.924root 11241100x8000000000000000788501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7096420828eca2a22021-12-20 16:05:40.924root 11241100x8000000000000000788502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf58564eb7146e02021-12-20 16:05:40.925root 11241100x8000000000000000788503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dddab58b9a98ccc2021-12-20 16:05:40.925root 11241100x8000000000000000788504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22ff29df7b7bc692021-12-20 16:05:40.925root 11241100x8000000000000000788505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:40.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1fcba7f4f0264a2021-12-20 16:05:40.925root 11241100x8000000000000000788506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6441d38ae95157ac2021-12-20 16:05:41.424root 11241100x8000000000000000788507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab05dff35c30ce7c2021-12-20 16:05:41.424root 11241100x8000000000000000788508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784d5a15e59270b92021-12-20 16:05:41.424root 11241100x8000000000000000788509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19aceb766481ae32021-12-20 16:05:41.424root 11241100x8000000000000000788510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2405309f57ad6c2021-12-20 16:05:41.424root 11241100x8000000000000000788511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b1781a717f8e5b2021-12-20 16:05:41.425root 11241100x8000000000000000788512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b5ebb94159c8be2021-12-20 16:05:41.425root 11241100x8000000000000000788513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3c33e0719b5eb52021-12-20 16:05:41.425root 11241100x8000000000000000788514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52df4de2339d5e352021-12-20 16:05:41.425root 11241100x8000000000000000788515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254076f90ce0e1ff2021-12-20 16:05:41.425root 11241100x8000000000000000788516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02a4e93e85011b92021-12-20 16:05:41.924root 11241100x8000000000000000788517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b8f44918ebc8ea2021-12-20 16:05:41.924root 11241100x8000000000000000788518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d0cc18731edc642021-12-20 16:05:41.924root 11241100x8000000000000000788519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399b3bb8d0fddee62021-12-20 16:05:41.924root 11241100x8000000000000000788520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465961d9a07c68702021-12-20 16:05:41.924root 11241100x8000000000000000788521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77865f85343fd0662021-12-20 16:05:41.924root 11241100x8000000000000000788522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1957b7bb1e3708e2021-12-20 16:05:41.925root 11241100x8000000000000000788523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1f9bd9ba4199c42021-12-20 16:05:41.925root 11241100x8000000000000000788524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a221bd75af8f1e32021-12-20 16:05:41.925root 11241100x8000000000000000788525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:41.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6e7ebdfb70d30d2021-12-20 16:05:41.925root 11241100x8000000000000000788526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd2912ca114e1052021-12-20 16:05:42.424root 11241100x8000000000000000788527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6879ef12ca5959a72021-12-20 16:05:42.424root 11241100x8000000000000000788528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea857143e42365822021-12-20 16:05:42.424root 11241100x8000000000000000788529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775ee8643c41f2a32021-12-20 16:05:42.424root 11241100x8000000000000000788530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75213d8bb835fde12021-12-20 16:05:42.424root 11241100x8000000000000000788531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d137cef7ef1cd72021-12-20 16:05:42.425root 11241100x8000000000000000788532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f5deb9615f15302021-12-20 16:05:42.425root 11241100x8000000000000000788533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fa08923019ec602021-12-20 16:05:42.425root 11241100x8000000000000000788534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c7cd2a2b8e5ce52021-12-20 16:05:42.425root 11241100x8000000000000000788535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079385a3c19f5a932021-12-20 16:05:42.425root 11241100x8000000000000000788536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798b81f105710b3d2021-12-20 16:05:42.924root 11241100x8000000000000000788537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50928728515372232021-12-20 16:05:42.924root 11241100x8000000000000000788538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c09d98d1ef7fd032021-12-20 16:05:42.924root 11241100x8000000000000000788539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1b9bb2a907cb892021-12-20 16:05:42.925root 11241100x8000000000000000788540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9c9cf82eaf9fdd2021-12-20 16:05:42.925root 11241100x8000000000000000788541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03baf6e23134a81a2021-12-20 16:05:42.925root 11241100x8000000000000000788542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b6e53f4cbbf9f32021-12-20 16:05:42.925root 11241100x8000000000000000788543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0a511690070b722021-12-20 16:05:42.925root 11241100x8000000000000000788544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3b6504c13c3d812021-12-20 16:05:42.925root 11241100x8000000000000000788545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:42.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d876b7e34a50e33c2021-12-20 16:05:42.925root 11241100x8000000000000000788546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4696d3c1bff02c2021-12-20 16:05:43.424root 11241100x8000000000000000788547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5716e8ecf91d9362021-12-20 16:05:43.424root 11241100x8000000000000000788548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa9500397973fb42021-12-20 16:05:43.424root 11241100x8000000000000000788549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15f2fd9ecb1932f2021-12-20 16:05:43.424root 11241100x8000000000000000788550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaf3758529839862021-12-20 16:05:43.424root 11241100x8000000000000000788551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87cad7349032ea02021-12-20 16:05:43.425root 11241100x8000000000000000788552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add4164c5cd4c6a92021-12-20 16:05:43.425root 11241100x8000000000000000788553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4382bb9cce3f72a22021-12-20 16:05:43.425root 11241100x8000000000000000788554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93cfa36c2891e652021-12-20 16:05:43.425root 11241100x8000000000000000788555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1820bd9a2c78f0992021-12-20 16:05:43.425root 11241100x8000000000000000788556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06ed9aff8641a4e2021-12-20 16:05:43.924root 11241100x8000000000000000788557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6c754bbdd799762021-12-20 16:05:43.924root 11241100x8000000000000000788558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df98cc63376f0dc2021-12-20 16:05:43.924root 11241100x8000000000000000788559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f247a6fbab0ad8bf2021-12-20 16:05:43.924root 11241100x8000000000000000788560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69bfa6eb75a34fe2021-12-20 16:05:43.924root 11241100x8000000000000000788561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ac79323558cfb72021-12-20 16:05:43.925root 11241100x8000000000000000788562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154310464bb653902021-12-20 16:05:43.925root 11241100x8000000000000000788563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931ea4a1aaf0dd192021-12-20 16:05:43.925root 11241100x8000000000000000788564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e682e404fe977d6b2021-12-20 16:05:43.925root 11241100x8000000000000000788565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:43.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a07fc051073de32021-12-20 16:05:43.925root 11241100x8000000000000000788566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449ebfdb847eb2d12021-12-20 16:05:44.424root 11241100x8000000000000000788567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc97f33c97628e4a2021-12-20 16:05:44.425root 11241100x8000000000000000788568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a523fd9c219b95752021-12-20 16:05:44.425root 11241100x8000000000000000788569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208f913decef9ef62021-12-20 16:05:44.425root 11241100x8000000000000000788570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a517e83ca4d2d42021-12-20 16:05:44.425root 11241100x8000000000000000788571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6795054545b69912021-12-20 16:05:44.426root 11241100x8000000000000000788572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321a9c444dd1d2292021-12-20 16:05:44.426root 11241100x8000000000000000788573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689f93107342b57d2021-12-20 16:05:44.426root 11241100x8000000000000000788574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0454bcfd00db27af2021-12-20 16:05:44.427root 11241100x8000000000000000788575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcc421f68c105a22021-12-20 16:05:44.427root 11241100x8000000000000000788576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1279c908464beb2021-12-20 16:05:44.924root 11241100x8000000000000000788577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf6afe3de3a0f532021-12-20 16:05:44.924root 11241100x8000000000000000788578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb4c30d2bbde9802021-12-20 16:05:44.925root 11241100x8000000000000000788579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96b544dd2f993982021-12-20 16:05:44.925root 11241100x8000000000000000788580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef8be1350404d782021-12-20 16:05:44.925root 11241100x8000000000000000788581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fad4d0a6c1a97f2021-12-20 16:05:44.926root 11241100x8000000000000000788582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d067871ca22ad6c2021-12-20 16:05:44.926root 11241100x8000000000000000788583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff93bb1c7fe191b22021-12-20 16:05:44.926root 11241100x8000000000000000788584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a189d079d7da902021-12-20 16:05:44.927root 11241100x8000000000000000788585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:44.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea7eba42b99720a2021-12-20 16:05:44.927root 354300x8000000000000000788586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.129{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51624-false10.0.1.12-8000- 11241100x8000000000000000788587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fec2bca9dda1ce32021-12-20 16:05:45.424root 11241100x8000000000000000788588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664eed53476ee6d62021-12-20 16:05:45.424root 11241100x8000000000000000788589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22eee4abc2966f02021-12-20 16:05:45.424root 11241100x8000000000000000788590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b693f1bda0c9c2c2021-12-20 16:05:45.424root 11241100x8000000000000000788591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6a0a1582dfda442021-12-20 16:05:45.424root 11241100x8000000000000000788592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480260dd4c0f86ba2021-12-20 16:05:45.424root 11241100x8000000000000000788593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194dedd0563b37912021-12-20 16:05:45.425root 11241100x8000000000000000788594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d54fb7074cbea332021-12-20 16:05:45.425root 11241100x8000000000000000788595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3d27a3d0c86e602021-12-20 16:05:45.425root 11241100x8000000000000000788596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535251cd1aed4adc2021-12-20 16:05:45.425root 11241100x8000000000000000788597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65a059bc3248ea72021-12-20 16:05:45.425root 11241100x8000000000000000788598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5dbf5e31c87e072021-12-20 16:05:45.924root 11241100x8000000000000000788599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9871dfa077709e682021-12-20 16:05:45.924root 11241100x8000000000000000788600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0d08983fb35ae02021-12-20 16:05:45.924root 11241100x8000000000000000788601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f919b4e249c5b68a2021-12-20 16:05:45.924root 11241100x8000000000000000788602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9439b4ae1b928552021-12-20 16:05:45.925root 11241100x8000000000000000788603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18be1715ebb1d1c72021-12-20 16:05:45.925root 11241100x8000000000000000788604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119110cf2bfee0152021-12-20 16:05:45.925root 11241100x8000000000000000788605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca078bd5d54b71b2021-12-20 16:05:45.925root 11241100x8000000000000000788606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407afbe34d36ef2a2021-12-20 16:05:45.925root 11241100x8000000000000000788607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c5045f1ddb111e2021-12-20 16:05:45.925root 11241100x8000000000000000788608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:45.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0c0891e6776ab72021-12-20 16:05:45.925root 11241100x8000000000000000788609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99e7e41e0978dff2021-12-20 16:05:46.424root 11241100x8000000000000000788610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e304bb91fab1fa2021-12-20 16:05:46.424root 11241100x8000000000000000788611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c221d9461fff2d202021-12-20 16:05:46.424root 11241100x8000000000000000788612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b726d41f01c6532021-12-20 16:05:46.424root 11241100x8000000000000000788613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b1280f17a226042021-12-20 16:05:46.424root 11241100x8000000000000000788614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce864bf16b601f5f2021-12-20 16:05:46.424root 11241100x8000000000000000788615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4381f754e3a5d52021-12-20 16:05:46.424root 11241100x8000000000000000788616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053df6e162976f742021-12-20 16:05:46.425root 11241100x8000000000000000788617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d636e054eaa5391a2021-12-20 16:05:46.425root 11241100x8000000000000000788618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f58f920067694d2021-12-20 16:05:46.425root 11241100x8000000000000000788619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a59d7c2d9fb8682021-12-20 16:05:46.425root 11241100x8000000000000000788620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb848217711859472021-12-20 16:05:46.924root 11241100x8000000000000000788621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cc4bc8b63a55ad2021-12-20 16:05:46.924root 11241100x8000000000000000788622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd970865fc38b5352021-12-20 16:05:46.924root 11241100x8000000000000000788623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0976292978da6382021-12-20 16:05:46.924root 11241100x8000000000000000788624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5910353e400ebd2021-12-20 16:05:46.924root 11241100x8000000000000000788625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b859a1b8ef2f6902021-12-20 16:05:46.924root 11241100x8000000000000000788626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd4a6563a253ae92021-12-20 16:05:46.924root 11241100x8000000000000000788627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d925f5388b9179052021-12-20 16:05:46.925root 11241100x8000000000000000788628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c08faeeb65ded62021-12-20 16:05:46.925root 11241100x8000000000000000788629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a9c620f3b831562021-12-20 16:05:46.925root 11241100x8000000000000000788630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:46.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b767afd1631bdf3c2021-12-20 16:05:46.925root 11241100x8000000000000000788631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c76d28808d818002021-12-20 16:05:47.424root 11241100x8000000000000000788632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb84d553fc625fe22021-12-20 16:05:47.425root 11241100x8000000000000000788633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dc9a72c66d4f5b2021-12-20 16:05:47.425root 11241100x8000000000000000788634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d61ac3df1dfd3a72021-12-20 16:05:47.425root 11241100x8000000000000000788635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3534e6856d70ad372021-12-20 16:05:47.426root 11241100x8000000000000000788636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3426e1da7e4abc2021-12-20 16:05:47.426root 11241100x8000000000000000788637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8026c32f845b73322021-12-20 16:05:47.427root 11241100x8000000000000000788638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dc655bf5810c4c2021-12-20 16:05:47.427root 11241100x8000000000000000788639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608026daa2eebfd02021-12-20 16:05:47.427root 11241100x8000000000000000788640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d35d714a733c13a2021-12-20 16:05:47.427root 11241100x8000000000000000788641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e07103a5da425d2021-12-20 16:05:47.428root 11241100x8000000000000000788642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803028c49edd1bd22021-12-20 16:05:47.924root 11241100x8000000000000000788643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca31fb60e184d53c2021-12-20 16:05:47.924root 11241100x8000000000000000788644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903c3891f87c3de72021-12-20 16:05:47.925root 11241100x8000000000000000788645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe27fcf5f6ef84e2021-12-20 16:05:47.925root 11241100x8000000000000000788646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c92495464bea0c2021-12-20 16:05:47.925root 11241100x8000000000000000788647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff22cf3522eb2b712021-12-20 16:05:47.926root 11241100x8000000000000000788648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df2eb4d1d9290912021-12-20 16:05:47.926root 11241100x8000000000000000788649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ec8e452fcd67292021-12-20 16:05:47.927root 11241100x8000000000000000788650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a830cffa5c0d422021-12-20 16:05:47.927root 11241100x8000000000000000788651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74c65bb2cc847d92021-12-20 16:05:47.928root 11241100x8000000000000000788652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:47.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a60bc2c08b14c002021-12-20 16:05:47.929root 11241100x8000000000000000788653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb6fed6460e9eb2021-12-20 16:05:48.424root 11241100x8000000000000000788654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc6631c90b3d1f12021-12-20 16:05:48.424root 11241100x8000000000000000788655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721e9b63f361d5932021-12-20 16:05:48.424root 11241100x8000000000000000788656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e1769037aaa84e2021-12-20 16:05:48.424root 11241100x8000000000000000788657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6f541a8ca259312021-12-20 16:05:48.425root 11241100x8000000000000000788658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2edbaf275667b52021-12-20 16:05:48.425root 11241100x8000000000000000788659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483a478608e444262021-12-20 16:05:48.425root 11241100x8000000000000000788660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70aa9f5ae2fef662021-12-20 16:05:48.425root 11241100x8000000000000000788661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896b3286950782dc2021-12-20 16:05:48.425root 11241100x8000000000000000788662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdc01cd458f16672021-12-20 16:05:48.425root 11241100x8000000000000000788663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702b6b918f7b691d2021-12-20 16:05:48.425root 11241100x8000000000000000788664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336c7d0b50d7bb9a2021-12-20 16:05:48.925root 11241100x8000000000000000788665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e2e6ed61ad908f2021-12-20 16:05:48.925root 11241100x8000000000000000788666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3e7601035672632021-12-20 16:05:48.925root 11241100x8000000000000000788667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e04fbe3ccffae12021-12-20 16:05:48.925root 11241100x8000000000000000788668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42b53740878db4b2021-12-20 16:05:48.925root 11241100x8000000000000000788669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566f9f7c92953c682021-12-20 16:05:48.925root 11241100x8000000000000000788670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c736763841e98692021-12-20 16:05:48.925root 11241100x8000000000000000788671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df470b69b88e87f22021-12-20 16:05:48.925root 11241100x8000000000000000788672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dba06569b8e75d82021-12-20 16:05:48.926root 11241100x8000000000000000788673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b7b26eaf36a2f12021-12-20 16:05:48.926root 11241100x8000000000000000788674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:48.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d978404fb0e626262021-12-20 16:05:48.926root 11241100x8000000000000000788675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d07885bc77b6b3e2021-12-20 16:05:49.424root 11241100x8000000000000000788676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59de2116226a3522021-12-20 16:05:49.424root 11241100x8000000000000000788677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d568636f756d9bb32021-12-20 16:05:49.424root 11241100x8000000000000000788678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92ca2d1ae2ecc232021-12-20 16:05:49.424root 11241100x8000000000000000788679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f032f5802641ce2021-12-20 16:05:49.425root 11241100x8000000000000000788680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f43480a05b873f2021-12-20 16:05:49.425root 11241100x8000000000000000788681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73657111304048e62021-12-20 16:05:49.425root 11241100x8000000000000000788682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8c1bea15a304102021-12-20 16:05:49.425root 11241100x8000000000000000788683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae603231c7c8a4282021-12-20 16:05:49.425root 11241100x8000000000000000788684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb84c78179821842021-12-20 16:05:49.431root 11241100x8000000000000000788685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7816bc42a0ae472021-12-20 16:05:49.431root 11241100x8000000000000000788686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35899b605bb998292021-12-20 16:05:49.924root 11241100x8000000000000000788687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28b740b4ce4f7812021-12-20 16:05:49.924root 11241100x8000000000000000788688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662edc3a82b1e6822021-12-20 16:05:49.924root 11241100x8000000000000000788689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23c2901f4bfcf7d2021-12-20 16:05:49.924root 11241100x8000000000000000788690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87d53a2c935ca492021-12-20 16:05:49.924root 11241100x8000000000000000788691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f17d8eabe96d422021-12-20 16:05:49.925root 11241100x8000000000000000788692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3b1f09d0ceca6e2021-12-20 16:05:49.925root 11241100x8000000000000000788693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70b9b27baff1e662021-12-20 16:05:49.925root 11241100x8000000000000000788694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bc866b9918691d2021-12-20 16:05:49.925root 11241100x8000000000000000788695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396ffad21adf90102021-12-20 16:05:49.925root 11241100x8000000000000000788696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:49.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7ae77f217c34cd2021-12-20 16:05:49.925root 11241100x8000000000000000788697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796c339ccc39c68e2021-12-20 16:05:50.424root 11241100x8000000000000000788698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e3e9dc87c5a8402021-12-20 16:05:50.424root 11241100x8000000000000000788699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22c64308e4b9f182021-12-20 16:05:50.424root 11241100x8000000000000000788700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a438c42b931a2b32021-12-20 16:05:50.424root 11241100x8000000000000000788701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8c3cc6183faeb42021-12-20 16:05:50.424root 11241100x8000000000000000788702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f019d72d36d956e2021-12-20 16:05:50.424root 11241100x8000000000000000788703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513b612b8d8b61e22021-12-20 16:05:50.424root 11241100x8000000000000000788704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5670d7134d9c59442021-12-20 16:05:50.425root 11241100x8000000000000000788705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463d2b125f308ae92021-12-20 16:05:50.425root 11241100x8000000000000000788706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5fe8b5b40bba602021-12-20 16:05:50.425root 11241100x8000000000000000788707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa046d3161a91da2021-12-20 16:05:50.425root 11241100x8000000000000000788708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a968426cdb69317b2021-12-20 16:05:50.924root 11241100x8000000000000000788709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169b52cc8bda08732021-12-20 16:05:50.924root 11241100x8000000000000000788710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9e7323e42aab5f2021-12-20 16:05:50.925root 11241100x8000000000000000788711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a87c4472d5a7452021-12-20 16:05:50.925root 11241100x8000000000000000788712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88abf5fcdf864ffa2021-12-20 16:05:50.925root 11241100x8000000000000000788713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564f1dc62b2a7b642021-12-20 16:05:50.925root 11241100x8000000000000000788714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d83dfbaf1af7162021-12-20 16:05:50.926root 11241100x8000000000000000788715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a649ff76328341642021-12-20 16:05:50.926root 11241100x8000000000000000788716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed1fa80408d30bf2021-12-20 16:05:50.926root 11241100x8000000000000000788717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf42c8c3608e88b2021-12-20 16:05:50.926root 11241100x8000000000000000788718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:50.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a918da322b52f24b2021-12-20 16:05:50.927root 354300x8000000000000000788719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.105{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51626-false10.0.1.12-8000- 11241100x8000000000000000788720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61710dd404b3b3fa2021-12-20 16:05:51.424root 11241100x8000000000000000788721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5955742a56406102021-12-20 16:05:51.424root 11241100x8000000000000000788722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620499d8fcd6e35a2021-12-20 16:05:51.424root 11241100x8000000000000000788723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77c59e3042d72ee2021-12-20 16:05:51.424root 11241100x8000000000000000788724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d51611626a516b42021-12-20 16:05:51.424root 11241100x8000000000000000788725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798093b8e0df038c2021-12-20 16:05:51.424root 11241100x8000000000000000788726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274bb4b5c7397b7f2021-12-20 16:05:51.425root 11241100x8000000000000000788727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7503508ebe62f32021-12-20 16:05:51.425root 11241100x8000000000000000788728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d38f21b532340d2021-12-20 16:05:51.425root 11241100x8000000000000000788729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bd31c0b727a0d82021-12-20 16:05:51.425root 11241100x8000000000000000788730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fe3f2281c3e30b2021-12-20 16:05:51.425root 11241100x8000000000000000788731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36fe850b40ba30c2021-12-20 16:05:51.425root 11241100x8000000000000000788732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0516f7f9c11599e2021-12-20 16:05:51.924root 11241100x8000000000000000788733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9315bdc51e3ffe2021-12-20 16:05:51.924root 11241100x8000000000000000788734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1f42f82f33ed132021-12-20 16:05:51.924root 11241100x8000000000000000788735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43aa164dc609c2322021-12-20 16:05:51.924root 11241100x8000000000000000788736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef1c9edb023ec5f2021-12-20 16:05:51.924root 11241100x8000000000000000788737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ae4e27be1b10162021-12-20 16:05:51.924root 11241100x8000000000000000788738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c998e7a376e105e12021-12-20 16:05:51.925root 11241100x8000000000000000788739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf90f68909a4bed2021-12-20 16:05:51.925root 11241100x8000000000000000788740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec86a6b0dcb03d32021-12-20 16:05:51.925root 11241100x8000000000000000788741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19a862daa25bc9e2021-12-20 16:05:51.925root 11241100x8000000000000000788742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce0ccfad5986b872021-12-20 16:05:51.925root 11241100x8000000000000000788743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:51.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28830798908dfa9c2021-12-20 16:05:51.925root 11241100x8000000000000000788744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14da8ffefd282d9b2021-12-20 16:05:52.424root 11241100x8000000000000000788745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95017964260ea992021-12-20 16:05:52.425root 11241100x8000000000000000788746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf9a973a0ead4c92021-12-20 16:05:52.425root 11241100x8000000000000000788747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fdfa8c2da6bfeb2021-12-20 16:05:52.425root 11241100x8000000000000000788748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7626987627be5d462021-12-20 16:05:52.426root 11241100x8000000000000000788749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a1ba271f1a58792021-12-20 16:05:52.426root 11241100x8000000000000000788750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96cdf4ab2e3fa192021-12-20 16:05:52.426root 11241100x8000000000000000788751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e642f3e388895ea2021-12-20 16:05:52.426root 11241100x8000000000000000788752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2128eff2e9769aa2021-12-20 16:05:52.426root 11241100x8000000000000000788753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a527a06ecf82c05a2021-12-20 16:05:52.426root 11241100x8000000000000000788754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3086c3b11cc0c22021-12-20 16:05:52.427root 11241100x8000000000000000788755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61982653c5b0c152021-12-20 16:05:52.427root 11241100x8000000000000000788756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542266ed6248e5fc2021-12-20 16:05:52.925root 11241100x8000000000000000788757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648b2dc1c6d8ad9e2021-12-20 16:05:52.925root 11241100x8000000000000000788758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecc8e7f5d700da12021-12-20 16:05:52.925root 11241100x8000000000000000788759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d04c9e70ab1ba12021-12-20 16:05:52.925root 11241100x8000000000000000788760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8593d9071e8a581c2021-12-20 16:05:52.926root 11241100x8000000000000000788761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1812af0e9803602021-12-20 16:05:52.926root 11241100x8000000000000000788762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bef2b181821207a2021-12-20 16:05:52.926root 11241100x8000000000000000788763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4165e05b516944252021-12-20 16:05:52.928root 11241100x8000000000000000788764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2993614e6e92e52021-12-20 16:05:52.928root 11241100x8000000000000000788765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fc8a76a5c5c5bb2021-12-20 16:05:52.928root 11241100x8000000000000000788766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab115cbf88bd81ad2021-12-20 16:05:52.928root 11241100x8000000000000000788767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edcf84b195eb4342021-12-20 16:05:52.928root 11241100x8000000000000000788768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94104b742f48f11e2021-12-20 16:05:52.928root 11241100x8000000000000000788769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd583cc972176b1b2021-12-20 16:05:52.929root 11241100x8000000000000000788770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf5ce43769f40782021-12-20 16:05:52.929root 11241100x8000000000000000788771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47197d763c265d7d2021-12-20 16:05:52.929root 11241100x8000000000000000788772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff72ef2c8d236512021-12-20 16:05:52.929root 11241100x8000000000000000788773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2afc657b25875f2021-12-20 16:05:52.929root 11241100x8000000000000000788774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:52.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5d08d16c6ef3b52021-12-20 16:05:52.929root 11241100x8000000000000000788775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32307c4c1250f0302021-12-20 16:05:53.424root 11241100x8000000000000000788776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3118a869e51d15a32021-12-20 16:05:53.424root 11241100x8000000000000000788777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ccece9ac2d6c502021-12-20 16:05:53.424root 11241100x8000000000000000788778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c3c642f38c7a3d2021-12-20 16:05:53.424root 11241100x8000000000000000788779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d51d399ee614342021-12-20 16:05:53.425root 11241100x8000000000000000788780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aca09c1dfb87392021-12-20 16:05:53.425root 11241100x8000000000000000788781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f6ec7d8f84ac252021-12-20 16:05:53.425root 11241100x8000000000000000788782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e3eb65af83670a2021-12-20 16:05:53.425root 11241100x8000000000000000788783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb879e2aed1df2b92021-12-20 16:05:53.425root 11241100x8000000000000000788784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3571fc6d9a18e06a2021-12-20 16:05:53.425root 11241100x8000000000000000788785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c64e4497d2c8072021-12-20 16:05:53.425root 11241100x8000000000000000788786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8925a868bc930a3d2021-12-20 16:05:53.425root 11241100x8000000000000000788787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613de8284050dcdc2021-12-20 16:05:53.924root 11241100x8000000000000000788788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf48153c5e2ecd442021-12-20 16:05:53.924root 11241100x8000000000000000788789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c46a563af7daec2021-12-20 16:05:53.924root 11241100x8000000000000000788790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2343f122eeedc8bc2021-12-20 16:05:53.924root 11241100x8000000000000000788791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77976cd208f2de22021-12-20 16:05:53.924root 11241100x8000000000000000788792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739cc629b4990f232021-12-20 16:05:53.925root 11241100x8000000000000000788793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebe923f851528c42021-12-20 16:05:53.925root 11241100x8000000000000000788794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c0b9521a8fce4c2021-12-20 16:05:53.925root 11241100x8000000000000000788795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e31c50b550d3d42021-12-20 16:05:53.925root 11241100x8000000000000000788796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ce703d29d74b5e2021-12-20 16:05:53.925root 11241100x8000000000000000788797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6478548d540a982d2021-12-20 16:05:53.925root 11241100x8000000000000000788798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:53.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a40bf7cdc7a5ae2021-12-20 16:05:53.926root 11241100x8000000000000000788799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a544ba465f6d93122021-12-20 16:05:54.424root 11241100x8000000000000000788800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc97fe3d8f591262021-12-20 16:05:54.424root 11241100x8000000000000000788801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcaac826bde480f2021-12-20 16:05:54.424root 11241100x8000000000000000788802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829df0a9e2fe38be2021-12-20 16:05:54.424root 11241100x8000000000000000788803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a83826265319a92021-12-20 16:05:54.424root 11241100x8000000000000000788804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604815089baced612021-12-20 16:05:54.425root 11241100x8000000000000000788805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9285ef980cc9e5e2021-12-20 16:05:54.425root 11241100x8000000000000000788806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9253b61182c7f5b02021-12-20 16:05:54.425root 11241100x8000000000000000788807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25668aaeed1760962021-12-20 16:05:54.425root 11241100x8000000000000000788808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7b9d7abdd92c822021-12-20 16:05:54.425root 11241100x8000000000000000788809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce9f576c90542692021-12-20 16:05:54.426root 11241100x8000000000000000788810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a209712873b30b8a2021-12-20 16:05:54.426root 11241100x8000000000000000788811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e453b22fb6d7beb2021-12-20 16:05:54.924root 11241100x8000000000000000788812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bdff7396b381a22021-12-20 16:05:54.924root 11241100x8000000000000000788813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8991f06cff72e9982021-12-20 16:05:54.924root 11241100x8000000000000000788814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027a98b86dbbda852021-12-20 16:05:54.924root 11241100x8000000000000000788815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd47b1a5c64d534d2021-12-20 16:05:54.924root 11241100x8000000000000000788816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630e188fb1a4d9002021-12-20 16:05:54.925root 11241100x8000000000000000788817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a401eaf22619abd62021-12-20 16:05:54.925root 11241100x8000000000000000788818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675044bb34da7c9e2021-12-20 16:05:54.925root 11241100x8000000000000000788819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbda5faa9b1c9d42021-12-20 16:05:54.925root 11241100x8000000000000000788820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d49cc1564eaa9c2021-12-20 16:05:54.925root 11241100x8000000000000000788821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edd9996fda972ba2021-12-20 16:05:54.925root 11241100x8000000000000000788822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:54.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ee5bf8d8a6be092021-12-20 16:05:54.925root 11241100x8000000000000000788823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985d4c29a590a5162021-12-20 16:05:55.424root 11241100x8000000000000000788824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9c5d470f39b6b62021-12-20 16:05:55.424root 11241100x8000000000000000788825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4d09e046229a432021-12-20 16:05:55.424root 11241100x8000000000000000788826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff20fce9a0c2c18f2021-12-20 16:05:55.424root 11241100x8000000000000000788827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c93f290c293a86c2021-12-20 16:05:55.425root 11241100x8000000000000000788828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f11ba7570e4f5d02021-12-20 16:05:55.425root 11241100x8000000000000000788829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205e7c2d55b683772021-12-20 16:05:55.425root 11241100x8000000000000000788830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e49805639796a3a2021-12-20 16:05:55.425root 11241100x8000000000000000788831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fecc22dc32c7b42021-12-20 16:05:55.425root 11241100x8000000000000000788832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf474f2a7d26291c2021-12-20 16:05:55.425root 11241100x8000000000000000788833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83c9d02986fb2902021-12-20 16:05:55.425root 11241100x8000000000000000788834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d11e866eede51f2021-12-20 16:05:55.425root 11241100x8000000000000000788835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250691d446fd247f2021-12-20 16:05:55.924root 11241100x8000000000000000788836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274c12c06fd0e5262021-12-20 16:05:55.924root 11241100x8000000000000000788837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88d6d38f1a866b82021-12-20 16:05:55.924root 11241100x8000000000000000788838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5e268de514320c2021-12-20 16:05:55.924root 11241100x8000000000000000788839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ca14825341030c2021-12-20 16:05:55.925root 11241100x8000000000000000788840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c19c2c3921914a2021-12-20 16:05:55.925root 11241100x8000000000000000788841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdab3886887496072021-12-20 16:05:55.925root 11241100x8000000000000000788842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf2d068d9c82c882021-12-20 16:05:55.925root 11241100x8000000000000000788843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c81825d580adbcc2021-12-20 16:05:55.925root 11241100x8000000000000000788844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894e3ccfbacf4bee2021-12-20 16:05:55.925root 11241100x8000000000000000788845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bfd17f7e24bbac2021-12-20 16:05:55.925root 11241100x8000000000000000788846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:55.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730a9f69afc1d60a2021-12-20 16:05:55.925root 11241100x8000000000000000788847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a361ced2ff6eb4bf2021-12-20 16:05:56.424root 11241100x8000000000000000788848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d9a9b410700e082021-12-20 16:05:56.424root 11241100x8000000000000000788849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a114605735229a72021-12-20 16:05:56.424root 11241100x8000000000000000788850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5e155761ef3eb92021-12-20 16:05:56.424root 11241100x8000000000000000788851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7a42d7ea4d27fa2021-12-20 16:05:56.425root 11241100x8000000000000000788852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c11cde475119122021-12-20 16:05:56.425root 11241100x8000000000000000788853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb271eb9267b754a2021-12-20 16:05:56.425root 11241100x8000000000000000788854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec67dc835beff892021-12-20 16:05:56.425root 11241100x8000000000000000788855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f771437a1cd05d2021-12-20 16:05:56.425root 11241100x8000000000000000788856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff6603b4e5513402021-12-20 16:05:56.425root 11241100x8000000000000000788857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7df641c6f13345f2021-12-20 16:05:56.425root 11241100x8000000000000000788858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be5eff11a3f1f592021-12-20 16:05:56.425root 11241100x8000000000000000788859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839b3fd3b7191cb52021-12-20 16:05:56.924root 11241100x8000000000000000788860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54be5d1d190f4262021-12-20 16:05:56.924root 11241100x8000000000000000788861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84607cdca0381b3b2021-12-20 16:05:56.924root 11241100x8000000000000000788862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0b6ad9ae894a542021-12-20 16:05:56.924root 11241100x8000000000000000788863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e79d75f317b068b2021-12-20 16:05:56.925root 11241100x8000000000000000788864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2535d7ad5f8acfa62021-12-20 16:05:56.925root 11241100x8000000000000000788865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c684d04670b9bdaf2021-12-20 16:05:56.925root 11241100x8000000000000000788866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8804b65eda1371262021-12-20 16:05:56.925root 11241100x8000000000000000788867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ce91e120bfea952021-12-20 16:05:56.925root 11241100x8000000000000000788868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc93a1af4c6e00232021-12-20 16:05:56.925root 11241100x8000000000000000788869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bc22b9189812ef2021-12-20 16:05:56.925root 11241100x8000000000000000788870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:56.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ede1ba72701e8f2021-12-20 16:05:56.926root 354300x8000000000000000788871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.088{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51628-false10.0.1.12-8000- 11241100x8000000000000000788872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98520a3da9cf7102021-12-20 16:05:57.424root 11241100x8000000000000000788873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae9259be489ddfb2021-12-20 16:05:57.425root 11241100x8000000000000000788874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02c2e67c7a48d5d2021-12-20 16:05:57.425root 11241100x8000000000000000788875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683e7b8b52c9a5d92021-12-20 16:05:57.425root 11241100x8000000000000000788876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5015be7fc9eb6b342021-12-20 16:05:57.425root 11241100x8000000000000000788877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3721abc5b8f3e78d2021-12-20 16:05:57.426root 11241100x8000000000000000788878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff0a9763d42abed2021-12-20 16:05:57.426root 11241100x8000000000000000788879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561620bccbe4cbbc2021-12-20 16:05:57.426root 11241100x8000000000000000788880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f7dbd4d5b082c72021-12-20 16:05:57.426root 11241100x8000000000000000788881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9187cca14d8a852021-12-20 16:05:57.427root 11241100x8000000000000000788882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226e1df04eabe14c2021-12-20 16:05:57.427root 11241100x8000000000000000788883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ac7b2a8d068b402021-12-20 16:05:57.428root 11241100x8000000000000000788884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe925668339f64692021-12-20 16:05:57.428root 11241100x8000000000000000788885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec73e09f7f502542021-12-20 16:05:57.924root 11241100x8000000000000000788886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2688b61584ae43db2021-12-20 16:05:57.926root 11241100x8000000000000000788887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f990891886420a32021-12-20 16:05:57.926root 11241100x8000000000000000788888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9788c6b4f062f5562021-12-20 16:05:57.927root 11241100x8000000000000000788889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4350089bf5551efe2021-12-20 16:05:57.927root 11241100x8000000000000000788890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d4fadd1c025cfc2021-12-20 16:05:57.928root 11241100x8000000000000000788891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7589a7a79e7221002021-12-20 16:05:57.929root 11241100x8000000000000000788892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b48f053b6a729b62021-12-20 16:05:57.929root 11241100x8000000000000000788893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7878fbe887af00612021-12-20 16:05:57.930root 11241100x8000000000000000788894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada0c5d99a571add2021-12-20 16:05:57.930root 11241100x8000000000000000788895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6861255a77d9222021-12-20 16:05:57.930root 11241100x8000000000000000788896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e70d5cb63070a6f2021-12-20 16:05:57.931root 11241100x8000000000000000788897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:57.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27add9be1700aac62021-12-20 16:05:57.932root 11241100x8000000000000000788898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cee3e489770ae382021-12-20 16:05:58.424root 11241100x8000000000000000788899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2345457dbe0fc1362021-12-20 16:05:58.424root 11241100x8000000000000000788900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2ee6d2415df8322021-12-20 16:05:58.424root 11241100x8000000000000000788901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6b9d821c8c740f2021-12-20 16:05:58.424root 11241100x8000000000000000788902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f89c316e028ea522021-12-20 16:05:58.424root 11241100x8000000000000000788903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c44f44f7566c692021-12-20 16:05:58.424root 11241100x8000000000000000788904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed160bdb418e77f2021-12-20 16:05:58.425root 11241100x8000000000000000788905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d940315bfc829dfc2021-12-20 16:05:58.425root 11241100x8000000000000000788906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad4793c62786e682021-12-20 16:05:58.425root 11241100x8000000000000000788907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5be837a4350d2e2021-12-20 16:05:58.425root 11241100x8000000000000000788908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c49c808471db9c42021-12-20 16:05:58.425root 11241100x8000000000000000788909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f4c5d235e2b0eb2021-12-20 16:05:58.425root 11241100x8000000000000000788910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31236eb257359fb32021-12-20 16:05:58.425root 11241100x8000000000000000788911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7a137c420718632021-12-20 16:05:58.924root 11241100x8000000000000000788912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47eae9b7de38afaa2021-12-20 16:05:58.924root 11241100x8000000000000000788913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74a0b014eb5fa832021-12-20 16:05:58.924root 11241100x8000000000000000788914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6b4d20f54f4dc52021-12-20 16:05:58.924root 11241100x8000000000000000788915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5848f3f34a6617f2021-12-20 16:05:58.924root 11241100x8000000000000000788916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a028928e4ee66a0d2021-12-20 16:05:58.924root 11241100x8000000000000000788917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6904554a76ca2f2021-12-20 16:05:58.925root 11241100x8000000000000000788918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4162bd479cf86d562021-12-20 16:05:58.925root 11241100x8000000000000000788919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f7bb55fb7f122b2021-12-20 16:05:58.925root 11241100x8000000000000000788920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d165f112a43171332021-12-20 16:05:58.925root 11241100x8000000000000000788921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a5aa9b04459b8a2021-12-20 16:05:58.925root 11241100x8000000000000000788922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c46779e3ffa914d2021-12-20 16:05:58.925root 11241100x8000000000000000788923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371edc9b02ec3c892021-12-20 16:05:58.925root 11241100x8000000000000000788924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3bc5f47d1f26162021-12-20 16:05:59.424root 11241100x8000000000000000788925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a6bd592e4aa41b2021-12-20 16:05:59.424root 11241100x8000000000000000788926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18dc01b4ce513982021-12-20 16:05:59.424root 11241100x8000000000000000788927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80436cbab9eb05322021-12-20 16:05:59.424root 11241100x8000000000000000788928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6595c61d374eac9c2021-12-20 16:05:59.424root 11241100x8000000000000000788929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69678e154ea087212021-12-20 16:05:59.424root 11241100x8000000000000000788930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0dcc3bf1e788bc2021-12-20 16:05:59.425root 11241100x8000000000000000788931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4297c1a6ef4eef02021-12-20 16:05:59.425root 11241100x8000000000000000788932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd89ec50d4ba21572021-12-20 16:05:59.425root 11241100x8000000000000000788933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5389aef8f23a5de32021-12-20 16:05:59.425root 11241100x8000000000000000788934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f86fb4e7b0b00ec2021-12-20 16:05:59.425root 11241100x8000000000000000788935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9efe820fff06432021-12-20 16:05:59.425root 11241100x8000000000000000788936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5678a8251ac42c2021-12-20 16:05:59.425root 11241100x8000000000000000788937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec0f83f646a63ad2021-12-20 16:05:59.924root 11241100x8000000000000000788938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91d3a45beb4baf22021-12-20 16:05:59.924root 11241100x8000000000000000788939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeacf3d8dd8fd15f2021-12-20 16:05:59.924root 11241100x8000000000000000788940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbdd5398f987e1d2021-12-20 16:05:59.924root 11241100x8000000000000000788941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c801a4c18a1492482021-12-20 16:05:59.924root 11241100x8000000000000000788942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30075642c0208a72021-12-20 16:05:59.924root 11241100x8000000000000000788943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0849633ad5ae61ec2021-12-20 16:05:59.925root 11241100x8000000000000000788944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b58c144db26fe22021-12-20 16:05:59.925root 11241100x8000000000000000788945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d41e4b04b35e8612021-12-20 16:05:59.925root 11241100x8000000000000000788946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c97c686463fd52d2021-12-20 16:05:59.925root 11241100x8000000000000000788947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562af68e3ca894682021-12-20 16:05:59.925root 11241100x8000000000000000788948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd3af203e80f4282021-12-20 16:05:59.925root 11241100x8000000000000000788949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:05:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158f1741b7b0452f2021-12-20 16:05:59.925root 11241100x8000000000000000788950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea64a8020a624e22021-12-20 16:06:00.424root 11241100x8000000000000000788951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88844443f423ef072021-12-20 16:06:00.424root 11241100x8000000000000000788952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1462c8b308555632021-12-20 16:06:00.424root 11241100x8000000000000000788953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9423101d4673cba2021-12-20 16:06:00.424root 11241100x8000000000000000788954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f44544290e9a8a2021-12-20 16:06:00.425root 11241100x8000000000000000788955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490464cf68e57dc82021-12-20 16:06:00.425root 11241100x8000000000000000788956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c21320cf9e960922021-12-20 16:06:00.425root 11241100x8000000000000000788957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf46ec06e20ee9c92021-12-20 16:06:00.425root 11241100x8000000000000000788958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2d58aac1b797b82021-12-20 16:06:00.425root 11241100x8000000000000000788959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2765a4dcb1d010d82021-12-20 16:06:00.425root 11241100x8000000000000000788960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd3d961b7a301ee2021-12-20 16:06:00.425root 11241100x8000000000000000788961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a17c2ec44b18e42021-12-20 16:06:00.425root 11241100x8000000000000000788962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2502ad8ac66ea2842021-12-20 16:06:00.425root 11241100x8000000000000000788963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876dd8706e5940492021-12-20 16:06:00.924root 11241100x8000000000000000788964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79c2a1f4e9037932021-12-20 16:06:00.924root 11241100x8000000000000000788965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874fd44711d5303c2021-12-20 16:06:00.924root 11241100x8000000000000000788966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bb052c91f0defd2021-12-20 16:06:00.924root 11241100x8000000000000000788967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f937e8f8dce5f2172021-12-20 16:06:00.924root 11241100x8000000000000000788968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f918db577bc2972e2021-12-20 16:06:00.924root 11241100x8000000000000000788969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8064462ad50da902021-12-20 16:06:00.925root 11241100x8000000000000000788970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c5a45e3fa404ea2021-12-20 16:06:00.925root 11241100x8000000000000000788971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17e4cc55dad12802021-12-20 16:06:00.925root 11241100x8000000000000000788972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c0721d2a7c57842021-12-20 16:06:00.925root 11241100x8000000000000000788973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da0c55d41f9647d2021-12-20 16:06:00.925root 11241100x8000000000000000788974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080672f6ed0c90112021-12-20 16:06:00.925root 11241100x8000000000000000788975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513eef0b33569a3c2021-12-20 16:06:00.925root 11241100x8000000000000000788976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295616aa53e8a7742021-12-20 16:06:01.424root 11241100x8000000000000000788977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0055fb98ac0e7f2021-12-20 16:06:01.424root 11241100x8000000000000000788978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388a03695e7f7d6c2021-12-20 16:06:01.424root 11241100x8000000000000000788979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6b9e8eda66b1382021-12-20 16:06:01.424root 11241100x8000000000000000788980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edfb4164f95990d2021-12-20 16:06:01.424root 11241100x8000000000000000788981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44419b735f0c12072021-12-20 16:06:01.424root 11241100x8000000000000000788982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cce016c93721e7c2021-12-20 16:06:01.425root 11241100x8000000000000000788983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0654c01e14119a2021-12-20 16:06:01.425root 11241100x8000000000000000788984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417e32b45a8a6c692021-12-20 16:06:01.425root 11241100x8000000000000000788985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdc5f1480c2f0ae2021-12-20 16:06:01.425root 11241100x8000000000000000788986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5c27564766bffe2021-12-20 16:06:01.425root 11241100x8000000000000000788987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb9fb2c38eba5052021-12-20 16:06:01.425root 11241100x8000000000000000788988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb75d63165d739b2021-12-20 16:06:01.425root 11241100x8000000000000000788989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055ca9fff63075ea2021-12-20 16:06:01.924root 11241100x8000000000000000788990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d13cc55cdb72bc2021-12-20 16:06:01.924root 11241100x8000000000000000788991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b338466403116fb2021-12-20 16:06:01.924root 11241100x8000000000000000788992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8c5c3a2f77bd1c2021-12-20 16:06:01.924root 11241100x8000000000000000788993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bb631c1279e7052021-12-20 16:06:01.925root 11241100x8000000000000000788994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91657268406d3d42021-12-20 16:06:01.925root 11241100x8000000000000000788995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6071fb0a84779ab2021-12-20 16:06:01.925root 11241100x8000000000000000788996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5374af72ab568aab2021-12-20 16:06:01.925root 11241100x8000000000000000788997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5c06bc135772942021-12-20 16:06:01.925root 11241100x8000000000000000788998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea838c665e6f9fc12021-12-20 16:06:01.925root 11241100x8000000000000000788999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b5850a84ed45c12021-12-20 16:06:01.925root 11241100x8000000000000000789000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15941fd9aed668a32021-12-20 16:06:01.925root 11241100x8000000000000000789001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e780ac2b470389bd2021-12-20 16:06:01.925root 354300x8000000000000000789002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.164{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51630-false10.0.1.12-8000- 11241100x8000000000000000789003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7d4d1b771fd8752021-12-20 16:06:02.424root 11241100x8000000000000000789004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f54219972aa2142021-12-20 16:06:02.424root 11241100x8000000000000000789005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b8ab1a74a88ee02021-12-20 16:06:02.424root 11241100x8000000000000000789006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71d3ce0b92d8d862021-12-20 16:06:02.424root 11241100x8000000000000000789007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198ea0cd587b08712021-12-20 16:06:02.424root 11241100x8000000000000000789008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd5b8b27f7f2b4d2021-12-20 16:06:02.425root 11241100x8000000000000000789009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec39811a120973402021-12-20 16:06:02.425root 11241100x8000000000000000789010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdbc6a88fd3b2d52021-12-20 16:06:02.425root 11241100x8000000000000000789011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f5566ebb8104d72021-12-20 16:06:02.425root 11241100x8000000000000000789012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423cc885103476852021-12-20 16:06:02.425root 11241100x8000000000000000789013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15d45914edf57332021-12-20 16:06:02.425root 11241100x8000000000000000789014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0938ea0984e7492d2021-12-20 16:06:02.425root 11241100x8000000000000000789015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37bce3d3a158aa52021-12-20 16:06:02.425root 11241100x8000000000000000789016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287328e29c61a2692021-12-20 16:06:02.425root 11241100x8000000000000000789017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b697977daa27f71d2021-12-20 16:06:02.924root 11241100x8000000000000000789018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d06891174b58022021-12-20 16:06:02.924root 11241100x8000000000000000789019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc935e0acf8d83202021-12-20 16:06:02.924root 11241100x8000000000000000789020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0b505c289eb0e22021-12-20 16:06:02.924root 11241100x8000000000000000789021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d92dab56a16c532021-12-20 16:06:02.925root 11241100x8000000000000000789022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79df3ee062f77c0a2021-12-20 16:06:02.925root 11241100x8000000000000000789023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58948fa88731fae2021-12-20 16:06:02.925root 11241100x8000000000000000789024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d463afc7eeab46f2021-12-20 16:06:02.925root 11241100x8000000000000000789025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821c5e4464f278aa2021-12-20 16:06:02.925root 11241100x8000000000000000789026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611855fb53577c042021-12-20 16:06:02.925root 11241100x8000000000000000789027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c36dd3078bc59b2021-12-20 16:06:02.925root 11241100x8000000000000000789028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87796f81c9bb21b2021-12-20 16:06:02.925root 11241100x8000000000000000789029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c38b8af5880e44e2021-12-20 16:06:02.925root 11241100x8000000000000000789030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:02.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16168dcd75cbcd792021-12-20 16:06:02.925root 11241100x8000000000000000789031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896a37da800077642021-12-20 16:06:03.424root 11241100x8000000000000000789032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b8eccb4c15e8bf2021-12-20 16:06:03.425root 11241100x8000000000000000789033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbbd9b06b432bc52021-12-20 16:06:03.425root 11241100x8000000000000000789034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a73ab3f5623ae6d2021-12-20 16:06:03.425root 11241100x8000000000000000789035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134968e1d87db2492021-12-20 16:06:03.425root 11241100x8000000000000000789036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172f2700d64d00222021-12-20 16:06:03.425root 11241100x8000000000000000789037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6f79b4e1417c102021-12-20 16:06:03.425root 11241100x8000000000000000789038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2b8b7020a7b5c62021-12-20 16:06:03.425root 11241100x8000000000000000789039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f8c17e5ddf6b6d2021-12-20 16:06:03.425root 11241100x8000000000000000789040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6542bd78a72e252021-12-20 16:06:03.425root 11241100x8000000000000000789041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154f9b38e441de1a2021-12-20 16:06:03.425root 11241100x8000000000000000789042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca5505a4ba4ac172021-12-20 16:06:03.425root 11241100x8000000000000000789043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e68d6d13403b2f52021-12-20 16:06:03.425root 11241100x8000000000000000789044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635703f8dcad971c2021-12-20 16:06:03.425root 11241100x8000000000000000789045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141956e133e1c1ab2021-12-20 16:06:03.924root 11241100x8000000000000000789046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95785873df12ccb22021-12-20 16:06:03.924root 11241100x8000000000000000789047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64978f7afeafa1992021-12-20 16:06:03.924root 11241100x8000000000000000789048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf1d0da4a2216782021-12-20 16:06:03.924root 11241100x8000000000000000789049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79eb1a956a1b8d612021-12-20 16:06:03.925root 11241100x8000000000000000789050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6533f1859dddb22021-12-20 16:06:03.925root 11241100x8000000000000000789051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848a16e496782b2f2021-12-20 16:06:03.925root 11241100x8000000000000000789052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a09b068420bdf92021-12-20 16:06:03.925root 11241100x8000000000000000789053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f20f6d22918e312021-12-20 16:06:03.925root 11241100x8000000000000000789054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f22b8e5d7d1f1ba2021-12-20 16:06:03.925root 11241100x8000000000000000789055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5947ea2c43df098c2021-12-20 16:06:03.925root 11241100x8000000000000000789056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f19a14619b95252021-12-20 16:06:03.925root 11241100x8000000000000000789057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f07e70f28d6ed92021-12-20 16:06:03.925root 11241100x8000000000000000789058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26f7b8ea867975b2021-12-20 16:06:03.925root 11241100x8000000000000000789059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a309608bc49a722021-12-20 16:06:04.424root 11241100x8000000000000000789060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7d419f4d6d98a82021-12-20 16:06:04.425root 11241100x8000000000000000789061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bc8306567ad6bb2021-12-20 16:06:04.425root 11241100x8000000000000000789062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446c5dbad89fc1762021-12-20 16:06:04.425root 11241100x8000000000000000789063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27776f1e9934f2c52021-12-20 16:06:04.425root 11241100x8000000000000000789064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14072ef19ec05f02021-12-20 16:06:04.426root 11241100x8000000000000000789065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a142535e6cf9bad2021-12-20 16:06:04.426root 11241100x8000000000000000789066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ee8510082c15bd2021-12-20 16:06:04.426root 11241100x8000000000000000789067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55638ba9179dfe42021-12-20 16:06:04.426root 11241100x8000000000000000789068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845006c8c83ea0a62021-12-20 16:06:04.427root 11241100x8000000000000000789069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a491dc615d4f8882021-12-20 16:06:04.427root 11241100x8000000000000000789070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3656402a9b00b752021-12-20 16:06:04.427root 11241100x8000000000000000789071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925e6b15aa1d874b2021-12-20 16:06:04.428root 11241100x8000000000000000789072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3633149d28a4682021-12-20 16:06:04.428root 11241100x8000000000000000789073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ca6119435e45ce2021-12-20 16:06:04.924root 11241100x8000000000000000789074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5651fae95f4e3df72021-12-20 16:06:04.924root 11241100x8000000000000000789075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5182ff285cce5232021-12-20 16:06:04.924root 11241100x8000000000000000789076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f4e968d7765eac2021-12-20 16:06:04.924root 11241100x8000000000000000789077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0843e446b0dbbe7a2021-12-20 16:06:04.924root 11241100x8000000000000000789078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ef7ddceb9e77902021-12-20 16:06:04.925root 11241100x8000000000000000789079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622cf93548c3f1bd2021-12-20 16:06:04.925root 11241100x8000000000000000789080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace2a5a3e6d67df42021-12-20 16:06:04.925root 11241100x8000000000000000789081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa8c2beec8e1d072021-12-20 16:06:04.925root 11241100x8000000000000000789082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1228fe0b27c5cb5c2021-12-20 16:06:04.925root 11241100x8000000000000000789083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d715c429ca39bf492021-12-20 16:06:04.925root 11241100x8000000000000000789084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351e478c13139ace2021-12-20 16:06:04.925root 11241100x8000000000000000789085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fd783ba3cd5a622021-12-20 16:06:04.925root 11241100x8000000000000000789086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a424b5155ee6369c2021-12-20 16:06:04.925root 11241100x8000000000000000789087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb0b6b095e2589c2021-12-20 16:06:05.424root 11241100x8000000000000000789088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ce340a4b4ec4092021-12-20 16:06:05.424root 11241100x8000000000000000789089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177475d8cadf29162021-12-20 16:06:05.424root 11241100x8000000000000000789090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bd2b49f735c7a72021-12-20 16:06:05.424root 11241100x8000000000000000789091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca6873c32dd327a2021-12-20 16:06:05.424root 11241100x8000000000000000789092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cbf55f4f0e1a922021-12-20 16:06:05.424root 11241100x8000000000000000789093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9059794e0ca1d9d62021-12-20 16:06:05.425root 11241100x8000000000000000789094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df9274e91e069b92021-12-20 16:06:05.425root 11241100x8000000000000000789095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71122b18f21b56b02021-12-20 16:06:05.425root 11241100x8000000000000000789096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4026814266ca5b262021-12-20 16:06:05.425root 11241100x8000000000000000789097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9de43d016d5f112021-12-20 16:06:05.425root 11241100x8000000000000000789098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442c3f949c2703b42021-12-20 16:06:05.425root 11241100x8000000000000000789099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f649ae0e614b04682021-12-20 16:06:05.425root 11241100x8000000000000000789100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc068824777a7c22021-12-20 16:06:05.425root 11241100x8000000000000000789101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fb190c4a92af352021-12-20 16:06:05.924root 11241100x8000000000000000789102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79328d2ce44f63c72021-12-20 16:06:05.924root 11241100x8000000000000000789103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd158b6de479d742021-12-20 16:06:05.924root 11241100x8000000000000000789104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bef2d9e47d28602021-12-20 16:06:05.924root 11241100x8000000000000000789105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13a13fb32c574c02021-12-20 16:06:05.924root 11241100x8000000000000000789106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9bec3061e170ba2021-12-20 16:06:05.925root 11241100x8000000000000000789107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2774e98fda2b65552021-12-20 16:06:05.925root 11241100x8000000000000000789108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4da16a5bd5512842021-12-20 16:06:05.925root 11241100x8000000000000000789109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abe0c320d88be352021-12-20 16:06:05.925root 11241100x8000000000000000789110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92377628698d632e2021-12-20 16:06:05.925root 11241100x8000000000000000789111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729290ed2a1179302021-12-20 16:06:05.925root 11241100x8000000000000000789112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301334794da9e07b2021-12-20 16:06:05.925root 11241100x8000000000000000789113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430b43a7f23f14db2021-12-20 16:06:05.925root 11241100x8000000000000000789114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dca298bb1e396f32021-12-20 16:06:05.925root 11241100x8000000000000000789115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.066{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:06:06.066root 11241100x8000000000000000789116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4eab64232bfc6442021-12-20 16:06:06.424root 11241100x8000000000000000789117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d1b5f001d847a42021-12-20 16:06:06.424root 11241100x8000000000000000789118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb30aaf0071f98c62021-12-20 16:06:06.424root 11241100x8000000000000000789119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61004ee3166e58522021-12-20 16:06:06.424root 11241100x8000000000000000789120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25242bc57c8415d22021-12-20 16:06:06.425root 11241100x8000000000000000789121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c425ff825c2790dd2021-12-20 16:06:06.425root 11241100x8000000000000000789122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce43bcd2b94c41ae2021-12-20 16:06:06.425root 11241100x8000000000000000789123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2041b081a4114f3a2021-12-20 16:06:06.425root 11241100x8000000000000000789124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e30e9bb4299f9f2021-12-20 16:06:06.425root 11241100x8000000000000000789125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcd96057e3371102021-12-20 16:06:06.425root 11241100x8000000000000000789126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96083f14b8904a2f2021-12-20 16:06:06.425root 11241100x8000000000000000789127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e9b9d7091751892021-12-20 16:06:06.425root 11241100x8000000000000000789128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31494b51a39862232021-12-20 16:06:06.425root 11241100x8000000000000000789129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2666d98bc14e812021-12-20 16:06:06.425root 11241100x8000000000000000789130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d5dcf40f7983962021-12-20 16:06:06.425root 11241100x8000000000000000789131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786fda9effba1be72021-12-20 16:06:06.924root 11241100x8000000000000000789132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5f73a29b23c2c72021-12-20 16:06:06.924root 11241100x8000000000000000789133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd24f9485d39d2f62021-12-20 16:06:06.924root 11241100x8000000000000000789134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252ada55e94ebae62021-12-20 16:06:06.925root 11241100x8000000000000000789135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660300fbaef533fe2021-12-20 16:06:06.925root 11241100x8000000000000000789136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdba71eb0491213d2021-12-20 16:06:06.925root 11241100x8000000000000000789137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f85e883df5f3fae2021-12-20 16:06:06.925root 11241100x8000000000000000789138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2f75f62bfe88762021-12-20 16:06:06.925root 11241100x8000000000000000789139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dcb8d08488cfa32021-12-20 16:06:06.925root 11241100x8000000000000000789140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47441c3b48e7689d2021-12-20 16:06:06.925root 11241100x8000000000000000789141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c47c2db7994b43e2021-12-20 16:06:06.925root 11241100x8000000000000000789142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595b6a247c89e59a2021-12-20 16:06:06.925root 11241100x8000000000000000789143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b78db4a17ec20b2021-12-20 16:06:06.925root 11241100x8000000000000000789144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb20daddd9e00442021-12-20 16:06:06.925root 11241100x8000000000000000789145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c05ff9d62b7ae722021-12-20 16:06:06.925root 11241100x8000000000000000789146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83907f3fd68d49b42021-12-20 16:06:07.424root 11241100x8000000000000000789147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6237778579da3f7d2021-12-20 16:06:07.424root 11241100x8000000000000000789148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5968937eb071495c2021-12-20 16:06:07.424root 11241100x8000000000000000789149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd47b6f79f9f6fd2021-12-20 16:06:07.424root 11241100x8000000000000000789150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a6e0e7221c03dd2021-12-20 16:06:07.425root 11241100x8000000000000000789151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2757cb1eb256fb9a2021-12-20 16:06:07.425root 11241100x8000000000000000789152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b05546028aefbe2021-12-20 16:06:07.425root 11241100x8000000000000000789153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ae931ce1ba66682021-12-20 16:06:07.425root 11241100x8000000000000000789154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977f3df8be12ae4f2021-12-20 16:06:07.425root 11241100x8000000000000000789155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715e7dc4e82426a82021-12-20 16:06:07.425root 11241100x8000000000000000789156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8724adbc0506ab2021-12-20 16:06:07.425root 11241100x8000000000000000789157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3620aea16cfd88702021-12-20 16:06:07.425root 11241100x8000000000000000789158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cb998a7cb3a3652021-12-20 16:06:07.425root 11241100x8000000000000000789159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e27317a7252c11e2021-12-20 16:06:07.425root 11241100x8000000000000000789160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bf46c32c285b3a2021-12-20 16:06:07.425root 11241100x8000000000000000789161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07392d1d17db12ad2021-12-20 16:06:07.924root 11241100x8000000000000000789162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40aac8d36e151e9a2021-12-20 16:06:07.924root 11241100x8000000000000000789163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edca3c6c22a1229c2021-12-20 16:06:07.924root 11241100x8000000000000000789164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc08cf0da21bfe9e2021-12-20 16:06:07.924root 11241100x8000000000000000789165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c100c338bdb629962021-12-20 16:06:07.925root 11241100x8000000000000000789166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c61b28c6385304b2021-12-20 16:06:07.925root 11241100x8000000000000000789167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4879c7e98987ede32021-12-20 16:06:07.925root 11241100x8000000000000000789168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe871e91bc9a128d2021-12-20 16:06:07.925root 11241100x8000000000000000789169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bc884dd922c0342021-12-20 16:06:07.925root 11241100x8000000000000000789170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f9dc717005aa1d2021-12-20 16:06:07.925root 11241100x8000000000000000789171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6ba9f18c3bfb852021-12-20 16:06:07.925root 11241100x8000000000000000789172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da60dea3af853102021-12-20 16:06:07.925root 11241100x8000000000000000789173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d4d8018acd60392021-12-20 16:06:07.925root 11241100x8000000000000000789174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24407ec4328888742021-12-20 16:06:07.925root 11241100x8000000000000000789175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd8e9b03a16c0532021-12-20 16:06:07.925root 354300x8000000000000000789176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.162{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51632-false10.0.1.12-8000- 11241100x8000000000000000789177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3a359cb08ec2212021-12-20 16:06:08.424root 11241100x8000000000000000789178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfffd8dc54c01ac2021-12-20 16:06:08.424root 11241100x8000000000000000789179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6d82173a1b98fc2021-12-20 16:06:08.424root 11241100x8000000000000000789180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77689586fccf7cbe2021-12-20 16:06:08.425root 11241100x8000000000000000789181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91eacdfb0c727f92021-12-20 16:06:08.425root 11241100x8000000000000000789182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd68ebb715c5b1362021-12-20 16:06:08.425root 11241100x8000000000000000789183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d207ceedb0dadb102021-12-20 16:06:08.425root 11241100x8000000000000000789184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8c084fcbe627972021-12-20 16:06:08.425root 11241100x8000000000000000789185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27963ce02fc173032021-12-20 16:06:08.425root 11241100x8000000000000000789186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a871b149d5f9502021-12-20 16:06:08.425root 11241100x8000000000000000789187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21b06e5cb33d2ca2021-12-20 16:06:08.425root 11241100x8000000000000000789188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4675b646e1d6f3182021-12-20 16:06:08.425root 11241100x8000000000000000789189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1496c18befd844d52021-12-20 16:06:08.425root 11241100x8000000000000000789190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4ce2206e303c952021-12-20 16:06:08.425root 11241100x8000000000000000789191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52444edb447d5762021-12-20 16:06:08.425root 11241100x8000000000000000789192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c5446db1ccfcfc2021-12-20 16:06:08.425root 11241100x8000000000000000789193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6006ebfd1a5ea3422021-12-20 16:06:08.924root 11241100x8000000000000000789194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06f6b16d8f7b5f32021-12-20 16:06:08.924root 11241100x8000000000000000789195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508f5b76fd070ce12021-12-20 16:06:08.924root 11241100x8000000000000000789196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cb57d2f84fe4572021-12-20 16:06:08.924root 11241100x8000000000000000789197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0fbf3a8667cd332021-12-20 16:06:08.925root 11241100x8000000000000000789198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98f657374bf201b2021-12-20 16:06:08.925root 11241100x8000000000000000789199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedb8992204246602021-12-20 16:06:08.925root 11241100x8000000000000000789200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba09e07b343d8de92021-12-20 16:06:08.925root 11241100x8000000000000000789201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a95b51522326712021-12-20 16:06:08.925root 11241100x8000000000000000789202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a57e06d71113e592021-12-20 16:06:08.925root 11241100x8000000000000000789203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e617767a465d0c2021-12-20 16:06:08.925root 11241100x8000000000000000789204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527f7345a330c1cd2021-12-20 16:06:08.925root 11241100x8000000000000000789205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3cd3646f0d68cd2021-12-20 16:06:08.925root 11241100x8000000000000000789206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b978dede6986ff2021-12-20 16:06:08.925root 11241100x8000000000000000789207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bbc2cec279dc542021-12-20 16:06:08.925root 11241100x8000000000000000789208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e4078b4f57ea352021-12-20 16:06:08.925root 23542300x8000000000000000789209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.068{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000789210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4eb88749fe2f462021-12-20 16:06:09.424root 11241100x8000000000000000789211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9315dfdbe957362021-12-20 16:06:09.424root 11241100x8000000000000000789212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f358ac0527964fb2021-12-20 16:06:09.424root 11241100x8000000000000000789213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f317bf33c7228a42021-12-20 16:06:09.424root 11241100x8000000000000000789214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a934b64458552f42021-12-20 16:06:09.425root 11241100x8000000000000000789215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9b698c4317601e2021-12-20 16:06:09.425root 11241100x8000000000000000789216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d70f116eb84c9da2021-12-20 16:06:09.425root 11241100x8000000000000000789217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee73aef9478ad9f2021-12-20 16:06:09.425root 11241100x8000000000000000789218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9a9e4579ab97982021-12-20 16:06:09.425root 11241100x8000000000000000789219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b520dda9d1a9ea2021-12-20 16:06:09.425root 11241100x8000000000000000789220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce999604e5a14c92021-12-20 16:06:09.425root 11241100x8000000000000000789221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc192d6425af12d2021-12-20 16:06:09.425root 11241100x8000000000000000789222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06b73d940c064bd2021-12-20 16:06:09.425root 11241100x8000000000000000789223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7846e9570819df4c2021-12-20 16:06:09.425root 11241100x8000000000000000789224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf1e9b22174e5232021-12-20 16:06:09.425root 11241100x8000000000000000789225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b522f4493d78862021-12-20 16:06:09.425root 11241100x8000000000000000789226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358b1e4757afe8462021-12-20 16:06:09.425root 11241100x8000000000000000789227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b76185af6ce65682021-12-20 16:06:09.924root 11241100x8000000000000000789228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b79bf967622bf42021-12-20 16:06:09.924root 11241100x8000000000000000789229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a227c8a7a75fee212021-12-20 16:06:09.924root 11241100x8000000000000000789230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea0f5369f8496a72021-12-20 16:06:09.925root 11241100x8000000000000000789231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bd25c1026ec1a02021-12-20 16:06:09.925root 11241100x8000000000000000789232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8d684441ae57a62021-12-20 16:06:09.925root 11241100x8000000000000000789233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84687e7c6a96e17a2021-12-20 16:06:09.925root 11241100x8000000000000000789234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcf1ac36436d5082021-12-20 16:06:09.925root 11241100x8000000000000000789235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d1e1702188c5ba2021-12-20 16:06:09.925root 11241100x8000000000000000789236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcb63153dafe7c22021-12-20 16:06:09.925root 11241100x8000000000000000789237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca4fd0b972300012021-12-20 16:06:09.925root 11241100x8000000000000000789238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e9d36adb07dce92021-12-20 16:06:09.925root 11241100x8000000000000000789239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa6a4a6559ebf7c2021-12-20 16:06:09.925root 11241100x8000000000000000789240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2406d9c837736f22021-12-20 16:06:09.925root 11241100x8000000000000000789241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccba00738df29ffc2021-12-20 16:06:09.925root 11241100x8000000000000000789242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bd0af3e4ec4b412021-12-20 16:06:09.926root 11241100x8000000000000000789243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063a14657c83d0e52021-12-20 16:06:09.926root 11241100x8000000000000000789244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ce93999af3727c2021-12-20 16:06:10.424root 11241100x8000000000000000789245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588f27a6f7037c8d2021-12-20 16:06:10.424root 11241100x8000000000000000789246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb311eff9439d4132021-12-20 16:06:10.424root 11241100x8000000000000000789247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8afa1ca5ac2c4622021-12-20 16:06:10.424root 11241100x8000000000000000789248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67465045a478ca3c2021-12-20 16:06:10.425root 11241100x8000000000000000789249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a975c61ef44df952021-12-20 16:06:10.425root 11241100x8000000000000000789250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d19a3df6ab123ed2021-12-20 16:06:10.425root 11241100x8000000000000000789251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d55606b2251cdc2021-12-20 16:06:10.425root 11241100x8000000000000000789252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a77447af80b5bf2021-12-20 16:06:10.425root 11241100x8000000000000000789253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297bc2211381057f2021-12-20 16:06:10.425root 11241100x8000000000000000789254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0bcb42e78748752021-12-20 16:06:10.425root 11241100x8000000000000000789255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddc35337ff84cef2021-12-20 16:06:10.425root 11241100x8000000000000000789256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a440f3217686582021-12-20 16:06:10.425root 11241100x8000000000000000789257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0a68eab371ba322021-12-20 16:06:10.425root 11241100x8000000000000000789258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15446f05db63b1102021-12-20 16:06:10.425root 11241100x8000000000000000789259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbd9d615a73d22e2021-12-20 16:06:10.425root 11241100x8000000000000000789260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1574568fa46bbdf52021-12-20 16:06:10.425root 11241100x8000000000000000789261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334b3537a446e3cc2021-12-20 16:06:10.924root 11241100x8000000000000000789262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ced3ce99a6d62002021-12-20 16:06:10.924root 11241100x8000000000000000789263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233290f872bf9a312021-12-20 16:06:10.924root 11241100x8000000000000000789264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f621141aa2efc4f2021-12-20 16:06:10.924root 11241100x8000000000000000789265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac50afe58022c3e2021-12-20 16:06:10.925root 11241100x8000000000000000789266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbf24bfc53f3c692021-12-20 16:06:10.925root 11241100x8000000000000000789267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fd9eea0fd33eb52021-12-20 16:06:10.925root 11241100x8000000000000000789268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691ea57470f62f272021-12-20 16:06:10.925root 11241100x8000000000000000789269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ce8f5c0c36cad52021-12-20 16:06:10.925root 11241100x8000000000000000789270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93ee924b462d5e82021-12-20 16:06:10.925root 11241100x8000000000000000789271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5ead918ef849442021-12-20 16:06:10.925root 11241100x8000000000000000789272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d084291e8f6b0722021-12-20 16:06:10.925root 11241100x8000000000000000789273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8696872dcb3ee25d2021-12-20 16:06:10.925root 11241100x8000000000000000789274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ed411e4003e7b52021-12-20 16:06:10.925root 11241100x8000000000000000789275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad68ce0d83b1f3b52021-12-20 16:06:10.925root 11241100x8000000000000000789276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621f4a71bfa3f1be2021-12-20 16:06:10.925root 11241100x8000000000000000789277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ea9f79ab66c40f2021-12-20 16:06:10.925root 11241100x8000000000000000789278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa1f74d84ac6bc72021-12-20 16:06:11.424root 11241100x8000000000000000789279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c23bd299d383602021-12-20 16:06:11.424root 11241100x8000000000000000789280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b694d47017abe652021-12-20 16:06:11.424root 11241100x8000000000000000789281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6861bc776518c6052021-12-20 16:06:11.424root 11241100x8000000000000000789282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb262af9a170793a2021-12-20 16:06:11.425root 11241100x8000000000000000789283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d343590f20b5d32021-12-20 16:06:11.425root 11241100x8000000000000000789284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1eb9055d218fcf2021-12-20 16:06:11.425root 11241100x8000000000000000789285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94520b42a5e00002021-12-20 16:06:11.425root 11241100x8000000000000000789286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57c40c2966a8e5b2021-12-20 16:06:11.425root 11241100x8000000000000000789287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd95f0f35d1f6e12021-12-20 16:06:11.425root 11241100x8000000000000000789288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7716384b69bb76422021-12-20 16:06:11.425root 11241100x8000000000000000789289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d28c56b8e8c9b32021-12-20 16:06:11.425root 11241100x8000000000000000789290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce322b3d12951802021-12-20 16:06:11.425root 11241100x8000000000000000789291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fa91ddf4c5d3392021-12-20 16:06:11.425root 11241100x8000000000000000789292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0351e47bde33e72021-12-20 16:06:11.425root 11241100x8000000000000000789293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f32b70d60b71e6a2021-12-20 16:06:11.425root 11241100x8000000000000000789294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8551e5b862921f612021-12-20 16:06:11.425root 11241100x8000000000000000789295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c6a88ea6d67a462021-12-20 16:06:11.924root 11241100x8000000000000000789296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000d6536605cad9f2021-12-20 16:06:11.924root 11241100x8000000000000000789297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b865514880b42e152021-12-20 16:06:11.924root 11241100x8000000000000000789298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6da9cd20500c502021-12-20 16:06:11.924root 11241100x8000000000000000789299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46131d023ac2a6932021-12-20 16:06:11.925root 11241100x8000000000000000789300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b421461d9dcf34fe2021-12-20 16:06:11.925root 11241100x8000000000000000789301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131cf5d6ef39b2c62021-12-20 16:06:11.925root 11241100x8000000000000000789302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ea42011a9d24072021-12-20 16:06:11.925root 11241100x8000000000000000789303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8330ef28aaadcf2021-12-20 16:06:11.925root 11241100x8000000000000000789304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13ed2933a78c8952021-12-20 16:06:11.925root 11241100x8000000000000000789305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d6f7be982436af2021-12-20 16:06:11.925root 11241100x8000000000000000789306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbb85d3ff3c39262021-12-20 16:06:11.925root 11241100x8000000000000000789307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8585e693cfdd552021-12-20 16:06:11.925root 11241100x8000000000000000789308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366f33dd0d7a37a32021-12-20 16:06:11.925root 11241100x8000000000000000789309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caceea8714589fc2021-12-20 16:06:11.925root 11241100x8000000000000000789310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299b54d715306eed2021-12-20 16:06:11.925root 11241100x8000000000000000789311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68bf0f9dd7b23852021-12-20 16:06:11.925root 11241100x8000000000000000789312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f17b0adbb13bbdd2021-12-20 16:06:12.424root 11241100x8000000000000000789313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac1d34d4c730ae22021-12-20 16:06:12.424root 11241100x8000000000000000789314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfa037ea319f4322021-12-20 16:06:12.425root 11241100x8000000000000000789315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f9bba5a476d7582021-12-20 16:06:12.425root 11241100x8000000000000000789316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f163459ded17205a2021-12-20 16:06:12.425root 11241100x8000000000000000789317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d741791ef6184a1a2021-12-20 16:06:12.425root 11241100x8000000000000000789318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f035ac9c55ee42a2021-12-20 16:06:12.425root 11241100x8000000000000000789319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d486a2c6b6182ac92021-12-20 16:06:12.425root 11241100x8000000000000000789320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5edb48cbf147822021-12-20 16:06:12.425root 11241100x8000000000000000789321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4497c3d6d5e58c812021-12-20 16:06:12.425root 11241100x8000000000000000789322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6f5d113699b56a2021-12-20 16:06:12.425root 11241100x8000000000000000789323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b6c849447e66a12021-12-20 16:06:12.425root 11241100x8000000000000000789324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736b70a807c8a7042021-12-20 16:06:12.425root 11241100x8000000000000000789325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86fb4760c4573612021-12-20 16:06:12.425root 11241100x8000000000000000789326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5648fe24a4732d72021-12-20 16:06:12.425root 11241100x8000000000000000789327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0628a692722a8ae52021-12-20 16:06:12.425root 11241100x8000000000000000789328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcdd5f64b87e23e2021-12-20 16:06:12.426root 11241100x8000000000000000789329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ba4e6ec38de48b2021-12-20 16:06:12.924root 11241100x8000000000000000789330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0764d784290d0672021-12-20 16:06:12.924root 11241100x8000000000000000789331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f3ba833cc9ac602021-12-20 16:06:12.924root 11241100x8000000000000000789332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59462bb6c192ed5c2021-12-20 16:06:12.924root 11241100x8000000000000000789333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cfa9fc723a51dc2021-12-20 16:06:12.925root 11241100x8000000000000000789334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca29ca33a80f145e2021-12-20 16:06:12.925root 11241100x8000000000000000789335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4680f545e4ea40242021-12-20 16:06:12.925root 11241100x8000000000000000789336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbf27dcb9509bed2021-12-20 16:06:12.925root 11241100x8000000000000000789337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d787d39053a2ad2021-12-20 16:06:12.925root 11241100x8000000000000000789338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bd785dba3a35ae2021-12-20 16:06:12.925root 11241100x8000000000000000789339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07149f98253d78462021-12-20 16:06:12.925root 11241100x8000000000000000789340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2666f5c97b383102021-12-20 16:06:12.925root 11241100x8000000000000000789341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d686b93c5ce8d50b2021-12-20 16:06:12.925root 11241100x8000000000000000789342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e597e0d0deec8682021-12-20 16:06:12.925root 11241100x8000000000000000789343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb8bf2c72fd7ed52021-12-20 16:06:12.925root 11241100x8000000000000000789344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d56abaad865e542021-12-20 16:06:12.925root 11241100x8000000000000000789345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48020b9fec554d202021-12-20 16:06:12.925root 354300x8000000000000000789346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.170{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51634-false10.0.1.12-8000- 11241100x8000000000000000789347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf4443ef78bc0f12021-12-20 16:06:13.424root 11241100x8000000000000000789348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048379e04d4ac6932021-12-20 16:06:13.424root 11241100x8000000000000000789349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff422f7130b2ba8e2021-12-20 16:06:13.424root 11241100x8000000000000000789350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f6b953635985ee2021-12-20 16:06:13.424root 11241100x8000000000000000789351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3acbff7b60a229b2021-12-20 16:06:13.425root 11241100x8000000000000000789352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035f1ed2e391279f2021-12-20 16:06:13.425root 11241100x8000000000000000789353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed69935f8997018c2021-12-20 16:06:13.425root 11241100x8000000000000000789354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc7e18e937cc8e22021-12-20 16:06:13.425root 11241100x8000000000000000789355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b239a7ed6f2785cf2021-12-20 16:06:13.425root 11241100x8000000000000000789356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec194c2c9e95be82021-12-20 16:06:13.425root 11241100x8000000000000000789357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec96a5e838f1e692021-12-20 16:06:13.425root 11241100x8000000000000000789358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea83ff14d23f3682021-12-20 16:06:13.425root 11241100x8000000000000000789359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecd88844749a0622021-12-20 16:06:13.425root 11241100x8000000000000000789360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0301db2a4bb251812021-12-20 16:06:13.425root 11241100x8000000000000000789361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463362f3b7a5147c2021-12-20 16:06:13.425root 11241100x8000000000000000789362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f9d43c33a930f62021-12-20 16:06:13.425root 11241100x8000000000000000789363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5038ac0d84bc87bb2021-12-20 16:06:13.425root 11241100x8000000000000000789364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d23a83d5d77cf02021-12-20 16:06:13.425root 11241100x8000000000000000789365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126c4537540ebf082021-12-20 16:06:13.924root 11241100x8000000000000000789366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70af90ac202c1a02021-12-20 16:06:13.924root 11241100x8000000000000000789367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097bd15a86dfb6082021-12-20 16:06:13.925root 11241100x8000000000000000789368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066f448b56af9fd62021-12-20 16:06:13.925root 11241100x8000000000000000789369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad12e983b4fe7c3a2021-12-20 16:06:13.925root 11241100x8000000000000000789370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4d15f6284f75ea2021-12-20 16:06:13.925root 11241100x8000000000000000789371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4978fa41dadcfef32021-12-20 16:06:13.925root 11241100x8000000000000000789372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e80f0659374d322021-12-20 16:06:13.925root 11241100x8000000000000000789373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90303b9af4a78ef32021-12-20 16:06:13.925root 11241100x8000000000000000789374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643255a2619fb3602021-12-20 16:06:13.925root 11241100x8000000000000000789375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f97d2f2c50fbe22021-12-20 16:06:13.925root 11241100x8000000000000000789376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bda4a81d51b3142021-12-20 16:06:13.925root 11241100x8000000000000000789377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47445e06cadf59292021-12-20 16:06:13.926root 11241100x8000000000000000789378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949cab1ec7fb1dee2021-12-20 16:06:13.926root 11241100x8000000000000000789379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a8c04eeee02d7d2021-12-20 16:06:13.926root 11241100x8000000000000000789380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0eb4d1a913e972c2021-12-20 16:06:13.926root 11241100x8000000000000000789381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46d6b365afa42d22021-12-20 16:06:13.926root 11241100x8000000000000000789382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a002eba2f1b54ed2021-12-20 16:06:13.926root 11241100x8000000000000000789383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932ec489f7de4ae32021-12-20 16:06:14.424root 11241100x8000000000000000789384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1d39a4277a1b062021-12-20 16:06:14.424root 11241100x8000000000000000789385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d556f24193d95192021-12-20 16:06:14.424root 11241100x8000000000000000789386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bd1b49147578fe2021-12-20 16:06:14.425root 11241100x8000000000000000789387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e341fd3d722dd82021-12-20 16:06:14.425root 11241100x8000000000000000789388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c259254ebd25b9342021-12-20 16:06:14.425root 11241100x8000000000000000789389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d222a07826421312021-12-20 16:06:14.425root 11241100x8000000000000000789390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c258c791c8ecf12b2021-12-20 16:06:14.425root 11241100x8000000000000000789391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42403eb66cbae1e52021-12-20 16:06:14.425root 11241100x8000000000000000789392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e900fa40ad1a7792021-12-20 16:06:14.425root 11241100x8000000000000000789393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886416e0143dd5782021-12-20 16:06:14.425root 11241100x8000000000000000789394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c0995de92adcb52021-12-20 16:06:14.425root 11241100x8000000000000000789395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24efa7d354f5cbd32021-12-20 16:06:14.425root 11241100x8000000000000000789396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c381084297c70bba2021-12-20 16:06:14.426root 11241100x8000000000000000789397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3e2aaa6be9392e2021-12-20 16:06:14.426root 11241100x8000000000000000789398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4463e3e47d7f45612021-12-20 16:06:14.426root 11241100x8000000000000000789399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4eec9012d879cfd2021-12-20 16:06:14.426root 11241100x8000000000000000789400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69156833d57469de2021-12-20 16:06:14.426root 11241100x8000000000000000789401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e264469f728dffe2021-12-20 16:06:14.924root 11241100x8000000000000000789402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428a77f845e739d72021-12-20 16:06:14.924root 11241100x8000000000000000789403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45ae12e639c7e882021-12-20 16:06:14.924root 11241100x8000000000000000789404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f0c0c7ce696ab22021-12-20 16:06:14.925root 11241100x8000000000000000789405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc3ebb9bd7453232021-12-20 16:06:14.925root 11241100x8000000000000000789406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733faee549875b072021-12-20 16:06:14.925root 11241100x8000000000000000789407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d84f3a1b4c2163f2021-12-20 16:06:14.925root 11241100x8000000000000000789408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8e76d567d4fe8b2021-12-20 16:06:14.925root 11241100x8000000000000000789409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc155481622bfee72021-12-20 16:06:14.925root 11241100x8000000000000000789410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04be7a9afc02b30d2021-12-20 16:06:14.925root 11241100x8000000000000000789411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644e0b36eeae69822021-12-20 16:06:14.925root 11241100x8000000000000000789412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21624f30b3f389082021-12-20 16:06:14.925root 11241100x8000000000000000789413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9533de6e4ff77ef12021-12-20 16:06:14.925root 11241100x8000000000000000789414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5870547e44a2d7b2021-12-20 16:06:14.925root 11241100x8000000000000000789415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f96a8f77b84942c2021-12-20 16:06:14.926root 11241100x8000000000000000789416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ee1882f946757b2021-12-20 16:06:14.926root 11241100x8000000000000000789417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c35de29f9490cf2021-12-20 16:06:14.926root 11241100x8000000000000000789418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2137d54c0e0f12a12021-12-20 16:06:14.926root 11241100x8000000000000000789419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0839fd110b6d21402021-12-20 16:06:15.424root 11241100x8000000000000000789420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3281818fad0487c2021-12-20 16:06:15.425root 11241100x8000000000000000789421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240c10f5611a96772021-12-20 16:06:15.425root 11241100x8000000000000000789422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a888fcf4cc624eae2021-12-20 16:06:15.425root 11241100x8000000000000000789423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632956abff9b84a02021-12-20 16:06:15.425root 11241100x8000000000000000789424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a70edb2be41a4322021-12-20 16:06:15.425root 11241100x8000000000000000789425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57be8dbea2cf60b02021-12-20 16:06:15.425root 11241100x8000000000000000789426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462745c4ef3c5f932021-12-20 16:06:15.425root 11241100x8000000000000000789427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1398afbcd6df23a02021-12-20 16:06:15.425root 11241100x8000000000000000789428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e08a0b0a6a49402021-12-20 16:06:15.425root 11241100x8000000000000000789429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d14c1b7cf2bedda2021-12-20 16:06:15.426root 11241100x8000000000000000789430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6a499bf33456fc2021-12-20 16:06:15.426root 11241100x8000000000000000789431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c30765e58dc69952021-12-20 16:06:15.426root 11241100x8000000000000000789432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126b5dcab8a683e42021-12-20 16:06:15.426root 11241100x8000000000000000789433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba9c33cbb5555ed2021-12-20 16:06:15.426root 11241100x8000000000000000789434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa87dffab6965d402021-12-20 16:06:15.426root 11241100x8000000000000000789435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c44ebabac1139c2021-12-20 16:06:15.426root 11241100x8000000000000000789436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876030bee2759c3f2021-12-20 16:06:15.426root 11241100x8000000000000000789437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d409887b43a6ffbd2021-12-20 16:06:15.924root 11241100x8000000000000000789438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c7ec36cad543d72021-12-20 16:06:15.924root 11241100x8000000000000000789439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f1ceb67c5199bf2021-12-20 16:06:15.924root 11241100x8000000000000000789440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187e30b3a42e238b2021-12-20 16:06:15.924root 11241100x8000000000000000789441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0961c3c6fb0068f12021-12-20 16:06:15.925root 11241100x8000000000000000789442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756144df04d439932021-12-20 16:06:15.925root 11241100x8000000000000000789443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14ab0bc37edd7682021-12-20 16:06:15.925root 11241100x8000000000000000789444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4183c9c0afad052021-12-20 16:06:15.925root 11241100x8000000000000000789445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fb876931a231812021-12-20 16:06:15.925root 11241100x8000000000000000789446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bf92ecd0d939b82021-12-20 16:06:15.925root 11241100x8000000000000000789447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482939120a58bb5c2021-12-20 16:06:15.925root 11241100x8000000000000000789448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d150624bcf85c732021-12-20 16:06:15.925root 11241100x8000000000000000789449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ff329ab48d78ee2021-12-20 16:06:15.925root 11241100x8000000000000000789450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90e3c842c440fcc2021-12-20 16:06:15.925root 11241100x8000000000000000789451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789367821496af772021-12-20 16:06:15.926root 11241100x8000000000000000789452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e29a4041df183392021-12-20 16:06:15.926root 11241100x8000000000000000789453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac51e0686d1f14a2021-12-20 16:06:15.926root 11241100x8000000000000000789454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde4c00569f0626b2021-12-20 16:06:15.926root 11241100x8000000000000000789455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eea8e8ad38edb12021-12-20 16:06:16.424root 11241100x8000000000000000789456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6db82d4bca50c22021-12-20 16:06:16.425root 11241100x8000000000000000789457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecabce34b6fe63cb2021-12-20 16:06:16.425root 11241100x8000000000000000789458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefc9335a6b500622021-12-20 16:06:16.425root 11241100x8000000000000000789459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4d15d2bed9eccf2021-12-20 16:06:16.425root 11241100x8000000000000000789460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84817e26330aa70c2021-12-20 16:06:16.425root 11241100x8000000000000000789461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981320659568950d2021-12-20 16:06:16.425root 11241100x8000000000000000789462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218ba8eec3745b682021-12-20 16:06:16.426root 11241100x8000000000000000789463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f048c9bc441fb02021-12-20 16:06:16.426root 11241100x8000000000000000789464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe6898990a4726b2021-12-20 16:06:16.426root 11241100x8000000000000000789465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8cd01e035529112021-12-20 16:06:16.426root 11241100x8000000000000000789466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53148fcfcfdf03832021-12-20 16:06:16.426root 11241100x8000000000000000789467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a360d6a1c65a33ac2021-12-20 16:06:16.426root 11241100x8000000000000000789468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f4ad8db1a181972021-12-20 16:06:16.426root 11241100x8000000000000000789469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7301a0777b5a36072021-12-20 16:06:16.427root 11241100x8000000000000000789470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d93f7cac4febae92021-12-20 16:06:16.427root 11241100x8000000000000000789471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d3c34f067596592021-12-20 16:06:16.427root 11241100x8000000000000000789472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cf35dbc1b94ceb2021-12-20 16:06:16.427root 11241100x8000000000000000789473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddca095d1805fdd2021-12-20 16:06:16.924root 11241100x8000000000000000789474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ab27f6564952522021-12-20 16:06:16.924root 11241100x8000000000000000789475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1373c05ffc42cb2021-12-20 16:06:16.924root 11241100x8000000000000000789476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779db33ab11f19d82021-12-20 16:06:16.925root 11241100x8000000000000000789477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089e44641bdce6312021-12-20 16:06:16.925root 11241100x8000000000000000789478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03f5583c76186de2021-12-20 16:06:16.925root 11241100x8000000000000000789479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d26b1489e8cfade2021-12-20 16:06:16.925root 11241100x8000000000000000789480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b623363b4593bea92021-12-20 16:06:16.925root 11241100x8000000000000000789481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd7d5bc0671a0a32021-12-20 16:06:16.925root 11241100x8000000000000000789482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97288faddb548ff42021-12-20 16:06:16.925root 11241100x8000000000000000789483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a183b63baa76dcd62021-12-20 16:06:16.926root 11241100x8000000000000000789484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68aa602aecf172c12021-12-20 16:06:16.926root 11241100x8000000000000000789485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970c7a053dc907462021-12-20 16:06:16.926root 11241100x8000000000000000789486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d134e8d30c25571e2021-12-20 16:06:16.926root 11241100x8000000000000000789487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412e8b3cb4940f272021-12-20 16:06:16.926root 11241100x8000000000000000789488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b967c3705bff2292021-12-20 16:06:16.926root 11241100x8000000000000000789489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23439ed3caf81e52021-12-20 16:06:16.926root 11241100x8000000000000000789490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d264831c8df918d82021-12-20 16:06:16.926root 11241100x8000000000000000789491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67aac2c6fdbbdd792021-12-20 16:06:17.424root 11241100x8000000000000000789492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8470ff7e524afa2021-12-20 16:06:17.424root 11241100x8000000000000000789493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcaa77a81a4c72a82021-12-20 16:06:17.424root 11241100x8000000000000000789494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b50b8b4a021d8ae2021-12-20 16:06:17.424root 11241100x8000000000000000789495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14aea5d00d44411f2021-12-20 16:06:17.425root 11241100x8000000000000000789496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee7e23325443ba02021-12-20 16:06:17.425root 11241100x8000000000000000789497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291779e6fbebaeb52021-12-20 16:06:17.425root 11241100x8000000000000000789498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2901b7061abe023a2021-12-20 16:06:17.425root 11241100x8000000000000000789499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb787033533c56532021-12-20 16:06:17.425root 11241100x8000000000000000789500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e7002c691eb9772021-12-20 16:06:17.425root 11241100x8000000000000000789501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b60e1e650716d972021-12-20 16:06:17.425root 11241100x8000000000000000789502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73adee07776a708c2021-12-20 16:06:17.425root 11241100x8000000000000000789503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ca11d55c7a3a812021-12-20 16:06:17.425root 11241100x8000000000000000789504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3575775a6d83d9812021-12-20 16:06:17.425root 11241100x8000000000000000789505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7229d43cb1c01d2021-12-20 16:06:17.425root 11241100x8000000000000000789506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebe31a1248a14e22021-12-20 16:06:17.425root 11241100x8000000000000000789507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008671ffac5183b22021-12-20 16:06:17.425root 11241100x8000000000000000789508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e20d91077c4a9a2021-12-20 16:06:17.426root 11241100x8000000000000000789509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1413140bf80ba02021-12-20 16:06:17.924root 11241100x8000000000000000789510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b53728ba07d8772021-12-20 16:06:17.924root 11241100x8000000000000000789511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f165be6d82ca4352021-12-20 16:06:17.924root 11241100x8000000000000000789512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d2b10afc0b0b4a2021-12-20 16:06:17.924root 11241100x8000000000000000789513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792f30a7e3bdd77f2021-12-20 16:06:17.925root 11241100x8000000000000000789514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f5ab223ab406ec2021-12-20 16:06:17.925root 11241100x8000000000000000789515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4621ee32f3ae9dd02021-12-20 16:06:17.925root 11241100x8000000000000000789516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415eb80d19c88b592021-12-20 16:06:17.925root 11241100x8000000000000000789517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2daacda218ea822021-12-20 16:06:17.925root 11241100x8000000000000000789518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4863f453f4cffb42021-12-20 16:06:17.925root 11241100x8000000000000000789519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da86a1efa87fc9472021-12-20 16:06:17.925root 11241100x8000000000000000789520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2c32cb4e604a792021-12-20 16:06:17.925root 11241100x8000000000000000789521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da7a720cedf6e032021-12-20 16:06:17.925root 11241100x8000000000000000789522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a1690a3b4a043d2021-12-20 16:06:17.925root 11241100x8000000000000000789523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514036c5ebaeebd02021-12-20 16:06:17.925root 11241100x8000000000000000789524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e632b47d49e98b052021-12-20 16:06:17.925root 11241100x8000000000000000789525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94aac08495dbb2fa2021-12-20 16:06:17.925root 11241100x8000000000000000789526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6deb364ceb3f9302021-12-20 16:06:17.925root 354300x8000000000000000789527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.207{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51636-false10.0.1.12-8000- 11241100x8000000000000000789528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.208{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e045ba70dca97b2021-12-20 16:06:18.208root 11241100x8000000000000000789529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.208{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd31a828d1b36822021-12-20 16:06:18.208root 11241100x8000000000000000789530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.208{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426db54eade3f01a2021-12-20 16:06:18.208root 11241100x8000000000000000789531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.208{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c549854811fb952021-12-20 16:06:18.208root 11241100x8000000000000000789532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.209{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddef683f17e198392021-12-20 16:06:18.209root 11241100x8000000000000000789533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.209{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f8e092e4439c092021-12-20 16:06:18.209root 11241100x8000000000000000789534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.209{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b478eec0530bed1b2021-12-20 16:06:18.209root 11241100x8000000000000000789535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.209{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74bfedc678b97d92021-12-20 16:06:18.209root 11241100x8000000000000000789536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.210{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f404ceba5a0f9322021-12-20 16:06:18.210root 11241100x8000000000000000789537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.210{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbf1b6c14476c2a2021-12-20 16:06:18.210root 11241100x8000000000000000789538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.210{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5e3d7d130008e62021-12-20 16:06:18.210root 11241100x8000000000000000789539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.210{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9244581da1be6b2021-12-20 16:06:18.210root 11241100x8000000000000000789540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd78b09df69a50e2021-12-20 16:06:18.211root 11241100x8000000000000000789541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b442bad2e4260602021-12-20 16:06:18.211root 11241100x8000000000000000789542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1824a296cd8cefd12021-12-20 16:06:18.211root 11241100x8000000000000000789543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55d4623b2cb0cc22021-12-20 16:06:18.211root 11241100x8000000000000000789544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d884149deef7c6dc2021-12-20 16:06:18.211root 11241100x8000000000000000789545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5dbe40ad54e49c2021-12-20 16:06:18.211root 11241100x8000000000000000789546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e949eb54f114c2c52021-12-20 16:06:18.211root 11241100x8000000000000000789547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d34500fce3eb9bf2021-12-20 16:06:18.211root 11241100x8000000000000000789548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.211{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1536f51accb47e142021-12-20 16:06:18.211root 11241100x8000000000000000789549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfaaacf1e708d7692021-12-20 16:06:18.212root 11241100x8000000000000000789550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4c6816689b51152021-12-20 16:06:18.212root 11241100x8000000000000000789551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.212{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96ff09bdeea6daf2021-12-20 16:06:18.212root 11241100x8000000000000000789552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb582af926a801032021-12-20 16:06:18.674root 11241100x8000000000000000789553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f69e749c7644f72021-12-20 16:06:18.675root 11241100x8000000000000000789554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05e817374da7efe2021-12-20 16:06:18.675root 11241100x8000000000000000789555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baf4f6a7d7f23f62021-12-20 16:06:18.675root 11241100x8000000000000000789556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93f3294d2d1782a2021-12-20 16:06:18.675root 11241100x8000000000000000789557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a52708a7c2048f2021-12-20 16:06:18.676root 11241100x8000000000000000789558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a62af5d7335d522021-12-20 16:06:18.676root 11241100x8000000000000000789559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fd5a3c4d92a5ad2021-12-20 16:06:18.676root 11241100x8000000000000000789560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358f5d06b908dd2c2021-12-20 16:06:18.676root 11241100x8000000000000000789561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8e101c54e9d9bc2021-12-20 16:06:18.677root 11241100x8000000000000000789562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329045b10f59304f2021-12-20 16:06:18.677root 11241100x8000000000000000789563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d151181218a0a32021-12-20 16:06:18.677root 11241100x8000000000000000789564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef74e677bc6961c32021-12-20 16:06:18.677root 11241100x8000000000000000789565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca27b785de778862021-12-20 16:06:18.677root 11241100x8000000000000000789566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de9253006068d512021-12-20 16:06:18.677root 11241100x8000000000000000789567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf53723896d57cab2021-12-20 16:06:18.678root 11241100x8000000000000000789568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cf62a3b28d2cce2021-12-20 16:06:18.678root 11241100x8000000000000000789569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6120f3c6325f822021-12-20 16:06:18.678root 11241100x8000000000000000789570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:18.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abfbfb28a050aa42021-12-20 16:06:18.678root 11241100x8000000000000000789571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb49eee1da5bb67e2021-12-20 16:06:19.175root 11241100x8000000000000000789572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50978b95180e200c2021-12-20 16:06:19.175root 11241100x8000000000000000789573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58602265fda1c42a2021-12-20 16:06:19.175root 11241100x8000000000000000789574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cf9562362a76cb2021-12-20 16:06:19.175root 11241100x8000000000000000789575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280df65a90dbca312021-12-20 16:06:19.175root 11241100x8000000000000000789576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5a522f862729542021-12-20 16:06:19.175root 11241100x8000000000000000789577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eea5e7a230b1d042021-12-20 16:06:19.175root 11241100x8000000000000000789578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9381ea37df5d7382021-12-20 16:06:19.176root 11241100x8000000000000000789579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff602e8665af17892021-12-20 16:06:19.176root 11241100x8000000000000000789580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d6f74c320b7ba42021-12-20 16:06:19.176root 11241100x8000000000000000789581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54707da61561d7752021-12-20 16:06:19.177root 11241100x8000000000000000789582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55265b67ea992fa72021-12-20 16:06:19.177root 11241100x8000000000000000789583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17779b94cd479c62021-12-20 16:06:19.177root 11241100x8000000000000000789584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4103670bdf7dae252021-12-20 16:06:19.178root 11241100x8000000000000000789585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e07bc8c4ad2ee472021-12-20 16:06:19.179root 11241100x8000000000000000789586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe7200c4bf0de892021-12-20 16:06:19.179root 11241100x8000000000000000789587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859eb20bbefe0b052021-12-20 16:06:19.180root 11241100x8000000000000000789588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3bbbf597982f072021-12-20 16:06:19.180root 11241100x8000000000000000789589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e1ff06584068272021-12-20 16:06:19.181root 11241100x8000000000000000789590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a350ae64c82a3902021-12-20 16:06:19.674root 11241100x8000000000000000789591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eed56c39a3409a2021-12-20 16:06:19.675root 11241100x8000000000000000789592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39932414a35f21902021-12-20 16:06:19.675root 11241100x8000000000000000789593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8ecb34f2ae22032021-12-20 16:06:19.676root 11241100x8000000000000000789594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595f10b1de271da82021-12-20 16:06:19.676root 11241100x8000000000000000789595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f38498490862852021-12-20 16:06:19.676root 11241100x8000000000000000789596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048811f03e6fab212021-12-20 16:06:19.676root 11241100x8000000000000000789597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aee097d3fae18c82021-12-20 16:06:19.677root 11241100x8000000000000000789598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988b0e0341f921da2021-12-20 16:06:19.677root 11241100x8000000000000000789599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f013f16b90f9c6e2021-12-20 16:06:19.677root 11241100x8000000000000000789600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8886c58bfcc5282021-12-20 16:06:19.677root 11241100x8000000000000000789601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3e3d330036706d2021-12-20 16:06:19.677root 11241100x8000000000000000789602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a89b138458c85332021-12-20 16:06:19.677root 11241100x8000000000000000789603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a7a45b7bbe90802021-12-20 16:06:19.677root 11241100x8000000000000000789604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8259c04d59437b822021-12-20 16:06:19.678root 11241100x8000000000000000789605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54373423eada6d952021-12-20 16:06:19.678root 11241100x8000000000000000789606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8175a7efa2630d2021-12-20 16:06:19.678root 11241100x8000000000000000789607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdb02496986730f2021-12-20 16:06:19.678root 11241100x8000000000000000789608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:19.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7202cafa810110592021-12-20 16:06:19.678root 354300x8000000000000000789609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.107{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-46340-false10.0.1.12-8089- 11241100x8000000000000000789610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.108{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b62d2243b6b9d742021-12-20 16:06:20.108root 11241100x8000000000000000789611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.108{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44b92ca1bb5b0962021-12-20 16:06:20.108root 11241100x8000000000000000789612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.108{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ace3741dc94e3c2021-12-20 16:06:20.108root 11241100x8000000000000000789613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.108{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37f5cde0eef258c2021-12-20 16:06:20.108root 11241100x8000000000000000789614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89f327c446f57732021-12-20 16:06:20.109root 11241100x8000000000000000789615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910c48279277dbed2021-12-20 16:06:20.109root 11241100x8000000000000000789616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee518fd8fc6e092e2021-12-20 16:06:20.109root 11241100x8000000000000000789617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6028c53eeda4a0f2021-12-20 16:06:20.109root 11241100x8000000000000000789618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997b657f76785eed2021-12-20 16:06:20.109root 11241100x8000000000000000789619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23a1e926560c51a2021-12-20 16:06:20.109root 11241100x8000000000000000789620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1215f45b41573d0b2021-12-20 16:06:20.109root 11241100x8000000000000000789621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9872c459dbae5ee62021-12-20 16:06:20.109root 11241100x8000000000000000789622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785030502972c5d82021-12-20 16:06:20.109root 11241100x8000000000000000789623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64b9fb23671bb902021-12-20 16:06:20.109root 11241100x8000000000000000789624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8f8bf83d5b75ff2021-12-20 16:06:20.109root 11241100x8000000000000000789625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.109{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537d0055f5a46ee12021-12-20 16:06:20.109root 11241100x8000000000000000789626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5086833cae37b052021-12-20 16:06:20.110root 11241100x8000000000000000789627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57bb54e82431df72021-12-20 16:06:20.110root 11241100x8000000000000000789628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daeeab8fb8a39112021-12-20 16:06:20.110root 11241100x8000000000000000789629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628c35c30f9f8f182021-12-20 16:06:20.110root 11241100x8000000000000000789630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec48f271e16b63b62021-12-20 16:06:20.110root 11241100x8000000000000000789631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b581a9ce92e3892021-12-20 16:06:20.110root 11241100x8000000000000000789632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3985222369647bc2021-12-20 16:06:20.110root 11241100x8000000000000000789633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8dc061a1c1a2dc2021-12-20 16:06:20.110root 11241100x8000000000000000789634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d330904c4dbacfd02021-12-20 16:06:20.110root 11241100x8000000000000000789635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43358cf6c80288642021-12-20 16:06:20.110root 11241100x8000000000000000789636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b00ff69a2e61ad42021-12-20 16:06:20.110root 11241100x8000000000000000789637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.110{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55322a3cd5bb4672021-12-20 16:06:20.110root 11241100x8000000000000000789638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.111{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40d90f3227b573b2021-12-20 16:06:20.111root 11241100x8000000000000000789639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5258cc402dc406c12021-12-20 16:06:20.424root 11241100x8000000000000000789640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bbe387668a10f32021-12-20 16:06:20.424root 11241100x8000000000000000789641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78957fc814ccf462021-12-20 16:06:20.424root 11241100x8000000000000000789642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7b51d88522d1762021-12-20 16:06:20.425root 11241100x8000000000000000789643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec85319112ab9d22021-12-20 16:06:20.425root 11241100x8000000000000000789644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c1739d1b5bb0932021-12-20 16:06:20.425root 11241100x8000000000000000789645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee2397b4f08b0f82021-12-20 16:06:20.425root 11241100x8000000000000000789646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fbfe4b587e589e2021-12-20 16:06:20.425root 11241100x8000000000000000789647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9db16a530e7a9122021-12-20 16:06:20.425root 11241100x8000000000000000789648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd53861c9c266ba72021-12-20 16:06:20.425root 11241100x8000000000000000789649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b5435c7f4cc25f2021-12-20 16:06:20.425root 11241100x8000000000000000789650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508392347e0672d2021-12-20 16:06:20.425root 11241100x8000000000000000789651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaabbc3c8f0466d2021-12-20 16:06:20.425root 11241100x8000000000000000789652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731aebbd472c2da02021-12-20 16:06:20.425root 11241100x8000000000000000789653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef814582270b30c2021-12-20 16:06:20.426root 11241100x8000000000000000789654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277d4054f3b42e762021-12-20 16:06:20.426root 11241100x8000000000000000789655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b224d133f2d8037c2021-12-20 16:06:20.426root 11241100x8000000000000000789656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d451234b965587a2021-12-20 16:06:20.426root 11241100x8000000000000000789657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95e364df5e547ac2021-12-20 16:06:20.426root 11241100x8000000000000000789658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325db879fed172c02021-12-20 16:06:20.426root 154100x8000000000000000789659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.858{ec2c97d1-a9fc-61c0-082e-209316560000}10248/usr/bin/sudo-----sudo rm -rf /etc/profile.d/mal_boot.sh/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 11241100x8000000000000000789660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.860{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06add31883e4d8292021-12-20 16:06:20.860root 11241100x8000000000000000789661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.860{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01847c0fcea2e612021-12-20 16:06:20.860root 11241100x8000000000000000789662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.860{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3be572aca430d5b2021-12-20 16:06:20.860root 11241100x8000000000000000789663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.860{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210986e669e2a1172021-12-20 16:06:20.860root 11241100x8000000000000000789664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.860{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88071ab1347288002021-12-20 16:06:20.860root 11241100x8000000000000000789665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb5e0821612a8a72021-12-20 16:06:20.861root 11241100x8000000000000000789666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e55b5c2e1657842021-12-20 16:06:20.861root 11241100x8000000000000000789667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c448633b33974e322021-12-20 16:06:20.861root 11241100x8000000000000000789668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d459c21c4cbe9b2021-12-20 16:06:20.861root 11241100x8000000000000000789669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d53146f3b2afac2021-12-20 16:06:20.861root 11241100x8000000000000000789670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9706a3d5e320a2822021-12-20 16:06:20.861root 11241100x8000000000000000789671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ce2309d5d5ee422021-12-20 16:06:20.861root 11241100x8000000000000000789672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7301a2097de6e7fa2021-12-20 16:06:20.861root 11241100x8000000000000000789673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081bb2d52bc561ae2021-12-20 16:06:20.861root 11241100x8000000000000000789674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb31d1f296bb651b2021-12-20 16:06:20.861root 11241100x8000000000000000789675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5604340784e39cc32021-12-20 16:06:20.861root 11241100x8000000000000000789676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442e1fe25b900e512021-12-20 16:06:20.861root 11241100x8000000000000000789677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dea71a850c010bf2021-12-20 16:06:20.861root 11241100x8000000000000000789678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5f2de7b43a000e2021-12-20 16:06:20.861root 11241100x8000000000000000789679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c3b8013bc9a3782021-12-20 16:06:20.861root 11241100x8000000000000000789680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.861{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c1cabd615863bd2021-12-20 16:06:20.861root 354300x8000000000000000789681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.863{ec2c97d1-a9fc-61c0-082e-209316560000}10248/usr/bin/sudoubuntuudptruefalse127.0.0.1-58364-false127.0.0.53-53- 354300x8000000000000000789682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.863{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-56617-false10.0.0.2-53- 354300x8000000000000000789683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.863{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-40352-false10.0.0.2-53- 354300x8000000000000000789684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.864{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-58364- 354300x8000000000000000789685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.865{ec2c97d1-a9fc-61c0-082e-209316560000}10248/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-58364- 354300x8000000000000000789686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.865{ec2c97d1-a9fc-61c0-082e-209316560000}10248/usr/bin/sudoubuntuudptruefalse127.0.0.1-58190-false127.0.0.53-53- 354300x8000000000000000789687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.865{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-58190- 154100x8000000000000000789688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.868{ec2c97d1-a9fc-61c0-70b3-fdb31f560000}10249/bin/rm-----rm -rf /etc/profile.d/mal_boot.sh/home/ubunturoot{ec2c97d1-0000-0000-0000-000000000000}07no level-{ec2c97d1-a9fc-61c0-082e-209316560000}10248/usr/bin/sudosudoubuntu 23542300x8000000000000000789689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.869{ec2c97d1-a9fc-61c0-70b3-fdb31f560000}10249root/bin/rm/etc/profile.d/mal_boot.sh--- 534500x8000000000000000789690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.869{ec2c97d1-a9fc-61c0-70b3-fdb31f560000}10249/bin/rmroot 534500x8000000000000000789691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:20.870{ec2c97d1-a9fc-61c0-082e-209316560000}10248/usr/bin/sudoroot 11241100x8000000000000000789692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1eb2a72e3d2c5262021-12-20 16:06:21.175root 11241100x8000000000000000789693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edab74ea960213b32021-12-20 16:06:21.175root 11241100x8000000000000000789694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690c542ca68ef4712021-12-20 16:06:21.175root 11241100x8000000000000000789695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0d59021e58ddca2021-12-20 16:06:21.175root 11241100x8000000000000000789696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578eb34d0c8dcf942021-12-20 16:06:21.175root 11241100x8000000000000000789697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecff55ac02c3fbdb2021-12-20 16:06:21.175root 11241100x8000000000000000789698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8479d9c693827d02021-12-20 16:06:21.176root 11241100x8000000000000000789699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd06c03b883d59722021-12-20 16:06:21.176root 11241100x8000000000000000789700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0402e9588bbc552021-12-20 16:06:21.176root 11241100x8000000000000000789701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6a21bfbad7b0402021-12-20 16:06:21.176root 11241100x8000000000000000789702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e18261208dd42342021-12-20 16:06:21.176root 11241100x8000000000000000789703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34b2498370b486f2021-12-20 16:06:21.176root 11241100x8000000000000000789704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368dffbd97584bc62021-12-20 16:06:21.177root 11241100x8000000000000000789705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddae0f964b806a6e2021-12-20 16:06:21.177root 11241100x8000000000000000789706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bef16908c046f42021-12-20 16:06:21.177root 11241100x8000000000000000789707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830914e33fa8ebea2021-12-20 16:06:21.177root 11241100x8000000000000000789708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f56058fdb5960222021-12-20 16:06:21.177root 11241100x8000000000000000789709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ec436acb4dfabd2021-12-20 16:06:21.177root 11241100x8000000000000000789710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e1b2d501f8f63d2021-12-20 16:06:21.178root 11241100x8000000000000000789711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ee5078817423a12021-12-20 16:06:21.178root 11241100x8000000000000000789712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37cd533daed26642021-12-20 16:06:21.178root 11241100x8000000000000000789713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38518d6246652612021-12-20 16:06:21.178root 11241100x8000000000000000789714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbdbf499c8ead232021-12-20 16:06:21.178root 11241100x8000000000000000789715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d222b8a4691c79f22021-12-20 16:06:21.178root 11241100x8000000000000000789716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e0908eda43b82a2021-12-20 16:06:21.179root 11241100x8000000000000000789717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8136694739c3dc32021-12-20 16:06:21.179root 11241100x8000000000000000789718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5987ab7e82923de02021-12-20 16:06:21.179root 11241100x8000000000000000789719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c702fdcb39bbb52021-12-20 16:06:21.179root 11241100x8000000000000000789720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720a5939e5b819312021-12-20 16:06:21.179root 11241100x8000000000000000789721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1536a42446520d4a2021-12-20 16:06:21.179root 11241100x8000000000000000789722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fb45b7c495a6012021-12-20 16:06:21.180root 11241100x8000000000000000789723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.180{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168bde100262b6ae2021-12-20 16:06:21.180root 11241100x8000000000000000789724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167740ffe9e6f00c2021-12-20 16:06:21.675root 11241100x8000000000000000789725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19628a7a508da8102021-12-20 16:06:21.675root 11241100x8000000000000000789726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0515a18e3589028c2021-12-20 16:06:21.676root 11241100x8000000000000000789727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25dbee5b673f0432021-12-20 16:06:21.676root 11241100x8000000000000000789728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2018a5baac5c87cd2021-12-20 16:06:21.676root 11241100x8000000000000000789729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c658de9403f52ac72021-12-20 16:06:21.676root 11241100x8000000000000000789730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c16aced70bcc212021-12-20 16:06:21.677root 11241100x8000000000000000789731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe5a60c48c4ecac2021-12-20 16:06:21.677root 11241100x8000000000000000789732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09272f6545c994142021-12-20 16:06:21.677root 11241100x8000000000000000789733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac6f196716a5a152021-12-20 16:06:21.677root 11241100x8000000000000000789734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baf17574fab2e1c2021-12-20 16:06:21.678root 11241100x8000000000000000789735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cebcec59e6491a2021-12-20 16:06:21.678root 11241100x8000000000000000789736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726a1967f1e1fe632021-12-20 16:06:21.678root 11241100x8000000000000000789737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051f15a1d4761aa52021-12-20 16:06:21.679root 11241100x8000000000000000789738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1eed01434edd862021-12-20 16:06:21.679root 11241100x8000000000000000789739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d010c1fac63d0fc42021-12-20 16:06:21.679root 11241100x8000000000000000789740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.679{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39e861c87740a422021-12-20 16:06:21.679root 11241100x8000000000000000789741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfe64c02467c1302021-12-20 16:06:21.680root 11241100x8000000000000000789742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e6c0876a0b45df2021-12-20 16:06:21.680root 11241100x8000000000000000789743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.680{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ead76eb014ccd832021-12-20 16:06:21.680root 11241100x8000000000000000789744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5754fb8c0caddf502021-12-20 16:06:21.681root 11241100x8000000000000000789745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdf93c4b006474d2021-12-20 16:06:21.681root 11241100x8000000000000000789746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21290cda1e2dd152021-12-20 16:06:21.681root 11241100x8000000000000000789747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.681{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f655310356fe9d2021-12-20 16:06:21.681root 11241100x8000000000000000789748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325932787a356a4c2021-12-20 16:06:21.682root 11241100x8000000000000000789749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfe4785b0e7156d2021-12-20 16:06:21.682root 11241100x8000000000000000789750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9d8603f8006c4c2021-12-20 16:06:21.682root 11241100x8000000000000000789751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.682{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1cca5af5b5e0f12021-12-20 16:06:21.682root 11241100x8000000000000000789752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ed57ed0a3e00172021-12-20 16:06:21.683root 11241100x8000000000000000789753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69d99c61f7738582021-12-20 16:06:21.683root 11241100x8000000000000000789754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cae9884c693ae782021-12-20 16:06:21.683root 11241100x8000000000000000789755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:21.683{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0383d4c7b2a21c2c2021-12-20 16:06:21.683root 11241100x8000000000000000789756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683f9925c16d42d12021-12-20 16:06:22.175root 11241100x8000000000000000789757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9467126446bcf92021-12-20 16:06:22.175root 11241100x8000000000000000789758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1753f535ac43d95f2021-12-20 16:06:22.175root 11241100x8000000000000000789759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e17dd8d257a47f2021-12-20 16:06:22.175root 11241100x8000000000000000789760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef4458f9f4c105b2021-12-20 16:06:22.176root 11241100x8000000000000000789761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f48eba58f2abba82021-12-20 16:06:22.176root 11241100x8000000000000000789762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1622299292f7ba2021-12-20 16:06:22.176root 11241100x8000000000000000789763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc71adaf11262b462021-12-20 16:06:22.176root 11241100x8000000000000000789764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d6735cb11fff0b2021-12-20 16:06:22.176root 11241100x8000000000000000789765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e01a293967095892021-12-20 16:06:22.178root 11241100x8000000000000000789766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352e3a0b60159cf22021-12-20 16:06:22.178root 11241100x8000000000000000789767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9d1c05e722d6f92021-12-20 16:06:22.179root 11241100x8000000000000000789768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118014583f9f24412021-12-20 16:06:22.179root 11241100x8000000000000000789769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.179{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd052b89d33417132021-12-20 16:06:22.179root 11241100x8000000000000000789770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.181{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cda15d8d14da6c02021-12-20 16:06:22.181root 11241100x8000000000000000789771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8210e5d8f04205622021-12-20 16:06:22.182root 11241100x8000000000000000789772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e7deed8f0a9a0b2021-12-20 16:06:22.182root 11241100x8000000000000000789773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df03f04402c00a42021-12-20 16:06:22.182root 11241100x8000000000000000789774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f762b77bba2fe2242021-12-20 16:06:22.182root 11241100x8000000000000000789775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81456fa1d4920462021-12-20 16:06:22.182root 11241100x8000000000000000789776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.182{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5c520cfc9389ba2021-12-20 16:06:22.182root 11241100x8000000000000000789777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eae762855de2862021-12-20 16:06:22.184root 11241100x8000000000000000789778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9666df75c5bc082021-12-20 16:06:22.184root 11241100x8000000000000000789779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f79cf3959e443682021-12-20 16:06:22.184root 11241100x8000000000000000789780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b95c2294c084322021-12-20 16:06:22.184root 11241100x8000000000000000789781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993f4d19a0da7b922021-12-20 16:06:22.184root 11241100x8000000000000000789782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebac3cf7f480e86b2021-12-20 16:06:22.184root 11241100x8000000000000000789783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6c088d448f14f82021-12-20 16:06:22.184root 11241100x8000000000000000789784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea438069ee6b4f92021-12-20 16:06:22.184root 11241100x8000000000000000789785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2f93a629a2c0912021-12-20 16:06:22.184root 11241100x8000000000000000789786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.184{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceea884c75efd48f2021-12-20 16:06:22.184root 11241100x8000000000000000789787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.185{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc6a84a483f48242021-12-20 16:06:22.185root 11241100x8000000000000000789788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6755e5a81e7abf942021-12-20 16:06:22.675root 11241100x8000000000000000789789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1c13359d95416f2021-12-20 16:06:22.675root 11241100x8000000000000000789790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff78003c5e2085132021-12-20 16:06:22.675root 11241100x8000000000000000789791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed126899862d65e72021-12-20 16:06:22.675root 11241100x8000000000000000789792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33f9071af3abad92021-12-20 16:06:22.675root 11241100x8000000000000000789793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de931d7a23592672021-12-20 16:06:22.675root 11241100x8000000000000000789794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4592335f5505612021-12-20 16:06:22.675root 11241100x8000000000000000789795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a79e6dbbeb41b22021-12-20 16:06:22.676root 11241100x8000000000000000789796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65c82f0d8151cde2021-12-20 16:06:22.676root 11241100x8000000000000000789797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4017ea376cb5e12021-12-20 16:06:22.676root 11241100x8000000000000000789798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafe4ad39f4120b12021-12-20 16:06:22.676root 11241100x8000000000000000789799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aac18f757b8a1092021-12-20 16:06:22.676root 11241100x8000000000000000789800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48aaee21d997a232021-12-20 16:06:22.676root 11241100x8000000000000000789801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80697c74eb7b1f0c2021-12-20 16:06:22.676root 11241100x8000000000000000789802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f524d5c99de70cf2021-12-20 16:06:22.676root 11241100x8000000000000000789803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0a5de0136eaa6e2021-12-20 16:06:22.676root 11241100x8000000000000000789804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba68b62cc5df0c42021-12-20 16:06:22.676root 11241100x8000000000000000789805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07deec7d77044d2b2021-12-20 16:06:22.676root 11241100x8000000000000000789806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a091e8cc883200f52021-12-20 16:06:22.676root 11241100x8000000000000000789807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e950f7629b87502021-12-20 16:06:22.677root 11241100x8000000000000000789808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba5e4729e073f0d2021-12-20 16:06:22.677root 11241100x8000000000000000789809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349a3ce883dbb6b82021-12-20 16:06:22.677root 11241100x8000000000000000789810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f72243e1dcfb662021-12-20 16:06:22.677root 11241100x8000000000000000789811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a07564934f8d752021-12-20 16:06:22.677root 11241100x8000000000000000789812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0f5e0b2d5ec7a32021-12-20 16:06:22.677root 11241100x8000000000000000789813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbade1f9169c916c2021-12-20 16:06:22.677root 11241100x8000000000000000789814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60b99712aa407bb2021-12-20 16:06:22.677root 11241100x8000000000000000789815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19aca2b46fefe3d2021-12-20 16:06:22.677root 11241100x8000000000000000789816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e79047ed2be35d2021-12-20 16:06:22.677root 11241100x8000000000000000789817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f128cbc6d32101ec2021-12-20 16:06:22.677root 11241100x8000000000000000789818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5492cc77b56bdc2021-12-20 16:06:22.677root 11241100x8000000000000000789819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:22.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637180b11dff025e2021-12-20 16:06:22.678root 11241100x8000000000000000789820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49d9ff969faf81e2021-12-20 16:06:23.175root 11241100x8000000000000000789821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306b8e94a38100372021-12-20 16:06:23.175root 11241100x8000000000000000789822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84da8ebf9604b6442021-12-20 16:06:23.175root 11241100x8000000000000000789823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab324c2f35d663fc2021-12-20 16:06:23.175root 11241100x8000000000000000789824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05f029d2ef1b3792021-12-20 16:06:23.175root 11241100x8000000000000000789825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b34dbc6b6733892021-12-20 16:06:23.175root 11241100x8000000000000000789826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b383b1b3632759f2021-12-20 16:06:23.175root 11241100x8000000000000000789827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.175{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570a34e9848d78d12021-12-20 16:06:23.175root 11241100x8000000000000000789828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d906cce7391602752021-12-20 16:06:23.176root 11241100x8000000000000000789829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cf90b9344398222021-12-20 16:06:23.176root 11241100x8000000000000000789830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27175e154908c07a2021-12-20 16:06:23.176root 11241100x8000000000000000789831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd80048a91c2dcba2021-12-20 16:06:23.176root 11241100x8000000000000000789832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0ea7adfbdae6452021-12-20 16:06:23.176root 11241100x8000000000000000789833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30b812ae4db5b3a2021-12-20 16:06:23.176root 11241100x8000000000000000789834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bdf0ee2a858e7f2021-12-20 16:06:23.176root 11241100x8000000000000000789835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.176{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726af04ce6614e122021-12-20 16:06:23.176root 11241100x8000000000000000789836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aef8664e1373e9d2021-12-20 16:06:23.177root 11241100x8000000000000000789837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab19e3236a1451522021-12-20 16:06:23.177root 11241100x8000000000000000789838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d2f049016018bf2021-12-20 16:06:23.177root 11241100x8000000000000000789839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df4d2195aa3228b2021-12-20 16:06:23.177root 11241100x8000000000000000789840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b303667111fc1f12021-12-20 16:06:23.177root 11241100x8000000000000000789841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb02c244019df4f32021-12-20 16:06:23.177root 11241100x8000000000000000789842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0ccf88ac91dcf52021-12-20 16:06:23.177root 11241100x8000000000000000789843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73034d8662c840542021-12-20 16:06:23.177root 11241100x8000000000000000789844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330206f3f604f1c22021-12-20 16:06:23.177root 11241100x8000000000000000789845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3477df51e6811a932021-12-20 16:06:23.177root 11241100x8000000000000000789846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0435b4b70b1f1bb2021-12-20 16:06:23.177root 11241100x8000000000000000789847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.177{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8741fedfbac9f7a2021-12-20 16:06:23.177root 11241100x8000000000000000789848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2f518c9ba74e1d2021-12-20 16:06:23.178root 11241100x8000000000000000789849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3fac8658cc7bca2021-12-20 16:06:23.178root 11241100x8000000000000000789850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8529ae0466ec18f02021-12-20 16:06:23.178root 11241100x8000000000000000789851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.178{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011e21f3d105b8b32021-12-20 16:06:23.178root 11241100x8000000000000000789852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8a7b19fa4f83d72021-12-20 16:06:23.675root 11241100x8000000000000000789853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c80e815c4732d032021-12-20 16:06:23.675root 11241100x8000000000000000789854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cf89e2455af4da2021-12-20 16:06:23.675root 11241100x8000000000000000789855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f776ec7f6a38b402021-12-20 16:06:23.675root 11241100x8000000000000000789856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548e451bb83cb8212021-12-20 16:06:23.675root 11241100x8000000000000000789857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96ed12b24d3a57c2021-12-20 16:06:23.675root 11241100x8000000000000000789858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1784d44fed570a3f2021-12-20 16:06:23.675root 11241100x8000000000000000789859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacaff3dc40e64c92021-12-20 16:06:23.675root 11241100x8000000000000000789860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973de7c21101328d2021-12-20 16:06:23.675root 11241100x8000000000000000789861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3894d9f9421cea2021-12-20 16:06:23.676root 11241100x8000000000000000789862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a807ecf69b797a2021-12-20 16:06:23.676root 11241100x8000000000000000789863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc62fa919eb248562021-12-20 16:06:23.676root 11241100x8000000000000000789864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8327d5dc94161e772021-12-20 16:06:23.676root 11241100x8000000000000000789865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c7f4bd2a84507a2021-12-20 16:06:23.676root 11241100x8000000000000000789866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bf242b34183a482021-12-20 16:06:23.676root 11241100x8000000000000000789867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4df7379ae2fedab2021-12-20 16:06:23.676root 11241100x8000000000000000789868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1deb26021d7b78a2021-12-20 16:06:23.676root 11241100x8000000000000000789869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c26de1e83440e0a2021-12-20 16:06:23.676root 11241100x8000000000000000789870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a9619d6301688b2021-12-20 16:06:23.676root 11241100x8000000000000000789871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eca7332dd849c842021-12-20 16:06:23.676root 11241100x8000000000000000789872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a9a7c179fd54442021-12-20 16:06:23.676root 11241100x8000000000000000789873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d04da61a0b0bf982021-12-20 16:06:23.676root 11241100x8000000000000000789874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498fc7a6e6cd01a22021-12-20 16:06:23.677root 11241100x8000000000000000789875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d53f4694354f79f2021-12-20 16:06:23.677root 11241100x8000000000000000789876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0377ed2c6e8912982021-12-20 16:06:23.677root 11241100x8000000000000000789877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf17976127523062021-12-20 16:06:23.677root 11241100x8000000000000000789878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.677{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea3842f7acc61d72021-12-20 16:06:23.677root 11241100x8000000000000000789879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae07d0169d07e3c2021-12-20 16:06:23.678root 11241100x8000000000000000789880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81d152c074d58eb2021-12-20 16:06:23.678root 11241100x8000000000000000789881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949e353a5f0fdc772021-12-20 16:06:23.678root 11241100x8000000000000000789882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30620b1ea0c991e62021-12-20 16:06:23.678root 11241100x8000000000000000789883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:23.678{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c87baac2ef9419d2021-12-20 16:06:23.678root 354300x8000000000000000789884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.054{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51640-false10.0.1.12-8000- 11241100x8000000000000000789885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0503baf47c856832021-12-20 16:06:24.055root 11241100x8000000000000000789886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c18ba03f045e8e02021-12-20 16:06:24.055root 11241100x8000000000000000789887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fac3d56dcd9dfe2021-12-20 16:06:24.055root 11241100x8000000000000000789888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290fb08e8444bea72021-12-20 16:06:24.055root 11241100x8000000000000000789889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59756ac5609e5912021-12-20 16:06:24.055root 11241100x8000000000000000789890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b2bfda3c94bd072021-12-20 16:06:24.055root 11241100x8000000000000000789891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cbc0b10a51e2be2021-12-20 16:06:24.055root 11241100x8000000000000000789892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b0d81785a8e5d52021-12-20 16:06:24.055root 11241100x8000000000000000789893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.055{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faddc3c54b543a62021-12-20 16:06:24.055root 11241100x8000000000000000789894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a64266e20748b12021-12-20 16:06:24.056root 11241100x8000000000000000789895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1953aaf8a463a262021-12-20 16:06:24.056root 11241100x8000000000000000789896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6654e0f2b7abdfdb2021-12-20 16:06:24.056root 11241100x8000000000000000789897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d61631cb813a3b32021-12-20 16:06:24.056root 11241100x8000000000000000789898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c0a7a068265cc72021-12-20 16:06:24.056root 11241100x8000000000000000789899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a449adc2ff583d2021-12-20 16:06:24.056root 11241100x8000000000000000789900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d56169bc73b29f2021-12-20 16:06:24.056root 11241100x8000000000000000789901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827f364181e15de42021-12-20 16:06:24.056root 11241100x8000000000000000789902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e805574b0fae33a72021-12-20 16:06:24.056root 11241100x8000000000000000789903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6215b97de3fdde032021-12-20 16:06:24.056root 11241100x8000000000000000789904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e11f7d8398041b92021-12-20 16:06:24.056root 11241100x8000000000000000789905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ffb07730c341af2021-12-20 16:06:24.056root 11241100x8000000000000000789906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9d5b6ed4e7eb9b2021-12-20 16:06:24.056root 11241100x8000000000000000789907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a6d1945a2371e72021-12-20 16:06:24.056root 11241100x8000000000000000789908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329e3912e3dd11ae2021-12-20 16:06:24.056root 11241100x8000000000000000789909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.056{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407aa4a08ff3b85d2021-12-20 16:06:24.056root 11241100x8000000000000000789910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c497e58ef3b5c7fb2021-12-20 16:06:24.057root 11241100x8000000000000000789911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bff9ff4c39eccfe2021-12-20 16:06:24.057root 11241100x8000000000000000789912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a739970fd351102021-12-20 16:06:24.057root 11241100x8000000000000000789913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11d3af06f84140e2021-12-20 16:06:24.057root 11241100x8000000000000000789914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.057{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9708a9060b87a492021-12-20 16:06:24.057root 11241100x8000000000000000789915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15952d882c38bd0a2021-12-20 16:06:24.058root 11241100x8000000000000000789916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cefdbe4e5fc2662021-12-20 16:06:24.058root 11241100x8000000000000000789917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65700a973dfd5dfa2021-12-20 16:06:24.058root 11241100x8000000000000000789918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b2c14568e2a1a62021-12-20 16:06:24.058root 11241100x8000000000000000789919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4859f2264f01a0372021-12-20 16:06:24.058root 11241100x8000000000000000789920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe58ed8b492aea82021-12-20 16:06:24.058root 11241100x8000000000000000789921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.058{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6a1c71364f9f3d2021-12-20 16:06:24.058root 11241100x8000000000000000789922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aca33cd246847262021-12-20 16:06:24.059root 11241100x8000000000000000789923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174973d8f0bf64ee2021-12-20 16:06:24.059root 11241100x8000000000000000789924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d20dfde3ffb6982021-12-20 16:06:24.059root 11241100x8000000000000000789925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162983b1bd4301b92021-12-20 16:06:24.059root 11241100x8000000000000000789926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b5ca240e04b42f2021-12-20 16:06:24.059root 11241100x8000000000000000789927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c036b70bf3ec082021-12-20 16:06:24.059root 11241100x8000000000000000789928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60afebafa38c1af92021-12-20 16:06:24.059root 11241100x8000000000000000789929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.059{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fe34ffd496206c2021-12-20 16:06:24.059root 11241100x8000000000000000789930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.060{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689c4601048e08c22021-12-20 16:06:24.060root 11241100x8000000000000000789931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.060{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea87de99cc3bf712021-12-20 16:06:24.060root 11241100x8000000000000000789932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.060{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b638f2a63c8d0f2021-12-20 16:06:24.060root 11241100x8000000000000000789933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.060{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582238604bbb6d612021-12-20 16:06:24.060root 11241100x8000000000000000789934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.061{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1235dcf31ef8d442021-12-20 16:06:24.061root 11241100x8000000000000000789935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.061{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa753ae7a0759742021-12-20 16:06:24.061root 11241100x8000000000000000789936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.061{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edba2d67dc337ded2021-12-20 16:06:24.061root 11241100x8000000000000000789937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.061{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb4f61074ff6f422021-12-20 16:06:24.061root 11241100x8000000000000000789938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.061{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1eda3292fa8d0e2021-12-20 16:06:24.061root 11241100x8000000000000000789939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.061{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca61e30de4ba21912021-12-20 16:06:24.061root 11241100x8000000000000000789940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.061{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104f5db2720307b32021-12-20 16:06:24.061root 11241100x8000000000000000789941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.061{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429086477f59af882021-12-20 16:06:24.061root 11241100x8000000000000000789942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.062{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c74ff473f0d5aa2021-12-20 16:06:24.062root 11241100x8000000000000000789943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.062{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3fdfca457a57132021-12-20 16:06:24.062root 11241100x8000000000000000789944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.062{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ef6cacef799fc32021-12-20 16:06:24.062root 11241100x8000000000000000789945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.062{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c92ac640706742f2021-12-20 16:06:24.062root 11241100x8000000000000000789946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.062{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0219068f7cffc92021-12-20 16:06:24.062root 11241100x8000000000000000789947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.062{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a602b2bfbe7926c2021-12-20 16:06:24.062root 11241100x8000000000000000789948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.062{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c65b25d54b33342021-12-20 16:06:24.062root 11241100x8000000000000000789949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.062{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8570a47f6e6804bd2021-12-20 16:06:24.062root 11241100x8000000000000000789950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.062{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3355a46ecb17112021-12-20 16:06:24.062root 11241100x8000000000000000789951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.063{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc65b5f4515d4232021-12-20 16:06:24.063root 11241100x8000000000000000789952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.063{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23398176f4f4c0ad2021-12-20 16:06:24.063root 11241100x8000000000000000789953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.063{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf54d6edbcbb8f1d2021-12-20 16:06:24.063root 11241100x8000000000000000789954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.063{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fec4bf118ccb342021-12-20 16:06:24.063root 11241100x8000000000000000789955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.063{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31898be1825791042021-12-20 16:06:24.063root 11241100x8000000000000000789956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.063{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feae20f331f02ad12021-12-20 16:06:24.063root 11241100x8000000000000000789957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.063{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15d884ac5c46c0d2021-12-20 16:06:24.063root 11241100x8000000000000000789958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.063{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dbc0d952ee6ca02021-12-20 16:06:24.063root 11241100x8000000000000000789959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.063{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa773403b2d492c52021-12-20 16:06:24.063root 11241100x8000000000000000789960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0f3028a39dd34f2021-12-20 16:06:24.064root 11241100x8000000000000000789961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cb6c3e278986412021-12-20 16:06:24.064root 11241100x8000000000000000789962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4253cd30424252b72021-12-20 16:06:24.064root 11241100x8000000000000000789963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b42c2dc17c4a802021-12-20 16:06:24.064root 11241100x8000000000000000789964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e725a3a9eb55482021-12-20 16:06:24.064root 11241100x8000000000000000789965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab5dd20e5380ea32021-12-20 16:06:24.064root 11241100x8000000000000000789966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf5ee8b214082382021-12-20 16:06:24.064root 11241100x8000000000000000789967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97714f82889df2f2021-12-20 16:06:24.064root 11241100x8000000000000000789968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f4a370f12cbb932021-12-20 16:06:24.064root 11241100x8000000000000000789969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.064{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53611f9ac57c17472021-12-20 16:06:24.064root 11241100x8000000000000000789970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed6f7401cada412021-12-20 16:06:24.065root 11241100x8000000000000000789971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f1c20940df6c122021-12-20 16:06:24.065root 11241100x8000000000000000789972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e490b97bc6dbbec12021-12-20 16:06:24.065root 11241100x8000000000000000789973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f7ffdebe71d54a2021-12-20 16:06:24.065root 11241100x8000000000000000789974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6222c7a44b3e95012021-12-20 16:06:24.065root 11241100x8000000000000000789975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142b37c23c5c35372021-12-20 16:06:24.065root 11241100x8000000000000000789976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc9f52e70151b762021-12-20 16:06:24.065root 11241100x8000000000000000789977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5ad00e7ab2b7182021-12-20 16:06:24.065root 11241100x8000000000000000789978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.065{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb07d761c7236c52021-12-20 16:06:24.065root 11241100x8000000000000000789979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5248dd850a64fc052021-12-20 16:06:24.066root 11241100x8000000000000000789980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae07b0bf110560f2021-12-20 16:06:24.066root 11241100x8000000000000000789981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bbce8a2667cffa2021-12-20 16:06:24.066root 11241100x8000000000000000789982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbfd9c8e1b904532021-12-20 16:06:24.066root 11241100x8000000000000000789983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.066{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b014b29f521883b22021-12-20 16:06:24.066root 11241100x8000000000000000789984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa140768c067cd002021-12-20 16:06:24.067root 11241100x8000000000000000789985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93853d85d993b5fe2021-12-20 16:06:24.067root 11241100x8000000000000000789986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0476f55c1aa795b92021-12-20 16:06:24.067root 11241100x8000000000000000789987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767511ce4d7b379f2021-12-20 16:06:24.067root 11241100x8000000000000000789988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55a8a79a163685f2021-12-20 16:06:24.067root 11241100x8000000000000000789989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e957c63acad889e2021-12-20 16:06:24.067root 11241100x8000000000000000789990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80213eeccbcd0eaf2021-12-20 16:06:24.067root 11241100x8000000000000000789991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69fb2aa8501c8722021-12-20 16:06:24.067root 11241100x8000000000000000789992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.067{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cbb50252e448eb2021-12-20 16:06:24.067root 11241100x8000000000000000789993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98aa874f5e6886af2021-12-20 16:06:24.068root 11241100x8000000000000000789994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42992159915b90e42021-12-20 16:06:24.068root 11241100x8000000000000000789995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb7037ef0727a4d2021-12-20 16:06:24.068root 11241100x8000000000000000789996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d4594b781249b92021-12-20 16:06:24.068root 11241100x8000000000000000789997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac59ed5520058182021-12-20 16:06:24.068root 11241100x8000000000000000789998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1316541afa206f512021-12-20 16:06:24.068root 11241100x8000000000000000789999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25cfb5834da2e892021-12-20 16:06:24.068root 11241100x8000000000000000790000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37394f3c53163ecc2021-12-20 16:06:24.068root 11241100x8000000000000000790001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa9286aec49c13d2021-12-20 16:06:24.068root 11241100x8000000000000000790002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df353941a2d7fe532021-12-20 16:06:24.068root 11241100x8000000000000000790003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.068{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b297001c9ee668e72021-12-20 16:06:24.068root 11241100x8000000000000000790004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4357fa3de729c502021-12-20 16:06:24.069root 11241100x8000000000000000790005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d456287c5544f82021-12-20 16:06:24.069root 11241100x8000000000000000790006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339328fd5414b8a02021-12-20 16:06:24.069root 11241100x8000000000000000790007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0e51cd701217b82021-12-20 16:06:24.069root 11241100x8000000000000000790008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfa52ea38a6538e2021-12-20 16:06:24.069root 11241100x8000000000000000790009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb4698f8fcc41252021-12-20 16:06:24.069root 11241100x8000000000000000790010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1c145c23879d932021-12-20 16:06:24.069root 11241100x8000000000000000790011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c66c9796e549d82021-12-20 16:06:24.069root 11241100x8000000000000000790012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.069{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398b8e140f7771e12021-12-20 16:06:24.069root 11241100x8000000000000000790013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794d950585170adb2021-12-20 16:06:24.070root 11241100x8000000000000000790014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2762d09c0107ced22021-12-20 16:06:24.070root 11241100x8000000000000000790015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2cac80926484812021-12-20 16:06:24.070root 11241100x8000000000000000790016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d134fc5512b075522021-12-20 16:06:24.070root 11241100x8000000000000000790017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.070{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5bdfcd051bb6e12021-12-20 16:06:24.070root 11241100x8000000000000000790018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd22203a859a3cc2021-12-20 16:06:24.071root 11241100x8000000000000000790019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173e0a24c464ef0c2021-12-20 16:06:24.071root 11241100x8000000000000000790020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d28c626a55488c2021-12-20 16:06:24.071root 11241100x8000000000000000790021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17b2fb34e35298c2021-12-20 16:06:24.071root 11241100x8000000000000000790022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.071{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc276ab5e4a87b32021-12-20 16:06:24.071root 11241100x8000000000000000790023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f1c06a5d2f59c72021-12-20 16:06:24.072root 11241100x8000000000000000790024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e2f4364f3446392021-12-20 16:06:24.072root 11241100x8000000000000000790025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f72aa5d822b59aa2021-12-20 16:06:24.072root 11241100x8000000000000000790026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5cd47ee5ab81d42021-12-20 16:06:24.072root 11241100x8000000000000000790027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2769e8a271fc1b512021-12-20 16:06:24.072root 11241100x8000000000000000790028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ba72492d825a812021-12-20 16:06:24.072root 11241100x8000000000000000790029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff9e58e6e90bd402021-12-20 16:06:24.072root 11241100x8000000000000000790030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.072{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893becfad70272fb2021-12-20 16:06:24.072root 11241100x8000000000000000790031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fce03df94e2a1b22021-12-20 16:06:24.073root 11241100x8000000000000000790032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459b0baae072e6f42021-12-20 16:06:24.073root 11241100x8000000000000000790033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c27dc4a1b83a4a2021-12-20 16:06:24.073root 11241100x8000000000000000790034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc60fe4306570612021-12-20 16:06:24.073root 11241100x8000000000000000790035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69983ef54a2e38b22021-12-20 16:06:24.073root 11241100x8000000000000000790036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.073{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245eef0814bbac052021-12-20 16:06:24.073root 11241100x8000000000000000790037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31f6c35197f66cc2021-12-20 16:06:24.074root 11241100x8000000000000000790038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42881e52a590d99a2021-12-20 16:06:24.074root 11241100x8000000000000000790039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6d68a3d7343bfc2021-12-20 16:06:24.074root 11241100x8000000000000000790040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45d5ff4bf24bcaf2021-12-20 16:06:24.074root 11241100x8000000000000000790041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676cc1281b73d75d2021-12-20 16:06:24.074root 11241100x8000000000000000790042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a1ab1fccca5eca2021-12-20 16:06:24.074root 11241100x8000000000000000790043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9545d58e795bf6c2021-12-20 16:06:24.074root 11241100x8000000000000000790044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078520f9968006452021-12-20 16:06:24.074root 11241100x8000000000000000790045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.074{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645c9c05d77d7eff2021-12-20 16:06:24.074root 11241100x8000000000000000790046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f6c8e228d2cf6f2021-12-20 16:06:24.075root 11241100x8000000000000000790047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a0b476ad2d6f2b2021-12-20 16:06:24.075root 11241100x8000000000000000790048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bee69bcfc0c4d32021-12-20 16:06:24.075root 11241100x8000000000000000790049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c200fac81d3e9d2021-12-20 16:06:24.075root 11241100x8000000000000000790050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fb64be202607c72021-12-20 16:06:24.075root 11241100x8000000000000000790051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887c1c346920828a2021-12-20 16:06:24.075root 11241100x8000000000000000790052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f3b600e25d66c52021-12-20 16:06:24.075root 11241100x8000000000000000790053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c94ae38b1395072021-12-20 16:06:24.075root 11241100x8000000000000000790054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45ed0cc2c9e24372021-12-20 16:06:24.075root 11241100x8000000000000000790055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91be2ff7b559053b2021-12-20 16:06:24.075root 11241100x8000000000000000790056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.075{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389c254ee3a3b5172021-12-20 16:06:24.075root 11241100x8000000000000000790057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d305e2a2a7305b252021-12-20 16:06:24.076root 11241100x8000000000000000790058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f56de135f14ab302021-12-20 16:06:24.076root 11241100x8000000000000000790059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.076{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776e2f648dc0ddc42021-12-20 16:06:24.076root 11241100x8000000000000000790060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73455569ccfb3312021-12-20 16:06:24.424root 11241100x8000000000000000790061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fde0f514d741d942021-12-20 16:06:24.424root 11241100x8000000000000000790062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a0f769bfd35c2e2021-12-20 16:06:24.424root 11241100x8000000000000000790063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2690ebdcbe383d32021-12-20 16:06:24.425root 11241100x8000000000000000790064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714b0ec4712ef79b2021-12-20 16:06:24.425root 11241100x8000000000000000790065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5423541fe622c9ee2021-12-20 16:06:24.425root 11241100x8000000000000000790066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f7976988e2f24f2021-12-20 16:06:24.426root 11241100x8000000000000000790067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b0bdff4e7da9112021-12-20 16:06:24.426root 11241100x8000000000000000790068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883f4b29e03729522021-12-20 16:06:24.426root 11241100x8000000000000000790069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15c35c4c08e2fa32021-12-20 16:06:24.426root 154100x8000000000000000790070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.427{ec2c97d1-aa00-61c0-68d4-4efa14560000}10250/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2c97d1-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2201--- 11241100x8000000000000000790071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12f87dc50fa910b2021-12-20 16:06:24.427root 11241100x8000000000000000790072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb972d1b53893b12021-12-20 16:06:24.427root 11241100x8000000000000000790073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2e36bbd91254702021-12-20 16:06:24.427root 11241100x8000000000000000790074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da6a0fae3ce930d2021-12-20 16:06:24.427root 11241100x8000000000000000790075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2d1bc3e9db322d2021-12-20 16:06:24.427root 11241100x8000000000000000790076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e80f061889af442021-12-20 16:06:24.428root 11241100x8000000000000000790077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec5b3fa093196832021-12-20 16:06:24.428root 11241100x8000000000000000790078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f7b8de73e153c12021-12-20 16:06:24.428root 11241100x8000000000000000790079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f87cbad7ef636752021-12-20 16:06:24.428root 11241100x8000000000000000790080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c788aa214316682021-12-20 16:06:24.428root 11241100x8000000000000000790081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0c8d9ebc4104182021-12-20 16:06:24.428root 11241100x8000000000000000790082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5279956f862d0fb2021-12-20 16:06:24.428root 11241100x8000000000000000790083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4e2e9fbc7ccc252021-12-20 16:06:24.430root 11241100x8000000000000000790084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fc0f02c6e4d7ac2021-12-20 16:06:24.431root 11241100x8000000000000000790085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84831430124781222021-12-20 16:06:24.431root 11241100x8000000000000000790086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe1bbb88c4f28c02021-12-20 16:06:24.431root 11241100x8000000000000000790087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea162f860443c15d2021-12-20 16:06:24.431root 11241100x8000000000000000790088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa3253216705e592021-12-20 16:06:24.432root 11241100x8000000000000000790089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ff96a6e8693e7c2021-12-20 16:06:24.432root 11241100x8000000000000000790090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24e8f2b361369522021-12-20 16:06:24.432root 11241100x8000000000000000790091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4b8afe7be29fc72021-12-20 16:06:24.432root 11241100x8000000000000000790092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00711739312cbba92021-12-20 16:06:24.432root 11241100x8000000000000000790093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1561382d45a319112021-12-20 16:06:24.433root 11241100x8000000000000000790094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a33e41dbd9ac0de2021-12-20 16:06:24.433root 11241100x8000000000000000790095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89be00ba39e6b9ed2021-12-20 16:06:24.433root 534500x8000000000000000790096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.440{ec2c97d1-aa00-61c0-68d4-4efa14560000}10250/bin/psroot 11241100x8000000000000000790097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2b15ab8a239f2d2021-12-20 16:06:24.924root 11241100x8000000000000000790098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bca63ae4b974d702021-12-20 16:06:24.924root 11241100x8000000000000000790099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad182b6df251ab3b2021-12-20 16:06:24.924root 11241100x8000000000000000790100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a357560452258c8c2021-12-20 16:06:24.924root 11241100x8000000000000000790101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52864035950580c72021-12-20 16:06:24.925root 11241100x8000000000000000790102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4c4861083b8a0a2021-12-20 16:06:24.925root 11241100x8000000000000000790103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57fefc96e77b91f2021-12-20 16:06:24.925root 11241100x8000000000000000790104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9928f6e7f4d4d022021-12-20 16:06:24.925root 11241100x8000000000000000790105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb386fb486c74032021-12-20 16:06:24.925root 11241100x8000000000000000790106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0543284bbc2c591d2021-12-20 16:06:24.925root 11241100x8000000000000000790107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e12be91faca61ce2021-12-20 16:06:24.925root 11241100x8000000000000000790108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606e47c7ce14f2f62021-12-20 16:06:24.925root 11241100x8000000000000000790109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03e84532a39d2032021-12-20 16:06:24.925root 11241100x8000000000000000790110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad316a1a9c6a6e092021-12-20 16:06:24.925root 11241100x8000000000000000790111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb836325de9ce722021-12-20 16:06:24.925root 11241100x8000000000000000790112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cfb4787647bfbe2021-12-20 16:06:24.925root 11241100x8000000000000000790113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444561970a794cf12021-12-20 16:06:24.925root 11241100x8000000000000000790114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf40d00bb45ff1d2021-12-20 16:06:24.925root 11241100x8000000000000000790115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128e140a256dbab02021-12-20 16:06:24.925root 11241100x8000000000000000790116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a783b35c993d722021-12-20 16:06:24.925root 11241100x8000000000000000790117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209be46062dc2cfb2021-12-20 16:06:24.926root 11241100x8000000000000000790118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7a6ff6372212922021-12-20 16:06:24.926root 11241100x8000000000000000790119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6288c99c642deb832021-12-20 16:06:24.926root 11241100x8000000000000000790120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6943ac8b9cdb092021-12-20 16:06:24.926root 11241100x8000000000000000790121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f28045dafb3a0f2021-12-20 16:06:24.926root 11241100x8000000000000000790122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4024b2121151982021-12-20 16:06:24.926root 11241100x8000000000000000790123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456a1d1dcb3a338f2021-12-20 16:06:24.926root 11241100x8000000000000000790124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82ba7441a41a8082021-12-20 16:06:24.926root 11241100x8000000000000000790125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58de1b15f7d6b3802021-12-20 16:06:24.926root 11241100x8000000000000000790126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a6c3d99a91bd712021-12-20 16:06:24.926root 11241100x8000000000000000790127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c19203d4d1187a2021-12-20 16:06:24.926root 11241100x8000000000000000790128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9d428dca59108b2021-12-20 16:06:24.926root 11241100x8000000000000000790129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acba8f5373076e622021-12-20 16:06:24.926root 11241100x8000000000000000790130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d20487816d44032021-12-20 16:06:24.926root 11241100x8000000000000000790131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc93c1ad7479b572021-12-20 16:06:24.926root 11241100x8000000000000000790132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4122739dd58f832021-12-20 16:06:24.926root 11241100x8000000000000000790133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:24.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7b22a69a66a6282021-12-20 16:06:24.927root 11241100x8000000000000000790134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95a3ad1a4e598d32021-12-20 16:06:25.424root 11241100x8000000000000000790135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73205f6d7ee81ad62021-12-20 16:06:25.424root 11241100x8000000000000000790136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7866707c9d37f902021-12-20 16:06:25.424root 11241100x8000000000000000790137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaae9c98572a85a22021-12-20 16:06:25.425root 11241100x8000000000000000790138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d123edde68433802021-12-20 16:06:25.425root 11241100x8000000000000000790139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81a8fee9fe3c6bf2021-12-20 16:06:25.425root 11241100x8000000000000000790140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dde0ff41a17246f2021-12-20 16:06:25.425root 11241100x8000000000000000790141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7009c597cf5e85c2021-12-20 16:06:25.425root 11241100x8000000000000000790142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215ec4db280327122021-12-20 16:06:25.425root 11241100x8000000000000000790143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac261ad0e92ee5602021-12-20 16:06:25.425root 11241100x8000000000000000790144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e604ce98bf0d53e62021-12-20 16:06:25.425root 11241100x8000000000000000790145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8505cfe40f79c1c82021-12-20 16:06:25.425root 11241100x8000000000000000790146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd285140b0d9b302021-12-20 16:06:25.425root 11241100x8000000000000000790147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedd8b931eda3a002021-12-20 16:06:25.425root 11241100x8000000000000000790148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91a4dd78c7ac1992021-12-20 16:06:25.425root 11241100x8000000000000000790149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63298f167a515b632021-12-20 16:06:25.425root 11241100x8000000000000000790150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ec76d40bb1729c2021-12-20 16:06:25.425root 11241100x8000000000000000790151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951c6b0424cd45d22021-12-20 16:06:25.425root 11241100x8000000000000000790152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796f608e056041382021-12-20 16:06:25.426root 11241100x8000000000000000790153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a083829044d4f02021-12-20 16:06:25.426root 11241100x8000000000000000790154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818ad4fcad30d8302021-12-20 16:06:25.426root 11241100x8000000000000000790155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1de94542ecb553f2021-12-20 16:06:25.426root 11241100x8000000000000000790156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c94a23d76c880e2021-12-20 16:06:25.426root 11241100x8000000000000000790157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ea3d56b4bed2cd2021-12-20 16:06:25.426root 11241100x8000000000000000790158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051064f7cfe5f7622021-12-20 16:06:25.426root 11241100x8000000000000000790159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa2f30b5e247d012021-12-20 16:06:25.426root 11241100x8000000000000000790160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3eb1e5d70a8f812021-12-20 16:06:25.426root 11241100x8000000000000000790161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2182dbf745c907642021-12-20 16:06:25.426root 11241100x8000000000000000790162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f29705ab22ebcd82021-12-20 16:06:25.426root 11241100x8000000000000000790163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de59746e87a00e02021-12-20 16:06:25.426root 11241100x8000000000000000790164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c357b87c29d7d8492021-12-20 16:06:25.426root 11241100x8000000000000000790165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af371639dde0652d2021-12-20 16:06:25.426root 11241100x8000000000000000790166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1ee54bf947f4f12021-12-20 16:06:25.426root 11241100x8000000000000000790167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e8b18f0cb789c12021-12-20 16:06:25.427root 11241100x8000000000000000790168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a9af162fa971702021-12-20 16:06:25.427root 11241100x8000000000000000790169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35a8ec171c247c02021-12-20 16:06:25.427root 11241100x8000000000000000790170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b899fa2c245cfb82021-12-20 16:06:25.427root 11241100x8000000000000000790171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765bb653549b26f32021-12-20 16:06:25.924root 11241100x8000000000000000790172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d912028dd89b212021-12-20 16:06:25.924root 11241100x8000000000000000790173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f739e6f4df05462021-12-20 16:06:25.924root 11241100x8000000000000000790174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c77cb8f1b7a61f62021-12-20 16:06:25.925root 11241100x8000000000000000790175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d849687085b333f2021-12-20 16:06:25.925root 11241100x8000000000000000790176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b038d9f54f16662021-12-20 16:06:25.925root 11241100x8000000000000000790177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718aa17e9f6f48492021-12-20 16:06:25.925root 11241100x8000000000000000790178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9653938deba0d9f52021-12-20 16:06:25.925root 11241100x8000000000000000790179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba17f115c4b504a2021-12-20 16:06:25.925root 11241100x8000000000000000790180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178e29e673e98cfa2021-12-20 16:06:25.925root 11241100x8000000000000000790181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d041a9b26a51c9752021-12-20 16:06:25.925root 11241100x8000000000000000790182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff9a8392f15a74f2021-12-20 16:06:25.925root 11241100x8000000000000000790183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1581389166ab10102021-12-20 16:06:25.925root 11241100x8000000000000000790184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b89cbae97692e8e2021-12-20 16:06:25.925root 11241100x8000000000000000790185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e14eb2601a7afdb2021-12-20 16:06:25.926root 11241100x8000000000000000790186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2c5a80f9da936b2021-12-20 16:06:25.926root 11241100x8000000000000000790187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c9cc1afa8f78c82021-12-20 16:06:25.926root 11241100x8000000000000000790188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffa2ab2ef93541d2021-12-20 16:06:25.926root 11241100x8000000000000000790189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba99060d9ef1d8162021-12-20 16:06:25.926root 11241100x8000000000000000790190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac6ff7f2496f5052021-12-20 16:06:25.926root 11241100x8000000000000000790191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2315636ec46b0d302021-12-20 16:06:25.926root 11241100x8000000000000000790192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71b1da7f9d4e4452021-12-20 16:06:25.926root 11241100x8000000000000000790193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9139dc947520cabf2021-12-20 16:06:25.926root 11241100x8000000000000000790194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63056262eaa56e692021-12-20 16:06:25.926root 11241100x8000000000000000790195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee43a506f95ccf72021-12-20 16:06:25.926root 11241100x8000000000000000790196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c7cd8795b7f1382021-12-20 16:06:25.926root 11241100x8000000000000000790197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb60bbeb8ce2cba2021-12-20 16:06:25.926root 11241100x8000000000000000790198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6094775e70e0952021-12-20 16:06:25.926root 11241100x8000000000000000790199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310e1299428a9f702021-12-20 16:06:25.926root 11241100x8000000000000000790200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101d54e2ab6cd1b32021-12-20 16:06:25.927root 11241100x8000000000000000790201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6784c4e8d783dd992021-12-20 16:06:25.927root 11241100x8000000000000000790202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dc92ef976fdb332021-12-20 16:06:25.927root 11241100x8000000000000000790203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db529f272cbe62942021-12-20 16:06:25.927root 11241100x8000000000000000790204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84c39b452774dfb2021-12-20 16:06:25.927root 11241100x8000000000000000790205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e184b641eb40f9a2021-12-20 16:06:25.927root 11241100x8000000000000000790206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:25.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79697cf58b4c06ba2021-12-20 16:06:25.927root 11241100x8000000000000000790207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e033c9cdd1338d2021-12-20 16:06:26.424root 11241100x8000000000000000790208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff427059242970942021-12-20 16:06:26.424root 11241100x8000000000000000790209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98513b0bc7dc1c902021-12-20 16:06:26.424root 11241100x8000000000000000790210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff47bf17a9515112021-12-20 16:06:26.425root 11241100x8000000000000000790211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a0653e61d994432021-12-20 16:06:26.425root 11241100x8000000000000000790212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dc7caa42ed31ff2021-12-20 16:06:26.425root 11241100x8000000000000000790213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d04a7e0471acd232021-12-20 16:06:26.425root 11241100x8000000000000000790214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66f8ed3a0a177cd2021-12-20 16:06:26.425root 11241100x8000000000000000790215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0785c1241d8accf22021-12-20 16:06:26.425root 11241100x8000000000000000790216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c1399ee7237be52021-12-20 16:06:26.425root 11241100x8000000000000000790217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3b9aeef3e38c3e2021-12-20 16:06:26.425root 11241100x8000000000000000790218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd5223f6def93af2021-12-20 16:06:26.425root 11241100x8000000000000000790219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1b15bc2682d3232021-12-20 16:06:26.425root 11241100x8000000000000000790220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53097f6e87d3df712021-12-20 16:06:26.425root 11241100x8000000000000000790221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672b1178b38f8802021-12-20 16:06:26.426root 11241100x8000000000000000790222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e32c0077e981402021-12-20 16:06:26.426root 11241100x8000000000000000790223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bbee6145ec31052021-12-20 16:06:26.426root 11241100x8000000000000000790224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4641c24ac7da282021-12-20 16:06:26.426root 11241100x8000000000000000790225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716f3b86d3c8baa52021-12-20 16:06:26.426root 11241100x8000000000000000790226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c163728fbe2e28c2021-12-20 16:06:26.426root 11241100x8000000000000000790227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc711537539995b2021-12-20 16:06:26.426root 11241100x8000000000000000790228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d44627c6ceff4a92021-12-20 16:06:26.426root 11241100x8000000000000000790229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6229b47e4b1ece2021-12-20 16:06:26.426root 11241100x8000000000000000790230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c47b07f2d1c0312021-12-20 16:06:26.426root 11241100x8000000000000000790231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d33778faaaab24a2021-12-20 16:06:26.426root 11241100x8000000000000000790232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370007de22ca888e2021-12-20 16:06:26.426root 11241100x8000000000000000790233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30eff6d3f21c9d582021-12-20 16:06:26.426root 11241100x8000000000000000790234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db190cb555c131d52021-12-20 16:06:26.426root 11241100x8000000000000000790235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71255abfad2cbe552021-12-20 16:06:26.426root 11241100x8000000000000000790236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76479c138838c35d2021-12-20 16:06:26.426root 11241100x8000000000000000790237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5d64e1de3eda292021-12-20 16:06:26.427root 11241100x8000000000000000790238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7909783d6c8958be2021-12-20 16:06:26.427root 11241100x8000000000000000790239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8269e88e286f23e2021-12-20 16:06:26.427root 11241100x8000000000000000790240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8cec8ee5a610272021-12-20 16:06:26.427root 11241100x8000000000000000790241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da6e58307484cd02021-12-20 16:06:26.427root 11241100x8000000000000000790242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1275e3b21a5607a2021-12-20 16:06:26.427root 11241100x8000000000000000790243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1d76c0877a7b622021-12-20 16:06:26.427root 11241100x8000000000000000790244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47702ea431c139152021-12-20 16:06:26.924root 11241100x8000000000000000790245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478b65e4092098f02021-12-20 16:06:26.924root 11241100x8000000000000000790246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd2015c8e32cb1d2021-12-20 16:06:26.925root 11241100x8000000000000000790247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d09f5a427898672021-12-20 16:06:26.925root 11241100x8000000000000000790248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29d74dd94f730282021-12-20 16:06:26.925root 11241100x8000000000000000790249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d180535b42a36c0c2021-12-20 16:06:26.925root 11241100x8000000000000000790250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae8b76e92f3d34b2021-12-20 16:06:26.925root 11241100x8000000000000000790251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46e8d8d259042052021-12-20 16:06:26.925root 11241100x8000000000000000790252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1e3ac04f67538b2021-12-20 16:06:26.925root 11241100x8000000000000000790253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba19b07ed2e956f2021-12-20 16:06:26.925root 11241100x8000000000000000790254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d627043ef94444862021-12-20 16:06:26.925root 11241100x8000000000000000790255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af145d562aa96ae72021-12-20 16:06:26.925root 11241100x8000000000000000790256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721cb7ec3471bb0d2021-12-20 16:06:26.925root 11241100x8000000000000000790257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200f66cbeee8cee62021-12-20 16:06:26.925root 11241100x8000000000000000790258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ccae1d2a8670f62021-12-20 16:06:26.926root 11241100x8000000000000000790259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613ebcc1f24a6e382021-12-20 16:06:26.926root 11241100x8000000000000000790260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c615762ace15072021-12-20 16:06:26.926root 11241100x8000000000000000790261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bbb58d2cdbfc172021-12-20 16:06:26.926root 11241100x8000000000000000790262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6522f8fcaf7220162021-12-20 16:06:26.926root 11241100x8000000000000000790263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baadb50468fba7582021-12-20 16:06:26.926root 11241100x8000000000000000790264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f5e5d6b9a66f2d2021-12-20 16:06:26.926root 11241100x8000000000000000790265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b7a20cd2fed9aa2021-12-20 16:06:26.926root 11241100x8000000000000000790266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3e2f2823f1e4622021-12-20 16:06:26.926root 11241100x8000000000000000790267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c389bc88043f5d2021-12-20 16:06:26.926root 11241100x8000000000000000790268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24b2e2763acc4452021-12-20 16:06:26.926root 11241100x8000000000000000790269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167b7af4c4a44b0e2021-12-20 16:06:26.927root 11241100x8000000000000000790270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16b465d96a51f672021-12-20 16:06:26.927root 11241100x8000000000000000790271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2390c21c30e9fd222021-12-20 16:06:26.927root 11241100x8000000000000000790272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d536a9b39cb25492021-12-20 16:06:26.927root 11241100x8000000000000000790273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e88bd1923219532021-12-20 16:06:26.927root 11241100x8000000000000000790274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36217855cb836d12021-12-20 16:06:26.927root 11241100x8000000000000000790275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd0815dfe2465d22021-12-20 16:06:26.927root 11241100x8000000000000000790276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8007328e4af7c5dc2021-12-20 16:06:26.927root 11241100x8000000000000000790277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71eaf4cb2e6d3712021-12-20 16:06:26.928root 11241100x8000000000000000790278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57eb2c091dfc4c252021-12-20 16:06:26.928root 11241100x8000000000000000790279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a573a6ad5331ef752021-12-20 16:06:26.928root 11241100x8000000000000000790280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b050cf9fe080852021-12-20 16:06:26.928root 11241100x8000000000000000790281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0787bf707edbd0012021-12-20 16:06:26.928root 11241100x8000000000000000790282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bffa9d853f86102021-12-20 16:06:26.928root 11241100x8000000000000000790283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4218cf4ca7404f92021-12-20 16:06:26.928root 154100x8000000000000000790284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.938{ec2c97d1-aa02-61c0-085e-f017c8550000}10251/usr/bin/sudo-----sudo rm -rf /etc/init.d/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 354300x8000000000000000790285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.942{ec2c97d1-aa02-61c0-085e-f017c8550000}10251/usr/bin/sudoubuntuudptruefalse127.0.0.1-37771-false127.0.0.53-53- 354300x8000000000000000790286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.942{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-47120-false10.0.0.2-53- 354300x8000000000000000790287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.942{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-39164-false10.0.0.2-53- 354300x8000000000000000790288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.942{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-37771- 354300x8000000000000000790289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.943{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-42316- 354300x8000000000000000790290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.942{ec2c97d1-aa02-61c0-085e-f017c8550000}10251/usr/bin/sudoubuntuudptruefalse127.0.0.1-42316-false127.0.0.53-53- 154100x8000000000000000790291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.946{ec2c97d1-aa02-61c0-70c3-df28af550000}10252/bin/rm-----rm -rf /etc/init.d/home/ubunturoot{ec2c97d1-0000-0000-0000-000000000000}07no level-{ec2c97d1-aa02-61c0-085e-f017c8550000}10251/usr/bin/sudosudoubuntu 23542300x8000000000000000790292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.947{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/uuidd--- 23542300x8000000000000000790293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.947{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/atd--- 23542300x8000000000000000790294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.947{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/mdadm--- 23542300x8000000000000000790295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.947{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/keyboard-setup.sh--- 23542300x8000000000000000790296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.947{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/cryptdisks--- 23542300x8000000000000000790297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.947{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/udev--- 23542300x8000000000000000790298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.947{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/screen-cleanup--- 23542300x8000000000000000790299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/plymouth--- 23542300x8000000000000000790300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/open-vm-tools--- 23542300x8000000000000000790301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/rsync--- 23542300x8000000000000000790302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/apport--- 23542300x8000000000000000790303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/lxd--- 23542300x8000000000000000790304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/mdadm-waitidle--- 23542300x8000000000000000790305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/procps--- 23542300x8000000000000000790306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/lxcfs--- 23542300x8000000000000000790307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/apparmor--- 23542300x8000000000000000790308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/hwclock.sh--- 23542300x8000000000000000790309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/acpid--- 23542300x8000000000000000790310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/iscsid--- 23542300x8000000000000000790311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/splunk--- 23542300x8000000000000000790312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/irqbalance--- 23542300x8000000000000000790313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/lvm2-lvmetad--- 23542300x8000000000000000790314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/ufw--- 23542300x8000000000000000790315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/mal_boot.sh--- 23542300x8000000000000000790316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/cryptdisks-early--- 23542300x8000000000000000790317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/lvm2-lvmpolld--- 23542300x8000000000000000790318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/plymouth-log--- 23542300x8000000000000000790319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/ebtables--- 23542300x8000000000000000790320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/unattended-upgrades--- 23542300x8000000000000000790321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/ssh--- 23542300x8000000000000000790322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/lvm2--- 23542300x8000000000000000790323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/kmod--- 23542300x8000000000000000790324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/grub-common--- 23542300x8000000000000000790325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/rsyslog--- 23542300x8000000000000000790326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/hibagent--- 23542300x8000000000000000790327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/console-setup.sh--- 23542300x8000000000000000790328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/dbus--- 23542300x8000000000000000790329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/cron--- 23542300x8000000000000000790330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252root/bin/rm/etc/init.d/open-iscsi--- 534500x8000000000000000790331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.948{ec2c97d1-aa02-61c0-70c3-df28af550000}10252/bin/rmroot 534500x8000000000000000790332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:26.949{ec2c97d1-aa02-61c0-085e-f017c8550000}10251/usr/bin/sudoroot 11241100x8000000000000000790333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41de86ce6014df72021-12-20 16:06:27.424root 11241100x8000000000000000790334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00148b8a6f1e7fd42021-12-20 16:06:27.424root 11241100x8000000000000000790335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4106ab9d741272712021-12-20 16:06:27.425root 11241100x8000000000000000790336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d563f23a5bd1b82021-12-20 16:06:27.425root 11241100x8000000000000000790337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d7c89984aa68ff2021-12-20 16:06:27.425root 11241100x8000000000000000790338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08ab53ad6092cd12021-12-20 16:06:27.426root 11241100x8000000000000000790339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33222618f4ad685e2021-12-20 16:06:27.426root 11241100x8000000000000000790340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5601ae1b90520bc82021-12-20 16:06:27.426root 11241100x8000000000000000790341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b15b9e393574a0a2021-12-20 16:06:27.426root 11241100x8000000000000000790342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd62b2d6fb8d69772021-12-20 16:06:27.427root 11241100x8000000000000000790343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63ae205db3a9b822021-12-20 16:06:27.427root 11241100x8000000000000000790344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0aface10d9014c2021-12-20 16:06:27.427root 11241100x8000000000000000790345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ad3c488e3f79912021-12-20 16:06:27.427root 11241100x8000000000000000790346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b22d7e648a2a1c2021-12-20 16:06:27.427root 11241100x8000000000000000790347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366b667b90cb565e2021-12-20 16:06:27.427root 11241100x8000000000000000790348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c5aa4b70e0bd9a2021-12-20 16:06:27.427root 11241100x8000000000000000790349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bc1abdff4dff012021-12-20 16:06:27.428root 11241100x8000000000000000790350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddd524ff1444d4e2021-12-20 16:06:27.428root 11241100x8000000000000000790351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ea7d4ca0d3854f2021-12-20 16:06:27.428root 11241100x8000000000000000790352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfa751816c29e1a2021-12-20 16:06:27.428root 11241100x8000000000000000790353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7caf2c5fd45886a2021-12-20 16:06:27.428root 11241100x8000000000000000790354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82384230874b5d382021-12-20 16:06:27.428root 11241100x8000000000000000790355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33242825023348482021-12-20 16:06:27.428root 11241100x8000000000000000790356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bb04419a3ee3332021-12-20 16:06:27.429root 11241100x8000000000000000790357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d922aa8a2d36c492021-12-20 16:06:27.429root 11241100x8000000000000000790358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08278832be9cc482021-12-20 16:06:27.429root 11241100x8000000000000000790359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d5c29535e4dd3e2021-12-20 16:06:27.429root 11241100x8000000000000000790360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa242de259b8d4242021-12-20 16:06:27.429root 11241100x8000000000000000790361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9027a3fbe23d47082021-12-20 16:06:27.429root 11241100x8000000000000000790362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d08f2795101cef82021-12-20 16:06:27.429root 11241100x8000000000000000790363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727b9b94ac692e3a2021-12-20 16:06:27.430root 11241100x8000000000000000790364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb371a310b950adc2021-12-20 16:06:27.430root 11241100x8000000000000000790365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40461a99f062f1312021-12-20 16:06:27.430root 11241100x8000000000000000790366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f250a077e3101aee2021-12-20 16:06:27.430root 11241100x8000000000000000790367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1852b37bc20186b2021-12-20 16:06:27.430root 11241100x8000000000000000790368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0645a42a4a357b2021-12-20 16:06:27.430root 11241100x8000000000000000790369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c6c153339cf0192021-12-20 16:06:27.430root 11241100x8000000000000000790370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ed2158a7962eeb2021-12-20 16:06:27.430root 11241100x8000000000000000790371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c53262474a3a5f42021-12-20 16:06:27.431root 11241100x8000000000000000790372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce42736088ff19652021-12-20 16:06:27.431root 11241100x8000000000000000790373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267053cc4ba5a87e2021-12-20 16:06:27.431root 11241100x8000000000000000790374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cd538d80e43bea2021-12-20 16:06:27.431root 11241100x8000000000000000790375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528409d7436c42742021-12-20 16:06:27.431root 11241100x8000000000000000790376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48b8173624530792021-12-20 16:06:27.431root 11241100x8000000000000000790377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ec9eb1d113dee82021-12-20 16:06:27.431root 11241100x8000000000000000790378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32636c2d2d0fa84c2021-12-20 16:06:27.433root 11241100x8000000000000000790379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff13dc3d39387222021-12-20 16:06:27.433root 11241100x8000000000000000790380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4747141fa2ef2f752021-12-20 16:06:27.433root 11241100x8000000000000000790381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa03e78be40d905f2021-12-20 16:06:27.434root 11241100x8000000000000000790382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cf5fb88eca03ed2021-12-20 16:06:27.434root 11241100x8000000000000000790383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a52ef25a3e58f352021-12-20 16:06:27.434root 11241100x8000000000000000790384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ad86386fe22f032021-12-20 16:06:27.434root 11241100x8000000000000000790385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f0bc612708299f2021-12-20 16:06:27.435root 11241100x8000000000000000790386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efef149ae9bc5ca2021-12-20 16:06:27.435root 11241100x8000000000000000790387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bef9c30523613fa2021-12-20 16:06:27.435root 11241100x8000000000000000790388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37860b6b12c978ea2021-12-20 16:06:27.435root 11241100x8000000000000000790389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb243a30655b02ef2021-12-20 16:06:27.435root 11241100x8000000000000000790390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8daeb5dcfa140b12021-12-20 16:06:27.435root 11241100x8000000000000000790391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550fd6f0600612a72021-12-20 16:06:27.436root 11241100x8000000000000000790392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f631baf4cf5cdc2021-12-20 16:06:27.436root 11241100x8000000000000000790393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f49f7763721fac2021-12-20 16:06:27.436root 11241100x8000000000000000790394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825937a655d944252021-12-20 16:06:27.436root 11241100x8000000000000000790395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a78ae418b81d34e2021-12-20 16:06:27.436root 11241100x8000000000000000790396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecf9b8e6d36321a2021-12-20 16:06:27.436root 11241100x8000000000000000790397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91c929a5816ba2a2021-12-20 16:06:27.437root 11241100x8000000000000000790398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f7dbbd67dff28f2021-12-20 16:06:27.437root 11241100x8000000000000000790399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c8772d539e81c32021-12-20 16:06:27.437root 11241100x8000000000000000790400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce247e771563fad2021-12-20 16:06:27.437root 11241100x8000000000000000790401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d1eaec2a8ef9f62021-12-20 16:06:27.437root 11241100x8000000000000000790402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd4d0f2637e17932021-12-20 16:06:27.437root 11241100x8000000000000000790403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c4442d6bffb1d02021-12-20 16:06:27.438root 11241100x8000000000000000790404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04c6e558f0857d82021-12-20 16:06:27.438root 11241100x8000000000000000790405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6189bb82bc382ef92021-12-20 16:06:27.438root 11241100x8000000000000000790406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aa9695fce383cd2021-12-20 16:06:27.438root 11241100x8000000000000000790407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d74ff66409bb9a32021-12-20 16:06:27.438root 11241100x8000000000000000790408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157b7e7de90c770c2021-12-20 16:06:27.438root 11241100x8000000000000000790409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd773724777f17fc2021-12-20 16:06:27.438root 11241100x8000000000000000790410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6161fed9881b4c552021-12-20 16:06:27.439root 11241100x8000000000000000790411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc6c577e39fb2ed2021-12-20 16:06:27.439root 11241100x8000000000000000790412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2925bb6fc20484e2021-12-20 16:06:27.439root 11241100x8000000000000000790413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7817da94e91357ea2021-12-20 16:06:27.439root 11241100x8000000000000000790414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8251243a86e9f712021-12-20 16:06:27.439root 11241100x8000000000000000790415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8085e42ee2026492021-12-20 16:06:27.439root 11241100x8000000000000000790416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a244ab766fc2c1212021-12-20 16:06:27.439root 11241100x8000000000000000790417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e2d485afdb45d62021-12-20 16:06:27.439root 11241100x8000000000000000790418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0567688db9e82682021-12-20 16:06:27.439root 11241100x8000000000000000790419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31645b4a93c5b5e32021-12-20 16:06:27.439root 11241100x8000000000000000790420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3c622ed79232462021-12-20 16:06:27.440root 11241100x8000000000000000790421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5479f262e5233ee22021-12-20 16:06:27.440root 11241100x8000000000000000790422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88badc1a25897f852021-12-20 16:06:27.440root 11241100x8000000000000000790423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b91d432b10600f02021-12-20 16:06:27.440root 11241100x8000000000000000790424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1938dc46819ee80b2021-12-20 16:06:27.440root 11241100x8000000000000000790425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ce54e88675850f2021-12-20 16:06:27.440root 11241100x8000000000000000790426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb621625dd8634272021-12-20 16:06:27.440root 11241100x8000000000000000790427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c42c84dba9d68cf2021-12-20 16:06:27.440root 11241100x8000000000000000790428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6847d25dfcd753a92021-12-20 16:06:27.440root 11241100x8000000000000000790429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8bf1ff781da3b52021-12-20 16:06:27.440root 11241100x8000000000000000790430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1fe20884a60e802021-12-20 16:06:27.440root 11241100x8000000000000000790431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1c45179dbca6952021-12-20 16:06:27.440root 11241100x8000000000000000790432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703fe4c708711b2b2021-12-20 16:06:27.441root 11241100x8000000000000000790433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32490c738dcd0f2f2021-12-20 16:06:27.441root 11241100x8000000000000000790434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcda97637ba35fb52021-12-20 16:06:27.441root 11241100x8000000000000000790435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927f00dfc5d6e1ec2021-12-20 16:06:27.441root 11241100x8000000000000000790436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfedd1977505cbb2021-12-20 16:06:27.441root 11241100x8000000000000000790437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9440793f18a9832021-12-20 16:06:27.441root 11241100x8000000000000000790438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46acca321ebbacfa2021-12-20 16:06:27.441root 11241100x8000000000000000790439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8978cfb13c40ccb2021-12-20 16:06:27.441root 11241100x8000000000000000790440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2c5190a5bc9dde2021-12-20 16:06:27.441root 11241100x8000000000000000790441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d282cb9a1e8156e2021-12-20 16:06:27.441root 11241100x8000000000000000790442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e23983770cb24bc2021-12-20 16:06:27.441root 11241100x8000000000000000790443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39af7a2009950d9b2021-12-20 16:06:27.441root 11241100x8000000000000000790444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c177363bdd89702021-12-20 16:06:27.442root 11241100x8000000000000000790445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a651d2223c6476be2021-12-20 16:06:27.442root 11241100x8000000000000000790446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c681ef5d712dbe242021-12-20 16:06:27.442root 11241100x8000000000000000790447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9ad40df62a83392021-12-20 16:06:27.442root 11241100x8000000000000000790448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c77e88d531bb932021-12-20 16:06:27.442root 11241100x8000000000000000790449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ffc9a12ddbaa6d2021-12-20 16:06:27.442root 11241100x8000000000000000790450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dfe1c3511361632021-12-20 16:06:27.442root 11241100x8000000000000000790451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596212f53165afd92021-12-20 16:06:27.442root 11241100x8000000000000000790452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4994513fb42e1ede2021-12-20 16:06:27.442root 11241100x8000000000000000790453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc9b15d1ae8a3072021-12-20 16:06:27.442root 11241100x8000000000000000790454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71459317fc3921112021-12-20 16:06:27.442root 11241100x8000000000000000790455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0a9191e05765ce2021-12-20 16:06:27.442root 11241100x8000000000000000790456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1fd3ae79ddeeaa2021-12-20 16:06:27.442root 11241100x8000000000000000790457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc25de7ad36bd312021-12-20 16:06:27.442root 11241100x8000000000000000790458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6469f2703584ae4f2021-12-20 16:06:27.443root 11241100x8000000000000000790459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7900a8962a0f7ed2021-12-20 16:06:27.443root 11241100x8000000000000000790460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061fe7c721ecc0d62021-12-20 16:06:27.443root 11241100x8000000000000000790461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f811c7ee9c136722021-12-20 16:06:27.443root 11241100x8000000000000000790462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3f019dd1d3159b2021-12-20 16:06:27.443root 11241100x8000000000000000790463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c251c98da243f94a2021-12-20 16:06:27.443root 11241100x8000000000000000790464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795da9241287afa72021-12-20 16:06:27.443root 11241100x8000000000000000790465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04aabd27ad120632021-12-20 16:06:27.443root 11241100x8000000000000000790466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8476e4819d257cd2021-12-20 16:06:27.443root 11241100x8000000000000000790467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da82b062c569bd5c2021-12-20 16:06:27.443root 11241100x8000000000000000790468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5c2512299548842021-12-20 16:06:27.443root 11241100x8000000000000000790469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.444{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecca9e33817ae102021-12-20 16:06:27.444root 11241100x8000000000000000790470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.444{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a49cf87b523e472021-12-20 16:06:27.444root 11241100x8000000000000000790471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.444{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fac8e49b82a4a392021-12-20 16:06:27.444root 11241100x8000000000000000790472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.444{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434a2083bb09b9a32021-12-20 16:06:27.444root 11241100x8000000000000000790473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.444{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d9c78a3c42e9912021-12-20 16:06:27.444root 11241100x8000000000000000790474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.444{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9749a795740c70722021-12-20 16:06:27.444root 11241100x8000000000000000790475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.444{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f056f583492002a2021-12-20 16:06:27.444root 11241100x8000000000000000790476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.444{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91285497134535b2021-12-20 16:06:27.444root 11241100x8000000000000000790477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.444{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b464ff621f1c877d2021-12-20 16:06:27.444root 11241100x8000000000000000790478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc163a173581b7322021-12-20 16:06:27.445root 11241100x8000000000000000790479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdcc7456d08f3bc2021-12-20 16:06:27.445root 11241100x8000000000000000790480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141dba797b7aa6d02021-12-20 16:06:27.445root 11241100x8000000000000000790481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e5f3febba67cc02021-12-20 16:06:27.445root 11241100x8000000000000000790482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e61aa6db822218f2021-12-20 16:06:27.445root 11241100x8000000000000000790483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aed0c51843bf4042021-12-20 16:06:27.445root 11241100x8000000000000000790484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20076a509f4c037d2021-12-20 16:06:27.445root 11241100x8000000000000000790485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9a4d48ac15e02a2021-12-20 16:06:27.445root 11241100x8000000000000000790486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecac69945d0d76e2021-12-20 16:06:27.445root 11241100x8000000000000000790487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bfa6063a0ff60c2021-12-20 16:06:27.445root 11241100x8000000000000000790488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6449e4508e0155202021-12-20 16:06:27.446root 11241100x8000000000000000790489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688a0f5025d096582021-12-20 16:06:27.446root 11241100x8000000000000000790490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a961fa628a16c88f2021-12-20 16:06:27.446root 11241100x8000000000000000790491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843d337fd2e454dc2021-12-20 16:06:27.446root 11241100x8000000000000000790492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01b17f2fc07f3912021-12-20 16:06:27.446root 11241100x8000000000000000790493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9778744ca72d71e72021-12-20 16:06:27.446root 11241100x8000000000000000790494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b058c522ea17bbca2021-12-20 16:06:27.446root 11241100x8000000000000000790495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec5273d9afc28c2021-12-20 16:06:27.446root 11241100x8000000000000000790496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f5c82e0e97ee832021-12-20 16:06:27.446root 11241100x8000000000000000790497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b831237d7ec8f6d2021-12-20 16:06:27.446root 11241100x8000000000000000790498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee8358bd235236e2021-12-20 16:06:27.446root 11241100x8000000000000000790499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc51ed48eae5bb32021-12-20 16:06:27.447root 11241100x8000000000000000790500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b2803756bf2d592021-12-20 16:06:27.447root 11241100x8000000000000000790501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebd9a168665af952021-12-20 16:06:27.447root 11241100x8000000000000000790502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0f38d6cf53f4b22021-12-20 16:06:27.447root 11241100x8000000000000000790503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48383fba171d79192021-12-20 16:06:27.447root 11241100x8000000000000000790504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515dfb5521f06ad72021-12-20 16:06:27.447root 11241100x8000000000000000790505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b3e4e6565d7d152021-12-20 16:06:27.447root 11241100x8000000000000000790506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1250e0565f9965112021-12-20 16:06:27.453root 11241100x8000000000000000790507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f77ec0cc5ffb6fa2021-12-20 16:06:27.453root 11241100x8000000000000000790508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8278fcb0a3f4423b2021-12-20 16:06:27.454root 11241100x8000000000000000790509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6e63eda5d4f2a52021-12-20 16:06:27.454root 11241100x8000000000000000790510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff7b5172c727cf32021-12-20 16:06:27.454root 11241100x8000000000000000790511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3530d3eedf27abc2021-12-20 16:06:27.454root 11241100x8000000000000000790512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3861c522ab99662021-12-20 16:06:27.454root 11241100x8000000000000000790513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f84751dd2fdecb2021-12-20 16:06:27.454root 11241100x8000000000000000790514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a89d9a52f14cc12021-12-20 16:06:27.454root 11241100x8000000000000000790515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30384d5fd3e6d7692021-12-20 16:06:27.454root 11241100x8000000000000000790516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f75b33cdd418f132021-12-20 16:06:27.454root 11241100x8000000000000000790517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd49bf6a8eb4d5c2021-12-20 16:06:27.455root 11241100x8000000000000000790518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1549b371e9b644f2021-12-20 16:06:27.455root 11241100x8000000000000000790519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34641ad3211c4db92021-12-20 16:06:27.455root 11241100x8000000000000000790520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37402ab96f2da6c22021-12-20 16:06:27.455root 11241100x8000000000000000790521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b649a53f7ff477e92021-12-20 16:06:27.455root 11241100x8000000000000000790522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d916528cd63cc73f2021-12-20 16:06:27.455root 11241100x8000000000000000790523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8d9aae39bb696a2021-12-20 16:06:27.455root 11241100x8000000000000000790524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255ad82d3d35692d2021-12-20 16:06:27.455root 11241100x8000000000000000790525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fc05f4d373bc3b2021-12-20 16:06:27.455root 11241100x8000000000000000790526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153255e888b7e0d72021-12-20 16:06:27.455root 11241100x8000000000000000790527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d9f8c0e4129f0f2021-12-20 16:06:27.455root 11241100x8000000000000000790528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f247b4678d9cb372021-12-20 16:06:27.456root 11241100x8000000000000000790529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b55e931fb0a97042021-12-20 16:06:27.456root 11241100x8000000000000000790530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab3b632bc8e76392021-12-20 16:06:27.456root 11241100x8000000000000000790531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6b0cdfb24b1c262021-12-20 16:06:27.456root 11241100x8000000000000000790532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f89614c69a051542021-12-20 16:06:27.456root 11241100x8000000000000000790533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed211de561fce5a2021-12-20 16:06:27.456root 11241100x8000000000000000790534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ce00065d2fbf112021-12-20 16:06:27.456root 11241100x8000000000000000790535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c3e2a333e7f07b2021-12-20 16:06:27.456root 11241100x8000000000000000790536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d649bb467bf5ee32021-12-20 16:06:27.456root 11241100x8000000000000000790537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a986aa32d0b2aa392021-12-20 16:06:27.456root 11241100x8000000000000000790538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad460a25180627b2021-12-20 16:06:27.457root 11241100x8000000000000000790539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649b7c1007a8a6232021-12-20 16:06:27.457root 11241100x8000000000000000790540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de50351916ea9022021-12-20 16:06:27.457root 11241100x8000000000000000790541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de54eb450833b1c02021-12-20 16:06:27.457root 11241100x8000000000000000790542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395337ca3a5fc50b2021-12-20 16:06:27.457root 11241100x8000000000000000790543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37a17cdb0363f7d2021-12-20 16:06:27.457root 11241100x8000000000000000790544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eb3008b69f02b02021-12-20 16:06:27.457root 11241100x8000000000000000790545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6ee0224b308ec22021-12-20 16:06:27.457root 11241100x8000000000000000790546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74e13e83bdb38e82021-12-20 16:06:27.457root 11241100x8000000000000000790547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2ee2ca1e09a3242021-12-20 16:06:27.457root 11241100x8000000000000000790548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c4f3ac8bb949d52021-12-20 16:06:27.457root 11241100x8000000000000000790549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc9ca8933fe0ae42021-12-20 16:06:27.458root 11241100x8000000000000000790550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3acf30b52826c82021-12-20 16:06:27.458root 11241100x8000000000000000790551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb52bcd27d3d99f2021-12-20 16:06:27.458root 11241100x8000000000000000790552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b897137b6b8779ba2021-12-20 16:06:27.458root 11241100x8000000000000000790553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47202b1ff189b47c2021-12-20 16:06:27.458root 11241100x8000000000000000790554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798859020a8684a72021-12-20 16:06:27.458root 11241100x8000000000000000790555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd88b664ccd758b72021-12-20 16:06:27.458root 11241100x8000000000000000790556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0861f633f089488a2021-12-20 16:06:27.458root 11241100x8000000000000000790557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80894a4922ff33012021-12-20 16:06:27.458root 11241100x8000000000000000790558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed94399be9a3fb392021-12-20 16:06:27.458root 11241100x8000000000000000790559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0ff2d83114e2682021-12-20 16:06:27.458root 11241100x8000000000000000790560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81664e485e78efb2021-12-20 16:06:27.458root 11241100x8000000000000000790561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3797994aaae8b31d2021-12-20 16:06:27.458root 11241100x8000000000000000790562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.459{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a8fd7ed6834c9f2021-12-20 16:06:27.459root 11241100x8000000000000000790563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.459{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68afb7bf4627e7812021-12-20 16:06:27.459root 11241100x8000000000000000790564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.459{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3447a6b9c2e11f482021-12-20 16:06:27.459root 11241100x8000000000000000790565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.459{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9f6da789a06e0a2021-12-20 16:06:27.459root 11241100x8000000000000000790566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.459{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79eedd71f0e97be2021-12-20 16:06:27.459root 11241100x8000000000000000790567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.459{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafcdff6ae4123fa2021-12-20 16:06:27.459root 11241100x8000000000000000790568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.459{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab501324b99a1d2f2021-12-20 16:06:27.459root 11241100x8000000000000000790569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3c18fe3a9063402021-12-20 16:06:27.460root 11241100x8000000000000000790570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004bebdd7216022a2021-12-20 16:06:27.460root 11241100x8000000000000000790571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dbce59397ade7d2021-12-20 16:06:27.460root 11241100x8000000000000000790572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f247db4b23281d62021-12-20 16:06:27.460root 11241100x8000000000000000790573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f545f48d1b6685b2021-12-20 16:06:27.460root 11241100x8000000000000000790574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de1b553eabd3da02021-12-20 16:06:27.460root 11241100x8000000000000000790575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06630a223f8e18472021-12-20 16:06:27.460root 11241100x8000000000000000790576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e864e42c82fcd6372021-12-20 16:06:27.460root 11241100x8000000000000000790577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55177aa90bfc2c702021-12-20 16:06:27.460root 11241100x8000000000000000790578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749836130bc8c90b2021-12-20 16:06:27.460root 11241100x8000000000000000790579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.460{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2700f0fd8c3a7c692021-12-20 16:06:27.460root 11241100x8000000000000000790580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.461{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610166536d32ac2b2021-12-20 16:06:27.461root 11241100x8000000000000000790581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.461{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363ef3d392901c672021-12-20 16:06:27.461root 11241100x8000000000000000790582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.461{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8683b231368cfc8a2021-12-20 16:06:27.461root 11241100x8000000000000000790583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.461{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867737ccb73bd73b2021-12-20 16:06:27.461root 11241100x8000000000000000790584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.461{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d786b9cc44a44b6f2021-12-20 16:06:27.461root 11241100x8000000000000000790585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.461{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e76b90eb90178fe2021-12-20 16:06:27.461root 11241100x8000000000000000790586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.461{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535607542e79e60f2021-12-20 16:06:27.461root 11241100x8000000000000000790587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.461{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed32c3dad4b8d4db2021-12-20 16:06:27.461root 11241100x8000000000000000790588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.461{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16b9bbb3c9717f92021-12-20 16:06:27.461root 11241100x8000000000000000790589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.461{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6591857f3aec2162021-12-20 16:06:27.461root 11241100x8000000000000000790590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abde69bac56ce2342021-12-20 16:06:27.462root 11241100x8000000000000000790591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6861ed8a23ffca2d2021-12-20 16:06:27.462root 11241100x8000000000000000790592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f80a95d65104ac2021-12-20 16:06:27.462root 11241100x8000000000000000790593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626fbce1e7794b4d2021-12-20 16:06:27.462root 11241100x8000000000000000790594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5238b70eb35357a42021-12-20 16:06:27.462root 11241100x8000000000000000790595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f761fbf02f2d252021-12-20 16:06:27.462root 11241100x8000000000000000790596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b74c616a9d02c12021-12-20 16:06:27.462root 11241100x8000000000000000790597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105764d2f515cdf42021-12-20 16:06:27.462root 11241100x8000000000000000790598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b309c897e33ef2d22021-12-20 16:06:27.462root 11241100x8000000000000000790599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73504eb971857f8b2021-12-20 16:06:27.462root 11241100x8000000000000000790600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90320eadc2e8c6e2021-12-20 16:06:27.462root 11241100x8000000000000000790601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422578db986de022021-12-20 16:06:27.463root 11241100x8000000000000000790602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c829998641353a322021-12-20 16:06:27.463root 11241100x8000000000000000790603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b212c5acc1ba5792021-12-20 16:06:27.463root 11241100x8000000000000000790604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1886d6697603092021-12-20 16:06:27.463root 11241100x8000000000000000790605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d632992b0c10dfab2021-12-20 16:06:27.463root 11241100x8000000000000000790606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40eb257031cfdff72021-12-20 16:06:27.463root 11241100x8000000000000000790607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea79f894bfe30c32021-12-20 16:06:27.463root 11241100x8000000000000000790608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979a7c1013d70f042021-12-20 16:06:27.463root 11241100x8000000000000000790609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03d13895319caad2021-12-20 16:06:27.463root 11241100x8000000000000000790610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912023de89e8e2af2021-12-20 16:06:27.463root 11241100x8000000000000000790611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.463{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ce526f90310e122021-12-20 16:06:27.463root 11241100x8000000000000000790612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.464{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dd935dac5effc62021-12-20 16:06:27.464root 11241100x8000000000000000790613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.464{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b18ec1ec4f2c2a92021-12-20 16:06:27.464root 11241100x8000000000000000790614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.464{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a271b093fdb1955e2021-12-20 16:06:27.464root 11241100x8000000000000000790615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.464{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc0bcd4c28b08b72021-12-20 16:06:27.464root 11241100x8000000000000000790616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.464{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598511e331f402bc2021-12-20 16:06:27.464root 11241100x8000000000000000790617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.464{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c87706f6eb5f102021-12-20 16:06:27.464root 11241100x8000000000000000790618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.464{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d53d630c31387492021-12-20 16:06:27.464root 11241100x8000000000000000790619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a0fba789222fe22021-12-20 16:06:27.465root 11241100x8000000000000000790620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7841f9ea2f04037d2021-12-20 16:06:27.465root 11241100x8000000000000000790621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4adb383d998df02021-12-20 16:06:27.465root 11241100x8000000000000000790622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ff80fdce7c096a2021-12-20 16:06:27.465root 11241100x8000000000000000790623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042a439def2b92672021-12-20 16:06:27.465root 11241100x8000000000000000790624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48bf8a204400bd22021-12-20 16:06:27.465root 11241100x8000000000000000790625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07ffe9d401accec2021-12-20 16:06:27.465root 11241100x8000000000000000790626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebed2ef1252e1ae42021-12-20 16:06:27.465root 11241100x8000000000000000790627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb0ba48668ebf562021-12-20 16:06:27.465root 11241100x8000000000000000790628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552d76221715d89d2021-12-20 16:06:27.465root 11241100x8000000000000000790629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb9ebc92d0338682021-12-20 16:06:27.466root 11241100x8000000000000000790630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840caf06c338f1332021-12-20 16:06:27.466root 11241100x8000000000000000790631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43108b6f077087b2021-12-20 16:06:27.466root 11241100x8000000000000000790632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11dd1006736d5102021-12-20 16:06:27.466root 11241100x8000000000000000790633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4113f1c53301a402021-12-20 16:06:27.466root 11241100x8000000000000000790634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c824e1b9f95374a2021-12-20 16:06:27.466root 11241100x8000000000000000790635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1e0de2c80bf1d52021-12-20 16:06:27.466root 11241100x8000000000000000790636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1febebc33e1697e92021-12-20 16:06:27.466root 11241100x8000000000000000790637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb8acdc920257b92021-12-20 16:06:27.466root 11241100x8000000000000000790638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8962d40dc8918dc02021-12-20 16:06:27.466root 11241100x8000000000000000790639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99aeaf00db7ef352021-12-20 16:06:27.924root 11241100x8000000000000000790640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e9d333741537592021-12-20 16:06:27.924root 11241100x8000000000000000790641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fc1242e3d4b3972021-12-20 16:06:27.924root 11241100x8000000000000000790642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73f7384fbc468d12021-12-20 16:06:27.924root 11241100x8000000000000000790643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bab423e848400342021-12-20 16:06:27.925root 11241100x8000000000000000790644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c52908e56e9af12021-12-20 16:06:27.925root 11241100x8000000000000000790645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fa9db7cc9bd7ab2021-12-20 16:06:27.925root 11241100x8000000000000000790646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b940170faed8b92021-12-20 16:06:27.925root 11241100x8000000000000000790647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cdbfb38e24bf542021-12-20 16:06:27.925root 11241100x8000000000000000790648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d1ae30364da3c82021-12-20 16:06:27.925root 11241100x8000000000000000790649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef36b699ec7eaa52021-12-20 16:06:27.925root 11241100x8000000000000000790650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b107c5ce07e4282021-12-20 16:06:27.925root 11241100x8000000000000000790651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7a4f199c78260c2021-12-20 16:06:27.925root 11241100x8000000000000000790652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22d5629ccf65e302021-12-20 16:06:27.925root 11241100x8000000000000000790653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d804f5dd05ab7c32021-12-20 16:06:27.926root 11241100x8000000000000000790654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a1a772d78c7f392021-12-20 16:06:27.926root 11241100x8000000000000000790655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13484598238158e2021-12-20 16:06:27.926root 11241100x8000000000000000790656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dd0f694c3c203a2021-12-20 16:06:27.926root 11241100x8000000000000000790657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8980ea2eea9e542021-12-20 16:06:27.926root 11241100x8000000000000000790658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3440885646e878812021-12-20 16:06:27.928root 11241100x8000000000000000790659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c685b2e90429e5ed2021-12-20 16:06:27.928root 11241100x8000000000000000790660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3989ac767834d92021-12-20 16:06:27.928root 11241100x8000000000000000790661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde86f8822b6ceeb2021-12-20 16:06:27.928root 11241100x8000000000000000790662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f2b34fdae966a82021-12-20 16:06:27.928root 11241100x8000000000000000790663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fd5f096f9e27642021-12-20 16:06:27.928root 11241100x8000000000000000790664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e4eceec4885b562021-12-20 16:06:27.928root 11241100x8000000000000000790665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2492d6f56021b72021-12-20 16:06:27.928root 11241100x8000000000000000790666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3b87b8fa1559ab2021-12-20 16:06:27.928root 11241100x8000000000000000790667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010a0dda2efd34f02021-12-20 16:06:27.928root 11241100x8000000000000000790668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36597b965c78534f2021-12-20 16:06:27.928root 11241100x8000000000000000790669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a42b3eda9fb7bc2021-12-20 16:06:27.928root 11241100x8000000000000000790670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3aad82f19f303c2021-12-20 16:06:27.928root 11241100x8000000000000000790671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d7626ca525639f2021-12-20 16:06:27.929root 11241100x8000000000000000790672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b29bd928ec7caf2021-12-20 16:06:27.929root 11241100x8000000000000000790673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366f8221c2fd8b342021-12-20 16:06:27.929root 11241100x8000000000000000790674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29259420aa3d918b2021-12-20 16:06:27.929root 11241100x8000000000000000790675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225526411dfd54bd2021-12-20 16:06:27.929root 11241100x8000000000000000790676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4f6eab9ba595a52021-12-20 16:06:27.929root 11241100x8000000000000000790677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e7dfc8a9f4f1392021-12-20 16:06:27.929root 11241100x8000000000000000790678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af547b43ea3016f2021-12-20 16:06:27.929root 11241100x8000000000000000790679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62362d16fedf47b2021-12-20 16:06:27.929root 11241100x8000000000000000790680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d42a162fbbbdc82021-12-20 16:06:27.929root 11241100x8000000000000000790681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5f1d3b7c412a422021-12-20 16:06:27.929root 11241100x8000000000000000790682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cde83e289d062c42021-12-20 16:06:27.929root 11241100x8000000000000000790683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a78a1578b52b9112021-12-20 16:06:27.929root 11241100x8000000000000000790684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cad74d1bb39f3f2021-12-20 16:06:27.929root 11241100x8000000000000000790685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ce1ff892b042a12021-12-20 16:06:27.929root 11241100x8000000000000000790686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb910a4ecad1339c2021-12-20 16:06:27.929root 11241100x8000000000000000790687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd81602bf472ff32021-12-20 16:06:27.930root 11241100x8000000000000000790688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a0baa68330e4032021-12-20 16:06:27.930root 11241100x8000000000000000790689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b235d3f170569abe2021-12-20 16:06:27.930root 11241100x8000000000000000790690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278a47f2deeb12972021-12-20 16:06:27.930root 11241100x8000000000000000790691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33af4670678f8452021-12-20 16:06:27.930root 11241100x8000000000000000790692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fc36c4896b202f2021-12-20 16:06:27.930root 11241100x8000000000000000790693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5998398e7452162021-12-20 16:06:27.930root 11241100x8000000000000000790694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bbadeb0e97cd2d2021-12-20 16:06:27.930root 11241100x8000000000000000790695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fda5d3f35c0ecea2021-12-20 16:06:27.930root 11241100x8000000000000000790696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ebee2e92330dcb2021-12-20 16:06:27.930root 11241100x8000000000000000790697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74af74b11c0dc22f2021-12-20 16:06:27.930root 11241100x8000000000000000790698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71973ed3eb6f7a5e2021-12-20 16:06:27.930root 11241100x8000000000000000790699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f142aa6807ea005f2021-12-20 16:06:27.930root 11241100x8000000000000000790700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bffaa517891b6ab2021-12-20 16:06:27.930root 11241100x8000000000000000790701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db9212a62d049fd2021-12-20 16:06:27.930root 11241100x8000000000000000790702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4597081e530d9542021-12-20 16:06:27.930root 11241100x8000000000000000790703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e348ffcc5d3506d12021-12-20 16:06:27.930root 11241100x8000000000000000790704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f00573ce092cf52021-12-20 16:06:27.931root 11241100x8000000000000000790705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4a7d5b483804572021-12-20 16:06:27.931root 11241100x8000000000000000790706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68089ab22cb62cc72021-12-20 16:06:27.931root 11241100x8000000000000000790707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa665163027ba47c2021-12-20 16:06:27.931root 11241100x8000000000000000790708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a805edf938229722021-12-20 16:06:27.931root 11241100x8000000000000000790709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.931{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6aa3d6cfbd836212021-12-20 16:06:27.931root 11241100x8000000000000000790710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce5ef55a386cbcc2021-12-20 16:06:27.935root 11241100x8000000000000000790711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982842b8679ff9eb2021-12-20 16:06:27.935root 11241100x8000000000000000790712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd84516280ca74fc2021-12-20 16:06:27.935root 11241100x8000000000000000790713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2f37048d6fb9ef2021-12-20 16:06:27.936root 11241100x8000000000000000790714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15259bee5a4b30e2021-12-20 16:06:27.936root 11241100x8000000000000000790715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b29ec5c1f76ff12021-12-20 16:06:27.936root 11241100x8000000000000000790716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5e896ff27c78ca2021-12-20 16:06:27.936root 11241100x8000000000000000790717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618df037853086ac2021-12-20 16:06:27.936root 11241100x8000000000000000790718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f07bac3dc55ee22021-12-20 16:06:27.936root 11241100x8000000000000000790719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f4c3595b80f6ec2021-12-20 16:06:27.936root 11241100x8000000000000000790720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a5a9e8af62be902021-12-20 16:06:27.936root 11241100x8000000000000000790721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f08f840600471e82021-12-20 16:06:27.936root 11241100x8000000000000000790722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64eb421f9784c812021-12-20 16:06:27.936root 11241100x8000000000000000790723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2287cd85e592c1442021-12-20 16:06:27.937root 11241100x8000000000000000790724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb18326f63f102712021-12-20 16:06:27.937root 11241100x8000000000000000790725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe65e252b358d2122021-12-20 16:06:27.937root 11241100x8000000000000000790726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0758c6d9b3cd6f802021-12-20 16:06:27.937root 11241100x8000000000000000790727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6057bc4127960ae2021-12-20 16:06:27.937root 11241100x8000000000000000790728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2caba019e4d1562021-12-20 16:06:27.937root 11241100x8000000000000000790729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180d332ca6c7dd8f2021-12-20 16:06:27.937root 11241100x8000000000000000790730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22541b6d59d3445b2021-12-20 16:06:27.937root 11241100x8000000000000000790731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ea056e6bc9ae652021-12-20 16:06:27.937root 11241100x8000000000000000790732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697348564d6fa1932021-12-20 16:06:27.937root 11241100x8000000000000000790733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bd6fb0ab390e232021-12-20 16:06:27.937root 11241100x8000000000000000790734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99b8e3173baf2282021-12-20 16:06:27.938root 11241100x8000000000000000790735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a77f70fe05587362021-12-20 16:06:27.938root 11241100x8000000000000000790736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45512d94cc31558e2021-12-20 16:06:27.938root 11241100x8000000000000000790737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1e162d004b874c2021-12-20 16:06:27.938root 11241100x8000000000000000790738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9ba9ce2dbefeb52021-12-20 16:06:27.938root 11241100x8000000000000000790739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe21b27d2ef43582021-12-20 16:06:27.938root 11241100x8000000000000000790740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b66ef9ef52493c2021-12-20 16:06:27.938root 11241100x8000000000000000790741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6318230d411a09742021-12-20 16:06:27.938root 11241100x8000000000000000790742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6271f5bba82a3e92021-12-20 16:06:27.938root 11241100x8000000000000000790743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.938{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244f88dcf80fb1542021-12-20 16:06:27.938root 11241100x8000000000000000790744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8572c2dbf06af9d42021-12-20 16:06:27.939root 11241100x8000000000000000790745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d2c8d31f598b262021-12-20 16:06:27.939root 11241100x8000000000000000790746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abbf4f80c94b0142021-12-20 16:06:27.939root 11241100x8000000000000000790747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e851e1102422514d2021-12-20 16:06:27.939root 11241100x8000000000000000790748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f948c07b41a475c72021-12-20 16:06:27.939root 11241100x8000000000000000790749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efefd768bbf527642021-12-20 16:06:27.939root 11241100x8000000000000000790750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cd7e5d89bc22ef2021-12-20 16:06:27.939root 11241100x8000000000000000790751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27b7191022a98712021-12-20 16:06:27.939root 11241100x8000000000000000790752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9395d880f346cb2021-12-20 16:06:27.939root 11241100x8000000000000000790753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed7e45e5cd986932021-12-20 16:06:27.939root 11241100x8000000000000000790754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149740392a566fba2021-12-20 16:06:27.939root 11241100x8000000000000000790755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63116bdf3ab0a6182021-12-20 16:06:27.940root 11241100x8000000000000000790756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f07d614aad993f2021-12-20 16:06:27.940root 11241100x8000000000000000790757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e948aea36f22e982021-12-20 16:06:27.940root 11241100x8000000000000000790758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537982ac5336700f2021-12-20 16:06:27.940root 11241100x8000000000000000790759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b900bd95f3643b2021-12-20 16:06:27.940root 11241100x8000000000000000790760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d837b8da6f03996c2021-12-20 16:06:27.940root 11241100x8000000000000000790761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f159b6647869d8c2021-12-20 16:06:27.940root 11241100x8000000000000000790762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206f5b8cae534d342021-12-20 16:06:27.940root 11241100x8000000000000000790763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b2860d6633b52b2021-12-20 16:06:27.940root 11241100x8000000000000000790764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3fc0524cebd6f42021-12-20 16:06:27.940root 11241100x8000000000000000790765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7062a7ec4008d5f42021-12-20 16:06:27.941root 11241100x8000000000000000790766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4853fa1f327d27ec2021-12-20 16:06:27.941root 11241100x8000000000000000790767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd291d367807aba2021-12-20 16:06:27.941root 11241100x8000000000000000790768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a14d94710f069b02021-12-20 16:06:27.941root 11241100x8000000000000000790769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31043651a93ed5662021-12-20 16:06:27.941root 11241100x8000000000000000790770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d16e1192b2186ad2021-12-20 16:06:27.941root 11241100x8000000000000000790771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00eb700e64e32712021-12-20 16:06:27.941root 11241100x8000000000000000790772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d50ad449e871d72021-12-20 16:06:27.941root 11241100x8000000000000000790773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b8485091abbf842021-12-20 16:06:27.941root 11241100x8000000000000000790774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf486be560131e62021-12-20 16:06:27.942root 11241100x8000000000000000790775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e6841737b546252021-12-20 16:06:27.942root 11241100x8000000000000000790776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3622e26e3c10b3cb2021-12-20 16:06:27.942root 11241100x8000000000000000790777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7308beaef121bdb82021-12-20 16:06:27.942root 11241100x8000000000000000790778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a726a0833934c9c2021-12-20 16:06:27.942root 11241100x8000000000000000790779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc82a480acc1357a2021-12-20 16:06:27.942root 11241100x8000000000000000790780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50483f2b1dc6e852021-12-20 16:06:27.942root 11241100x8000000000000000790781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c8a95f573346442021-12-20 16:06:27.942root 11241100x8000000000000000790782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6cd7e3f807b2df2021-12-20 16:06:27.942root 11241100x8000000000000000790783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793bb93d39a4c0112021-12-20 16:06:27.942root 11241100x8000000000000000790784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dc05260aa6188c2021-12-20 16:06:27.942root 11241100x8000000000000000790785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f239bc3b87d9882021-12-20 16:06:27.943root 11241100x8000000000000000790786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704a549e92337de82021-12-20 16:06:27.943root 11241100x8000000000000000790787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdade0a9764717ea2021-12-20 16:06:27.943root 11241100x8000000000000000790788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9598c201de6dd8d12021-12-20 16:06:27.943root 11241100x8000000000000000790789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882b4ec1d28a54122021-12-20 16:06:27.943root 11241100x8000000000000000790790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ab5dc391febc4c2021-12-20 16:06:27.943root 11241100x8000000000000000790791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff292f215884ce62021-12-20 16:06:27.943root 11241100x8000000000000000790792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce520084572d08b2021-12-20 16:06:27.943root 11241100x8000000000000000790793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8b3419d8cc46502021-12-20 16:06:27.943root 11241100x8000000000000000790794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb5b1437ed401c22021-12-20 16:06:27.943root 11241100x8000000000000000790795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.943{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7c9ef4edb064f12021-12-20 16:06:27.943root 11241100x8000000000000000790796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8e6dac25d5eb452021-12-20 16:06:27.944root 11241100x8000000000000000790797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9686b58373a8e72021-12-20 16:06:27.944root 11241100x8000000000000000790798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af04fa9b1e90efb2021-12-20 16:06:27.944root 11241100x8000000000000000790799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d699c1be58ad733e2021-12-20 16:06:27.944root 11241100x8000000000000000790800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3514d2fddb8f69b2021-12-20 16:06:27.944root 11241100x8000000000000000790801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6723d9f8a4397d2021-12-20 16:06:27.944root 11241100x8000000000000000790802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76b4c32938e8e592021-12-20 16:06:27.944root 11241100x8000000000000000790803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa87db45bac0d772021-12-20 16:06:27.944root 11241100x8000000000000000790804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee8d19ce56e49e22021-12-20 16:06:27.944root 11241100x8000000000000000790805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.944{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0090675acbb0042021-12-20 16:06:27.944root 11241100x8000000000000000790806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a364267933afc2502021-12-20 16:06:27.945root 11241100x8000000000000000790807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ccb981402d6d1a2021-12-20 16:06:27.945root 11241100x8000000000000000790808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f265675ab9dfad842021-12-20 16:06:27.945root 11241100x8000000000000000790809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b1d3822e38b2c72021-12-20 16:06:27.945root 11241100x8000000000000000790810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952e0ff9e93238252021-12-20 16:06:27.945root 11241100x8000000000000000790811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37c011856645b032021-12-20 16:06:27.945root 11241100x8000000000000000790812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d594b5787c22cf2021-12-20 16:06:27.945root 11241100x8000000000000000790813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757c3b487ca0c14e2021-12-20 16:06:27.946root 11241100x8000000000000000790814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f853859f0b6cd7f2021-12-20 16:06:27.946root 11241100x8000000000000000790815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d65ea9d0857f112021-12-20 16:06:27.946root 11241100x8000000000000000790816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ccb6516f98b7102021-12-20 16:06:27.946root 11241100x8000000000000000790817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe50400feb53403f2021-12-20 16:06:27.946root 11241100x8000000000000000790818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10431c1d4816f5352021-12-20 16:06:27.946root 11241100x8000000000000000790819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8283a97df70122572021-12-20 16:06:27.946root 11241100x8000000000000000790820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801fc46f88f028892021-12-20 16:06:27.946root 11241100x8000000000000000790821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b372656c8725b72021-12-20 16:06:27.946root 11241100x8000000000000000790822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369568ec3e0cc8cc2021-12-20 16:06:27.946root 11241100x8000000000000000790823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a6b5daaacf5d022021-12-20 16:06:27.946root 11241100x8000000000000000790824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a6795db7f013142021-12-20 16:06:27.946root 11241100x8000000000000000790825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af213d48eadae78f2021-12-20 16:06:27.947root 11241100x8000000000000000790826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da809d1d8b95d9b2021-12-20 16:06:27.947root 11241100x8000000000000000790827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3385a52f6c47ca332021-12-20 16:06:27.947root 11241100x8000000000000000790828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca7d068ae85403b2021-12-20 16:06:27.947root 11241100x8000000000000000790829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765fcd9e4e8852052021-12-20 16:06:27.947root 11241100x8000000000000000790830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91d67d2461cd1df2021-12-20 16:06:27.947root 11241100x8000000000000000790831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1c00400bb8323c2021-12-20 16:06:27.947root 11241100x8000000000000000790832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5b14c9d1f914522021-12-20 16:06:27.947root 11241100x8000000000000000790833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeeec24f98473862021-12-20 16:06:27.947root 11241100x8000000000000000790834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334d5d01d9076da02021-12-20 16:06:27.947root 11241100x8000000000000000790835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8c8e8c1485b4502021-12-20 16:06:27.947root 11241100x8000000000000000790836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.947{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a506600b481f5e7b2021-12-20 16:06:27.947root 11241100x8000000000000000790837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf5cbeb53f896342021-12-20 16:06:27.948root 11241100x8000000000000000790838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea659a9c87fdbea82021-12-20 16:06:27.948root 11241100x8000000000000000790839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e770c22d7efc862021-12-20 16:06:27.948root 11241100x8000000000000000790840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd3cb0df31eb6d72021-12-20 16:06:27.948root 11241100x8000000000000000790841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817dc67a317677c72021-12-20 16:06:27.948root 11241100x8000000000000000790842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc0248ed0d3da0b2021-12-20 16:06:27.948root 11241100x8000000000000000790843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c53e81f1abcd06f2021-12-20 16:06:27.948root 11241100x8000000000000000790844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b03afdbeb11e5d12021-12-20 16:06:27.948root 11241100x8000000000000000790845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e105d668d3830c82021-12-20 16:06:27.948root 11241100x8000000000000000790846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8251d1cde2ca32a2021-12-20 16:06:27.948root 11241100x8000000000000000790847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.948{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adbd0f6c6a45e6a2021-12-20 16:06:27.948root 11241100x8000000000000000790848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89c4a234245c37b2021-12-20 16:06:27.949root 11241100x8000000000000000790849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa9a60a7e981b672021-12-20 16:06:27.949root 11241100x8000000000000000790850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce67e0b6477b5b62021-12-20 16:06:27.949root 11241100x8000000000000000790851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:27.949{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954b27ecc2db7c602021-12-20 16:06:27.949root 11241100x8000000000000000790852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a1a9dda97c778f2021-12-20 16:06:28.424root 11241100x8000000000000000790853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21528b1f49eb29ae2021-12-20 16:06:28.425root 11241100x8000000000000000790854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5452f7e93133f3a2021-12-20 16:06:28.425root 11241100x8000000000000000790855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51527392258a7642021-12-20 16:06:28.425root 11241100x8000000000000000790856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f786ae531f4fd4a2021-12-20 16:06:28.425root 11241100x8000000000000000790857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f29dd0b266f8992021-12-20 16:06:28.425root 11241100x8000000000000000790858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b665b68c74bbafd2021-12-20 16:06:28.426root 11241100x8000000000000000790859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1962f50182c8f62021-12-20 16:06:28.426root 11241100x8000000000000000790860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d342423f6f9cbec2021-12-20 16:06:28.426root 11241100x8000000000000000790861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ebfb2defaf34672021-12-20 16:06:28.427root 11241100x8000000000000000790862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b0de30af9a81da2021-12-20 16:06:28.427root 11241100x8000000000000000790863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db784aa35a5ee6b2021-12-20 16:06:28.427root 11241100x8000000000000000790864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0175fa7859a8bb42021-12-20 16:06:28.427root 11241100x8000000000000000790865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18011b4f88d04df72021-12-20 16:06:28.428root 11241100x8000000000000000790866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78611314c65fbceb2021-12-20 16:06:28.428root 11241100x8000000000000000790867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b1f5382ca19bef2021-12-20 16:06:28.428root 11241100x8000000000000000790868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adf7cf3f269b1142021-12-20 16:06:28.428root 11241100x8000000000000000790869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06aac204ee7ff9272021-12-20 16:06:28.428root 11241100x8000000000000000790870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72117aa97700cc42021-12-20 16:06:28.428root 11241100x8000000000000000790871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3addf4bfa714b17a2021-12-20 16:06:28.428root 11241100x8000000000000000790872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2a2c8de95590bd2021-12-20 16:06:28.429root 11241100x8000000000000000790873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1d7a33fff7e98a2021-12-20 16:06:28.429root 11241100x8000000000000000790874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4453a33f70aea02021-12-20 16:06:28.429root 11241100x8000000000000000790875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b659abae7f42f4b12021-12-20 16:06:28.429root 11241100x8000000000000000790876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cc4bc91fe526742021-12-20 16:06:28.429root 11241100x8000000000000000790877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d6204cb9e13ae12021-12-20 16:06:28.429root 11241100x8000000000000000790878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f1f7201a24b1b82021-12-20 16:06:28.429root 11241100x8000000000000000790879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d1542fd43bf2592021-12-20 16:06:28.429root 11241100x8000000000000000790880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab2878511b3d4c32021-12-20 16:06:28.429root 11241100x8000000000000000790881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532a77248cad0e952021-12-20 16:06:28.430root 11241100x8000000000000000790882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774cb5ad145969742021-12-20 16:06:28.433root 11241100x8000000000000000790883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e95f2e54e235ae92021-12-20 16:06:28.433root 11241100x8000000000000000790884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.434{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156068084d07c7c32021-12-20 16:06:28.434root 11241100x8000000000000000790885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebfdf03778171172021-12-20 16:06:28.435root 11241100x8000000000000000790886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75cebf6f2220d152021-12-20 16:06:28.435root 11241100x8000000000000000790887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26387045e63e35c12021-12-20 16:06:28.435root 11241100x8000000000000000790888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.435{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f47281d8b7ed322021-12-20 16:06:28.435root 11241100x8000000000000000790889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60720ecf66706a52021-12-20 16:06:28.436root 11241100x8000000000000000790890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d896e4cae0fbd902021-12-20 16:06:28.436root 11241100x8000000000000000790891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.436{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aa8cdd6ab977fe2021-12-20 16:06:28.436root 11241100x8000000000000000790892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14b74a2989e74662021-12-20 16:06:28.437root 11241100x8000000000000000790893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c4d2e83e32edc72021-12-20 16:06:28.437root 11241100x8000000000000000790894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274d5c02b3b2952c2021-12-20 16:06:28.437root 11241100x8000000000000000790895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.437{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1a3da7740339912021-12-20 16:06:28.437root 11241100x8000000000000000790896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893cb8d1695cfa5b2021-12-20 16:06:28.438root 11241100x8000000000000000790897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff40e9c134933e912021-12-20 16:06:28.438root 11241100x8000000000000000790898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e343ff9c5cc4682021-12-20 16:06:28.438root 11241100x8000000000000000790899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.438{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321f6ba734c61c362021-12-20 16:06:28.438root 11241100x8000000000000000790900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7153870c0ec97b2021-12-20 16:06:28.439root 11241100x8000000000000000790901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.439{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839fbd9efbbd59672021-12-20 16:06:28.439root 11241100x8000000000000000790902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2281838f48a97ece2021-12-20 16:06:28.440root 11241100x8000000000000000790903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291b47f3bee19c472021-12-20 16:06:28.440root 11241100x8000000000000000790904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90524ccd6900c542021-12-20 16:06:28.440root 11241100x8000000000000000790905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925147934c331f912021-12-20 16:06:28.440root 11241100x8000000000000000790906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.440{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d89986288bc45662021-12-20 16:06:28.440root 11241100x8000000000000000790907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128d6f8972a426d32021-12-20 16:06:28.441root 11241100x8000000000000000790908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805065f13a4b2e692021-12-20 16:06:28.441root 11241100x8000000000000000790909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.441{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4a08ae42ba4d962021-12-20 16:06:28.441root 11241100x8000000000000000790910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e53d963e2b764002021-12-20 16:06:28.442root 11241100x8000000000000000790911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2218570a3fac2032021-12-20 16:06:28.442root 11241100x8000000000000000790912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.442{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81e16d02e601a642021-12-20 16:06:28.442root 11241100x8000000000000000790913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.443{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea85e9680f3255f2021-12-20 16:06:28.443root 11241100x8000000000000000790914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.445{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087d8b1ae177edf92021-12-20 16:06:28.445root 11241100x8000000000000000790915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463510f834004bfe2021-12-20 16:06:28.446root 11241100x8000000000000000790916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b1b7fdc46e42bf2021-12-20 16:06:28.446root 11241100x8000000000000000790917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a344a6251ed3f92021-12-20 16:06:28.446root 11241100x8000000000000000790918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b49d4a2fbc314e2021-12-20 16:06:28.446root 11241100x8000000000000000790919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7550c5d179d612962021-12-20 16:06:28.446root 11241100x8000000000000000790920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.446{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddce434a75ad8d12021-12-20 16:06:28.446root 11241100x8000000000000000790921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb98b90043d4d58e2021-12-20 16:06:28.447root 11241100x8000000000000000790922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f61850458098752021-12-20 16:06:28.447root 11241100x8000000000000000790923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590b787d97f2c5332021-12-20 16:06:28.447root 11241100x8000000000000000790924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2409d6fe9aa308872021-12-20 16:06:28.447root 11241100x8000000000000000790925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.447{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7506410743deac72021-12-20 16:06:28.447root 11241100x8000000000000000790926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.448{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887a86eb705bfb9a2021-12-20 16:06:28.448root 11241100x8000000000000000790927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.448{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6704731c678540172021-12-20 16:06:28.448root 11241100x8000000000000000790928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.448{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad0d9d1bd8593832021-12-20 16:06:28.448root 11241100x8000000000000000790929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.448{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646e6d5081d21f462021-12-20 16:06:28.448root 11241100x8000000000000000790930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.448{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13788a9246d16e62021-12-20 16:06:28.448root 11241100x8000000000000000790931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9441b7f231ac125c2021-12-20 16:06:28.453root 11241100x8000000000000000790932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168d690a608e23cf2021-12-20 16:06:28.453root 11241100x8000000000000000790933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccef8b3755e01e52021-12-20 16:06:28.453root 11241100x8000000000000000790934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbc727ee7a738ed2021-12-20 16:06:28.453root 11241100x8000000000000000790935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330530affc6dd47d2021-12-20 16:06:28.453root 11241100x8000000000000000790936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abd81d6414bc68c2021-12-20 16:06:28.453root 11241100x8000000000000000790937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4657ae9905dc5fc52021-12-20 16:06:28.453root 11241100x8000000000000000790938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf120e0b11dc6b12021-12-20 16:06:28.453root 11241100x8000000000000000790939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5175ff2264da982021-12-20 16:06:28.453root 11241100x8000000000000000790940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.453{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0202918332e6f26c2021-12-20 16:06:28.453root 11241100x8000000000000000790941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27d9c745dbb8b682021-12-20 16:06:28.454root 11241100x8000000000000000790942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5adabe4a33ee2032021-12-20 16:06:28.454root 11241100x8000000000000000790943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd9d71b4d1fbe332021-12-20 16:06:28.454root 11241100x8000000000000000790944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1de712ec61fd8a2021-12-20 16:06:28.454root 11241100x8000000000000000790945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca47e92c75f1e6a2021-12-20 16:06:28.454root 11241100x8000000000000000790946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849377c7d27033342021-12-20 16:06:28.454root 11241100x8000000000000000790947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.454{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa1b82a8ca7d8232021-12-20 16:06:28.454root 11241100x8000000000000000790948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e999363d7bb6682021-12-20 16:06:28.455root 11241100x8000000000000000790949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71af14434215e2d72021-12-20 16:06:28.455root 11241100x8000000000000000790950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c119d0b56a4d312021-12-20 16:06:28.455root 11241100x8000000000000000790951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131e4e857af97c742021-12-20 16:06:28.455root 11241100x8000000000000000790952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4319730bea7d8e62021-12-20 16:06:28.455root 11241100x8000000000000000790953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4f780beb47a4e42021-12-20 16:06:28.455root 11241100x8000000000000000790954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3c4ed2849a08c92021-12-20 16:06:28.455root 11241100x8000000000000000790955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8643f781e034b4422021-12-20 16:06:28.455root 11241100x8000000000000000790956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e689a12b0c275e572021-12-20 16:06:28.455root 11241100x8000000000000000790957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.455{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f7f200f0d0ea932021-12-20 16:06:28.455root 11241100x8000000000000000790958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dbfaffdf28f5662021-12-20 16:06:28.456root 11241100x8000000000000000790959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b407f9b8dd0093bc2021-12-20 16:06:28.456root 11241100x8000000000000000790960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04cf37cd09d0e7a2021-12-20 16:06:28.456root 11241100x8000000000000000790961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9489b2fd9f59228c2021-12-20 16:06:28.456root 11241100x8000000000000000790962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae90b15041579772021-12-20 16:06:28.456root 11241100x8000000000000000790963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4846703ac1a223e2021-12-20 16:06:28.456root 11241100x8000000000000000790964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a9a74d7299b9442021-12-20 16:06:28.456root 11241100x8000000000000000790965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53892732814ce6762021-12-20 16:06:28.456root 11241100x8000000000000000790966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820476ba1f2939d12021-12-20 16:06:28.456root 11241100x8000000000000000790967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.456{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35cb295f48ed8dc2021-12-20 16:06:28.456root 11241100x8000000000000000790968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b392a87088920c762021-12-20 16:06:28.457root 11241100x8000000000000000790969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409a0556782dffa02021-12-20 16:06:28.457root 11241100x8000000000000000790970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cda938f5dbcc7a2021-12-20 16:06:28.457root 11241100x8000000000000000790971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e51831e1da28b72021-12-20 16:06:28.457root 11241100x8000000000000000790972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b9c00e4f5cef4a2021-12-20 16:06:28.457root 11241100x8000000000000000790973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d1d7b0bc5a56292021-12-20 16:06:28.457root 11241100x8000000000000000790974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6a902d454060a62021-12-20 16:06:28.457root 11241100x8000000000000000790975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf50c22422347262021-12-20 16:06:28.457root 11241100x8000000000000000790976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d3e64789ec1c572021-12-20 16:06:28.457root 11241100x8000000000000000790977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.457{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad93f949a9093172021-12-20 16:06:28.457root 11241100x8000000000000000790978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bb3240979419022021-12-20 16:06:28.458root 11241100x8000000000000000790979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ba10b39a307eaf2021-12-20 16:06:28.458root 11241100x8000000000000000790980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0260f4038254a8182021-12-20 16:06:28.458root 11241100x8000000000000000790981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1f6486eae7ad5b2021-12-20 16:06:28.458root 11241100x8000000000000000790982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.458{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bc9c3787e727ba2021-12-20 16:06:28.458root 11241100x8000000000000000790983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30d455ea36f979c2021-12-20 16:06:28.462root 11241100x8000000000000000790984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c2c68c845d4b742021-12-20 16:06:28.462root 11241100x8000000000000000790985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3513b17f77bc40dd2021-12-20 16:06:28.462root 11241100x8000000000000000790986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6793af15a867c82021-12-20 16:06:28.462root 11241100x8000000000000000790987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff410384c633a9e2021-12-20 16:06:28.462root 11241100x8000000000000000790988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.462{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5434094d12c690112021-12-20 16:06:28.462root 11241100x8000000000000000790989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d01cbe4841f97ba2021-12-20 16:06:28.465root 11241100x8000000000000000790990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aceb570cbfcfda2021-12-20 16:06:28.465root 11241100x8000000000000000790991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.465{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb332bb0b1a94c8a2021-12-20 16:06:28.465root 11241100x8000000000000000790992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.466{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88698c926696c0b2021-12-20 16:06:28.466root 11241100x8000000000000000790993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.467{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15c05aa523fca4a2021-12-20 16:06:28.467root 11241100x8000000000000000790994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.467{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ec1921264d0ee2021-12-20 16:06:28.467root 11241100x8000000000000000790995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.467{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ea5cd5d6a7899d2021-12-20 16:06:28.467root 11241100x8000000000000000790996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.467{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af24cbac011a402021-12-20 16:06:28.467root 11241100x8000000000000000790997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.467{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a9ea06cb7925b52021-12-20 16:06:28.467root 11241100x8000000000000000790998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.467{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd98b305c6725d22021-12-20 16:06:28.467root 11241100x8000000000000000790999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.467{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8867be13ef41592021-12-20 16:06:28.467root 11241100x8000000000000000791000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.467{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6af3bfc6d6911262021-12-20 16:06:28.467root 11241100x8000000000000000791001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.468{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4d7b7fd8832f8a2021-12-20 16:06:28.468root 11241100x8000000000000000791002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.468{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3441e106ed0f252021-12-20 16:06:28.468root 11241100x8000000000000000791003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.470{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d11ff955eefaa12021-12-20 16:06:28.470root 11241100x8000000000000000791004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.470{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c50722402c1e8292021-12-20 16:06:28.470root 11241100x8000000000000000791005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.470{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2610efe6c6800d2021-12-20 16:06:28.470root 11241100x8000000000000000791006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.470{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd046a272b6db402021-12-20 16:06:28.470root 11241100x8000000000000000791007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.470{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00948bd6bf4fae72021-12-20 16:06:28.470root 11241100x8000000000000000791008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.470{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e789b217f14de9b62021-12-20 16:06:28.470root 11241100x8000000000000000791009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.470{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e6865a99dbf2ef2021-12-20 16:06:28.470root 11241100x8000000000000000791010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.472{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841eab0f5c3deb692021-12-20 16:06:28.472root 11241100x8000000000000000791011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.472{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f20fdbfc1d8f6ab2021-12-20 16:06:28.472root 11241100x8000000000000000791012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f0720f17a9ecfb2021-12-20 16:06:28.474root 11241100x8000000000000000791013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f586dd99bc15482021-12-20 16:06:28.474root 11241100x8000000000000000791014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065fd1104c1872bc2021-12-20 16:06:28.474root 11241100x8000000000000000791015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc2c2da74671c1a2021-12-20 16:06:28.474root 11241100x8000000000000000791016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e889c332d796532021-12-20 16:06:28.474root 11241100x8000000000000000791017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967e0d38a6dc94282021-12-20 16:06:28.474root 11241100x8000000000000000791018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72af2af754a5b722021-12-20 16:06:28.474root 11241100x8000000000000000791019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0f552d68cb15832021-12-20 16:06:28.474root 11241100x8000000000000000791020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095d46b4e495c3782021-12-20 16:06:28.474root 11241100x8000000000000000791021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd41d65f240877682021-12-20 16:06:28.474root 11241100x8000000000000000791022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.474{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804790ecc664f7b22021-12-20 16:06:28.474root 11241100x8000000000000000791023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.475{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1026a2c1bd6660142021-12-20 16:06:28.475root 11241100x8000000000000000791024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.475{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786c8e0474d341902021-12-20 16:06:28.475root 11241100x8000000000000000791025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.478{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d06276fa7abf9eb2021-12-20 16:06:28.478root 11241100x8000000000000000791026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.478{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4832acc7d55407e62021-12-20 16:06:28.478root 11241100x8000000000000000791027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.478{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e22c536e59c5a52021-12-20 16:06:28.478root 11241100x8000000000000000791028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.478{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1ac3f8c1e092632021-12-20 16:06:28.478root 11241100x8000000000000000791029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.482{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8e4bcda9804e612021-12-20 16:06:28.482root 11241100x8000000000000000791030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.482{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d35d8d972fd5692021-12-20 16:06:28.482root 11241100x8000000000000000791031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.484{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3359fbb706a7f52021-12-20 16:06:28.484root 11241100x8000000000000000791032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.484{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddc6cb7865723992021-12-20 16:06:28.484root 11241100x8000000000000000791033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.484{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c051a18c87979652021-12-20 16:06:28.484root 11241100x8000000000000000791034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.484{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336fb65e69a62b992021-12-20 16:06:28.484root 11241100x8000000000000000791035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.484{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037127853bf28b5d2021-12-20 16:06:28.484root 11241100x8000000000000000791036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.486{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5202f12d86c4d992021-12-20 16:06:28.486root 11241100x8000000000000000791037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.487{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec013036a0789fa2021-12-20 16:06:28.487root 11241100x8000000000000000791038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.488{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fc3873f0516f1d2021-12-20 16:06:28.488root 11241100x8000000000000000791039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.488{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb996161a0387bc2021-12-20 16:06:28.488root 11241100x8000000000000000791040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.488{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3674fe361f1232dc2021-12-20 16:06:28.488root 11241100x8000000000000000791041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.488{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d3aaa68ec65ab82021-12-20 16:06:28.488root 11241100x8000000000000000791042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.489{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f0925aca842da12021-12-20 16:06:28.489root 11241100x8000000000000000791043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.491{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620097074a5dfe2c2021-12-20 16:06:28.491root 11241100x8000000000000000791044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.491{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6e50c69032dfa72021-12-20 16:06:28.491root 11241100x8000000000000000791045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.491{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1712ecef2bde5e4d2021-12-20 16:06:28.491root 11241100x8000000000000000791046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.491{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa1cb2354593c432021-12-20 16:06:28.491root 11241100x8000000000000000791047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47da7c6ccb9b0d212021-12-20 16:06:28.492root 11241100x8000000000000000791048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f82d6cdc3a8bd62021-12-20 16:06:28.492root 11241100x8000000000000000791049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354b2b59b0e6de9f2021-12-20 16:06:28.492root 11241100x8000000000000000791050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa370f0b6c122cf22021-12-20 16:06:28.492root 11241100x8000000000000000791051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f4beffa53772352021-12-20 16:06:28.492root 11241100x8000000000000000791052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84082e0209eedc92021-12-20 16:06:28.492root 11241100x8000000000000000791053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb518d8bf787d6592021-12-20 16:06:28.492root 11241100x8000000000000000791054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7fcbc933e1342e2021-12-20 16:06:28.492root 11241100x8000000000000000791055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f33d80e84e82642021-12-20 16:06:28.492root 11241100x8000000000000000791056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c69f3c4d3b2a902021-12-20 16:06:28.492root 11241100x8000000000000000791057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310f2b3cdd8af1bc2021-12-20 16:06:28.492root 11241100x8000000000000000791058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a44f3659417692d2021-12-20 16:06:28.492root 11241100x8000000000000000791059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7cdf9e25e0efc42021-12-20 16:06:28.492root 11241100x8000000000000000791060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.492{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edf4a78202d24582021-12-20 16:06:28.492root 11241100x8000000000000000791061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.493{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb3b9fc4b437bab2021-12-20 16:06:28.493root 11241100x8000000000000000791062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.493{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6a1651a453940c2021-12-20 16:06:28.493root 11241100x8000000000000000791063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.493{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b0a3fd4bc26aae2021-12-20 16:06:28.493root 11241100x8000000000000000791064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.493{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b26ca2cfbf20762021-12-20 16:06:28.493root 11241100x8000000000000000791065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.493{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719049890866a5972021-12-20 16:06:28.493root 11241100x8000000000000000791066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.493{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69227194537e4ba2021-12-20 16:06:28.493root 11241100x8000000000000000791067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.493{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecf3347dce1ffef2021-12-20 16:06:28.493root 11241100x8000000000000000791068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.494{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36c96bbf56f69e52021-12-20 16:06:28.494root 11241100x8000000000000000791069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.494{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd85d835483e8fa2021-12-20 16:06:28.494root 11241100x8000000000000000791070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.494{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9316ef045f72b3562021-12-20 16:06:28.494root 11241100x8000000000000000791071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.494{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d034282e2816f1f32021-12-20 16:06:28.494root 11241100x8000000000000000791072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.494{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f9d56e503ca0a82021-12-20 16:06:28.494root 11241100x8000000000000000791073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.494{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048029f9844a70ba2021-12-20 16:06:28.494root 11241100x8000000000000000791074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.494{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c1928ecfa773b32021-12-20 16:06:28.494root 11241100x8000000000000000791075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.494{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd353205888d0242021-12-20 16:06:28.494root 11241100x8000000000000000791076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.494{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b442048fe48e3a2c2021-12-20 16:06:28.494root 11241100x8000000000000000791077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.494{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc9e7df443436be2021-12-20 16:06:28.494root 11241100x8000000000000000791078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffcbe352ef67e7e2021-12-20 16:06:28.495root 11241100x8000000000000000791079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e747457fb5321c92021-12-20 16:06:28.495root 11241100x8000000000000000791080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8a868c25ff91a02021-12-20 16:06:28.495root 11241100x8000000000000000791081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c25fef61a270fd42021-12-20 16:06:28.495root 11241100x8000000000000000791082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df59e418f6a712202021-12-20 16:06:28.495root 11241100x8000000000000000791083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316a9b2198c87b6a2021-12-20 16:06:28.495root 11241100x8000000000000000791084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfa632b79f906122021-12-20 16:06:28.495root 11241100x8000000000000000791085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec0ea79f463dfac2021-12-20 16:06:28.495root 11241100x8000000000000000791086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95818286b843d462021-12-20 16:06:28.495root 11241100x8000000000000000791087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf244eedce4d8b3d2021-12-20 16:06:28.495root 11241100x8000000000000000791088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.495{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f535da9ed1b49432021-12-20 16:06:28.495root 11241100x8000000000000000791089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.496{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca693131119884f2021-12-20 16:06:28.496root 11241100x8000000000000000791090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.496{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693255e619253e0b2021-12-20 16:06:28.496root 11241100x8000000000000000791091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.496{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc00274870033d392021-12-20 16:06:28.496root 11241100x8000000000000000791092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.496{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ef664b0af4b89d2021-12-20 16:06:28.496root 11241100x8000000000000000791093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.496{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78749d1b78859ff72021-12-20 16:06:28.496root 11241100x8000000000000000791094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.496{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde7d13fd2e86afb2021-12-20 16:06:28.496root 11241100x8000000000000000791095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.496{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc9578af325336d2021-12-20 16:06:28.496root 11241100x8000000000000000791096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.498{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588c5295c88e9c472021-12-20 16:06:28.498root 11241100x8000000000000000791097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.498{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f68984b79ce1be2021-12-20 16:06:28.498root 11241100x8000000000000000791098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.498{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc2ace6355678ba2021-12-20 16:06:28.498root 11241100x8000000000000000791099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.498{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77955d4ada912eed2021-12-20 16:06:28.498root 11241100x8000000000000000791100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.498{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2830759f632f732021-12-20 16:06:28.498root 11241100x8000000000000000791101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.498{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379dd98e1da451eb2021-12-20 16:06:28.498root 11241100x8000000000000000791102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.498{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e6d4e03777c0d52021-12-20 16:06:28.498root 11241100x8000000000000000791103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.499{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a37fc23be2622722021-12-20 16:06:28.499root 11241100x8000000000000000791104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.499{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0c03ce969f99b42021-12-20 16:06:28.499root 11241100x8000000000000000791105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.499{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a4cf9e644add522021-12-20 16:06:28.499root 11241100x8000000000000000791106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.499{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35a46a75aef42e62021-12-20 16:06:28.499root 11241100x8000000000000000791107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.499{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfbd13ac5cdeb8b2021-12-20 16:06:28.499root 11241100x8000000000000000791108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.499{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4b5114731935e72021-12-20 16:06:28.499root 11241100x8000000000000000791109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.499{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f272f4f265fe8eb2021-12-20 16:06:28.499root 11241100x8000000000000000791110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.499{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060f55fbac9dbc062021-12-20 16:06:28.499root 11241100x8000000000000000791111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.499{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf7fbb11c0c24a62021-12-20 16:06:28.499root 11241100x8000000000000000791112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.500{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2dd01fd5ef2b632021-12-20 16:06:28.500root 11241100x8000000000000000791113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.500{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aef0fb2669178cb2021-12-20 16:06:28.500root 11241100x8000000000000000791114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.500{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d23da67d4739d502021-12-20 16:06:28.500root 11241100x8000000000000000791115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.500{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51c330d1344c56c2021-12-20 16:06:28.500root 11241100x8000000000000000791116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.500{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2edc6fb29c14f8d2021-12-20 16:06:28.500root 11241100x8000000000000000791117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.501{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b1f00ecf365bbc2021-12-20 16:06:28.501root 11241100x8000000000000000791118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.501{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ea1b020ee1910a2021-12-20 16:06:28.501root 11241100x8000000000000000791119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.501{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98dcf91e84c8326b2021-12-20 16:06:28.501root 11241100x8000000000000000791120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.501{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e724b3ebdd1a84992021-12-20 16:06:28.501root 11241100x8000000000000000791121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.502{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c036ce0ff3f39b62021-12-20 16:06:28.502root 11241100x8000000000000000791122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.502{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d39ca86d182e86e2021-12-20 16:06:28.502root 11241100x8000000000000000791123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.502{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0467e4b552d4e152021-12-20 16:06:28.502root 11241100x8000000000000000791124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.502{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea69e0863f7d1432021-12-20 16:06:28.502root 11241100x8000000000000000791125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.503{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc4e3d68b10b1872021-12-20 16:06:28.503root 11241100x8000000000000000791126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.503{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff22a5a98595c6e2021-12-20 16:06:28.503root 11241100x8000000000000000791127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.503{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b1b903649460d42021-12-20 16:06:28.503root 11241100x8000000000000000791128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.503{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc79263b704ea3f2021-12-20 16:06:28.503root 11241100x8000000000000000791129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.503{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa415b3158d71972021-12-20 16:06:28.503root 11241100x8000000000000000791130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.504{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6be300a1a8bf732021-12-20 16:06:28.504root 11241100x8000000000000000791131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.504{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c146743d8b6c1e2021-12-20 16:06:28.504root 11241100x8000000000000000791132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.504{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8dfe8a96c459672021-12-20 16:06:28.504root 11241100x8000000000000000791133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.504{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11604080862c919e2021-12-20 16:06:28.504root 11241100x8000000000000000791134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.505{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66050539ae178cce2021-12-20 16:06:28.505root 11241100x8000000000000000791135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.505{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017eadbd9b87135a2021-12-20 16:06:28.505root 11241100x8000000000000000791136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.506{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d8257fc7bca9ee2021-12-20 16:06:28.506root 11241100x8000000000000000791137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.506{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5863bcf3b9992f12021-12-20 16:06:28.506root 11241100x8000000000000000791138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.506{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac340eb1191334e2021-12-20 16:06:28.506root 11241100x8000000000000000791139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.506{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f942e10ea8fa4df92021-12-20 16:06:28.506root 11241100x8000000000000000791140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.506{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3449ab4a7cf1aa782021-12-20 16:06:28.506root 11241100x8000000000000000791141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.506{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11244f2d4d6796c52021-12-20 16:06:28.506root 11241100x8000000000000000791142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.506{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb4cc4f401de89a2021-12-20 16:06:28.506root 11241100x8000000000000000791143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.506{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2487d0d03433c042021-12-20 16:06:28.506root 11241100x8000000000000000791144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.507{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f20c7740a239a562021-12-20 16:06:28.507root 11241100x8000000000000000791145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.507{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313f22ab635a85a72021-12-20 16:06:28.507root 11241100x8000000000000000791146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.507{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8643f9443eab682021-12-20 16:06:28.507root 11241100x8000000000000000791147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.507{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a4624c29c11c752021-12-20 16:06:28.507root 11241100x8000000000000000791148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.507{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458c0bdd1990e7982021-12-20 16:06:28.507root 11241100x8000000000000000791149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.507{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab36609245083fa2021-12-20 16:06:28.507root 11241100x8000000000000000791150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.508{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd48112690e2cbec2021-12-20 16:06:28.508root 11241100x8000000000000000791151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.508{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6715343288d0c5172021-12-20 16:06:28.508root 11241100x8000000000000000791152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.508{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274c23282d0278f22021-12-20 16:06:28.508root 11241100x8000000000000000791153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.508{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec44c1aa5f39f172021-12-20 16:06:28.508root 11241100x8000000000000000791154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.508{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca71dfb5914eab942021-12-20 16:06:28.508root 11241100x8000000000000000791155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.508{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8235fe99e7f882472021-12-20 16:06:28.508root 11241100x8000000000000000791156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.508{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfd444dd6415e592021-12-20 16:06:28.508root 11241100x8000000000000000791157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.508{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcc5ee71953b3922021-12-20 16:06:28.508root 11241100x8000000000000000791158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.508{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd47ff531e0c6c692021-12-20 16:06:28.508root 11241100x8000000000000000791159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.509{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae96e68701946eef2021-12-20 16:06:28.509root 11241100x8000000000000000791160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.509{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d02aaf63f911e92021-12-20 16:06:28.509root 11241100x8000000000000000791161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.509{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a3a434e27ae4422021-12-20 16:06:28.509root 11241100x8000000000000000791162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.509{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4120808a441e702021-12-20 16:06:28.509root 11241100x8000000000000000791163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.509{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd406b5c62448052021-12-20 16:06:28.509root 11241100x8000000000000000791164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.509{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ab75a92d30e7842021-12-20 16:06:28.509root 11241100x8000000000000000791165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.509{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e104d5e34ff02e422021-12-20 16:06:28.509root 11241100x8000000000000000791166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.509{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e7496b4a4abf1f2021-12-20 16:06:28.509root 11241100x8000000000000000791167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.509{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a4cb0b7963a6a32021-12-20 16:06:28.509root 11241100x8000000000000000791168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.510{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107a74207299af5e2021-12-20 16:06:28.510root 11241100x8000000000000000791169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.510{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1500fa5f94f7d022021-12-20 16:06:28.510root 11241100x8000000000000000791170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.510{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aac8e08d9a1f4e2021-12-20 16:06:28.510root 11241100x8000000000000000791171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.510{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71d4f36367f932c2021-12-20 16:06:28.510root 11241100x8000000000000000791172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.510{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b695449d2ea79bba2021-12-20 16:06:28.510root 11241100x8000000000000000791173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.510{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f3f77312f6483e2021-12-20 16:06:28.510root 11241100x8000000000000000791174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.511{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e39ab1d7aba44dd2021-12-20 16:06:28.511root 11241100x8000000000000000791175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.511{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66b853ad54d63662021-12-20 16:06:28.511root 11241100x8000000000000000791176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.511{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b94cfa3091371492021-12-20 16:06:28.511root 11241100x8000000000000000791177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.511{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa73cff37d21968b2021-12-20 16:06:28.511root 11241100x8000000000000000791178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.512{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03445134da26afcf2021-12-20 16:06:28.512root 11241100x8000000000000000791179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.512{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38818f92b2ebfda2021-12-20 16:06:28.512root 11241100x8000000000000000791180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.512{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099903949596a0f92021-12-20 16:06:28.512root 11241100x8000000000000000791181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.513{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a64ec012c448dc62021-12-20 16:06:28.513root 11241100x8000000000000000791182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.513{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141c16445658d3852021-12-20 16:06:28.513root 11241100x8000000000000000791183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.513{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341d11eba4a0c36f2021-12-20 16:06:28.513root 11241100x8000000000000000791184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.513{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635ced11ae9323612021-12-20 16:06:28.513root 11241100x8000000000000000791185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.513{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633d829471a1cb7b2021-12-20 16:06:28.513root 11241100x8000000000000000791186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.513{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ce0dda63b989cb2021-12-20 16:06:28.513root 11241100x8000000000000000791187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.513{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8365d86da84aac22021-12-20 16:06:28.513root 11241100x8000000000000000791188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.513{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7d4d32ac57a3b02021-12-20 16:06:28.513root 11241100x8000000000000000791189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.513{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e4144e44c849472021-12-20 16:06:28.513root 11241100x8000000000000000791190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.514{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ff61eb63d27c8a2021-12-20 16:06:28.514root 11241100x8000000000000000791191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.514{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018f31c7318051772021-12-20 16:06:28.514root 11241100x8000000000000000791192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.514{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d78ef521411f9ca2021-12-20 16:06:28.514root 11241100x8000000000000000791193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.514{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd89f70539669ba2021-12-20 16:06:28.514root 11241100x8000000000000000791194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.514{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476473042e4f91e72021-12-20 16:06:28.514root 11241100x8000000000000000791195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.514{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab943c33e85b27b82021-12-20 16:06:28.514root 11241100x8000000000000000791196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f63dfa842b446572021-12-20 16:06:28.515root 11241100x8000000000000000791197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d5f51050efdf062021-12-20 16:06:28.515root 11241100x8000000000000000791198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c033a302be8b69bc2021-12-20 16:06:28.515root 11241100x8000000000000000791199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c0563800ad548a2021-12-20 16:06:28.515root 11241100x8000000000000000791200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f0b5b4a518af52021-12-20 16:06:28.515root 11241100x8000000000000000791201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592f4decafaf85252021-12-20 16:06:28.515root 11241100x8000000000000000791202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a138db24b93a64d62021-12-20 16:06:28.515root 11241100x8000000000000000791203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cf11edc7e2a29c2021-12-20 16:06:28.515root 11241100x8000000000000000791204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803496a807de7a952021-12-20 16:06:28.515root 11241100x8000000000000000791205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3eeea603411d1732021-12-20 16:06:28.515root 11241100x8000000000000000791206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aefea4d3f063bd42021-12-20 16:06:28.515root 11241100x8000000000000000791207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cab8c0e2cf2ac242021-12-20 16:06:28.515root 11241100x8000000000000000791208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0777ff4e289910782021-12-20 16:06:28.515root 11241100x8000000000000000791209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df31754ca4ef08f02021-12-20 16:06:28.515root 11241100x8000000000000000791210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.515{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15ed09bb9eeae8e2021-12-20 16:06:28.515root 11241100x8000000000000000791211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.516{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e059e5df0488ca452021-12-20 16:06:28.516root 11241100x8000000000000000791212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.516{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bb24e42966015a2021-12-20 16:06:28.516root 11241100x8000000000000000791213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.516{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96cbe23333ee6d22021-12-20 16:06:28.516root 11241100x8000000000000000791214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.516{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f898d775cb6e1e2021-12-20 16:06:28.516root 11241100x8000000000000000791215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.516{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49928e158d19c4f02021-12-20 16:06:28.516root 11241100x8000000000000000791216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.516{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca80eb0ae9bdb46a2021-12-20 16:06:28.516root 11241100x8000000000000000791217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.516{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9923045878789a622021-12-20 16:06:28.516root 11241100x8000000000000000791218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.516{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9adacb093ae8952021-12-20 16:06:28.516root 11241100x8000000000000000791219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.516{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a234a5ba3e759cc32021-12-20 16:06:28.516root 11241100x8000000000000000791220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d652054482082c2021-12-20 16:06:28.924root 11241100x8000000000000000791221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc1cee78d81a2232021-12-20 16:06:28.924root 11241100x8000000000000000791222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2defcfa1ff648bb22021-12-20 16:06:28.924root 11241100x8000000000000000791223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f836e32a8960aec32021-12-20 16:06:28.924root 11241100x8000000000000000791224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ba76b33cdfd7502021-12-20 16:06:28.925root 11241100x8000000000000000791225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7714b07014a6499f2021-12-20 16:06:28.925root 11241100x8000000000000000791226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff6ca71d8217ead2021-12-20 16:06:28.925root 11241100x8000000000000000791227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a927e643c816ec2021-12-20 16:06:28.925root 11241100x8000000000000000791228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e1d7632f3c74462021-12-20 16:06:28.925root 11241100x8000000000000000791229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2be657bde808eb2021-12-20 16:06:28.925root 11241100x8000000000000000791230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6f245927505fe82021-12-20 16:06:28.925root 11241100x8000000000000000791231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc1e4946b40db332021-12-20 16:06:28.925root 11241100x8000000000000000791232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e32289c0eb5db452021-12-20 16:06:28.925root 11241100x8000000000000000791233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eac9b7b84b53592021-12-20 16:06:28.925root 11241100x8000000000000000791234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c76371ca046345a2021-12-20 16:06:28.925root 11241100x8000000000000000791235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5c37963b6484862021-12-20 16:06:28.926root 11241100x8000000000000000791236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb80e46aa997a1e22021-12-20 16:06:28.926root 11241100x8000000000000000791237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea39685f6e72ba732021-12-20 16:06:28.926root 11241100x8000000000000000791238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785782de99cfe7972021-12-20 16:06:28.926root 11241100x8000000000000000791239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a0a54db1c19f632021-12-20 16:06:28.926root 11241100x8000000000000000791240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b604547eb384dd12021-12-20 16:06:28.926root 11241100x8000000000000000791241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2bddf24119e74f2021-12-20 16:06:28.926root 11241100x8000000000000000791242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fda8c7b4be5acde2021-12-20 16:06:28.926root 11241100x8000000000000000791243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3c048ab9b3c8cf2021-12-20 16:06:28.926root 11241100x8000000000000000791244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd87b0ea47e0e892021-12-20 16:06:28.926root 11241100x8000000000000000791245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0896a3c32a99283a2021-12-20 16:06:28.926root 11241100x8000000000000000791246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2eba50763cc09d2021-12-20 16:06:28.927root 11241100x8000000000000000791247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10caad0c2a33df612021-12-20 16:06:28.927root 11241100x8000000000000000791248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553b67c11738ac602021-12-20 16:06:28.927root 11241100x8000000000000000791249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1febc9ba35c1102021-12-20 16:06:28.927root 11241100x8000000000000000791250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc81b448f9601f432021-12-20 16:06:28.928root 11241100x8000000000000000791251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec8140a7cae613a2021-12-20 16:06:28.928root 11241100x8000000000000000791252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0d37e0423973132021-12-20 16:06:28.928root 11241100x8000000000000000791253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ca15a8a8d98be92021-12-20 16:06:28.928root 11241100x8000000000000000791254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec4e1c84e8ec8492021-12-20 16:06:28.928root 11241100x8000000000000000791255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe2606dff64b8ec2021-12-20 16:06:28.928root 11241100x8000000000000000791256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bb77b56008e2a62021-12-20 16:06:28.928root 11241100x8000000000000000791257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f672b6ea9d817d2021-12-20 16:06:28.928root 11241100x8000000000000000791258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffe2f3d87c401702021-12-20 16:06:28.928root 11241100x8000000000000000791259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb8a53ba92d588b2021-12-20 16:06:28.929root 11241100x8000000000000000791260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416a24bf7e91ee742021-12-20 16:06:28.929root 11241100x8000000000000000791261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7adc8b9152899f2021-12-20 16:06:28.930root 11241100x8000000000000000791262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323faf86b6adbfa02021-12-20 16:06:28.930root 11241100x8000000000000000791263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3c96644521ab312021-12-20 16:06:28.930root 11241100x8000000000000000791264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782b25b3972a2f032021-12-20 16:06:28.930root 11241100x8000000000000000791265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3f7e15e5bcb8662021-12-20 16:06:28.932root 11241100x8000000000000000791266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6561296c9ae4092021-12-20 16:06:28.932root 11241100x8000000000000000791267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1782237f2539f1542021-12-20 16:06:28.932root 11241100x8000000000000000791268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cfaaa617899b872021-12-20 16:06:28.932root 11241100x8000000000000000791269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.932{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52a981f658537442021-12-20 16:06:28.932root 11241100x8000000000000000791270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.933{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc790aa019b4b63e2021-12-20 16:06:28.933root 11241100x8000000000000000791271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac36780c4931992021-12-20 16:06:28.934root 11241100x8000000000000000791272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53251f7ece47dc952021-12-20 16:06:28.934root 11241100x8000000000000000791273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1381d32491f9618c2021-12-20 16:06:28.934root 11241100x8000000000000000791274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1b3841440d292a2021-12-20 16:06:28.934root 11241100x8000000000000000791275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.934{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a57dde66aaf03512021-12-20 16:06:28.934root 11241100x8000000000000000791276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a4ac19f7cb5c6f2021-12-20 16:06:28.935root 11241100x8000000000000000791277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52c6eae872803e52021-12-20 16:06:28.935root 11241100x8000000000000000791278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272075760ef2735e2021-12-20 16:06:28.935root 11241100x8000000000000000791279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b20b232d36d6672021-12-20 16:06:28.935root 11241100x8000000000000000791280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa77e4c497ffbb1d2021-12-20 16:06:28.935root 11241100x8000000000000000791281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e76d191ec2798b2021-12-20 16:06:28.935root 11241100x8000000000000000791282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaa73784ee096322021-12-20 16:06:28.935root 11241100x8000000000000000791283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.935{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ecdc9965fab5712021-12-20 16:06:28.935root 11241100x8000000000000000791284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.936{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188e6127d6563a932021-12-20 16:06:28.936root 11241100x8000000000000000791285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b9ad8662032352021-12-20 16:06:28.937root 11241100x8000000000000000791286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feb67783366d7872021-12-20 16:06:28.937root 11241100x8000000000000000791287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.937{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1224d65c43b9a3e92021-12-20 16:06:28.937root 11241100x8000000000000000791288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a483c58b1ae834432021-12-20 16:06:28.939root 11241100x8000000000000000791289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.939{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcd2ae6f873600f2021-12-20 16:06:28.939root 11241100x8000000000000000791290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2d063c587f40632021-12-20 16:06:28.940root 11241100x8000000000000000791291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04560ecdc0551afd2021-12-20 16:06:28.940root 11241100x8000000000000000791292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429b8f1c69c4040f2021-12-20 16:06:28.940root 11241100x8000000000000000791293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec348f27da5f9e62021-12-20 16:06:28.940root 11241100x8000000000000000791294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca6a5f48f209ac12021-12-20 16:06:28.940root 11241100x8000000000000000791295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f3803c51df73702021-12-20 16:06:28.940root 11241100x8000000000000000791296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5eea2e4754b5e92021-12-20 16:06:28.940root 11241100x8000000000000000791297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.940{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34e1fe1faefab0c2021-12-20 16:06:28.940root 11241100x8000000000000000791298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef5b53522fc66e52021-12-20 16:06:28.941root 11241100x8000000000000000791299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09194853d77a791a2021-12-20 16:06:28.941root 11241100x8000000000000000791300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859bfe230ce7b4e82021-12-20 16:06:28.941root 11241100x8000000000000000791301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de1303a3cdd9e242021-12-20 16:06:28.941root 11241100x8000000000000000791302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22b378e7f6f7c942021-12-20 16:06:28.941root 11241100x8000000000000000791303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad9bcbe28a1a4dd2021-12-20 16:06:28.941root 11241100x8000000000000000791304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e396b72dbd115f072021-12-20 16:06:28.941root 11241100x8000000000000000791305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f5af65599fa9cb2021-12-20 16:06:28.941root 11241100x8000000000000000791306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affb61ea95c064b52021-12-20 16:06:28.941root 11241100x8000000000000000791307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.941{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b1375e53558a042021-12-20 16:06:28.941root 11241100x8000000000000000791308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e700de63783946822021-12-20 16:06:28.942root 11241100x8000000000000000791309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bb117b965d98a52021-12-20 16:06:28.942root 11241100x8000000000000000791310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabb818f31a3baff2021-12-20 16:06:28.942root 11241100x8000000000000000791311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1915d9e77e940f2021-12-20 16:06:28.942root 11241100x8000000000000000791312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.942{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cce4ae01984d0a2021-12-20 16:06:28.942root 11241100x8000000000000000791313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f7cf21b9fbfd112021-12-20 16:06:28.945root 11241100x8000000000000000791314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.945{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5ef021e943cb462021-12-20 16:06:28.945root 11241100x8000000000000000791315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1732037b4f1dd4ce2021-12-20 16:06:28.946root 11241100x8000000000000000791316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c126177c3cc6562021-12-20 16:06:28.946root 11241100x8000000000000000791317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f64c583d05c3122021-12-20 16:06:28.946root 11241100x8000000000000000791318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d47fbad26db36b2021-12-20 16:06:28.946root 11241100x8000000000000000791319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b458dd4c8c8451b72021-12-20 16:06:28.946root 11241100x8000000000000000791320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696c0bc3b44fd4d92021-12-20 16:06:28.946root 11241100x8000000000000000791321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdcba931828db1a2021-12-20 16:06:28.946root 11241100x8000000000000000791322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.946{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de0d9e2c795de0c2021-12-20 16:06:28.946root 11241100x8000000000000000791323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c701fcf619f63162021-12-20 16:06:28.950root 11241100x8000000000000000791324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.950{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807edb05c23118412021-12-20 16:06:28.950root 11241100x8000000000000000791325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b6b96dd3fedf372021-12-20 16:06:28.951root 11241100x8000000000000000791326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78201cff128af7f32021-12-20 16:06:28.951root 11241100x8000000000000000791327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf5072a1479b7a42021-12-20 16:06:28.951root 11241100x8000000000000000791328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff458e7337a69d222021-12-20 16:06:28.951root 11241100x8000000000000000791329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.951{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42a484fba5ccc4d2021-12-20 16:06:28.951root 11241100x8000000000000000791330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a612433add0d3c62021-12-20 16:06:28.952root 11241100x8000000000000000791331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ffb98ae489e4142021-12-20 16:06:28.952root 11241100x8000000000000000791332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e203b0dea9fa280e2021-12-20 16:06:28.952root 11241100x8000000000000000791333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.952{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c819ff8a6b18a3462021-12-20 16:06:28.952root 11241100x8000000000000000791334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39fa0d01a94233e2021-12-20 16:06:28.957root 11241100x8000000000000000791335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21abb4dff580b852021-12-20 16:06:28.957root 11241100x8000000000000000791336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1fd60add5c7f142021-12-20 16:06:28.957root 11241100x8000000000000000791337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c633e8da7ea33d2021-12-20 16:06:28.957root 11241100x8000000000000000791338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5809c58bd42b5cae2021-12-20 16:06:28.957root 11241100x8000000000000000791339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.957{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53f956eabf8fc502021-12-20 16:06:28.957root 11241100x8000000000000000791340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463dcc91bd92a1c32021-12-20 16:06:28.958root 11241100x8000000000000000791341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c014f6690c25df32021-12-20 16:06:28.958root 11241100x8000000000000000791342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f754cb2321320ef82021-12-20 16:06:28.958root 11241100x8000000000000000791343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1c7f57461423582021-12-20 16:06:28.958root 11241100x8000000000000000791344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c6279b76ccda852021-12-20 16:06:28.958root 11241100x8000000000000000791345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57109f7a999d4c1a2021-12-20 16:06:28.958root 11241100x8000000000000000791346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001b53cb7e1181922021-12-20 16:06:28.958root 11241100x8000000000000000791347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.958{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3e292608140d922021-12-20 16:06:28.958root 11241100x8000000000000000791348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0db9279441ac6732021-12-20 16:06:28.959root 11241100x8000000000000000791349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e5d7c724ce62f52021-12-20 16:06:28.959root 11241100x8000000000000000791350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4774ec87ea3ffab42021-12-20 16:06:28.959root 11241100x8000000000000000791351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdfa95e31e87ae02021-12-20 16:06:28.959root 11241100x8000000000000000791352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb7bf2c6ffbea272021-12-20 16:06:28.959root 11241100x8000000000000000791353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bef93722b0c842b2021-12-20 16:06:28.959root 11241100x8000000000000000791354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.959{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15264c91467524f02021-12-20 16:06:28.959root 11241100x8000000000000000791355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5071f946fe834342021-12-20 16:06:28.960root 11241100x8000000000000000791356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c813d15cd82992a2021-12-20 16:06:28.960root 11241100x8000000000000000791357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3186bbd9ec9eda342021-12-20 16:06:28.960root 11241100x8000000000000000791358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275c4449f63ab69f2021-12-20 16:06:28.960root 11241100x8000000000000000791359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d83a2755fa11f32021-12-20 16:06:28.960root 11241100x8000000000000000791360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d72e47ca0f4865c2021-12-20 16:06:28.960root 11241100x8000000000000000791361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456f074f96089b892021-12-20 16:06:28.960root 11241100x8000000000000000791362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88b2d7d5349e1622021-12-20 16:06:28.960root 11241100x8000000000000000791363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74702f326ae083a2021-12-20 16:06:28.960root 11241100x8000000000000000791364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ff08c656ce90e72021-12-20 16:06:28.960root 11241100x8000000000000000791365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.960{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e8ec8a4ba6ed5a2021-12-20 16:06:28.960root 11241100x8000000000000000791366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346fd95b6fd384f22021-12-20 16:06:28.961root 11241100x8000000000000000791367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a7eafdc041e5402021-12-20 16:06:28.961root 11241100x8000000000000000791368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699eb8665d543da62021-12-20 16:06:28.961root 11241100x8000000000000000791369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5827f192d5291d6a2021-12-20 16:06:28.961root 11241100x8000000000000000791370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77a0fad6fda691b2021-12-20 16:06:28.961root 11241100x8000000000000000791371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc1abc40ce726cf2021-12-20 16:06:28.961root 11241100x8000000000000000791372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2674ab3c34a651e2021-12-20 16:06:28.961root 11241100x8000000000000000791373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e2d94a7307a782021-12-20 16:06:28.961root 11241100x8000000000000000791374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe67478757cff742021-12-20 16:06:28.961root 11241100x8000000000000000791375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b51a1a13c91f8e62021-12-20 16:06:28.961root 11241100x8000000000000000791376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.961{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e0984231c1a4dd2021-12-20 16:06:28.961root 11241100x8000000000000000791377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d678c817637b582021-12-20 16:06:28.962root 11241100x8000000000000000791378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ece7e83d093d9f2021-12-20 16:06:28.962root 11241100x8000000000000000791379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c14f22d86482342021-12-20 16:06:28.962root 11241100x8000000000000000791380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aa3615b46ebbc82021-12-20 16:06:28.962root 11241100x8000000000000000791381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0978947e2f1a42572021-12-20 16:06:28.962root 11241100x8000000000000000791382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bba37158c571ff2021-12-20 16:06:28.962root 11241100x8000000000000000791383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8750fac13386aa132021-12-20 16:06:28.962root 11241100x8000000000000000791384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6956c97d47af83c2021-12-20 16:06:28.962root 11241100x8000000000000000791385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512d350bfb57e7382021-12-20 16:06:28.962root 11241100x8000000000000000791386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615a0148cc747a2c2021-12-20 16:06:28.962root 11241100x8000000000000000791387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.962{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6e4c45c135040c2021-12-20 16:06:28.962root 11241100x8000000000000000791388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ca36b38e9a48f52021-12-20 16:06:28.963root 11241100x8000000000000000791389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d8a6e0ab18b5b52021-12-20 16:06:28.963root 11241100x8000000000000000791390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008b43dfba7f8ea42021-12-20 16:06:28.963root 11241100x8000000000000000791391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bb75b0d4daa37d2021-12-20 16:06:28.963root 11241100x8000000000000000791392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b505101d2e24852021-12-20 16:06:28.963root 11241100x8000000000000000791393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9752965faed965bc2021-12-20 16:06:28.963root 11241100x8000000000000000791394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c57b59e37dff5b2021-12-20 16:06:28.963root 11241100x8000000000000000791395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f920fc2d5ceae9462021-12-20 16:06:28.963root 11241100x8000000000000000791396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523e57dfe71394762021-12-20 16:06:28.963root 11241100x8000000000000000791397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65f0e667c3e4a002021-12-20 16:06:28.963root 11241100x8000000000000000791398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.963{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67048b4dddf32bf2021-12-20 16:06:28.963root 11241100x8000000000000000791399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c9495cd5a931022021-12-20 16:06:28.964root 11241100x8000000000000000791400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272ebeb0d8abaf3c2021-12-20 16:06:28.964root 11241100x8000000000000000791401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb6f8bf36aaadd92021-12-20 16:06:28.964root 11241100x8000000000000000791402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c39ca2ff947d0f2021-12-20 16:06:28.964root 11241100x8000000000000000791403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b229aa790759700a2021-12-20 16:06:28.964root 11241100x8000000000000000791404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a42a6e44a768d82021-12-20 16:06:28.964root 11241100x8000000000000000791405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8da8bb2a4f3ee92021-12-20 16:06:28.964root 11241100x8000000000000000791406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f995699fbe000b2021-12-20 16:06:28.964root 11241100x8000000000000000791407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb501320d6a9c4b72021-12-20 16:06:28.964root 11241100x8000000000000000791408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.964{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a45524c8fda8672021-12-20 16:06:28.964root 11241100x8000000000000000791409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939df90f58c0fc932021-12-20 16:06:28.965root 11241100x8000000000000000791410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e32a9e22c97e6b2021-12-20 16:06:28.965root 11241100x8000000000000000791411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.965{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0460de4fa4ce40f2021-12-20 16:06:28.965root 11241100x8000000000000000791412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc50be329bcf62f2021-12-20 16:06:28.966root 11241100x8000000000000000791413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f9c440f17944702021-12-20 16:06:28.966root 11241100x8000000000000000791414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4920d2b2c2351e692021-12-20 16:06:28.966root 11241100x8000000000000000791415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.966{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782a688ad65dde8f2021-12-20 16:06:28.966root 11241100x8000000000000000791416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52522c9996d8c1882021-12-20 16:06:28.967root 11241100x8000000000000000791417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5376876f4c1a682021-12-20 16:06:28.967root 11241100x8000000000000000791418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3798fb3dfbebae32021-12-20 16:06:28.967root 11241100x8000000000000000791419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7311e81788d62412021-12-20 16:06:28.967root 11241100x8000000000000000791420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34ff77a2ad9de2a2021-12-20 16:06:28.967root 11241100x8000000000000000791421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.967{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8cab53b29e3d222021-12-20 16:06:28.967root 11241100x8000000000000000791422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3084e1c28cd838392021-12-20 16:06:28.968root 11241100x8000000000000000791423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48f9c48714adaa52021-12-20 16:06:28.968root 11241100x8000000000000000791424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfbbe850068476e2021-12-20 16:06:28.968root 11241100x8000000000000000791425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6193281c59b607a22021-12-20 16:06:28.968root 11241100x8000000000000000791426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df30c136f8b338c92021-12-20 16:06:28.968root 11241100x8000000000000000791427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6367cb0ea1016f82021-12-20 16:06:28.968root 11241100x8000000000000000791428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a79cbb9f4a2b3a52021-12-20 16:06:28.968root 11241100x8000000000000000791429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2121a8c5849e4c2021-12-20 16:06:28.968root 11241100x8000000000000000791430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34b05073587b91f2021-12-20 16:06:28.968root 11241100x8000000000000000791431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f9ffd21cf2bcb2021-12-20 16:06:28.968root 11241100x8000000000000000791432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83f51103af91f2c2021-12-20 16:06:28.968root 11241100x8000000000000000791433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9385e2340be8520c2021-12-20 16:06:28.968root 11241100x8000000000000000791434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab838c404b26bb492021-12-20 16:06:28.968root 11241100x8000000000000000791435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.968{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52da1f21e45f6b92021-12-20 16:06:28.968root 11241100x8000000000000000791436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.969{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4181fee0fc9b3072021-12-20 16:06:28.969root 11241100x8000000000000000791437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.982{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6926a53922778a2021-12-20 16:06:28.982root 11241100x8000000000000000791438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.982{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0b16ebd89541f52021-12-20 16:06:28.982root 11241100x8000000000000000791439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.982{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32af65327e1c4b12021-12-20 16:06:28.982root 11241100x8000000000000000791440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.983{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de99697eae5387b72021-12-20 16:06:28.983root 11241100x8000000000000000791441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.983{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2887ea7b47dfc92021-12-20 16:06:28.983root 11241100x8000000000000000791442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.983{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9496f328644a902021-12-20 16:06:28.983root 11241100x8000000000000000791443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.983{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299b12a0e4d7b10e2021-12-20 16:06:28.983root 11241100x8000000000000000791444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.983{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef44038d1f56baed2021-12-20 16:06:28.983root 11241100x8000000000000000791445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.987{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dc0028b64ee3932021-12-20 16:06:28.987root 11241100x8000000000000000791446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.987{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33befedaaffe8132021-12-20 16:06:28.987root 11241100x8000000000000000791447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.987{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0e54631f4435a12021-12-20 16:06:28.987root 11241100x8000000000000000791448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.987{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf548735aebe7082021-12-20 16:06:28.987root 11241100x8000000000000000791449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.987{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb3f2548a5e8fd42021-12-20 16:06:28.987root 11241100x8000000000000000791450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.987{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af9bd3a194c3b2d2021-12-20 16:06:28.987root 11241100x8000000000000000791451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.987{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27de369cbefab1fa2021-12-20 16:06:28.987root 11241100x8000000000000000791452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.988{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0f4115252943f32021-12-20 16:06:28.988root 11241100x8000000000000000791453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.988{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f958faad5d9cb42021-12-20 16:06:28.988root 11241100x8000000000000000791454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.988{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b34012d85f04f1d2021-12-20 16:06:28.988root 11241100x8000000000000000791455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.988{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8740c194094434b52021-12-20 16:06:28.988root 11241100x8000000000000000791456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.988{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de600b5d2501e8032021-12-20 16:06:28.988root 11241100x8000000000000000791457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.988{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f631391be09ec02021-12-20 16:06:28.988root 11241100x8000000000000000791458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1907849a5fe934e2021-12-20 16:06:28.989root 11241100x8000000000000000791459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74234f172a3c8b752021-12-20 16:06:28.989root 11241100x8000000000000000791460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ab74b5ce8efc502021-12-20 16:06:28.989root 11241100x8000000000000000791461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3402433b95e51e2021-12-20 16:06:28.989root 11241100x8000000000000000791462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815046dc6d80b57c2021-12-20 16:06:28.989root 11241100x8000000000000000791463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2dec8bbaf3f0c32021-12-20 16:06:28.989root 11241100x8000000000000000791464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceb870b70f50d9e2021-12-20 16:06:28.989root 11241100x8000000000000000791465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a7cde576b920d02021-12-20 16:06:28.989root 11241100x8000000000000000791466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb57f9a143befdc12021-12-20 16:06:28.989root 11241100x8000000000000000791467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968dea7b61ce4a712021-12-20 16:06:28.989root 11241100x8000000000000000791468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.989{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfe5eb85ad898d52021-12-20 16:06:28.989root 11241100x8000000000000000791469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.990{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202d4a44896272d82021-12-20 16:06:28.990root 11241100x8000000000000000791470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.990{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fff9675c5b534a2021-12-20 16:06:28.990root 11241100x8000000000000000791471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.990{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d5523b2aea14e2021-12-20 16:06:28.990root 11241100x8000000000000000791472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.990{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4847e25235f5202021-12-20 16:06:28.990root 11241100x8000000000000000791473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.990{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdef2f7526247822021-12-20 16:06:28.990root 11241100x8000000000000000791474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.990{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeedd20a93e26b3b2021-12-20 16:06:28.990root 11241100x8000000000000000791475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.990{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd4a9f57494eef42021-12-20 16:06:28.990root 11241100x8000000000000000791476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.990{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce38ac171fe11d142021-12-20 16:06:28.990root 11241100x8000000000000000791477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.990{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2796d2fe2af522052021-12-20 16:06:28.990root 11241100x8000000000000000791478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.990{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0dc85e3a5695322021-12-20 16:06:28.990root 11241100x8000000000000000791479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.991{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0025ec42b8b5802021-12-20 16:06:28.991root 11241100x8000000000000000791480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.991{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a1cd3add740edc2021-12-20 16:06:28.991root 11241100x8000000000000000791481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.991{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc83450f5e1df492021-12-20 16:06:28.991root 11241100x8000000000000000791482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.991{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299dca7e585bcb8d2021-12-20 16:06:28.991root 11241100x8000000000000000791483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.991{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02105ab154c86c02021-12-20 16:06:28.991root 11241100x8000000000000000791484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.991{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea310a06dff51f12021-12-20 16:06:28.991root 11241100x8000000000000000791485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.991{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4388a1bb6d59dfda2021-12-20 16:06:28.991root 11241100x8000000000000000791486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.991{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa387ff4b27d5d42021-12-20 16:06:28.991root 11241100x8000000000000000791487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.991{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098d33ec7ee942f52021-12-20 16:06:28.991root 11241100x8000000000000000791488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.992{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c1ce5ce27c72be2021-12-20 16:06:28.992root 11241100x8000000000000000791489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.992{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce985d2dc4deb1fd2021-12-20 16:06:28.992root 11241100x8000000000000000791490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.992{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e34b77746869d42021-12-20 16:06:28.992root 11241100x8000000000000000791491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.992{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1da34143f10d9a2021-12-20 16:06:28.992root 11241100x8000000000000000791492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.992{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b3fd1d4a1aff962021-12-20 16:06:28.992root 11241100x8000000000000000791493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.992{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178affd0992b0e542021-12-20 16:06:28.992root 11241100x8000000000000000791494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.992{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b1840aefbe96002021-12-20 16:06:28.992root 11241100x8000000000000000791495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.992{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c571cae18dddd822021-12-20 16:06:28.992root 11241100x8000000000000000791496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.992{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24eaa490e70d62492021-12-20 16:06:28.992root 11241100x8000000000000000791497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de40f14f449498d2021-12-20 16:06:28.993root 11241100x8000000000000000791498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab320327abe1911c2021-12-20 16:06:28.993root 11241100x8000000000000000791499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a82686108de0ef2021-12-20 16:06:28.993root 11241100x8000000000000000791500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000324bb9d58d1dd2021-12-20 16:06:28.993root 11241100x8000000000000000791501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0926de15d563592c2021-12-20 16:06:28.993root 11241100x8000000000000000791502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42cfbb8cb8643862021-12-20 16:06:28.993root 11241100x8000000000000000791503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9498e8de30ecc7e2021-12-20 16:06:28.993root 11241100x8000000000000000791504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdbd3d75803fdfd2021-12-20 16:06:28.993root 11241100x8000000000000000791505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c34c17a3bebda962021-12-20 16:06:28.993root 11241100x8000000000000000791506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dd2470ec19b1092021-12-20 16:06:28.993root 11241100x8000000000000000791507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.993{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fc884b9bdb94e72021-12-20 16:06:28.993root 11241100x8000000000000000791508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.994{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdacb36949b6eea62021-12-20 16:06:28.994root 11241100x8000000000000000791509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.994{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29ee0476a4a249c2021-12-20 16:06:28.994root 11241100x8000000000000000791510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.994{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd5b641a59e00602021-12-20 16:06:28.994root 11241100x8000000000000000791511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.994{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23465918dcfb5afc2021-12-20 16:06:28.994root 11241100x8000000000000000791512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.994{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af9a3edff878df92021-12-20 16:06:28.994root 11241100x8000000000000000791513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.994{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf087073eb052a22021-12-20 16:06:28.994root 11241100x8000000000000000791514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.994{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cee313f1526fb432021-12-20 16:06:28.994root 11241100x8000000000000000791515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.994{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912696fd0211ac182021-12-20 16:06:28.994root 11241100x8000000000000000791516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.997{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f105852f16cb2df72021-12-20 16:06:28.997root 11241100x8000000000000000791517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.997{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a27160a73658322021-12-20 16:06:28.997root 11241100x8000000000000000791518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.997{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3064f387140762542021-12-20 16:06:28.997root 11241100x8000000000000000791519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.997{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e60914795888a8e2021-12-20 16:06:28.997root 11241100x8000000000000000791520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.998{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e341507ef9174f2021-12-20 16:06:28.998root 11241100x8000000000000000791521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.998{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82208d4c77b8a8792021-12-20 16:06:28.998root 11241100x8000000000000000791522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.998{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8fc2e991a029372021-12-20 16:06:28.998root 11241100x8000000000000000791523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:28.998{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50137a84c62ecb842021-12-20 16:06:28.998root 11241100x8000000000000000791524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.003{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534669f296462c5d2021-12-20 16:06:29.003root 11241100x8000000000000000791525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.004{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e251718b9465796a2021-12-20 16:06:29.004root 11241100x8000000000000000791526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.004{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3588f944457431242021-12-20 16:06:29.004root 11241100x8000000000000000791527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.004{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f8ff4623789f7d2021-12-20 16:06:29.004root 11241100x8000000000000000791528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.004{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c5e46fd58f564a2021-12-20 16:06:29.004root 11241100x8000000000000000791529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.005{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8053b7a50fb5ffb32021-12-20 16:06:29.005root 11241100x8000000000000000791530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.005{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e9e9dc33b9d4512021-12-20 16:06:29.005root 11241100x8000000000000000791531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.007{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c721b4d616084502021-12-20 16:06:29.007root 11241100x8000000000000000791532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.007{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68150fb30fe2ac022021-12-20 16:06:29.007root 11241100x8000000000000000791533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.007{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71938bde0d62aa5f2021-12-20 16:06:29.007root 11241100x8000000000000000791534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.007{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76393dc5a52cb9072021-12-20 16:06:29.007root 11241100x8000000000000000791535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.007{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88819ddf5f673a372021-12-20 16:06:29.007root 11241100x8000000000000000791536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.007{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163de3a366e0c0cd2021-12-20 16:06:29.007root 11241100x8000000000000000791537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.007{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4959cd1a20eda47e2021-12-20 16:06:29.007root 11241100x8000000000000000791538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fa56dbd7d288922021-12-20 16:06:29.008root 11241100x8000000000000000791539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6a97c13f412a7f2021-12-20 16:06:29.008root 11241100x8000000000000000791540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af481e08ace9b6c02021-12-20 16:06:29.008root 11241100x8000000000000000791541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b548383766561d02021-12-20 16:06:29.008root 11241100x8000000000000000791542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e78a2f26c0d7acf2021-12-20 16:06:29.008root 11241100x8000000000000000791543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e727cbd39c2b8a2021-12-20 16:06:29.008root 11241100x8000000000000000791544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ec19174bf99e22021-12-20 16:06:29.008root 11241100x8000000000000000791545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81d5f87564ec7802021-12-20 16:06:29.008root 11241100x8000000000000000791546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0274f2eb64c5a1f2021-12-20 16:06:29.008root 11241100x8000000000000000791547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37ef1b3058205292021-12-20 16:06:29.008root 11241100x8000000000000000791548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.008{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416926d49e257feb2021-12-20 16:06:29.008root 11241100x8000000000000000791549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.009{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62518b6907d32a5f2021-12-20 16:06:29.009root 11241100x8000000000000000791550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.009{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7d1def416d40f72021-12-20 16:06:29.009root 11241100x8000000000000000791551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:29.009{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea220881769e6c72021-12-20 16:06:29.009root 534500x8000000000000000791758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:49.162{00000000-0000-0000-0000-000000000000}10278<unknown process>ubuntu 11241100x8000000000000000791759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:49.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51dce268d395ca2021-12-20 16:06:49.423root 11241100x8000000000000000791760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:49.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c70933f112aa46d2021-12-20 16:06:49.923root 11241100x8000000000000000791761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:50.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75d9e3d3224eff82021-12-20 16:06:50.423root 11241100x8000000000000000791762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:50.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d8d371dcb0c7822021-12-20 16:06:50.923root 11241100x8000000000000000791763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:51.423{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a9ef92706c4fd52021-12-20 16:06:51.423root 11241100x8000000000000000791764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:51.923{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132532f9f1cb527f2021-12-20 16:06:51.923root 354300x8000000000000000791765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:52.058{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51650-false10.0.1.12-8000- 11241100x8000000000000000791766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982bbd516f1583d12021-12-20 16:06:52.424root 11241100x8000000000000000791767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:52.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97544d11ccd246d12021-12-20 16:06:52.424root 11241100x8000000000000000791768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcf009f002e50472021-12-20 16:06:52.924root 11241100x8000000000000000791769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:52.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41a0e28c19523e42021-12-20 16:06:52.924root 11241100x8000000000000000791770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba6e8bcb3f98d4a2021-12-20 16:06:53.424root 11241100x8000000000000000791771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:53.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64f13b14c84955d2021-12-20 16:06:53.424root 11241100x8000000000000000791772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2a9944f7bf7de92021-12-20 16:06:53.924root 11241100x8000000000000000791773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:53.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9821bc0441c6572021-12-20 16:06:53.924root 11241100x8000000000000000791774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c906cc8bf14d0512021-12-20 16:06:54.424root 11241100x8000000000000000791775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:54.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5796f584b38de1e72021-12-20 16:06:54.424root 11241100x8000000000000000791776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873c83fd7c9abe272021-12-20 16:06:54.924root 11241100x8000000000000000791777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:54.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1202b5de735fd1b92021-12-20 16:06:54.924root 534500x8000000000000000791778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.024{00000000-0000-0000-0000-000000000000}10279<unknown process>ubuntu 11241100x8000000000000000791779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ea9513aa9e2c0c2021-12-20 16:06:55.424root 11241100x8000000000000000791780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a685e315f8ff7b7f2021-12-20 16:06:55.424root 11241100x8000000000000000791781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42800e41367381332021-12-20 16:06:55.424root 11241100x8000000000000000791782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a382a5b4e035b75c2021-12-20 16:06:55.924root 11241100x8000000000000000791783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb81caba4e6a72032021-12-20 16:06:55.924root 11241100x8000000000000000791784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9de59245c3b5a52021-12-20 16:06:55.924root 534500x8000000000000000791785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.966{ec2c97d1-aa1f-61c0-0000-000000000000}10280-ubuntu 534500x8000000000000000791786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.967{00000000-0000-0000-0000-000000000000}10281<unknown process>ubuntu 534500x8000000000000000791787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.969{ec2c97d1-aa1f-61c0-0000-000000000000}10282-ubuntu 534500x8000000000000000791788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.972{ec2c97d1-aa1f-61c0-0000-000000000000}10283-ubuntu 11241100x8000000000000000791789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.972{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bash/tmp/sh-thd.b0LE3X2021-12-20 16:06:55.972ubuntu 23542300x8000000000000000791790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.972{ec2c97d1-9cd7-61c0-0864-408b87550000}9810ubuntu/bin/bash/tmp/sh-thd.b0LE3X--- 534500x8000000000000000791791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.974{ec2c97d1-aa1f-61c0-0000-000000000000}10284-ubuntu 11241100x8000000000000000791792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.974{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bash/tmp/sh-thd.xySUnd2021-12-20 16:06:55.974ubuntu 23542300x8000000000000000791793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:55.974{ec2c97d1-9cd7-61c0-0864-408b87550000}9810ubuntu/bin/bash/tmp/sh-thd.xySUnd--- 11241100x8000000000000000791794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2953d0a19e36012021-12-20 16:06:56.424root 11241100x8000000000000000791795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412a26bb5eb88f2a2021-12-20 16:06:56.424root 11241100x8000000000000000791796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295eef3bcff9e0f92021-12-20 16:06:56.424root 11241100x8000000000000000791797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7c146195817a892021-12-20 16:06:56.424root 11241100x8000000000000000791798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5193a93b5dcfb48f2021-12-20 16:06:56.424root 11241100x8000000000000000791799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c92515ae417cc272021-12-20 16:06:56.424root 11241100x8000000000000000791800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df5c5f063c14fe52021-12-20 16:06:56.424root 11241100x8000000000000000791801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a059bfc073f51d072021-12-20 16:06:56.425root 11241100x8000000000000000791802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf51c8dd52f04d02021-12-20 16:06:56.425root 11241100x8000000000000000791803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4deda46b0d7f7e2021-12-20 16:06:56.425root 11241100x8000000000000000791804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff37eb7bcbea6492021-12-20 16:06:56.425root 11241100x8000000000000000791805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb2952ab54ca1f22021-12-20 16:06:56.425root 11241100x8000000000000000791806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caeaf676b6f8e6a2021-12-20 16:06:56.924root 11241100x8000000000000000791807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f7437aed0fd72d2021-12-20 16:06:56.924root 11241100x8000000000000000791808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9a1966387a13692021-12-20 16:06:56.924root 11241100x8000000000000000791809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5a34d2287a01dd2021-12-20 16:06:56.924root 11241100x8000000000000000791810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e05212afe0b8f42021-12-20 16:06:56.924root 11241100x8000000000000000791811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4565e976c7ed8a142021-12-20 16:06:56.924root 11241100x8000000000000000791812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718ee30b249c94142021-12-20 16:06:56.924root 11241100x8000000000000000791813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fe0d71084496e52021-12-20 16:06:56.925root 11241100x8000000000000000791814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf81edd7a59e8312021-12-20 16:06:56.925root 11241100x8000000000000000791815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf1ab62fd65c6fc2021-12-20 16:06:56.925root 11241100x8000000000000000791816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efef9f823fe67922021-12-20 16:06:56.925root 11241100x8000000000000000791817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:56.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722eaccbdc2338eb2021-12-20 16:06:56.925root 354300x8000000000000000791818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.070{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51652-false10.0.1.12-8000- 11241100x8000000000000000791819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42817448ceb2c3172021-12-20 16:06:57.424root 11241100x8000000000000000791820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce1fb0b39f9cd892021-12-20 16:06:57.424root 11241100x8000000000000000791821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46112b756c94333a2021-12-20 16:06:57.424root 11241100x8000000000000000791822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c69ae9b89677fe2021-12-20 16:06:57.424root 11241100x8000000000000000791823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a481c98d5cdba6df2021-12-20 16:06:57.425root 11241100x8000000000000000791824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3f56e423188bcf2021-12-20 16:06:57.425root 11241100x8000000000000000791825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3ffa7f6e22ceeb2021-12-20 16:06:57.425root 11241100x8000000000000000791826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377034daf9f932972021-12-20 16:06:57.425root 11241100x8000000000000000791827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed079bae47b5f3b2021-12-20 16:06:57.425root 11241100x8000000000000000791828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76238daf7d3356f2021-12-20 16:06:57.425root 11241100x8000000000000000791829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe154961ff13df92021-12-20 16:06:57.425root 11241100x8000000000000000791830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f21ee6c0a448d092021-12-20 16:06:57.425root 11241100x8000000000000000791831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400f919212da8b8c2021-12-20 16:06:57.425root 11241100x8000000000000000791832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129986ca70e11a0e2021-12-20 16:06:57.924root 11241100x8000000000000000791833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33ab2ea4d6945ae2021-12-20 16:06:57.924root 11241100x8000000000000000791834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329825fe252ec2562021-12-20 16:06:57.924root 11241100x8000000000000000791835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0394f6a675671b9f2021-12-20 16:06:57.924root 11241100x8000000000000000791836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c45b80d2d695472021-12-20 16:06:57.924root 11241100x8000000000000000791837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1e772a483786a82021-12-20 16:06:57.924root 11241100x8000000000000000791838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462603d5aab373472021-12-20 16:06:57.925root 11241100x8000000000000000791839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31719a254e6e80fb2021-12-20 16:06:57.925root 11241100x8000000000000000791840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdce7c53c87f3a742021-12-20 16:06:57.925root 11241100x8000000000000000791841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592808b5d258f8f72021-12-20 16:06:57.925root 11241100x8000000000000000791842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc17651cc6355872021-12-20 16:06:57.925root 11241100x8000000000000000791843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb1e31aaa95edc02021-12-20 16:06:57.925root 11241100x8000000000000000791844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:57.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bae69f69c1299d62021-12-20 16:06:57.925root 11241100x8000000000000000791845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830eac052039866d2021-12-20 16:06:58.424root 11241100x8000000000000000791846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44c5b2c463186662021-12-20 16:06:58.424root 11241100x8000000000000000791847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b728b844594f28772021-12-20 16:06:58.424root 11241100x8000000000000000791848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55491c8f23740892021-12-20 16:06:58.424root 11241100x8000000000000000791849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eba56a82bab25d2021-12-20 16:06:58.425root 11241100x8000000000000000791850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc162a34f79c13d2021-12-20 16:06:58.425root 11241100x8000000000000000791851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424f2f446630a6262021-12-20 16:06:58.425root 11241100x8000000000000000791852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7588ee59c9b529962021-12-20 16:06:58.425root 11241100x8000000000000000791853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e07aef1d514adbb2021-12-20 16:06:58.425root 11241100x8000000000000000791854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e921b946e0c0ed2021-12-20 16:06:58.425root 11241100x8000000000000000791855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1a01dfc96988962021-12-20 16:06:58.425root 11241100x8000000000000000791856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6ae56c4d33a11a2021-12-20 16:06:58.425root 11241100x8000000000000000791857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ac3da9d43024b42021-12-20 16:06:58.426root 11241100x8000000000000000791858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2d58d4f79c10212021-12-20 16:06:58.924root 11241100x8000000000000000791859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fee7fa68108e5c92021-12-20 16:06:58.924root 11241100x8000000000000000791860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e6fefe17fa7acf2021-12-20 16:06:58.925root 11241100x8000000000000000791861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70d5e6691528ab72021-12-20 16:06:58.925root 11241100x8000000000000000791862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6953dea2f39185962021-12-20 16:06:58.925root 11241100x8000000000000000791863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4df38d8455bb652021-12-20 16:06:58.925root 11241100x8000000000000000791864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e75c53ed6eb9f02021-12-20 16:06:58.925root 11241100x8000000000000000791865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bbff22f779f6c22021-12-20 16:06:58.926root 11241100x8000000000000000791866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60fd46ec2b63bb12021-12-20 16:06:58.926root 11241100x8000000000000000791867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428125582688cbed2021-12-20 16:06:58.926root 11241100x8000000000000000791868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d5a5d8097121a2021-12-20 16:06:58.926root 11241100x8000000000000000791869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985eb3594bfc0aef2021-12-20 16:06:58.926root 11241100x8000000000000000791870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:58.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b20904361f0d72f2021-12-20 16:06:58.926root 11241100x8000000000000000791871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f25a5cb2f0a3802021-12-20 16:06:59.424root 11241100x8000000000000000791872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e8dab6d1ad11852021-12-20 16:06:59.424root 11241100x8000000000000000791873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a824bce750a993b42021-12-20 16:06:59.424root 11241100x8000000000000000791874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a8007747e5f5f32021-12-20 16:06:59.424root 11241100x8000000000000000791875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78261ec911a41f9d2021-12-20 16:06:59.425root 11241100x8000000000000000791876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b71c9ce1a5554d2021-12-20 16:06:59.425root 11241100x8000000000000000791877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5217f335072f142021-12-20 16:06:59.425root 11241100x8000000000000000791878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564b07a63964cd492021-12-20 16:06:59.425root 11241100x8000000000000000791879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1b54f312833b842021-12-20 16:06:59.425root 11241100x8000000000000000791880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c07e0553e11fb9f2021-12-20 16:06:59.425root 11241100x8000000000000000791881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad59de2166071a52021-12-20 16:06:59.425root 11241100x8000000000000000791882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9209eb1e3f66adb42021-12-20 16:06:59.426root 11241100x8000000000000000791883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e39c131284944e52021-12-20 16:06:59.426root 11241100x8000000000000000791884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6b205a052931f82021-12-20 16:06:59.924root 11241100x8000000000000000791885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a82c9fd0c794942021-12-20 16:06:59.924root 11241100x8000000000000000791886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2247af5401970cf12021-12-20 16:06:59.924root 11241100x8000000000000000791887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3480a18965471e722021-12-20 16:06:59.925root 11241100x8000000000000000791888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae620452213b190c2021-12-20 16:06:59.925root 11241100x8000000000000000791889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dd49cf624130ad2021-12-20 16:06:59.925root 11241100x8000000000000000791890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb00219ae4eee6d92021-12-20 16:06:59.925root 11241100x8000000000000000791891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de533e9743b6a7b2021-12-20 16:06:59.925root 11241100x8000000000000000791892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4fa0d2122f3c482021-12-20 16:06:59.925root 11241100x8000000000000000791893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4681288f32cf79f52021-12-20 16:06:59.925root 11241100x8000000000000000791894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dc280436ec698d2021-12-20 16:06:59.925root 11241100x8000000000000000791895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a45a8ad8ea3a5242021-12-20 16:06:59.925root 11241100x8000000000000000791896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:06:59.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4fb0630334d16b2021-12-20 16:06:59.925root 11241100x8000000000000000791897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5d1937c3d0ed2b2021-12-20 16:07:00.424root 11241100x8000000000000000791898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e32aba800b520a72021-12-20 16:07:00.424root 11241100x8000000000000000791899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7537eac77d4556ea2021-12-20 16:07:00.424root 11241100x8000000000000000791900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf59634bb4907edb2021-12-20 16:07:00.424root 11241100x8000000000000000791901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deba8bb2fc9364b32021-12-20 16:07:00.424root 11241100x8000000000000000791902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1735dea8400dade2021-12-20 16:07:00.425root 11241100x8000000000000000791903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7ee5ca75a404bc2021-12-20 16:07:00.425root 11241100x8000000000000000791904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaff63891ffbc4c2021-12-20 16:07:00.425root 11241100x8000000000000000791905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cede77147ec54e2021-12-20 16:07:00.425root 11241100x8000000000000000791906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe38495166306002021-12-20 16:07:00.425root 11241100x8000000000000000791907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659a20482b1cfe782021-12-20 16:07:00.425root 11241100x8000000000000000791908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d86ccfaacc2baf2021-12-20 16:07:00.425root 11241100x8000000000000000791909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af95123de359889e2021-12-20 16:07:00.425root 11241100x8000000000000000791910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19927a20debadbc2021-12-20 16:07:00.924root 11241100x8000000000000000791911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409bc4fb939c6dc12021-12-20 16:07:00.924root 11241100x8000000000000000791912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905b295587c6d0cd2021-12-20 16:07:00.925root 11241100x8000000000000000791913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f06e9f4f6488ca2021-12-20 16:07:00.925root 11241100x8000000000000000791914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3284922d69d37312021-12-20 16:07:00.925root 11241100x8000000000000000791915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bf4fb84416613c2021-12-20 16:07:00.926root 11241100x8000000000000000791916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4c0c510cffcf122021-12-20 16:07:00.926root 11241100x8000000000000000791917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e79f0d8659f92c22021-12-20 16:07:00.926root 11241100x8000000000000000791918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac13383185d3f842021-12-20 16:07:00.926root 11241100x8000000000000000791919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f362694eeedadd2021-12-20 16:07:00.926root 11241100x8000000000000000791920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2447ab1ced68f01d2021-12-20 16:07:00.927root 11241100x8000000000000000791921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2743f89d923e332021-12-20 16:07:00.927root 11241100x8000000000000000791922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:00.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184fbb9032961d072021-12-20 16:07:00.927root 11241100x8000000000000000791923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e7a6d6b535a3652021-12-20 16:07:01.424root 11241100x8000000000000000791924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23120dc98152908a2021-12-20 16:07:01.424root 11241100x8000000000000000791925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4240a820004277cf2021-12-20 16:07:01.425root 11241100x8000000000000000791926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd6da7910a3c1702021-12-20 16:07:01.425root 11241100x8000000000000000791927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9123e75f4c1783e12021-12-20 16:07:01.425root 11241100x8000000000000000791928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e5b69d2c30e8de2021-12-20 16:07:01.425root 11241100x8000000000000000791929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67e9c11821ea2252021-12-20 16:07:01.425root 11241100x8000000000000000791930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd79c7fc22fe5802021-12-20 16:07:01.425root 11241100x8000000000000000791931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53591d262b0911c82021-12-20 16:07:01.426root 11241100x8000000000000000791932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9105f5ac6a08ee72021-12-20 16:07:01.426root 11241100x8000000000000000791933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807b79c9d1ed50662021-12-20 16:07:01.426root 11241100x8000000000000000791934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f9d7883c5ccaf02021-12-20 16:07:01.426root 11241100x8000000000000000791935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb420b827b790cb2021-12-20 16:07:01.426root 11241100x8000000000000000791936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f58f3002497837a2021-12-20 16:07:01.924root 11241100x8000000000000000791937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368239abadd32ce62021-12-20 16:07:01.924root 11241100x8000000000000000791938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660617edd64aeac62021-12-20 16:07:01.924root 11241100x8000000000000000791939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6050060c44f2f86a2021-12-20 16:07:01.925root 11241100x8000000000000000791940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6912248e787a3ed12021-12-20 16:07:01.925root 11241100x8000000000000000791941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c7a97736d5bcf32021-12-20 16:07:01.925root 11241100x8000000000000000791942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d0489442bdb1982021-12-20 16:07:01.925root 11241100x8000000000000000791943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059e2174bd3503d72021-12-20 16:07:01.925root 11241100x8000000000000000791944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856e5efb21c18fd02021-12-20 16:07:01.925root 11241100x8000000000000000791945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303ee8ea277ab8dd2021-12-20 16:07:01.925root 11241100x8000000000000000791946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc98622c4c69a7d2021-12-20 16:07:01.925root 11241100x8000000000000000791947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0314ddf224a0082021-12-20 16:07:01.926root 11241100x8000000000000000791948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:01.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d5fd60054e266f2021-12-20 16:07:01.926root 154100x8000000000000000791949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.195{ec2c97d1-aa26-61c0-e8e6-4d2dc1550000}10285/bin/ls-----ls --color=auto/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 11241100x8000000000000000791950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.196{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d174f9cd08befbce2021-12-20 16:07:02.196root 11241100x8000000000000000791951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.196{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190fd4106cfaf6022021-12-20 16:07:02.196root 11241100x8000000000000000791952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.196{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c41e3656200a59a2021-12-20 16:07:02.196root 11241100x8000000000000000791953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.197{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9237f9873b92b02021-12-20 16:07:02.197root 534500x8000000000000000791954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.197{ec2c97d1-aa26-61c0-e8e6-4d2dc1550000}10285/bin/lsubuntu 11241100x8000000000000000791955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.197{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bf9783f620ac842021-12-20 16:07:02.197root 11241100x8000000000000000791956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.197{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c5c2e2a50943512021-12-20 16:07:02.197root 11241100x8000000000000000791957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.197{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3206b54c4d3c47e42021-12-20 16:07:02.197root 11241100x8000000000000000791958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.197{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240cfca1cecabcb12021-12-20 16:07:02.197root 11241100x8000000000000000791959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.197{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb54f8cb17f058742021-12-20 16:07:02.197root 11241100x8000000000000000791960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.198{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb4a1b833d8af3b2021-12-20 16:07:02.198root 11241100x8000000000000000791961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.198{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27936e8e11db32ad2021-12-20 16:07:02.198root 11241100x8000000000000000791962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.198{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf98ee0828be7aa2021-12-20 16:07:02.198root 11241100x8000000000000000791963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.198{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35baf09a0fabbf582021-12-20 16:07:02.198root 11241100x8000000000000000791964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.198{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdedb4ca070bb642021-12-20 16:07:02.198root 11241100x8000000000000000791965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.199{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada5259f331928f02021-12-20 16:07:02.199root 11241100x8000000000000000791966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.199{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3308a8db3059c4682021-12-20 16:07:02.199root 11241100x8000000000000000791967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.674{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9215d514a84cd3b2021-12-20 16:07:02.674root 11241100x8000000000000000791968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e2ce9c77202fb22021-12-20 16:07:02.675root 11241100x8000000000000000791969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57ff03f0aec77292021-12-20 16:07:02.675root 11241100x8000000000000000791970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87322b3865ed048b2021-12-20 16:07:02.675root 11241100x8000000000000000791971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e46ff7ace3f4792021-12-20 16:07:02.675root 11241100x8000000000000000791972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a5bf688d893ec22021-12-20 16:07:02.675root 11241100x8000000000000000791973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847a71d3c90cb5ce2021-12-20 16:07:02.675root 11241100x8000000000000000791974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.675{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faf0507e49847862021-12-20 16:07:02.675root 11241100x8000000000000000791975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79db7ffb1da766462021-12-20 16:07:02.676root 11241100x8000000000000000791976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae244674dfd83182021-12-20 16:07:02.676root 11241100x8000000000000000791977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dc755751fe4eb72021-12-20 16:07:02.676root 11241100x8000000000000000791978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eea9bd0f1e2323d2021-12-20 16:07:02.676root 11241100x8000000000000000791979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a21c4acf77be2462021-12-20 16:07:02.676root 11241100x8000000000000000791980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c24d6322dabe62021-12-20 16:07:02.676root 11241100x8000000000000000791981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:02.676{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7124873cdb6d6a62021-12-20 16:07:02.676root 354300x8000000000000000791982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.033{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51654-false10.0.1.12-8000- 11241100x8000000000000000791983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.033{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6627a98cc95928922021-12-20 16:07:03.033root 11241100x8000000000000000791984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.034{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1639bbcbbdc40c2021-12-20 16:07:03.034root 11241100x8000000000000000791985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.034{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b354e37c63f02bea2021-12-20 16:07:03.034root 11241100x8000000000000000791986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.034{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615163eca3c796982021-12-20 16:07:03.034root 11241100x8000000000000000791987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.034{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f648d38aef53a252021-12-20 16:07:03.034root 11241100x8000000000000000791988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.034{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de19dee7be17bee2021-12-20 16:07:03.034root 11241100x8000000000000000791989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.035{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158b60a22d6253ef2021-12-20 16:07:03.035root 11241100x8000000000000000791990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.035{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c2972fb73898fe2021-12-20 16:07:03.035root 11241100x8000000000000000791991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.035{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22513a542b5c212c2021-12-20 16:07:03.035root 11241100x8000000000000000791992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.035{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152c78ac5e806d4c2021-12-20 16:07:03.035root 11241100x8000000000000000791993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.035{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d344388808cd982021-12-20 16:07:03.035root 11241100x8000000000000000791994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.035{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4499af03b607c102021-12-20 16:07:03.035root 11241100x8000000000000000791995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.035{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b113abcdb7e3a062021-12-20 16:07:03.035root 11241100x8000000000000000791996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.035{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7cf4f974dc95fa2021-12-20 16:07:03.035root 11241100x8000000000000000791997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.036{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d75deee2d708c92021-12-20 16:07:03.036root 11241100x8000000000000000791998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.036{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77245e5ef900189f2021-12-20 16:07:03.036root 11241100x8000000000000000791999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.036{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bac1fe25e496482021-12-20 16:07:03.036root 11241100x8000000000000000792000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e79dd4275f11d52021-12-20 16:07:03.424root 11241100x8000000000000000792001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45af2852f69ad03b2021-12-20 16:07:03.424root 11241100x8000000000000000792002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e22af88c5ebad4e2021-12-20 16:07:03.424root 11241100x8000000000000000792003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107ba436e335e3152021-12-20 16:07:03.425root 11241100x8000000000000000792004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b9319ab23a7fcc2021-12-20 16:07:03.425root 11241100x8000000000000000792005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e904e8cfa521ae62021-12-20 16:07:03.425root 11241100x8000000000000000792006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee1e5eb4bd17e242021-12-20 16:07:03.425root 11241100x8000000000000000792007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d942678e175b8d2021-12-20 16:07:03.425root 11241100x8000000000000000792008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a351ec94b00f1912021-12-20 16:07:03.425root 11241100x8000000000000000792009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1900ab9e003f7452021-12-20 16:07:03.425root 11241100x8000000000000000792010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e461883a2d13bd82021-12-20 16:07:03.425root 11241100x8000000000000000792011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0398585133fd65662021-12-20 16:07:03.425root 11241100x8000000000000000792012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3907d2ef1af48f5a2021-12-20 16:07:03.426root 11241100x8000000000000000792013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf74de16fa5dd0cc2021-12-20 16:07:03.426root 11241100x8000000000000000792014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6035507acb831afa2021-12-20 16:07:03.426root 11241100x8000000000000000792015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14256cf79fff4a62021-12-20 16:07:03.426root 11241100x8000000000000000792016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abefeab41d078162021-12-20 16:07:03.924root 11241100x8000000000000000792017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79685bcc0dd60eed2021-12-20 16:07:03.924root 11241100x8000000000000000792018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdb34a4e7f7c2722021-12-20 16:07:03.925root 11241100x8000000000000000792019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8d547e915ada672021-12-20 16:07:03.925root 11241100x8000000000000000792020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa152254663b34752021-12-20 16:07:03.925root 11241100x8000000000000000792021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dace662d8f2db82021-12-20 16:07:03.925root 11241100x8000000000000000792022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2748cf7eadaecb2021-12-20 16:07:03.925root 11241100x8000000000000000792023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9917a5f54208c12021-12-20 16:07:03.925root 11241100x8000000000000000792024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f144bd6550995bd02021-12-20 16:07:03.925root 11241100x8000000000000000792025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1254e3c91ce0b42021-12-20 16:07:03.926root 11241100x8000000000000000792026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307ee3c794728be92021-12-20 16:07:03.926root 11241100x8000000000000000792027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6e6e2d24d9f3952021-12-20 16:07:03.926root 11241100x8000000000000000792028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c926a0ddaa8aa3942021-12-20 16:07:03.926root 11241100x8000000000000000792029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d442dd6132c54132021-12-20 16:07:03.926root 11241100x8000000000000000792030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750af781baef5cec2021-12-20 16:07:03.926root 11241100x8000000000000000792031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:03.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a3029b91603c202021-12-20 16:07:03.926root 11241100x8000000000000000792032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f16f5b63d3cdc702021-12-20 16:07:04.424root 11241100x8000000000000000792033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171bf1fbd2a117b02021-12-20 16:07:04.424root 11241100x8000000000000000792034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941660cbc334aaf22021-12-20 16:07:04.424root 11241100x8000000000000000792035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18a3ab69f9bedc12021-12-20 16:07:04.425root 11241100x8000000000000000792036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9a1c4c9a9428392021-12-20 16:07:04.425root 11241100x8000000000000000792037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b940c0f137d9e582021-12-20 16:07:04.425root 11241100x8000000000000000792038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818ed5d7efcd5fd42021-12-20 16:07:04.425root 11241100x8000000000000000792039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c83f9e58babd722021-12-20 16:07:04.425root 11241100x8000000000000000792040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265fa556ba170a452021-12-20 16:07:04.426root 11241100x8000000000000000792041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486e561269d6107f2021-12-20 16:07:04.426root 11241100x8000000000000000792042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af94b5a53ac629b2021-12-20 16:07:04.426root 11241100x8000000000000000792043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f514a0b1b49696a2021-12-20 16:07:04.426root 11241100x8000000000000000792044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f32bca0d8a09d162021-12-20 16:07:04.426root 11241100x8000000000000000792045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b894485951dd3c2021-12-20 16:07:04.427root 11241100x8000000000000000792046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4362783bd9ef825d2021-12-20 16:07:04.427root 11241100x8000000000000000792047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5237ce7cfd0295c82021-12-20 16:07:04.427root 11241100x8000000000000000792048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d627f83d8294d3dc2021-12-20 16:07:04.925root 11241100x8000000000000000792049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9780ca8ff44116692021-12-20 16:07:04.925root 11241100x8000000000000000792050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb52447845a11fb2021-12-20 16:07:04.925root 11241100x8000000000000000792051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9431483a2a52f3a62021-12-20 16:07:04.925root 11241100x8000000000000000792052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d24374b898e2702021-12-20 16:07:04.925root 11241100x8000000000000000792053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee983bf2cf0601df2021-12-20 16:07:04.925root 11241100x8000000000000000792054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be68bfd1a1c023de2021-12-20 16:07:04.926root 11241100x8000000000000000792055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5097e8b35af0fb1b2021-12-20 16:07:04.926root 11241100x8000000000000000792056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b340c4b80b9c452021-12-20 16:07:04.926root 11241100x8000000000000000792057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503835f30269b4e42021-12-20 16:07:04.926root 11241100x8000000000000000792058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70d7c51065b86922021-12-20 16:07:04.926root 11241100x8000000000000000792059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2e7ac75a99c07d2021-12-20 16:07:04.926root 11241100x8000000000000000792060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674c90938f1ffda22021-12-20 16:07:04.926root 11241100x8000000000000000792061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9f82d5e6f721292021-12-20 16:07:04.927root 11241100x8000000000000000792062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100ac1e97f9f15272021-12-20 16:07:04.927root 11241100x8000000000000000792063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:04.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57ca423ae1c5d122021-12-20 16:07:04.927root 11241100x8000000000000000792064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37c3f9547f70e3b2021-12-20 16:07:05.424root 11241100x8000000000000000792065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2ba9f3790fb1212021-12-20 16:07:05.424root 11241100x8000000000000000792066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a795ea3611553e4e2021-12-20 16:07:05.425root 11241100x8000000000000000792067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a445ce376d89597f2021-12-20 16:07:05.425root 11241100x8000000000000000792068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f331ebeecdf35e12021-12-20 16:07:05.425root 11241100x8000000000000000792069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e63b273358bed322021-12-20 16:07:05.425root 11241100x8000000000000000792070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb710353a9ed73e2021-12-20 16:07:05.426root 11241100x8000000000000000792071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbfa4289a6d98522021-12-20 16:07:05.426root 11241100x8000000000000000792072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee84225ee1b5d8622021-12-20 16:07:05.426root 11241100x8000000000000000792073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea1496295621cf72021-12-20 16:07:05.426root 11241100x8000000000000000792074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c79a773630b7e12021-12-20 16:07:05.426root 11241100x8000000000000000792075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99979fb39f711bfa2021-12-20 16:07:05.426root 11241100x8000000000000000792076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda73fd5bbf49f362021-12-20 16:07:05.427root 11241100x8000000000000000792077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e0113db980c3c2021-12-20 16:07:05.427root 11241100x8000000000000000792078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469c3560a49ebc932021-12-20 16:07:05.427root 11241100x8000000000000000792079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d630fa6fde0f230e2021-12-20 16:07:05.427root 11241100x8000000000000000792080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5429c7431070faae2021-12-20 16:07:05.924root 11241100x8000000000000000792081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d4f464699fed1f2021-12-20 16:07:05.924root 11241100x8000000000000000792082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e784a08e429ad1a32021-12-20 16:07:05.925root 11241100x8000000000000000792083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0610c6f5d327a93c2021-12-20 16:07:05.925root 11241100x8000000000000000792084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcc4ef0982ba8432021-12-20 16:07:05.925root 11241100x8000000000000000792085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45045400f9b8d0a42021-12-20 16:07:05.925root 11241100x8000000000000000792086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c91f8c3f82691b2021-12-20 16:07:05.925root 11241100x8000000000000000792087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558a889ae3e5f7112021-12-20 16:07:05.926root 11241100x8000000000000000792088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44b3263bd8972f82021-12-20 16:07:05.926root 11241100x8000000000000000792089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff20545e0f1ce9c2021-12-20 16:07:05.926root 11241100x8000000000000000792090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69340893283ec212021-12-20 16:07:05.926root 11241100x8000000000000000792091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ed093ec1a9fa7b2021-12-20 16:07:05.926root 11241100x8000000000000000792092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619917a8918a38422021-12-20 16:07:05.926root 11241100x8000000000000000792093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddddd6ab7498ff22021-12-20 16:07:05.927root 11241100x8000000000000000792094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff07c10c92f0bb52021-12-20 16:07:05.927root 11241100x8000000000000000792095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:05.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dc78848c1c43f52021-12-20 16:07:05.927root 11241100x8000000000000000792096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.066{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-20 16:07:06.066root 11241100x8000000000000000792097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b272330420c448552021-12-20 16:07:06.424root 11241100x8000000000000000792098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22813d263ecd0b412021-12-20 16:07:06.424root 11241100x8000000000000000792099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bd1d766c8715082021-12-20 16:07:06.424root 11241100x8000000000000000792100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24817763a44e652a2021-12-20 16:07:06.424root 11241100x8000000000000000792101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4883d40f955ee5b72021-12-20 16:07:06.425root 11241100x8000000000000000792102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9c19b7b53a0fb32021-12-20 16:07:06.425root 11241100x8000000000000000792103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeeca9837866ba42021-12-20 16:07:06.425root 11241100x8000000000000000792104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2de25c2c253d6e2021-12-20 16:07:06.425root 11241100x8000000000000000792105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8472105ce712702021-12-20 16:07:06.425root 11241100x8000000000000000792106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7237745f4ad54ac2021-12-20 16:07:06.425root 11241100x8000000000000000792107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f642fc160f0fe70d2021-12-20 16:07:06.426root 11241100x8000000000000000792108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4d3be98432122a2021-12-20 16:07:06.426root 11241100x8000000000000000792109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6db8d2f38b3d5df2021-12-20 16:07:06.426root 11241100x8000000000000000792110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3572572490d184632021-12-20 16:07:06.426root 11241100x8000000000000000792111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef154e6a4d6ad592021-12-20 16:07:06.426root 11241100x8000000000000000792112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5408d12be76c8b202021-12-20 16:07:06.427root 11241100x8000000000000000792113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec84bceec85b588d2021-12-20 16:07:06.427root 11241100x8000000000000000792114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613e1bd4b011ba7c2021-12-20 16:07:06.924root 11241100x8000000000000000792115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5980a0df637569332021-12-20 16:07:06.924root 11241100x8000000000000000792116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fa4bae23fbb1d62021-12-20 16:07:06.925root 11241100x8000000000000000792117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e823032204cd592021-12-20 16:07:06.925root 11241100x8000000000000000792118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eff428fcf91be82021-12-20 16:07:06.925root 11241100x8000000000000000792119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50298f9db895f2232021-12-20 16:07:06.925root 11241100x8000000000000000792120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e51f00f593c08fe2021-12-20 16:07:06.925root 11241100x8000000000000000792121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c801a9edda358b2021-12-20 16:07:06.925root 11241100x8000000000000000792122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f671f6009cb0af2021-12-20 16:07:06.926root 11241100x8000000000000000792123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a607a98d753c703d2021-12-20 16:07:06.926root 11241100x8000000000000000792124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1c10e2666b06d92021-12-20 16:07:06.926root 11241100x8000000000000000792125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8bd3db7168c0cc2021-12-20 16:07:06.926root 11241100x8000000000000000792126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a9090532a384652021-12-20 16:07:06.926root 11241100x8000000000000000792127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f92404a5786b862021-12-20 16:07:06.926root 11241100x8000000000000000792128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325a454cb71dec562021-12-20 16:07:06.926root 11241100x8000000000000000792129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a770bf02d0c7f7d42021-12-20 16:07:06.926root 11241100x8000000000000000792130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:06.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe9739e392744e2021-12-20 16:07:06.927root 534500x8000000000000000792131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.070{00000000-0000-0000-0000-000000000000}10286<unknown process>ubuntu 11241100x8000000000000000792132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7271e3f645b14142021-12-20 16:07:07.424root 11241100x8000000000000000792133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9b6c7d9d365fe32021-12-20 16:07:07.424root 11241100x8000000000000000792134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a7532375f55e202021-12-20 16:07:07.424root 11241100x8000000000000000792135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecac0c80abd7dbf72021-12-20 16:07:07.424root 11241100x8000000000000000792136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b151aa4d45d77242021-12-20 16:07:07.425root 11241100x8000000000000000792137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf04b7a0420d4962021-12-20 16:07:07.425root 11241100x8000000000000000792138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0cedc5dd25e4d82021-12-20 16:07:07.425root 11241100x8000000000000000792139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5befe6d5c030442021-12-20 16:07:07.425root 11241100x8000000000000000792140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cc18ff8ed7eca02021-12-20 16:07:07.425root 11241100x8000000000000000792141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aadbf2a708575262021-12-20 16:07:07.425root 11241100x8000000000000000792142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc5b0343c3042132021-12-20 16:07:07.425root 11241100x8000000000000000792143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931a2270b00c79bf2021-12-20 16:07:07.425root 11241100x8000000000000000792144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed995f4519c557d2021-12-20 16:07:07.426root 11241100x8000000000000000792145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75432731a8ae01472021-12-20 16:07:07.426root 11241100x8000000000000000792146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cfd7fb96018f8e2021-12-20 16:07:07.426root 11241100x8000000000000000792147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c674f2c503898f2021-12-20 16:07:07.426root 11241100x8000000000000000792148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d04c5211b7b02b42021-12-20 16:07:07.426root 11241100x8000000000000000792149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df5df92cb79d6ec2021-12-20 16:07:07.426root 11241100x8000000000000000792150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258da3411e5fa9562021-12-20 16:07:07.426root 11241100x8000000000000000792151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f4a828027b51ef2021-12-20 16:07:07.427root 154100x8000000000000000792152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.584{ec2c97d1-aa2b-61c0-082e-55310c560000}10287/usr/bin/sudo-----sudo ./run_append/home/ubuntuubuntu{ec2c97d1-9091-61c0-e803-000000000000}10007no level-{ec2c97d1-9cd7-61c0-0864-408b87550000}9810/bin/bashbashubuntu 354300x8000000000000000792153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.587{ec2c97d1-aa2b-61c0-082e-55310c560000}10287/usr/bin/sudoubuntuudptruefalse127.0.0.1-44501-false127.0.0.53-53- 354300x8000000000000000792154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.587{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-51644-false10.0.0.2-53- 354300x8000000000000000792155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.587{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-50645-false10.0.0.2-53- 354300x8000000000000000792156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.588{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-44501- 354300x8000000000000000792157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.588{ec2c97d1-aa2b-61c0-082e-55310c560000}10287/usr/bin/sudoubuntuudptruefalse127.0.0.1-60734-false127.0.0.53-53- 354300x8000000000000000792158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.588{ec2c97d1-67c1-61c0-c007-136a78550000}2546/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-60734- 154100x8000000000000000792159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.591{ec2c97d1-aa2b-61c0-18d9-696eb9550000}10288/home/ubuntu/run_append-----./run_append/home/ubunturoot{ec2c97d1-0000-0000-0000-000000000000}07no level-{ec2c97d1-aa2b-61c0-082e-55310c560000}10287/usr/bin/sudosudoubuntu 534500x8000000000000000792160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.593{ec2c97d1-aa2b-61c0-18d9-696eb9550000}10288/home/ubuntu/run_appendroot 154100x8000000000000000792161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.593{ec2c97d1-aa2b-61c0-6852-c6e2ae550000}10290/bin/dash-----sh -c #/bin/bash echo "/tmp/hello_evil" >> ~/.bashrc echo "/tmp/hello_evil" >> ~/.bash_profile echo "/tmp/hello_evil" >> /etc/profile /home/ubunturoot{ec2c97d1-0000-0000-0000-000000000000}07no level-{00000000-0000-0000-0000-000000000000}10289--- 534500x8000000000000000792162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.593{ec2c97d1-aa2b-61c0-082e-55310c560000}10287/usr/bin/sudoroot 534500x8000000000000000792163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.594{ec2c97d1-aa2b-61c0-6852-c6e2ae550000}10290/bin/dashroot 534500x8000000000000000792164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.594{ec2c97d1-aa2b-61c0-0000-000000000000}10289-root 11241100x8000000000000000792165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c46a326b2d5e7e2021-12-20 16:07:07.924root 11241100x8000000000000000792166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb61dc26a116d8b2021-12-20 16:07:07.924root 11241100x8000000000000000792167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c5725aa8c1fcbc2021-12-20 16:07:07.924root 11241100x8000000000000000792168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29db8a2c4a6fb3e02021-12-20 16:07:07.924root 11241100x8000000000000000792169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771f8ba9fe6390562021-12-20 16:07:07.925root 11241100x8000000000000000792170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a145833ba56e3d082021-12-20 16:07:07.925root 11241100x8000000000000000792171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53901b242c3550712021-12-20 16:07:07.925root 11241100x8000000000000000792172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8a394d44a7b61b2021-12-20 16:07:07.925root 11241100x8000000000000000792173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686448fa02f503ff2021-12-20 16:07:07.925root 11241100x8000000000000000792174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ee9117f297f3b12021-12-20 16:07:07.925root 11241100x8000000000000000792175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42990d4f68e51dc62021-12-20 16:07:07.925root 11241100x8000000000000000792176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e56fb89033eeb42021-12-20 16:07:07.925root 11241100x8000000000000000792177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e2ede9cc7652852021-12-20 16:07:07.925root 11241100x8000000000000000792178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae409aca7b68d532021-12-20 16:07:07.925root 11241100x8000000000000000792179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd79a475195af522021-12-20 16:07:07.925root 11241100x8000000000000000792180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889d876e6a3618b92021-12-20 16:07:07.925root 11241100x8000000000000000792181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceddfe48a32c5862021-12-20 16:07:07.925root 11241100x8000000000000000792182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4669ac893cba36ab2021-12-20 16:07:07.925root 11241100x8000000000000000792183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d7afd8537b40fe2021-12-20 16:07:07.925root 11241100x8000000000000000792184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d4b257f37c35202021-12-20 16:07:07.926root 11241100x8000000000000000792185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dd944f120573f02021-12-20 16:07:07.926root 11241100x8000000000000000792186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4a51f527f6618e2021-12-20 16:07:07.926root 11241100x8000000000000000792187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2ce895065884d72021-12-20 16:07:07.926root 11241100x8000000000000000792188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887082f4e480b0ab2021-12-20 16:07:07.926root 11241100x8000000000000000792189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af22e9fbeb8d6a52021-12-20 16:07:07.926root 11241100x8000000000000000792190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e800ba3b753d712021-12-20 16:07:07.926root 11241100x8000000000000000792191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c454274b839cda2021-12-20 16:07:07.926root 11241100x8000000000000000792192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1aa05b21f1d2e32021-12-20 16:07:07.926root 11241100x8000000000000000792193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c40ca3b5e6eb392021-12-20 16:07:07.926root 11241100x8000000000000000792194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8241b96415c2372021-12-20 16:07:07.926root 11241100x8000000000000000792195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2165d8e1a7d959622021-12-20 16:07:07.926root 11241100x8000000000000000792196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036c062632383a3b2021-12-20 16:07:07.926root 11241100x8000000000000000792197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51beb6219ade7cfa2021-12-20 16:07:07.926root 11241100x8000000000000000792198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:07.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12dcc810a5903e42021-12-20 16:07:07.926root 354300x8000000000000000792199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.062{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51656-false10.0.1.12-8000- 11241100x8000000000000000792200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4763a48f4ae8ad22021-12-20 16:07:08.424root 11241100x8000000000000000792201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc3756acb9ec7232021-12-20 16:07:08.424root 11241100x8000000000000000792202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40466752d7e38fc42021-12-20 16:07:08.425root 11241100x8000000000000000792203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bea61a7f5d871a62021-12-20 16:07:08.425root 11241100x8000000000000000792204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7896d27992627b802021-12-20 16:07:08.425root 11241100x8000000000000000792205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebf438de620bff72021-12-20 16:07:08.425root 11241100x8000000000000000792206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031378799a2d5c242021-12-20 16:07:08.426root 11241100x8000000000000000792207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff0b68f56c2c8f22021-12-20 16:07:08.426root 11241100x8000000000000000792208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1747246d1932192021-12-20 16:07:08.426root 11241100x8000000000000000792209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19752f54f1f71032021-12-20 16:07:08.426root 11241100x8000000000000000792210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ec8cf1e35b86d32021-12-20 16:07:08.426root 11241100x8000000000000000792211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9f89ea5ba3bfb52021-12-20 16:07:08.426root 11241100x8000000000000000792212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296d5e44d4e06f642021-12-20 16:07:08.426root 11241100x8000000000000000792213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdce0a0835ebbe92021-12-20 16:07:08.426root 11241100x8000000000000000792214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0388b08372de7562021-12-20 16:07:08.426root 11241100x8000000000000000792215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302b44f053736b5f2021-12-20 16:07:08.426root 11241100x8000000000000000792216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f14efc422a52fd2021-12-20 16:07:08.426root 11241100x8000000000000000792217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883287dc666e6d112021-12-20 16:07:08.427root 11241100x8000000000000000792218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0ffe4026a42132021-12-20 16:07:08.427root 11241100x8000000000000000792219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3358ffbeb3b6962021-12-20 16:07:08.427root 11241100x8000000000000000792220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2d560a90246d2e2021-12-20 16:07:08.427root 11241100x8000000000000000792221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa0daefe2822c262021-12-20 16:07:08.427root 11241100x8000000000000000792222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0297a8a3d0c0068a2021-12-20 16:07:08.427root 11241100x8000000000000000792223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dc0ac4c787e32f2021-12-20 16:07:08.427root 11241100x8000000000000000792224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6623e5ed97a3bb2021-12-20 16:07:08.427root 11241100x8000000000000000792225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2160311ef2ff3a6d2021-12-20 16:07:08.427root 11241100x8000000000000000792226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e8118cd297e7412021-12-20 16:07:08.427root 11241100x8000000000000000792227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2deaf09b70a3f77f2021-12-20 16:07:08.427root 11241100x8000000000000000792228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1a8bcaa0fa03ab2021-12-20 16:07:08.428root 11241100x8000000000000000792229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5a3b6abd2af7342021-12-20 16:07:08.428root 11241100x8000000000000000792230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ea94e47c34bb0a2021-12-20 16:07:08.428root 11241100x8000000000000000792231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2db6b311e31f4f2021-12-20 16:07:08.428root 11241100x8000000000000000792232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e5ef57d715cd922021-12-20 16:07:08.428root 11241100x8000000000000000792233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817f99373569f3872021-12-20 16:07:08.429root 11241100x8000000000000000792234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0f61a42c9ebe612021-12-20 16:07:08.429root 11241100x8000000000000000792235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c70ac472baded7a2021-12-20 16:07:08.429root 11241100x8000000000000000792236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1fcc439543520f2021-12-20 16:07:08.924root 11241100x8000000000000000792237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42151375a799bec2021-12-20 16:07:08.925root 11241100x8000000000000000792238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085e4e6e4f114e0e2021-12-20 16:07:08.925root 11241100x8000000000000000792239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846143c50cbd1ac32021-12-20 16:07:08.925root 11241100x8000000000000000792240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdda0f32ac74c10c2021-12-20 16:07:08.925root 11241100x8000000000000000792241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65f365c601f32b32021-12-20 16:07:08.925root 11241100x8000000000000000792242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d127b0c9570ea7e2021-12-20 16:07:08.925root 11241100x8000000000000000792243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba079042faef55032021-12-20 16:07:08.925root 11241100x8000000000000000792244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f0ee0e52cf9fd22021-12-20 16:07:08.925root 11241100x8000000000000000792245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379f4c6789a065902021-12-20 16:07:08.925root 11241100x8000000000000000792246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5cc3aa93fd36cc2021-12-20 16:07:08.926root 11241100x8000000000000000792247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9170bb9b2f7325c42021-12-20 16:07:08.926root 11241100x8000000000000000792248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8818b25cf5773c932021-12-20 16:07:08.926root 11241100x8000000000000000792249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab37e588982ca4b82021-12-20 16:07:08.926root 11241100x8000000000000000792250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50093ebf7bb2b2b42021-12-20 16:07:08.926root 11241100x8000000000000000792251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c338b904dfc884452021-12-20 16:07:08.926root 11241100x8000000000000000792252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2576249c5820b32021-12-20 16:07:08.927root 11241100x8000000000000000792253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6457a5733fda4a2021-12-20 16:07:08.927root 11241100x8000000000000000792254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d78bc71202fd2dd2021-12-20 16:07:08.927root 11241100x8000000000000000792255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8dbc6d32ab1e6c2021-12-20 16:07:08.927root 11241100x8000000000000000792256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299523a04aeb29a02021-12-20 16:07:08.927root 11241100x8000000000000000792257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae494095889f8362021-12-20 16:07:08.927root 11241100x8000000000000000792258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f421511e7e1ada12021-12-20 16:07:08.927root 11241100x8000000000000000792259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e76096ea6bade342021-12-20 16:07:08.927root 11241100x8000000000000000792260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3893869880429fe62021-12-20 16:07:08.927root 11241100x8000000000000000792261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b285895c7afccdb42021-12-20 16:07:08.928root 11241100x8000000000000000792262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cafcd33ce5f4192021-12-20 16:07:08.928root 11241100x8000000000000000792263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df06d71598518c42021-12-20 16:07:08.928root 11241100x8000000000000000792264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f079bd6ce70b222021-12-20 16:07:08.928root 11241100x8000000000000000792265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa44453cf50eadf02021-12-20 16:07:08.929root 11241100x8000000000000000792266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3dda54aeb879b92021-12-20 16:07:08.929root 11241100x8000000000000000792267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbacc6c6de45b5eb2021-12-20 16:07:08.929root 11241100x8000000000000000792268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28aef97b9daad0c32021-12-20 16:07:08.929root 11241100x8000000000000000792269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:08.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7259551e6624a86e2021-12-20 16:07:08.929root 23542300x8000000000000000792270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.067{ec2c97d1-6aa3-61c0-30c8-0d28b1550000}5188root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000792271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6224c4029e764732021-12-20 16:07:09.424root 11241100x8000000000000000792272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787e5cf7b994933f2021-12-20 16:07:09.425root 11241100x8000000000000000792273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8c835c65b05bff2021-12-20 16:07:09.425root 11241100x8000000000000000792274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d53b75242dd88ab2021-12-20 16:07:09.425root 11241100x8000000000000000792275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1916976b5b81e4d42021-12-20 16:07:09.425root 11241100x8000000000000000792276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887d943878e8c17e2021-12-20 16:07:09.425root 11241100x8000000000000000792277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfc97812e04b03d2021-12-20 16:07:09.426root 11241100x8000000000000000792278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1ff10225c23cd22021-12-20 16:07:09.426root 11241100x8000000000000000792279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98c7c4929830c472021-12-20 16:07:09.426root 11241100x8000000000000000792280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462ca9fdd273a5272021-12-20 16:07:09.426root 11241100x8000000000000000792281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff665986adee5432021-12-20 16:07:09.426root 11241100x8000000000000000792282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6e2f9b860067612021-12-20 16:07:09.426root 11241100x8000000000000000792283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76001246918af2ce2021-12-20 16:07:09.426root 11241100x8000000000000000792284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf087514955609b2021-12-20 16:07:09.426root 11241100x8000000000000000792285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e8ac9b5aa682b72021-12-20 16:07:09.427root 11241100x8000000000000000792286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43e6bc594793e252021-12-20 16:07:09.427root 11241100x8000000000000000792287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c953ee935047e0652021-12-20 16:07:09.427root 11241100x8000000000000000792288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e545f00fb55e2fb2021-12-20 16:07:09.427root 11241100x8000000000000000792289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d68aeaeff804142021-12-20 16:07:09.427root 11241100x8000000000000000792290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0dcf3838d4b08e2021-12-20 16:07:09.427root 11241100x8000000000000000792291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328e8d71b5e019ef2021-12-20 16:07:09.427root 11241100x8000000000000000792292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e605b7fe516e0472021-12-20 16:07:09.427root 11241100x8000000000000000792293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503dbda3f9df849f2021-12-20 16:07:09.427root 11241100x8000000000000000792294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d3369746664d1e2021-12-20 16:07:09.428root 11241100x8000000000000000792295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6c02aac09142732021-12-20 16:07:09.428root 11241100x8000000000000000792296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c1bd8b55b989692021-12-20 16:07:09.428root 11241100x8000000000000000792297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd143fb6ce3452c2021-12-20 16:07:09.428root 11241100x8000000000000000792298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a83fb323f77b6b2021-12-20 16:07:09.428root 11241100x8000000000000000792299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34dcf98be18e1682021-12-20 16:07:09.428root 11241100x8000000000000000792300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf35a4911fd7e4f32021-12-20 16:07:09.428root 11241100x8000000000000000792301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464dfa9160f22e642021-12-20 16:07:09.428root 11241100x8000000000000000792302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbf6b08201be4b42021-12-20 16:07:09.429root 11241100x8000000000000000792303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523b564bd9f607542021-12-20 16:07:09.429root 11241100x8000000000000000792304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10d52be1ded14692021-12-20 16:07:09.429root 11241100x8000000000000000792305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fc14b24c3bc3d32021-12-20 16:07:09.429root 11241100x8000000000000000792306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23a52d0e94cad022021-12-20 16:07:09.924root 11241100x8000000000000000792307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f952021cc4074c442021-12-20 16:07:09.924root 11241100x8000000000000000792308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3104be3db3d37f2021-12-20 16:07:09.925root 11241100x8000000000000000792309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcb599d2f6703e82021-12-20 16:07:09.926root 11241100x8000000000000000792310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19c8127c3f487a22021-12-20 16:07:09.926root 11241100x8000000000000000792311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9252c83fcf46412021-12-20 16:07:09.926root 11241100x8000000000000000792312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2f9d944b6f5d3e2021-12-20 16:07:09.926root 11241100x8000000000000000792313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720a15955f95659a2021-12-20 16:07:09.926root 11241100x8000000000000000792314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae3b220c150088a2021-12-20 16:07:09.926root 11241100x8000000000000000792315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5527a1de1608cd6b2021-12-20 16:07:09.927root 11241100x8000000000000000792316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319190e07429ebd82021-12-20 16:07:09.927root 11241100x8000000000000000792317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6746c832a89a4452021-12-20 16:07:09.927root 11241100x8000000000000000792318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb09789bc1fb640a2021-12-20 16:07:09.927root 11241100x8000000000000000792319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c07b31e64094e92021-12-20 16:07:09.927root 11241100x8000000000000000792320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca87dbc4d3485dc2021-12-20 16:07:09.927root 11241100x8000000000000000792321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898c62ff3404d3982021-12-20 16:07:09.927root 11241100x8000000000000000792322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9767ae7004598f642021-12-20 16:07:09.927root 11241100x8000000000000000792323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4021f2dc5f10fe252021-12-20 16:07:09.928root 11241100x8000000000000000792324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e61242899f479332021-12-20 16:07:09.928root 11241100x8000000000000000792325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a0afda85307d4c2021-12-20 16:07:09.928root 11241100x8000000000000000792326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b004291e0d1c6452021-12-20 16:07:09.928root 11241100x8000000000000000792327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0801b02c9545372021-12-20 16:07:09.928root 11241100x8000000000000000792328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b0387d313b8b362021-12-20 16:07:09.928root 11241100x8000000000000000792329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adda11348c1239332021-12-20 16:07:09.929root 11241100x8000000000000000792330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4383990744af181e2021-12-20 16:07:09.929root 11241100x8000000000000000792331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e2bb2b10e7725a2021-12-20 16:07:09.929root 11241100x8000000000000000792332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a95f4c4eec18d62021-12-20 16:07:09.929root 11241100x8000000000000000792333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8396fba1e3f2e4ee2021-12-20 16:07:09.929root 11241100x8000000000000000792334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888ecc9a3f6437e32021-12-20 16:07:09.929root 11241100x8000000000000000792335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f902e63009bb5daf2021-12-20 16:07:09.929root 11241100x8000000000000000792336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cc7e167e7654a02021-12-20 16:07:09.929root 11241100x8000000000000000792337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a17ba328e1f56e2021-12-20 16:07:09.929root 11241100x8000000000000000792338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:09.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c601ebe25123c2e2021-12-20 16:07:09.930root 11241100x8000000000000000792339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79771f1637b5760e2021-12-20 16:07:10.424root 11241100x8000000000000000792340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d786c7929d93d4892021-12-20 16:07:10.424root 11241100x8000000000000000792341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b19332c329a733e2021-12-20 16:07:10.424root 11241100x8000000000000000792342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea3114124a2d4e72021-12-20 16:07:10.424root 11241100x8000000000000000792343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aade161fe02c134c2021-12-20 16:07:10.425root 11241100x8000000000000000792344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6459b3c89e5446b2021-12-20 16:07:10.425root 11241100x8000000000000000792345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a8668431df01ea2021-12-20 16:07:10.425root 11241100x8000000000000000792346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837dc014a4eb70e82021-12-20 16:07:10.425root 11241100x8000000000000000792347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a071a74bda50937f2021-12-20 16:07:10.425root 11241100x8000000000000000792348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3913582c884f47942021-12-20 16:07:10.425root 11241100x8000000000000000792349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a397cdb56bdb25172021-12-20 16:07:10.425root 11241100x8000000000000000792350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eed95374851a6c72021-12-20 16:07:10.425root 11241100x8000000000000000792351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e078fb053b9a2b32021-12-20 16:07:10.425root 11241100x8000000000000000792352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f92c21ae45825f2021-12-20 16:07:10.425root 11241100x8000000000000000792353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9455b3f14a5b8562021-12-20 16:07:10.426root 11241100x8000000000000000792354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe681df68eecf6e72021-12-20 16:07:10.426root 11241100x8000000000000000792355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c803fa69bb01202021-12-20 16:07:10.426root 11241100x8000000000000000792356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6a1bdfb14164a02021-12-20 16:07:10.426root 11241100x8000000000000000792357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eac11dcd2189992021-12-20 16:07:10.426root 11241100x8000000000000000792358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89314259238e0632021-12-20 16:07:10.426root 11241100x8000000000000000792359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c246b4f54ce7eef2021-12-20 16:07:10.427root 11241100x8000000000000000792360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd014808114f5b32021-12-20 16:07:10.427root 11241100x8000000000000000792361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990a59b7131220b12021-12-20 16:07:10.427root 11241100x8000000000000000792362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140c6db77e3b72772021-12-20 16:07:10.428root 11241100x8000000000000000792363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf9672a81d5d1dd2021-12-20 16:07:10.428root 11241100x8000000000000000792364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3e1c90df0f22412021-12-20 16:07:10.428root 11241100x8000000000000000792365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e3c8df449ddcbe2021-12-20 16:07:10.429root 11241100x8000000000000000792366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193744ded53e70392021-12-20 16:07:10.429root 11241100x8000000000000000792367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09022f6b14712bd72021-12-20 16:07:10.429root 11241100x8000000000000000792368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc3e850c269faa32021-12-20 16:07:10.429root 11241100x8000000000000000792369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad275aab44397cf2021-12-20 16:07:10.429root 11241100x8000000000000000792370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1faa15c868b7f752021-12-20 16:07:10.429root 11241100x8000000000000000792371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fa056ce678f48f2021-12-20 16:07:10.429root 11241100x8000000000000000792372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c2f9c17f3d92272021-12-20 16:07:10.924root 11241100x8000000000000000792373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8657290f9b6375782021-12-20 16:07:10.924root 11241100x8000000000000000792374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961f8956c55b0ed42021-12-20 16:07:10.924root 11241100x8000000000000000792375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f116f48f8c4ac6262021-12-20 16:07:10.924root 11241100x8000000000000000792376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17584c94a729f1ce2021-12-20 16:07:10.925root 11241100x8000000000000000792377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99edaf6847712d22021-12-20 16:07:10.925root 11241100x8000000000000000792378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d3d757ee5a18b02021-12-20 16:07:10.925root 11241100x8000000000000000792379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189e54e27d5975e52021-12-20 16:07:10.925root 11241100x8000000000000000792380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ed4851eb1b9ba22021-12-20 16:07:10.925root 11241100x8000000000000000792381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6de2afb31382dc2021-12-20 16:07:10.925root 11241100x8000000000000000792382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aa17937ad0b6d72021-12-20 16:07:10.925root 11241100x8000000000000000792383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f1de06902c05392021-12-20 16:07:10.925root 11241100x8000000000000000792384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b7daa336e3893f2021-12-20 16:07:10.925root 11241100x8000000000000000792385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2128da055bbdd2682021-12-20 16:07:10.925root 11241100x8000000000000000792386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c07946bdb881682021-12-20 16:07:10.926root 11241100x8000000000000000792387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91180ad427cf7fa2021-12-20 16:07:10.926root 11241100x8000000000000000792388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3451f7c46bea16772021-12-20 16:07:10.926root 11241100x8000000000000000792389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83aa9913c04337d02021-12-20 16:07:10.926root 11241100x8000000000000000792390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe14575da55a4da2021-12-20 16:07:10.926root 11241100x8000000000000000792391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd891661ee3ec932021-12-20 16:07:10.926root 11241100x8000000000000000792392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a48bb215e768062021-12-20 16:07:10.927root 11241100x8000000000000000792393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d528d5b9d3c8cef52021-12-20 16:07:10.927root 11241100x8000000000000000792394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e023a2e7ecc781622021-12-20 16:07:10.927root 11241100x8000000000000000792395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27739335604e760a2021-12-20 16:07:10.927root 11241100x8000000000000000792396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5891b3b804770fe2021-12-20 16:07:10.927root 11241100x8000000000000000792397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375f9135607b37db2021-12-20 16:07:10.927root 11241100x8000000000000000792398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6294a2d190305d2021-12-20 16:07:10.927root 11241100x8000000000000000792399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b167467f6bba03c2021-12-20 16:07:10.927root 11241100x8000000000000000792400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba5656bd653f5eb2021-12-20 16:07:10.927root 11241100x8000000000000000792401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da1c7adf9cc68922021-12-20 16:07:10.928root 11241100x8000000000000000792402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535e8f6923c279402021-12-20 16:07:10.928root 11241100x8000000000000000792403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4801b4377d8bafe2021-12-20 16:07:10.928root 11241100x8000000000000000792404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74e7882c27f00132021-12-20 16:07:10.928root 11241100x8000000000000000792405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb881495291a95d2021-12-20 16:07:10.928root 11241100x8000000000000000792406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0c62a6675e96212021-12-20 16:07:10.929root 11241100x8000000000000000792407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:10.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb8572ad15c3c992021-12-20 16:07:10.929root 11241100x8000000000000000792408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0ad81f941f36862021-12-20 16:07:11.424root 11241100x8000000000000000792409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9941529ee54bd1b72021-12-20 16:07:11.424root 11241100x8000000000000000792410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce5e886f0464c262021-12-20 16:07:11.424root 11241100x8000000000000000792411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db04126c72d776ae2021-12-20 16:07:11.424root 11241100x8000000000000000792412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c376a536a4343c912021-12-20 16:07:11.425root 11241100x8000000000000000792413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aed8e456440f162021-12-20 16:07:11.425root 11241100x8000000000000000792414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a738a26d79bc57dc2021-12-20 16:07:11.425root 11241100x8000000000000000792415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f255c66464479922021-12-20 16:07:11.425root 11241100x8000000000000000792416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da592c1979befed2021-12-20 16:07:11.425root 11241100x8000000000000000792417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e046c139e2766cfa2021-12-20 16:07:11.425root 11241100x8000000000000000792418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7e669a4a6561912021-12-20 16:07:11.425root 11241100x8000000000000000792419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b186736796e7ef8f2021-12-20 16:07:11.426root 11241100x8000000000000000792420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f408e26358ce2b882021-12-20 16:07:11.426root 11241100x8000000000000000792421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7279787a03c3ba72021-12-20 16:07:11.426root 11241100x8000000000000000792422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ad4eda331e2c6c2021-12-20 16:07:11.426root 11241100x8000000000000000792423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc4bb50b7a4aeb62021-12-20 16:07:11.426root 11241100x8000000000000000792424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821e323e93609d2a2021-12-20 16:07:11.426root 11241100x8000000000000000792425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc63bdd881ce38ee2021-12-20 16:07:11.426root 11241100x8000000000000000792426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c2cf3445b483b32021-12-20 16:07:11.426root 11241100x8000000000000000792427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e815ed8a3d19062021-12-20 16:07:11.427root 11241100x8000000000000000792428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f786532c1a50232021-12-20 16:07:11.427root 11241100x8000000000000000792429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c968575ad7133672021-12-20 16:07:11.427root 11241100x8000000000000000792430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f10c0a9835998672021-12-20 16:07:11.427root 11241100x8000000000000000792431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8d523f624d0edf2021-12-20 16:07:11.427root 11241100x8000000000000000792432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839d6f362cd35ec22021-12-20 16:07:11.427root 11241100x8000000000000000792433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f41bb17b2e510f32021-12-20 16:07:11.427root 11241100x8000000000000000792434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098e4ff6785b2a442021-12-20 16:07:11.427root 11241100x8000000000000000792435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190d2bfc30c365202021-12-20 16:07:11.428root 11241100x8000000000000000792436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0acd411aef04642021-12-20 16:07:11.428root 11241100x8000000000000000792437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e415ca75299d84132021-12-20 16:07:11.428root 11241100x8000000000000000792438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e417a2d7867fe7142021-12-20 16:07:11.428root 11241100x8000000000000000792439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2393074b9828a6af2021-12-20 16:07:11.428root 11241100x8000000000000000792440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62708947b2a140972021-12-20 16:07:11.428root 11241100x8000000000000000792441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef4c7e71b749712021-12-20 16:07:11.924root 11241100x8000000000000000792442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5366fd716e6caf4c2021-12-20 16:07:11.924root 11241100x8000000000000000792443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cec411c543d34df2021-12-20 16:07:11.924root 11241100x8000000000000000792444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d526f6f91b3968a2021-12-20 16:07:11.924root 11241100x8000000000000000792445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435127c05fb77dcc2021-12-20 16:07:11.925root 11241100x8000000000000000792446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0127bc03d90e8b232021-12-20 16:07:11.925root 11241100x8000000000000000792447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada0de64071b492c2021-12-20 16:07:11.925root 11241100x8000000000000000792448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd7aedb836878552021-12-20 16:07:11.925root 11241100x8000000000000000792449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fce6f59f15367b92021-12-20 16:07:11.925root 11241100x8000000000000000792450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390e24d0d2425ced2021-12-20 16:07:11.925root 11241100x8000000000000000792451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759249732c5c3d5c2021-12-20 16:07:11.925root 11241100x8000000000000000792452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4788fe12972b9b2021-12-20 16:07:11.925root 11241100x8000000000000000792453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82db5989a7cebbbf2021-12-20 16:07:11.926root 11241100x8000000000000000792454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304811da0b751ba62021-12-20 16:07:11.926root 11241100x8000000000000000792455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8024cbcab9395d2021-12-20 16:07:11.926root 11241100x8000000000000000792456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834ea026d60bdc7b2021-12-20 16:07:11.926root 11241100x8000000000000000792457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77499d84a44c0592021-12-20 16:07:11.926root 11241100x8000000000000000792458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e502ce01f13cb2021-12-20 16:07:11.926root 11241100x8000000000000000792459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b890c1295ee7947b2021-12-20 16:07:11.926root 11241100x8000000000000000792460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa947dfb618632d02021-12-20 16:07:11.926root 11241100x8000000000000000792461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f34ea1b2f1775a2021-12-20 16:07:11.927root 11241100x8000000000000000792462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c0b4a68c577bb2021-12-20 16:07:11.927root 11241100x8000000000000000792463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50121d2e3a2cecc2021-12-20 16:07:11.927root 11241100x8000000000000000792464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0874be13c53e8652021-12-20 16:07:11.927root 11241100x8000000000000000792465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3a3078ff0971e02021-12-20 16:07:11.927root 11241100x8000000000000000792466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf0f219f5ce0ed02021-12-20 16:07:11.927root 11241100x8000000000000000792467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9d81b5743363242021-12-20 16:07:11.927root 11241100x8000000000000000792468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eab106bf78dc35c2021-12-20 16:07:11.927root 11241100x8000000000000000792469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2202d3195dd3c2982021-12-20 16:07:11.928root 11241100x8000000000000000792470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684e75abb7b15df72021-12-20 16:07:11.928root 11241100x8000000000000000792471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4da90bd94dd0b42021-12-20 16:07:11.928root 11241100x8000000000000000792472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cf3b1e074e2dc72021-12-20 16:07:11.928root 11241100x8000000000000000792473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:11.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51791ce4c27b69452021-12-20 16:07:11.928root 11241100x8000000000000000792474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b816007b89ad0f8a2021-12-20 16:07:12.424root 11241100x8000000000000000792475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15aae15e90c00c1d2021-12-20 16:07:12.424root 11241100x8000000000000000792476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e21af93ac483c622021-12-20 16:07:12.425root 11241100x8000000000000000792477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f707d0c4ce715752021-12-20 16:07:12.425root 11241100x8000000000000000792478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ec85fb118f4c0b2021-12-20 16:07:12.425root 11241100x8000000000000000792479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de311645b18a1f42021-12-20 16:07:12.425root 11241100x8000000000000000792480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f518cc829e81943b2021-12-20 16:07:12.425root 11241100x8000000000000000792481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125c2aee72fc65742021-12-20 16:07:12.425root 11241100x8000000000000000792482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aa586acfecad112021-12-20 16:07:12.425root 11241100x8000000000000000792483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeb260b7a37f3332021-12-20 16:07:12.426root 11241100x8000000000000000792484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56a66907d46369c2021-12-20 16:07:12.426root 11241100x8000000000000000792485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d777124dfee8232021-12-20 16:07:12.426root 11241100x8000000000000000792486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467b281b4178c6ef2021-12-20 16:07:12.426root 11241100x8000000000000000792487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc60502a178d4472021-12-20 16:07:12.426root 11241100x8000000000000000792488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33e8afdc2fc765d2021-12-20 16:07:12.426root 11241100x8000000000000000792489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e93e7223c76f022021-12-20 16:07:12.426root 11241100x8000000000000000792490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdde9891f5701b32021-12-20 16:07:12.427root 11241100x8000000000000000792491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705dae3912fa2a022021-12-20 16:07:12.427root 11241100x8000000000000000792492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f8af22590151c02021-12-20 16:07:12.427root 11241100x8000000000000000792493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d2d18addc7fb352021-12-20 16:07:12.427root 11241100x8000000000000000792494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c5c36b624724042021-12-20 16:07:12.428root 11241100x8000000000000000792495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad8a07790a9a8162021-12-20 16:07:12.428root 11241100x8000000000000000792496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adefdcf7ba831b7c2021-12-20 16:07:12.429root 11241100x8000000000000000792497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4f3a4f3780f5c22021-12-20 16:07:12.430root 11241100x8000000000000000792498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7e3b1a4e28c2772021-12-20 16:07:12.430root 11241100x8000000000000000792499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac417dcd3ca5e062021-12-20 16:07:12.430root 11241100x8000000000000000792500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e1d585cbb711a22021-12-20 16:07:12.430root 11241100x8000000000000000792501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f229e38e8f7a45db2021-12-20 16:07:12.431root 11241100x8000000000000000792502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710d25229e77d4ac2021-12-20 16:07:12.431root 11241100x8000000000000000792503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e8c2abbadb44322021-12-20 16:07:12.431root 11241100x8000000000000000792504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd5cea9241744272021-12-20 16:07:12.431root 11241100x8000000000000000792505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167780edee386b212021-12-20 16:07:12.431root 11241100x8000000000000000792506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497d1915c9d8e4a82021-12-20 16:07:12.432root 11241100x8000000000000000792507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd817e6cd01b07b02021-12-20 16:07:12.432root 11241100x8000000000000000792508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6860c4f969f8f612021-12-20 16:07:12.924root 11241100x8000000000000000792509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077a93ef2b0dcbbb2021-12-20 16:07:12.924root 11241100x8000000000000000792510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70f2ba0d85f4b5d2021-12-20 16:07:12.925root 11241100x8000000000000000792511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1344997997695ba2021-12-20 16:07:12.925root 11241100x8000000000000000792512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e332f71af92c7892021-12-20 16:07:12.925root 11241100x8000000000000000792513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebd6d36663f62bf2021-12-20 16:07:12.925root 11241100x8000000000000000792514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c259023e029af92021-12-20 16:07:12.925root 11241100x8000000000000000792515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334ec7944b7d756f2021-12-20 16:07:12.925root 11241100x8000000000000000792516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e6a8a1117167832021-12-20 16:07:12.925root 11241100x8000000000000000792517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ba61bf9b5239c42021-12-20 16:07:12.926root 11241100x8000000000000000792518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12c1f66bdb703922021-12-20 16:07:12.926root 11241100x8000000000000000792519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35df2e07cce4a56c2021-12-20 16:07:12.926root 11241100x8000000000000000792520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550c6caa74c590b62021-12-20 16:07:12.926root 11241100x8000000000000000792521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a86f1789370fae2021-12-20 16:07:12.926root 11241100x8000000000000000792522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892b94f5e62c22e22021-12-20 16:07:12.926root 11241100x8000000000000000792523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3feb11508ea2182021-12-20 16:07:12.926root 11241100x8000000000000000792524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e6aa0adb37829b2021-12-20 16:07:12.927root 11241100x8000000000000000792525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a838a7dfbef8993a2021-12-20 16:07:12.927root 11241100x8000000000000000792526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c94020b3551f002021-12-20 16:07:12.927root 11241100x8000000000000000792527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5586f4789e13d4f82021-12-20 16:07:12.927root 11241100x8000000000000000792528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44a904e10c903142021-12-20 16:07:12.927root 11241100x8000000000000000792529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab32245d8166daac2021-12-20 16:07:12.927root 11241100x8000000000000000792530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb59c5e5ca3892292021-12-20 16:07:12.927root 11241100x8000000000000000792531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45088a2ee7578fe2021-12-20 16:07:12.928root 11241100x8000000000000000792532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1d34a0d35a832c2021-12-20 16:07:12.928root 11241100x8000000000000000792533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ef9f67a5555ecc2021-12-20 16:07:12.928root 11241100x8000000000000000792534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1313d11064c9c082021-12-20 16:07:12.928root 11241100x8000000000000000792535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7753e0f75fe810722021-12-20 16:07:12.928root 11241100x8000000000000000792536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655248ce293329092021-12-20 16:07:12.928root 11241100x8000000000000000792537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605a5c22074642bf2021-12-20 16:07:12.928root 11241100x8000000000000000792538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6914b8296bb4a0d82021-12-20 16:07:12.929root 11241100x8000000000000000792539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cbb62e728456622021-12-20 16:07:12.929root 11241100x8000000000000000792540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02abad7fb226f4132021-12-20 16:07:12.929root 11241100x8000000000000000792541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5e8257520da3c52021-12-20 16:07:12.929root 11241100x8000000000000000792542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:12.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74bf020ce3f1ceb2021-12-20 16:07:12.929root 11241100x8000000000000000792543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72c8e1b4b1495a02021-12-20 16:07:13.424root 11241100x8000000000000000792544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4dbcf7eb1117692021-12-20 16:07:13.424root 11241100x8000000000000000792545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45630dfa4fd980632021-12-20 16:07:13.425root 11241100x8000000000000000792546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88298452e9554342021-12-20 16:07:13.425root 11241100x8000000000000000792547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6ada1b7f0949e22021-12-20 16:07:13.425root 11241100x8000000000000000792548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040be99732136e942021-12-20 16:07:13.425root 11241100x8000000000000000792549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7968c55955f5f9622021-12-20 16:07:13.425root 11241100x8000000000000000792550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1349dbc1e8d9c72021-12-20 16:07:13.425root 11241100x8000000000000000792551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6e457ec722e9112021-12-20 16:07:13.425root 11241100x8000000000000000792552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1667790e1ed2309e2021-12-20 16:07:13.426root 11241100x8000000000000000792553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39187b50694e63a82021-12-20 16:07:13.426root 11241100x8000000000000000792554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ef7fc2086edba62021-12-20 16:07:13.426root 11241100x8000000000000000792555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140a17ba8466e7462021-12-20 16:07:13.426root 11241100x8000000000000000792556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540b62675c81ca802021-12-20 16:07:13.426root 11241100x8000000000000000792557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2a39962e2c1fc32021-12-20 16:07:13.426root 11241100x8000000000000000792558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585c639b5a0852462021-12-20 16:07:13.426root 11241100x8000000000000000792559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f79b41ce5d6f0d2021-12-20 16:07:13.426root 11241100x8000000000000000792560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e8c0219d929c1d2021-12-20 16:07:13.427root 11241100x8000000000000000792561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40ba5cb0b51e7552021-12-20 16:07:13.427root 11241100x8000000000000000792562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d84172d90ec27c2021-12-20 16:07:13.427root 11241100x8000000000000000792563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce6ee18ba5172a42021-12-20 16:07:13.427root 11241100x8000000000000000792564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5224f45537a220d2021-12-20 16:07:13.427root 11241100x8000000000000000792565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27e594f72b865972021-12-20 16:07:13.427root 11241100x8000000000000000792566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca62a5190f0770cc2021-12-20 16:07:13.427root 11241100x8000000000000000792567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6425ea2d95d816d2021-12-20 16:07:13.427root 11241100x8000000000000000792568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9074a505f3e4f91d2021-12-20 16:07:13.427root 11241100x8000000000000000792569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ccfaefda034d542021-12-20 16:07:13.428root 11241100x8000000000000000792570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b4b08b3427e7ec2021-12-20 16:07:13.428root 11241100x8000000000000000792571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7f5f87621b4be82021-12-20 16:07:13.428root 11241100x8000000000000000792572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a09a41f788d9c872021-12-20 16:07:13.428root 11241100x8000000000000000792573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586f4ac2b89e21322021-12-20 16:07:13.429root 11241100x8000000000000000792574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee30a4fd7505acb12021-12-20 16:07:13.429root 11241100x8000000000000000792575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf67bc53ae04c2be2021-12-20 16:07:13.429root 11241100x8000000000000000792576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f3370b6523e1812021-12-20 16:07:13.430root 11241100x8000000000000000792577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9521af97ab42a02021-12-20 16:07:13.924root 11241100x8000000000000000792578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8071e1c7c92d865b2021-12-20 16:07:13.924root 11241100x8000000000000000792579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200973e641df187d2021-12-20 16:07:13.924root 11241100x8000000000000000792580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e761883cf003cd062021-12-20 16:07:13.925root 11241100x8000000000000000792581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718b28893ce409722021-12-20 16:07:13.925root 11241100x8000000000000000792582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5518a50f48d38c2021-12-20 16:07:13.925root 11241100x8000000000000000792583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1f12bcb057b7cf2021-12-20 16:07:13.925root 11241100x8000000000000000792584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b66253104f30062021-12-20 16:07:13.925root 11241100x8000000000000000792585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe561d0e01eb21b92021-12-20 16:07:13.925root 11241100x8000000000000000792586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8d238e01502c6b2021-12-20 16:07:13.925root 11241100x8000000000000000792587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f7276b38ef22722021-12-20 16:07:13.925root 11241100x8000000000000000792588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c722c0f415fca66f2021-12-20 16:07:13.926root 11241100x8000000000000000792589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e1c64f5f56900f2021-12-20 16:07:13.926root 11241100x8000000000000000792590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1911386b9018eaf92021-12-20 16:07:13.926root 11241100x8000000000000000792591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e977a613df461f9d2021-12-20 16:07:13.926root 11241100x8000000000000000792592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ad94877d918b2c2021-12-20 16:07:13.926root 11241100x8000000000000000792593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf2f3d9a31750e22021-12-20 16:07:13.927root 11241100x8000000000000000792594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6b883bebe158232021-12-20 16:07:13.927root 11241100x8000000000000000792595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2b416416e926522021-12-20 16:07:13.927root 11241100x8000000000000000792596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e272d313276e74d22021-12-20 16:07:13.927root 11241100x8000000000000000792597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36c6c03f876692b2021-12-20 16:07:13.927root 11241100x8000000000000000792598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2f8842a92d591a2021-12-20 16:07:13.927root 11241100x8000000000000000792599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1c9439daed62fb2021-12-20 16:07:13.928root 11241100x8000000000000000792600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628464ac0c35f85d2021-12-20 16:07:13.928root 11241100x8000000000000000792601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6f646f0704e6522021-12-20 16:07:13.928root 11241100x8000000000000000792602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaa98f080dd1f4a2021-12-20 16:07:13.928root 11241100x8000000000000000792603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018fe16c4378f0832021-12-20 16:07:13.928root 11241100x8000000000000000792604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43aca438e684c9552021-12-20 16:07:13.928root 11241100x8000000000000000792605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85069d4a4a3cdf8d2021-12-20 16:07:13.929root 11241100x8000000000000000792606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe69834e1f26387f2021-12-20 16:07:13.929root 11241100x8000000000000000792607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f95f07eb0dc20c2021-12-20 16:07:13.929root 11241100x8000000000000000792608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0e59a6cb2f99532021-12-20 16:07:13.929root 11241100x8000000000000000792609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0818efd3ae07ec952021-12-20 16:07:13.929root 11241100x8000000000000000792610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:13.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9107a297359f8652021-12-20 16:07:13.929root 354300x8000000000000000792611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.026{ec2c97d1-6aab-61c0-5175-3a0400000000}5261/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-51658-false10.0.1.12-8000- 11241100x8000000000000000792612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bd2882e738163a2021-12-20 16:07:14.424root 11241100x8000000000000000792613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66a3fb057a0e3b82021-12-20 16:07:14.424root 11241100x8000000000000000792614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aad1110ad7b66a2021-12-20 16:07:14.424root 11241100x8000000000000000792615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d653c0a0fbfd05be2021-12-20 16:07:14.425root 11241100x8000000000000000792616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceab0cd875fe99b82021-12-20 16:07:14.425root 11241100x8000000000000000792617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e661ebbf86a9b72021-12-20 16:07:14.425root 11241100x8000000000000000792618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849d916b28c811522021-12-20 16:07:14.425root 11241100x8000000000000000792619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc7e55c09f1b6692021-12-20 16:07:14.425root 11241100x8000000000000000792620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756c7f31a58649d72021-12-20 16:07:14.425root 11241100x8000000000000000792621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9b04477300c3242021-12-20 16:07:14.425root 11241100x8000000000000000792622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b9aab8c3f87b862021-12-20 16:07:14.425root 11241100x8000000000000000792623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c0c31fea4c5a6b2021-12-20 16:07:14.425root 11241100x8000000000000000792624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feafe92a14874c212021-12-20 16:07:14.426root 11241100x8000000000000000792625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5e8e5ff72a46702021-12-20 16:07:14.426root 11241100x8000000000000000792626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cfbbebf3e42b682021-12-20 16:07:14.426root 11241100x8000000000000000792627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94fc675ba175ad22021-12-20 16:07:14.426root 11241100x8000000000000000792628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd69a08918c919e2021-12-20 16:07:14.426root 11241100x8000000000000000792629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d02e7ed4cd57af2021-12-20 16:07:14.426root 11241100x8000000000000000792630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d24262f666cb932021-12-20 16:07:14.427root 11241100x8000000000000000792631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688d6c6c718378052021-12-20 16:07:14.427root 11241100x8000000000000000792632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e93beef67f3d1492021-12-20 16:07:14.427root 11241100x8000000000000000792633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fb06dd082a7b092021-12-20 16:07:14.427root 11241100x8000000000000000792634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877f5b1003701c002021-12-20 16:07:14.427root 11241100x8000000000000000792635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1e6deb880048da2021-12-20 16:07:14.427root 11241100x8000000000000000792636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd109b4b812b2892021-12-20 16:07:14.427root 11241100x8000000000000000792637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28e5a91af538bb12021-12-20 16:07:14.428root 11241100x8000000000000000792638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdbe075bd4877472021-12-20 16:07:14.428root 11241100x8000000000000000792639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596a6c4bf132ae942021-12-20 16:07:14.428root 11241100x8000000000000000792640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13cca06f739602b2021-12-20 16:07:14.428root 11241100x8000000000000000792641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ad3ed8822b76922021-12-20 16:07:14.428root 11241100x8000000000000000792642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807a89a5d6e38f8e2021-12-20 16:07:14.428root 11241100x8000000000000000792643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff595ab757652fc22021-12-20 16:07:14.428root 11241100x8000000000000000792644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9db524b8d76d6ac2021-12-20 16:07:14.428root 11241100x8000000000000000792645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6eadd941388de832021-12-20 16:07:14.429root 11241100x8000000000000000792646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83f942d3dd0634d2021-12-20 16:07:14.429root 11241100x8000000000000000792647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635f0a659227b5232021-12-20 16:07:14.429root 11241100x8000000000000000792648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2385be9348252312021-12-20 16:07:14.429root 11241100x8000000000000000792649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d19a967119afb4b2021-12-20 16:07:14.429root 11241100x8000000000000000792650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda59dfbebd6321a2021-12-20 16:07:14.429root 11241100x8000000000000000792651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b7d2b83713fba92021-12-20 16:07:14.429root 11241100x8000000000000000792652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68d0e8fb39f9c3f2021-12-20 16:07:14.430root 11241100x8000000000000000792653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f516d88b831c38be2021-12-20 16:07:14.430root 11241100x8000000000000000792654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a6c198434331f12021-12-20 16:07:14.430root 11241100x8000000000000000792655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af288225d067cf02021-12-20 16:07:14.924root 11241100x8000000000000000792656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b30f2fb2aa24a782021-12-20 16:07:14.924root 11241100x8000000000000000792657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c61c1b37e30db12021-12-20 16:07:14.925root 11241100x8000000000000000792658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c60061505a6af2021-12-20 16:07:14.925root 11241100x8000000000000000792659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cfc66024db7d1b2021-12-20 16:07:14.925root 11241100x8000000000000000792660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675c01303fdd2e362021-12-20 16:07:14.925root 11241100x8000000000000000792661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082ee114320196b62021-12-20 16:07:14.925root 11241100x8000000000000000792662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c749228da47166452021-12-20 16:07:14.925root 11241100x8000000000000000792663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13517edf577fc6ee2021-12-20 16:07:14.925root 11241100x8000000000000000792664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54929e2de2af8d72021-12-20 16:07:14.926root 11241100x8000000000000000792665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b838fd1bb361e48f2021-12-20 16:07:14.926root 11241100x8000000000000000792666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93e30e5baad16d62021-12-20 16:07:14.926root 11241100x8000000000000000792667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aacad7cbd5270aa2021-12-20 16:07:14.926root 11241100x8000000000000000792668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc956e64858f1c82021-12-20 16:07:14.926root 11241100x8000000000000000792669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0cf14d669428ff2021-12-20 16:07:14.926root 11241100x8000000000000000792670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c463bd7ce5bdbd042021-12-20 16:07:14.927root 11241100x8000000000000000792671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece7be2cd74d8f3b2021-12-20 16:07:14.927root 11241100x8000000000000000792672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b539c4bbcc8dc65a2021-12-20 16:07:14.927root 11241100x8000000000000000792673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d90f071d2450b842021-12-20 16:07:14.927root 11241100x8000000000000000792674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd210e25d819e3dc2021-12-20 16:07:14.927root 11241100x8000000000000000792675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f7928cb1044d652021-12-20 16:07:14.927root 11241100x8000000000000000792676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5060fed9e75bfc2021-12-20 16:07:14.928root 11241100x8000000000000000792677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620cff22752b42bc2021-12-20 16:07:14.928root 11241100x8000000000000000792678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22de34c55b4245bb2021-12-20 16:07:14.928root 11241100x8000000000000000792679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52b570224b4fd2e2021-12-20 16:07:14.928root 11241100x8000000000000000792680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfe13d86c5002962021-12-20 16:07:14.929root 11241100x8000000000000000792681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d391aafbbc167c42021-12-20 16:07:14.929root 11241100x8000000000000000792682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77551e31fef312332021-12-20 16:07:14.929root 11241100x8000000000000000792683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3e39e0165403272021-12-20 16:07:14.929root 11241100x8000000000000000792684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132e90ed1d2b1d602021-12-20 16:07:14.929root 11241100x8000000000000000792685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2a38694f316df82021-12-20 16:07:14.929root 11241100x8000000000000000792686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff68dd1ca42faece2021-12-20 16:07:14.929root 11241100x8000000000000000792687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61359a0761f74efe2021-12-20 16:07:14.930root 11241100x8000000000000000792688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960850267ce94ef52021-12-20 16:07:14.930root 11241100x8000000000000000792689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cf4ac0385621832021-12-20 16:07:14.930root 11241100x8000000000000000792690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f808049a8b5a54fb2021-12-20 16:07:14.930root 11241100x8000000000000000792691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7adec04f91d71582021-12-20 16:07:14.930root 11241100x8000000000000000792692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:14.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e6e5f69495e75f2021-12-20 16:07:14.930root 11241100x8000000000000000792693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a44e9446bb43262021-12-20 16:07:15.424root 11241100x8000000000000000792694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7391ab4cffa671e2021-12-20 16:07:15.424root 11241100x8000000000000000792695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f60af396d3a02392021-12-20 16:07:15.425root 11241100x8000000000000000792696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf15185a659c01b2021-12-20 16:07:15.425root 11241100x8000000000000000792697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e0560c7b3dcb892021-12-20 16:07:15.425root 11241100x8000000000000000792698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28251e2da9ee2312021-12-20 16:07:15.425root 11241100x8000000000000000792699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12ef8dcf7e89b792021-12-20 16:07:15.425root 11241100x8000000000000000792700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c6908a45f1b86b2021-12-20 16:07:15.425root 11241100x8000000000000000792701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5e63e4cb94ee092021-12-20 16:07:15.425root 11241100x8000000000000000792702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ca015fc23b57a02021-12-20 16:07:15.426root 11241100x8000000000000000792703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48af98cbd2320c7f2021-12-20 16:07:15.426root 11241100x8000000000000000792704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd5520bc29c81c92021-12-20 16:07:15.426root 11241100x8000000000000000792705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf66de86ba0e2f752021-12-20 16:07:15.426root 11241100x8000000000000000792706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47e4b54238330022021-12-20 16:07:15.426root 11241100x8000000000000000792707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9eb739160eed692021-12-20 16:07:15.426root 11241100x8000000000000000792708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26395df785c997e72021-12-20 16:07:15.426root 11241100x8000000000000000792709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c595851f21a6a4842021-12-20 16:07:15.427root 11241100x8000000000000000792710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d1a64e34d7fcbf2021-12-20 16:07:15.427root 11241100x8000000000000000792711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d8c590ee60446f2021-12-20 16:07:15.427root 11241100x8000000000000000792712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7643aa4c02d8af0d2021-12-20 16:07:15.427root 11241100x8000000000000000792713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c099860f1564abc82021-12-20 16:07:15.427root 11241100x8000000000000000792714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6333a77dfea63db2021-12-20 16:07:15.428root 11241100x8000000000000000792715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca51e9d430eb170d2021-12-20 16:07:15.429root 11241100x8000000000000000792716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa15de8eaf303372021-12-20 16:07:15.429root 11241100x8000000000000000792717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558046718d2d5ca52021-12-20 16:07:15.429root 11241100x8000000000000000792718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4268a070469b3a12021-12-20 16:07:15.430root 11241100x8000000000000000792719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe6f9951bffcc872021-12-20 16:07:15.430root 11241100x8000000000000000792720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56b8b402f5d77272021-12-20 16:07:15.431root 11241100x8000000000000000792721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df19049994f14ee12021-12-20 16:07:15.431root 11241100x8000000000000000792722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d491cb35cb27f6512021-12-20 16:07:15.431root 11241100x8000000000000000792723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7396c23990f0b88a2021-12-20 16:07:15.431root 11241100x8000000000000000792724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.431{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14340b048b9367372021-12-20 16:07:15.431root 11241100x8000000000000000792725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304d90146a685c8a2021-12-20 16:07:15.432root 11241100x8000000000000000792726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb550bef035797df2021-12-20 16:07:15.432root 11241100x8000000000000000792727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee59db74d26c5492021-12-20 16:07:15.432root 11241100x8000000000000000792728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.432{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad2f7954fe060402021-12-20 16:07:15.432root 11241100x8000000000000000792729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b006a25df078df32021-12-20 16:07:15.433root 11241100x8000000000000000792730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.433{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a438c54bdf5acb2021-12-20 16:07:15.433root 11241100x8000000000000000792731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298e2eff901b66632021-12-20 16:07:15.924root 11241100x8000000000000000792732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1201469713895aec2021-12-20 16:07:15.924root 11241100x8000000000000000792733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965e99f3b0da62112021-12-20 16:07:15.925root 11241100x8000000000000000792734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa4ef0a488d876e2021-12-20 16:07:15.925root 11241100x8000000000000000792735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b1db68326659fc2021-12-20 16:07:15.925root 11241100x8000000000000000792736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c7d8282672bd622021-12-20 16:07:15.925root 11241100x8000000000000000792737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b93cd5f6a3df9f42021-12-20 16:07:15.925root 11241100x8000000000000000792738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa51129b9dcb53b12021-12-20 16:07:15.925root 11241100x8000000000000000792739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b901df47eff03f2021-12-20 16:07:15.925root 11241100x8000000000000000792740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf43109065ace832021-12-20 16:07:15.926root 11241100x8000000000000000792741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e54228d2ed4788a2021-12-20 16:07:15.926root 11241100x8000000000000000792742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e18aca5234a4ff2021-12-20 16:07:15.926root 11241100x8000000000000000792743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce5112ea1e334382021-12-20 16:07:15.926root 11241100x8000000000000000792744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf865adbef0c1942021-12-20 16:07:15.926root 11241100x8000000000000000792745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cae49b120675852021-12-20 16:07:15.926root 11241100x8000000000000000792746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5a3b73209d06792021-12-20 16:07:15.926root 11241100x8000000000000000792747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ee9b4acd8e4a682021-12-20 16:07:15.926root 11241100x8000000000000000792748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afbc739210f8de22021-12-20 16:07:15.926root 11241100x8000000000000000792749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e84fe96d56ee172021-12-20 16:07:15.927root 11241100x8000000000000000792750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57452b8e42bc180f2021-12-20 16:07:15.927root 11241100x8000000000000000792751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c518f74913a0cec2021-12-20 16:07:15.927root 11241100x8000000000000000792752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03dd86caa3e6bf52021-12-20 16:07:15.927root 11241100x8000000000000000792753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086ec88c6cf081ef2021-12-20 16:07:15.927root 11241100x8000000000000000792754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc141da134204682021-12-20 16:07:15.927root 11241100x8000000000000000792755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46280ce812b5d7fb2021-12-20 16:07:15.927root 11241100x8000000000000000792756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb07ad4f22a265032021-12-20 16:07:15.927root 11241100x8000000000000000792757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f58ec004211797e2021-12-20 16:07:15.928root 11241100x8000000000000000792758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5f3a01b47bbe682021-12-20 16:07:15.928root 11241100x8000000000000000792759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e66dd1cb1a6349c2021-12-20 16:07:15.928root 11241100x8000000000000000792760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeac8e4d7eef5e42021-12-20 16:07:15.928root 11241100x8000000000000000792761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64396fcc520b8a9e2021-12-20 16:07:15.928root 11241100x8000000000000000792762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed56ec974eb955e2021-12-20 16:07:15.928root 11241100x8000000000000000792763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5537cbbb33a78b772021-12-20 16:07:15.928root 11241100x8000000000000000792764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007d5378d683eabe2021-12-20 16:07:15.928root 11241100x8000000000000000792765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:15.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19bfc25d479945c2021-12-20 16:07:15.929root 11241100x8000000000000000792766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042983a1ed6f44d22021-12-20 16:07:16.424root 11241100x8000000000000000792767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d68848f516415842021-12-20 16:07:16.424root 11241100x8000000000000000792768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c055d4dd01416fc02021-12-20 16:07:16.424root 11241100x8000000000000000792769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946667a929d07de42021-12-20 16:07:16.425root 11241100x8000000000000000792770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0112903060d5062021-12-20 16:07:16.425root 11241100x8000000000000000792771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a9fc4db78623862021-12-20 16:07:16.425root 11241100x8000000000000000792772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc4c8c392fcc4632021-12-20 16:07:16.425root 11241100x8000000000000000792773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae845a7db11e3b92021-12-20 16:07:16.425root 11241100x8000000000000000792774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234e68a3582778702021-12-20 16:07:16.425root 11241100x8000000000000000792775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c91930301e5aeb2021-12-20 16:07:16.425root 11241100x8000000000000000792776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e76d4072950b3a72021-12-20 16:07:16.425root 11241100x8000000000000000792777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398d44733093e8622021-12-20 16:07:16.425root 11241100x8000000000000000792778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef70325a228090ce2021-12-20 16:07:16.425root 11241100x8000000000000000792779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4ac202fba5615c2021-12-20 16:07:16.426root 11241100x8000000000000000792780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c85abbed6b796cf2021-12-20 16:07:16.426root 11241100x8000000000000000792781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3be8612187b8e22021-12-20 16:07:16.426root 11241100x8000000000000000792782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1019d3cd22760f2021-12-20 16:07:16.426root 11241100x8000000000000000792783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda1ddac3f31ff152021-12-20 16:07:16.426root 11241100x8000000000000000792784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd21194b6df7fddd2021-12-20 16:07:16.426root 11241100x8000000000000000792785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ac3c925a457d292021-12-20 16:07:16.427root 11241100x8000000000000000792786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b165d0ad24789732021-12-20 16:07:16.427root 11241100x8000000000000000792787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e732946d0478032021-12-20 16:07:16.427root 11241100x8000000000000000792788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9005ff38bd16dcc2021-12-20 16:07:16.427root 11241100x8000000000000000792789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2d08874bbe06562021-12-20 16:07:16.427root 11241100x8000000000000000792790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93c6b2d3fbe0f762021-12-20 16:07:16.427root 11241100x8000000000000000792791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c653af810fc21d212021-12-20 16:07:16.427root 11241100x8000000000000000792792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d0861147064ebc2021-12-20 16:07:16.427root 11241100x8000000000000000792793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f5ce2c83d5226c2021-12-20 16:07:16.428root 11241100x8000000000000000792794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6602a297947add412021-12-20 16:07:16.428root 11241100x8000000000000000792795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246cdb8890d5ea092021-12-20 16:07:16.428root 11241100x8000000000000000792796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.428{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7369ad1a0a0dfc32021-12-20 16:07:16.428root 11241100x8000000000000000792797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11f18a1f4f5eea42021-12-20 16:07:16.429root 11241100x8000000000000000792798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0439428dc0244ae32021-12-20 16:07:16.429root 11241100x8000000000000000792799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55214e6bd1f834dd2021-12-20 16:07:16.429root 11241100x8000000000000000792800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c999046763d4f92021-12-20 16:07:16.429root 11241100x8000000000000000792801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917ef0226da827d12021-12-20 16:07:16.429root 11241100x8000000000000000792802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a07048b109d7a42021-12-20 16:07:16.429root 11241100x8000000000000000792803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3454d6cc2b61422021-12-20 16:07:16.430root 11241100x8000000000000000792804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f27068d430dc59c2021-12-20 16:07:16.430root 11241100x8000000000000000792805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72951f263f4e26b32021-12-20 16:07:16.924root 11241100x8000000000000000792806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4aa12df8ab50b802021-12-20 16:07:16.924root 11241100x8000000000000000792807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2866437e71780b1c2021-12-20 16:07:16.925root 11241100x8000000000000000792808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3509ae84068c664a2021-12-20 16:07:16.925root 11241100x8000000000000000792809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1306d557fab3b7aa2021-12-20 16:07:16.925root 11241100x8000000000000000792810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea28d6dc3675bc12021-12-20 16:07:16.925root 11241100x8000000000000000792811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284db77822f3f6c2021-12-20 16:07:16.925root 11241100x8000000000000000792812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667c8f601a463f9b2021-12-20 16:07:16.926root 11241100x8000000000000000792813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f436195b1ad83f2021-12-20 16:07:16.926root 11241100x8000000000000000792814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0924708c0a6ccf2021-12-20 16:07:16.926root 11241100x8000000000000000792815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3557ff8b7fe518612021-12-20 16:07:16.926root 11241100x8000000000000000792816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d505c06e92d7376e2021-12-20 16:07:16.926root 11241100x8000000000000000792817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab62019f106d11e32021-12-20 16:07:16.926root 11241100x8000000000000000792818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3df360fc3e457822021-12-20 16:07:16.927root 11241100x8000000000000000792819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c0d328f50f445c2021-12-20 16:07:16.927root 11241100x8000000000000000792820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206eec4c65f933162021-12-20 16:07:16.927root 11241100x8000000000000000792821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a354d0ff7b3bce2021-12-20 16:07:16.927root 11241100x8000000000000000792822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e5c3332779e25c2021-12-20 16:07:16.927root 11241100x8000000000000000792823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0f58e32583172d2021-12-20 16:07:16.927root 11241100x8000000000000000792824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bfd84fa7faa59c2021-12-20 16:07:16.927root 11241100x8000000000000000792825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60eb037abfdcd512021-12-20 16:07:16.928root 11241100x8000000000000000792826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2be24e1ebdd5f4a2021-12-20 16:07:16.928root 11241100x8000000000000000792827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594529c7323465932021-12-20 16:07:16.928root 11241100x8000000000000000792828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9ba9c4c432e9c62021-12-20 16:07:16.928root 11241100x8000000000000000792829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dc2fa062e0aaa02021-12-20 16:07:16.928root 11241100x8000000000000000792830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d981fa7d69f395922021-12-20 16:07:16.929root 11241100x8000000000000000792831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80aa07e480360f1d2021-12-20 16:07:16.929root 11241100x8000000000000000792832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6c6554182a41792021-12-20 16:07:16.929root 11241100x8000000000000000792833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc44e8b355341572021-12-20 16:07:16.929root 11241100x8000000000000000792834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1cb80ac66bd7be2021-12-20 16:07:16.930root 11241100x8000000000000000792835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2fcb229836cce72021-12-20 16:07:16.930root 11241100x8000000000000000792836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0b68e2682c9cd42021-12-20 16:07:16.930root 11241100x8000000000000000792837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9866e2411453652021-12-20 16:07:16.930root 11241100x8000000000000000792838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c49e7185a96fc392021-12-20 16:07:16.930root 11241100x8000000000000000792839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fcc8b330d2982f2021-12-20 16:07:16.930root 11241100x8000000000000000792840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:16.930{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cb61713474a3df2021-12-20 16:07:16.930root 11241100x8000000000000000792841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e948a2466fc75952021-12-20 16:07:17.424root 11241100x8000000000000000792842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beab009756bba1582021-12-20 16:07:17.424root 11241100x8000000000000000792843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.424{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc025b0d8364d9642021-12-20 16:07:17.424root 11241100x8000000000000000792844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320d32a1cc665d272021-12-20 16:07:17.425root 11241100x8000000000000000792845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aff5567ba04b192021-12-20 16:07:17.425root 11241100x8000000000000000792846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8a66cd0dbbec552021-12-20 16:07:17.425root 11241100x8000000000000000792847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5504d02eb329d5d42021-12-20 16:07:17.425root 11241100x8000000000000000792848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85922788c6c11ac62021-12-20 16:07:17.425root 11241100x8000000000000000792849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a34bb48dc2f292e2021-12-20 16:07:17.425root 11241100x8000000000000000792850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.425{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28260d83add1e6952021-12-20 16:07:17.425root 11241100x8000000000000000792851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531cf8c85acf94d32021-12-20 16:07:17.426root 11241100x8000000000000000792852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b15b4c4203dd6e2021-12-20 16:07:17.426root 11241100x8000000000000000792853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f533447ade6c27f62021-12-20 16:07:17.426root 11241100x8000000000000000792854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb2b194e31589dc2021-12-20 16:07:17.426root 11241100x8000000000000000792855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187ced9a0a4087c82021-12-20 16:07:17.426root 11241100x8000000000000000792856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fcae5badf67a0a2021-12-20 16:07:17.426root 11241100x8000000000000000792857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.426{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa3a3ecd5b1cb852021-12-20 16:07:17.426root 11241100x8000000000000000792858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5962d6ee0017e882021-12-20 16:07:17.427root 11241100x8000000000000000792859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276a4d6ef19475fa2021-12-20 16:07:17.427root 11241100x8000000000000000792860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2563ca57330ec42021-12-20 16:07:17.427root 11241100x8000000000000000792861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aadb03ca9ca29212021-12-20 16:07:17.427root 11241100x8000000000000000792862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f711ceb8255fc3b02021-12-20 16:07:17.427root 11241100x8000000000000000792863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.427{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9666ae81eb118212021-12-20 16:07:17.427root 11241100x8000000000000000792864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a066421787763882021-12-20 16:07:17.429root 11241100x8000000000000000792865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f7011250f506262021-12-20 16:07:17.429root 11241100x8000000000000000792866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75f7c7ceb05761d2021-12-20 16:07:17.429root 11241100x8000000000000000792867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c261eb0954aee9a02021-12-20 16:07:17.429root 11241100x8000000000000000792868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.429{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572d118130e123392021-12-20 16:07:17.429root 11241100x8000000000000000792869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc3d24d2c5d11de2021-12-20 16:07:17.430root 11241100x8000000000000000792870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdab9bb9a996c0ed2021-12-20 16:07:17.430root 11241100x8000000000000000792871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c53e155303f9b32021-12-20 16:07:17.430root 11241100x8000000000000000792872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063eb1345cef725b2021-12-20 16:07:17.430root 11241100x8000000000000000792873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80dbd2547bcf9552021-12-20 16:07:17.430root 11241100x8000000000000000792874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499eab33158efc922021-12-20 16:07:17.430root 11241100x8000000000000000792875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.430{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da99d1e6988a397e2021-12-20 16:07:17.430root 11241100x8000000000000000792876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1d545e15c3e6ae2021-12-20 16:07:17.924root 11241100x8000000000000000792877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a259533203bc6022021-12-20 16:07:17.924root 11241100x8000000000000000792878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.924{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f550ebf5be1dcf402021-12-20 16:07:17.924root 11241100x8000000000000000792879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c1ca6cf6c3ed622021-12-20 16:07:17.925root 11241100x8000000000000000792880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5898d141e4c33a092021-12-20 16:07:17.925root 11241100x8000000000000000792881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd34bfa441d02902021-12-20 16:07:17.925root 11241100x8000000000000000792882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342d809cea125e562021-12-20 16:07:17.925root 11241100x8000000000000000792883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdbd839e704aca62021-12-20 16:07:17.925root 11241100x8000000000000000792884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb42dfb24edddce2021-12-20 16:07:17.925root 11241100x8000000000000000792885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c59e750ae89a7c32021-12-20 16:07:17.925root 11241100x8000000000000000792886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.925{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d15d7f23fadbbf2021-12-20 16:07:17.925root 11241100x8000000000000000792887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4342871878d030172021-12-20 16:07:17.926root 11241100x8000000000000000792888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e1679c362d2d2b2021-12-20 16:07:17.926root 11241100x8000000000000000792889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b4a5b5fa3a0b372021-12-20 16:07:17.926root 11241100x8000000000000000792890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a21688abac56def2021-12-20 16:07:17.926root 11241100x8000000000000000792891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcac6374262e64da2021-12-20 16:07:17.926root 11241100x8000000000000000792892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828cff092f6da9152021-12-20 16:07:17.926root 11241100x8000000000000000792893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c2176b017186942021-12-20 16:07:17.926root 11241100x8000000000000000792894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.926{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298886b1c6fec98f2021-12-20 16:07:17.926root 11241100x8000000000000000792895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a59bef34cca7482021-12-20 16:07:17.927root 11241100x8000000000000000792896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fb8d25a1b4191d2021-12-20 16:07:17.927root 11241100x8000000000000000792897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e373ca0ce922f4a2021-12-20 16:07:17.927root 11241100x8000000000000000792898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5cd9bcd8bb7ce72021-12-20 16:07:17.927root 11241100x8000000000000000792899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd8721d6c4822762021-12-20 16:07:17.927root 11241100x8000000000000000792900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475b0a793814ed1a2021-12-20 16:07:17.927root 11241100x8000000000000000792901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52717fe0d8449a6c2021-12-20 16:07:17.927root 11241100x8000000000000000792902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5475246d683237062021-12-20 16:07:17.927root 11241100x8000000000000000792903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d94e6a04a4d11252021-12-20 16:07:17.927root 11241100x8000000000000000792904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae63f555ea870522021-12-20 16:07:17.927root 11241100x8000000000000000792905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.927{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9eea19cceca0172021-12-20 16:07:17.927root 11241100x8000000000000000792906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe73b052d67efdf82021-12-20 16:07:17.928root 11241100x8000000000000000792907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3370e78267fa64632021-12-20 16:07:17.928root 11241100x8000000000000000792908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e88ad8fe14f48d2021-12-20 16:07:17.928root 11241100x8000000000000000792909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788b18540b07e02f2021-12-20 16:07:17.928root 11241100x8000000000000000792910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ff5b641116288e2021-12-20 16:07:17.928root 11241100x8000000000000000792911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea725014dfe10d2021-12-20 16:07:17.928root 11241100x8000000000000000792912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.928{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7327c7d7559e172021-12-20 16:07:17.928root 11241100x8000000000000000792913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-4134-2021-12-20 16:07:17.929{ec2c97d1-6aa9-61c0-3038-618238560000}5256/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbed9d351dcc18062021-12-20 16:07:17.929root